]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/negotiate/kerberos/negotiate_kerberos.h
2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 * -----------------------------------------------------------------------------
12 * Author: Markus Moeller (markus_moeller at compuserve.com)
14 * Copyright (C) 2013 Markus Moeller. All rights reserved.
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
30 * As a special exemption, M Moeller gives permission to link this program
31 * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute
32 * the resulting executable, without including the source code for
33 * the Libraries in the source distribution.
35 * -----------------------------------------------------------------------------
51 #define KERBEROS_APPLE_DEPRECATED(x)
52 #define GSSKRB_APPLE_DEPRECATED(x)
56 #if HAVE_BROKEN_SOLARIS_KRB5_H
57 #warn "Warning! You have a broken Solaris <krb5.h> system header"
58 #warn "http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6837512"
59 #if defined(__cplusplus)
60 #define KRB5INT_BEGIN_DECLS extern "C" {
61 #define KRB5INT_END_DECLS
64 #endif /* HAVE_BROKEN_SOLARIS_KRB5_H */
65 #if HAVE_BROKEN_HEIMDAL_KRB5_H
72 #endif /* HAVE_KRB5_H */
75 #if HAVE_GSSAPI_GSSAPI_H
76 #include <gssapi/gssapi.h>
80 #if HAVE_GSSAPI_GSSAPI_KRB5_H
81 #include <gssapi/gssapi_krb5.h>
88 #if HAVE_GSSAPI_GSSAPI_H
89 #include <gssapi/gssapi.h>
93 #if HAVE_GSSAPI_GSSAPI_KRB5_H
94 #include <gssapi/gssapi_krb5.h>
96 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
97 #include <gssapi/gssapi_generic.h>
99 #if HAVE_GSSAPI_GSSAPI_EXT_H
100 #include <gssapi/gssapi_ext.h>
104 #ifndef gss_nt_service_name
105 #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
108 #define PROGRAM "negotiate_kerberos_auth"
110 #ifndef MAX_AUTHTOKEN_LEN
111 #define MAX_AUTHTOKEN_LEN 65535
113 #ifndef SQUID_KERB_AUTH_VERSION
114 #define SQUID_KERB_AUTH_VERSION "3.1.0sq"
117 char *gethost_name(void);
119 static const unsigned char ntlmProtocol
[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
125 static time_t last_t
= 0;
126 static char buf
[128];
128 gettimeofday(&now
, NULL
);
129 if (now
.tv_sec
!= last_t
) {
131 tm
= localtime((time_t *) & now
.tv_sec
);
132 strftime(buf
, 127, "%Y/%m/%d %H:%M:%S", tm
);
138 int check_gss_err(OM_uint32 major_status
, OM_uint32 minor_status
,
139 const char *function
, int log
, int sout
);
141 char *gethost_name(void);
143 #if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
144 #define HAVE_PAC_SUPPORT 1
145 #define MAX_PAC_GROUP_SIZE 200*60
150 } RPC_UNICODE_STRING
;
153 void getustr(RPC_UNICODE_STRING
*string
);
154 char **getgids(char **Rids
, uint32_t GroupIds
, uint32_t GroupCount
);
155 char *getdomaingids(char *ad_groups
, uint32_t DomainLogonId
, char **Rids
, uint32_t GroupCount
);
156 char *getextrasids(char *ad_groups
, uint32_t ExtraSids
, uint32_t SidCount
);
157 uint64_t get6byt_be(void);
158 uint32_t get4byt(void);
159 uint16_t get2byt(void);
160 uint8_t get1byt(void);
161 char *xstrcpy( char *src
, const char*dst
);
162 char *xstrcat( char *src
, const char*dst
);
163 int checkustr(RPC_UNICODE_STRING
*string
);
164 char *get_ad_groups(char *ad_groups
, krb5_context context
, krb5_pac pac
);
166 #define HAVE_PAC_SUPPORT 0
168 int check_k5_err(krb5_context context
, const char *msg
, krb5_error_code code
);