negotiate_kerberos.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 * -----------------------------------------------------------------------------
11 *
12 * Author: Markus Moeller (markus_moeller at compuserve.com)
13 *
14 * Copyright (C) 2013 Markus Moeller. All rights reserved.
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
29 *
30 * As a special exemption, M Moeller gives permission to link this program
31 * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute
32 * the resulting executable, without including the source code for
33 * the Libraries in the source distribution.
34 *
35 * -----------------------------------------------------------------------------
36 */
37
38#include <cstring>
39#include <ctime>
40#if HAVE_NETDB_H
41#include <netdb.h>
42#endif
43#if HAVE_UNISTD_H
44#include <unistd.h>
45#endif
46
47#include "base64.h"
48#include "compat/krb5.h"
49#include "util.h"
50
51#if USE_APPLE_KRB5
52#define GSSKRB_APPLE_DEPRECATED(x)
53#endif
54
55#if USE_HEIMDAL_KRB5
56#if HAVE_GSSAPI_GSSAPI_H
57#include <gssapi/gssapi.h>
58#elif HAVE_GSSAPI_H
59#include <gssapi.h>
60#endif
61#if HAVE_GSSAPI_GSSAPI_KRB5_H
62#include <gssapi/gssapi_krb5.h>
63#endif
64#elif USE_GNUGSS
65#if HAVE_GSS_H
66#include <gss.h>
67#endif
68#else
69#if HAVE_GSSAPI_GSSAPI_H
70#include <gssapi/gssapi.h>
71#elif HAVE_GSSAPI_H
72#include <gssapi.h>
73#endif
74#if HAVE_GSSAPI_GSSAPI_KRB5_H
75#include <gssapi/gssapi_krb5.h>
76#endif
77#if HAVE_GSSAPI_GSSAPI_GENERIC_H
78#include <gssapi/gssapi_generic.h>
79#endif
80#if HAVE_GSSAPI_GSSAPI_EXT_H
81#include <gssapi/gssapi_ext.h>
82#endif
83#endif
84
85#ifndef gss_nt_service_name
86#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
87#endif
88
89#define PROGRAM "negotiate_kerberos_auth"
90
91#ifndef MAX_AUTHTOKEN_LEN
92#define MAX_AUTHTOKEN_LEN 65535
93#endif
94#ifndef SQUID_KERB_AUTH_VERSION
95#define SQUID_KERB_AUTH_VERSION "3.1.0sq"
96#endif
97
98char *gethost_name(void);
99
100static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
101
102inline const char *
103LogTime()
104{
105 struct timeval now;
106 static time_t last_t = 0;
107 static char buf[128];
108
109 gettimeofday(&now, nullptr);
110 if (now.tv_sec != last_t) {
111 struct tm *tm;
112 tm = localtime((time_t *) & now.tv_sec);
113 strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
114 last_t = now.tv_sec;
115 }
116 return buf;
117}
118
119int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status,
120 const char *function, int log, int sout);
121
122char *gethost_name(void);
123
124#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
125#define HAVE_PAC_SUPPORT 1
126#define MAX_PAC_GROUP_SIZE 200*60
127typedef struct {
128 uint16_t length;
129 uint16_t maxlength;
130 uint32_t pointer;
131} RPC_UNICODE_STRING;
132
133void align(int n);
134void getustr(RPC_UNICODE_STRING *string);
135char **getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount);
136char *getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t GroupCount);
137char *getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount);
138uint64_t get6byt_be(void);
139uint32_t get4byt(void);
140uint16_t get2byt(void);
141uint8_t get1byt(void);
142char *xstrcpy( char *src, const char*dst);
143char *xstrcat( char *src, const char*dst);
144int checkustr(RPC_UNICODE_STRING *string);
145char *get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac);
146#else
147#define HAVE_PAC_SUPPORT 0
148#endif
149int check_k5_err(krb5_context context, const char *msg, krb5_error_code code);
150
log
void log(char *format,...)
now
static time_t now
Definition: cachemgr.cc:109
gethost_name
char * gethost_name(void)
LogTime
const char * LogTime()
Definition: negotiate_kerberos.h:103
check_gss_err
int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char *function, int log, int sout)
check_k5_err
int check_k5_err(krb5_context context, const char *msg, krb5_error_code code)
ntlmProtocol
static const unsigned char ntlmProtocol[]
Definition: negotiate_kerberos.h:100
code
int code
Definition: smb-errors.c:145

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors