]>
git.ipfire.org Git - thirdparty/squid.git/blob - helpers/negotiate_auth/kerberos/negotiate_kerberos.h
2 * -----------------------------------------------------------------------------
4 * Author: Markus Moeller (markus_moeller at compuserve.com)
6 * Copyright (C) 2013 Markus Moeller. All rights reserved.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22 * As a special exemption, M Moeller gives permission to link this program
23 * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute
24 * the resulting executable, without including the source code for
25 * the Libraries in the source distribution.
27 * -----------------------------------------------------------------------------
43 #if HAVE_BROKEN_SOLARIS_KRB5_H
44 #warn "Warning! You have a broken Solaris <krb5.h> system header"
45 #warn "http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6837512"
46 #if defined(__cplusplus)
47 #define KRB5INT_BEGIN_DECLS extern "C" {
48 #define KRB5INT_END_DECLS
51 #endif /* HAVE_BROKEN_SOLARIS_KRB5_H */
52 #if HAVE_BROKEN_HEIMDAL_KRB5_H
59 #endif /* HAVE_KRB5_H */
62 #if HAVE_GSSAPI_GSSAPI_H
63 #include <gssapi/gssapi.h>
67 #if HAVE_GSSAPI_GSSAPI_KRB5_H
68 #include <gssapi/gssapi_krb5.h>
75 #if HAVE_GSSAPI_GSSAPI_H
76 #include <gssapi/gssapi.h>
80 #if HAVE_GSSAPI_GSSAPI_KRB5_H
81 #include <gssapi/gssapi_krb5.h>
83 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
84 #include <gssapi/gssapi_generic.h>
86 #if HAVE_GSSAPI_GSSAPI_EXT_H
87 #include <gssapi/gssapi_ext.h>
91 #ifndef gss_nt_service_name
92 #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
95 #define PROGRAM "negotiate_kerberos_auth"
97 #ifndef MAX_AUTHTOKEN_LEN
98 #define MAX_AUTHTOKEN_LEN 65535
100 #ifndef SQUID_KERB_AUTH_VERSION
101 #define SQUID_KERB_AUTH_VERSION "3.0.4sq"
104 char *gethost_name(void);
106 static const unsigned char ntlmProtocol
[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
113 static time_t last_t
= 0;
114 static char buf
[128];
116 gettimeofday(&now
, NULL
);
117 if (now
.tv_sec
!= last_t
) {
118 tm
= localtime((time_t *) & now
.tv_sec
);
119 strftime(buf
, 127, "%Y/%m/%d %H:%M:%S", tm
);
125 int check_gss_err(OM_uint32 major_status
, OM_uint32 minor_status
,
126 const char *function
, int log
, int sout
);
128 char *gethost_name(void);
130 #if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
131 #define HAVE_PAC_SUPPORT 1
132 #define MAX_PAC_GROUP_SIZE 200*60
137 } RPC_UNICODE_STRING
;
139 int check_k5_err(krb5_context context
, const char *msg
, krb5_error_code code
);
141 void getustr(RPC_UNICODE_STRING
*string
);
142 char **getgids(char **Rids
, uint32_t GroupIds
, uint32_t GroupCount
);
143 char *getdomaingids(char *ad_groups
, uint32_t DomainLogonId
, char **Rids
, uint32_t GroupCount
);
144 char *getextrasids(char *ad_groups
, uint32_t ExtraSids
, uint32_t SidCount
);
145 uint64_t get6byt_be(void);
146 uint32_t get4byt(void);
147 uint16_t get2byt(void);
148 uint8_t get1byt(void);
149 char *xstrcpy( char *src
, const char*dst
);
150 char *xstrcat( char *src
, const char*dst
);
151 int checkustr(RPC_UNICODE_STRING
*string
);
152 char *get_ad_groups(char *ad_groups
, krb5_context context
, krb5_pac pac
);
154 #define HAVE_PAC_SUPPORT 0