helpers/negotiate_auth/kerberos/negotiate_kerberos.h

   1 /*
   2  * -----------------------------------------------------------------------------
   3  *
   4  * Author: Markus Moeller (markus_moeller at compuserve.com)
   5  *
   6  * Copyright (C) 2013 Markus Moeller. All rights reserved.
   7  *
   8  *   This program is free software; you can redistribute it and/or modify
   9  *   it under the terms of the GNU General Public License as published by
  10  *   the Free Software Foundation; either version 2 of the License, or
  11  *   (at your option) any later version.
  12  *
  13  *   This program is distributed in the hope that it will be useful,
  14  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  *   GNU General Public License for more details.
  17  *
  18  *   You should have received a copy of the GNU General Public License
  19  *   along with this program; if not, write to the Free Software
  20  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
  21  *
  22  *   As a special exemption, M Moeller gives permission to link this program
  23  *   with MIT, Heimdal or other GSS/Kerberos libraries, and distribute
  24  *   the resulting executable, without including the source code for
  25  *   the Libraries in the source distribution.
  26  *
  27  * -----------------------------------------------------------------------------
  28  */
  29
  30 #include <cstring>
  31 #include <ctime>
  32 #if HAVE_NETDB_H
  33 #include <netdb.h>
  34 #endif
  35 #if HAVE_UNISTD_H
  36 #include <unistd.h>
  37 #endif
  38
  39 #include "base64.h"
  40 #include "util.h"
  41
  42 #if HAVE_KRB5_H
  43 #if HAVE_BROKEN_SOLARIS_KRB5_H
  44 #warn "Warning! You have a broken Solaris <krb5.h> system header"
  45 #warn "http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6837512"
  46 #if defined(__cplusplus)
  47 #define KRB5INT_BEGIN_DECLS     extern "C" {
  48 #define KRB5INT_END_DECLS
  49 KRB5INT_BEGIN_DECLS
  50 #endif
  51 #endif /* HAVE_BROKEN_SOLARIS_KRB5_H */
  52 #if HAVE_BROKEN_HEIMDAL_KRB5_H
  53 extern "C" {
  54 #include <krb5.h>
  55 }
  56 #else
  57 #include <krb5.h>
  58 #endif
  59 #endif /* HAVE_KRB5_H */
  60
  61 #if USE_HEIMDAL_KRB5
  62 #if HAVE_GSSAPI_GSSAPI_H
  63 #include <gssapi/gssapi.h>
  64 #elif HAVE_GSSAPI_H
  65 #include <gssapi.h>
  66 #endif
  67 #if HAVE_GSSAPI_GSSAPI_KRB5_H
  68 #include <gssapi/gssapi_krb5.h>
  69 #endif
  70 #elif USE_GNUGSS
  71 #if HAVE_GSS_H
  72 #include <gss.h>
  73 #endif
  74 #else
  75 #if HAVE_GSSAPI_GSSAPI_H
  76 #include <gssapi/gssapi.h>
  77 #elif HAVE_GSSAPI_H
  78 #include <gssapi.h>
  79 #endif
  80 #if HAVE_GSSAPI_GSSAPI_KRB5_H
  81 #include <gssapi/gssapi_krb5.h>
  82 #endif
  83 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
  84 #include <gssapi/gssapi_generic.h>
  85 #endif
  86 #if HAVE_GSSAPI_GSSAPI_EXT_H
  87 #include <gssapi/gssapi_ext.h>
  88 #endif
  89 #endif
  90
  91 #ifndef gss_nt_service_name
  92 #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
  93 #endif
  94
  95 #define PROGRAM "negotiate_kerberos_auth"
  96
  97 #ifndef MAX_AUTHTOKEN_LEN
  98 #define MAX_AUTHTOKEN_LEN   65535
  99 #endif
 100 #ifndef SQUID_KERB_AUTH_VERSION
 101 #define SQUID_KERB_AUTH_VERSION "3.0.4sq"
 102 #endif
 103
 104 char *gethost_name(void);
 105
 106 static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
 107
 108 inline const char *
 109 LogTime()
 110 {
 111     struct tm *tm;
 112     struct timeval now;
 113     static time_t last_t = 0;
 114     static char buf[128];
 115
 116     gettimeofday(&now, NULL);
 117     if (now.tv_sec != last_t) {
 118         tm = localtime((time_t *) & now.tv_sec);
 119         strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
 120         last_t = now.tv_sec;
 121     }
 122     return buf;
 123 }
 124
 125 int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status,
 126                   const char *function, int log, int sout);
 127
 128 char *gethost_name(void);
 129
 130 #if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
 131 #define HAVE_PAC_SUPPORT 1
 132 #define MAX_PAC_GROUP_SIZE 200*60
 133 typedef struct {
 134     uint16_t length;
 135     uint16_t maxlength;
 136     uint32_t pointer;
 137 } RPC_UNICODE_STRING;
 138
 139 int check_k5_err(krb5_context context, const char *msg, krb5_error_code code);
 140 void align(int n);
 141 void getustr(RPC_UNICODE_STRING *string);
 142 char **getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount);
 143 char *getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t  GroupCount);
 144 char *getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount);
 145 uint64_t get6byt_be(void);
 146 uint32_t get4byt(void);
 147 uint16_t get2byt(void);
 148 uint8_t get1byt(void);
 149 char *xstrcpy( char *src, const char*dst);
 150 char *xstrcat( char *src, const char*dst);
 151 int checkustr(RPC_UNICODE_STRING *string);
 152 char *get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac);
 153 #else
 154 #define HAVE_PAC_SUPPORT 0
 155 #endif