]>
Commit | Line | Data |
---|---|---|
ca02e0ec AJ |
1 | /* |
2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
4ebcf1ce MM |
9 | /* |
10 | * ----------------------------------------------------------------------------- | |
11 | * | |
12 | * Author: Markus Moeller (markus_moeller at compuserve.com) | |
13 | * | |
14 | * Copyright (C) 2013 Markus Moeller. All rights reserved. | |
15 | * | |
16 | * This program is free software; you can redistribute it and/or modify | |
17 | * it under the terms of the GNU General Public License as published by | |
18 | * the Free Software Foundation; either version 2 of the License, or | |
19 | * (at your option) any later version. | |
20 | * | |
21 | * This program is distributed in the hope that it will be useful, | |
22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
24 | * GNU General Public License for more details. | |
25 | * | |
26 | * You should have received a copy of the GNU General Public License | |
27 | * along with this program; if not, write to the Free Software | |
28 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. | |
29 | * | |
30 | * As a special exemption, M Moeller gives permission to link this program | |
31 | * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute | |
32 | * the resulting executable, without including the source code for | |
33 | * the Libraries in the source distribution. | |
34 | * | |
35 | * ----------------------------------------------------------------------------- | |
36 | */ | |
37 | ||
074d6a40 AJ |
38 | #include <cstring> |
39 | #include <ctime> | |
4ebcf1ce MM |
40 | #if HAVE_NETDB_H |
41 | #include <netdb.h> | |
42 | #endif | |
43 | #if HAVE_UNISTD_H | |
44 | #include <unistd.h> | |
45 | #endif | |
4ebcf1ce | 46 | |
4ebcf1ce | 47 | #include "base64.h" |
602d9612 | 48 | #include "util.h" |
4ebcf1ce MM |
49 | |
50 | #if HAVE_KRB5_H | |
51 | #if HAVE_BROKEN_SOLARIS_KRB5_H | |
52 | #warn "Warning! You have a broken Solaris <krb5.h> system header" | |
53 | #warn "http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6837512" | |
54 | #if defined(__cplusplus) | |
55 | #define KRB5INT_BEGIN_DECLS extern "C" { | |
56 | #define KRB5INT_END_DECLS | |
57 | KRB5INT_BEGIN_DECLS | |
58 | #endif | |
59 | #endif /* HAVE_BROKEN_SOLARIS_KRB5_H */ | |
60 | #if HAVE_BROKEN_HEIMDAL_KRB5_H | |
61 | extern "C" { | |
62 | #include <krb5.h> | |
63 | } | |
64 | #else | |
65 | #include <krb5.h> | |
66 | #endif | |
67 | #endif /* HAVE_KRB5_H */ | |
68 | ||
1a22a39e MM |
69 | #if USE_HEIMDAL_KRB5 |
70 | #if HAVE_GSSAPI_GSSAPI_H | |
71 | #include <gssapi/gssapi.h> | |
72 | #elif HAVE_GSSAPI_H | |
73 | #include <gssapi.h> | |
74 | #endif | |
75 | #if HAVE_GSSAPI_GSSAPI_KRB5_H | |
76 | #include <gssapi/gssapi_krb5.h> | |
77 | #endif | |
78 | #elif USE_GNUGSS | |
79 | #if HAVE_GSS_H | |
80 | #include <gss.h> | |
81 | #endif | |
82 | #else | |
4ebcf1ce MM |
83 | #if HAVE_GSSAPI_GSSAPI_H |
84 | #include <gssapi/gssapi.h> | |
85 | #elif HAVE_GSSAPI_H | |
86 | #include <gssapi.h> | |
87 | #endif | |
4ebcf1ce MM |
88 | #if HAVE_GSSAPI_GSSAPI_KRB5_H |
89 | #include <gssapi/gssapi_krb5.h> | |
90 | #endif | |
91 | #if HAVE_GSSAPI_GSSAPI_GENERIC_H | |
92 | #include <gssapi/gssapi_generic.h> | |
93 | #endif | |
94 | #if HAVE_GSSAPI_GSSAPI_EXT_H | |
95 | #include <gssapi/gssapi_ext.h> | |
96 | #endif | |
4ebcf1ce MM |
97 | #endif |
98 | ||
99 | #ifndef gss_nt_service_name | |
100 | #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE | |
101 | #endif | |
102 | ||
103 | #define PROGRAM "negotiate_kerberos_auth" | |
104 | ||
105 | #ifndef MAX_AUTHTOKEN_LEN | |
106 | #define MAX_AUTHTOKEN_LEN 65535 | |
107 | #endif | |
108 | #ifndef SQUID_KERB_AUTH_VERSION | |
2eb6054f | 109 | #define SQUID_KERB_AUTH_VERSION "3.1.0sq" |
4ebcf1ce MM |
110 | #endif |
111 | ||
112 | char *gethost_name(void); | |
113 | ||
4ebcf1ce MM |
114 | static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0}; |
115 | ||
d779e711 | 116 | inline const char * |
4ebcf1ce MM |
117 | LogTime() |
118 | { | |
119 | struct tm *tm; | |
120 | struct timeval now; | |
121 | static time_t last_t = 0; | |
122 | static char buf[128]; | |
123 | ||
124 | gettimeofday(&now, NULL); | |
125 | if (now.tv_sec != last_t) { | |
126 | tm = localtime((time_t *) & now.tv_sec); | |
127 | strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm); | |
128 | last_t = now.tv_sec; | |
129 | } | |
130 | return buf; | |
131 | } | |
132 | ||
133 | int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, | |
134 | const char *function, int log, int sout); | |
135 | ||
136 | char *gethost_name(void); | |
137 | ||
1a22a39e | 138 | #if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC |
4ebcf1ce MM |
139 | #define HAVE_PAC_SUPPORT 1 |
140 | #define MAX_PAC_GROUP_SIZE 200*60 | |
141 | typedef struct { | |
142 | uint16_t length; | |
143 | uint16_t maxlength; | |
144 | uint32_t pointer; | |
145 | } RPC_UNICODE_STRING; | |
146 | ||
147 | int check_k5_err(krb5_context context, const char *msg, krb5_error_code code); | |
148 | void align(int n); | |
149 | void getustr(RPC_UNICODE_STRING *string); | |
150 | char **getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount); | |
151 | char *getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t GroupCount); | |
152 | char *getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount); | |
153 | uint64_t get6byt_be(void); | |
154 | uint32_t get4byt(void); | |
155 | uint16_t get2byt(void); | |
156 | uint8_t get1byt(void); | |
157 | char *xstrcpy( char *src, const char*dst); | |
158 | char *xstrcat( char *src, const char*dst); | |
159 | int checkustr(RPC_UNICODE_STRING *string); | |
160 | char *get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac); | |
161 | #else | |
162 | #define HAVE_PAC_SUPPORT 0 | |
163 | #endif |