negotiate_kerberos.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /*
10  * -----------------------------------------------------------------------------
11  *
12  * Author: Markus Moeller (markus_moeller at compuserve.com)
13  *
14  * Copyright (C) 2013 Markus Moeller. All rights reserved.
15  *
16  * This program is free software; you can redistribute it and/or modify
17  * it under the terms of the GNU General Public License as published by
18  * the Free Software Foundation; either version 2 of the License, or
19  * (at your option) any later version.
20  *
21  * This program is distributed in the hope that it will be useful,
22  * but WITHOUT ANY WARRANTY; without even the implied warranty of
23  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24  * GNU General Public License for more details.
25  *
26  * You should have received a copy of the GNU General Public License
27  * along with this program; if not, write to the Free Software
28  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
29  *
30  * As a special exemption, M Moeller gives permission to link this program
31  * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute
32  * the resulting executable, without including the source code for
33  * the Libraries in the source distribution.
34  *
35  * -----------------------------------------------------------------------------
36  */
37 
38 #ifndef SQUID_SRC_AUTH_NEGOTIATE_KERBEROS_NEGOTIATE_KERBEROS_H
39 #define SQUID_SRC_AUTH_NEGOTIATE_KERBEROS_NEGOTIATE_KERBEROS_H
40 
41 #include <cstring>
42 #include <ctime>
43 #if HAVE_NETDB_H
44 #include <netdb.h>
45 #endif
46 #if HAVE_UNISTD_H
47 #include <unistd.h>
48 #endif
49 
50 #include "base64.h"
51 #include "compat/krb5.h"
52 #include "util.h"
53 
54 #if HAVE_GSS_H
55 #include <gss.h>
56 #endif
57 
58 #if USE_APPLE_KRB5
59 #define GSSKRB_APPLE_DEPRECATED(x)
60 #endif
61 #if HAVE_GSSAPI_GSSAPI_H
62 #include <gssapi/gssapi.h>
63 #elif HAVE_GSSAPI_H
64 #include <gssapi.h>
65 #endif
66 #if HAVE_GSSAPI_GSSAPI_KRB5_H
67 #include <gssapi/gssapi_krb5.h>
68 #endif
69 #if HAVE_GSSAPI_GSSAPI_GENERIC_H
70 #include <gssapi/gssapi_generic.h>
71 #endif
72 #if HAVE_GSSAPI_GSSAPI_EXT_H
73 #include <gssapi/gssapi_ext.h>
74 #endif
75 
76 #ifndef gss_nt_service_name
77 #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
78 #endif
79 
80 #define PROGRAM "negotiate_kerberos_auth"
81 
82 #ifndef MAX_AUTHTOKEN_LEN
83 #define MAX_AUTHTOKEN_LEN 65535
84 #endif
85 #ifndef SQUID_KERB_AUTH_VERSION
86 #define SQUID_KERB_AUTH_VERSION "3.1.0sq"
87 #endif
88 
89 char *gethost_name(void);
90 
91 static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
92 
93 inline const char *
94 LogTime()
95 {
96  struct timeval now;
97  static time_t last_t = 0;
98  static char buf[128];
99 
100  gettimeofday(&now, nullptr);
101  if (now.tv_sec != last_t) {
102  struct tm *tm;
103  tm = localtime((time_t *) & now.tv_sec);
104  strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
105  last_t = now.tv_sec;
106  }
107  return buf;
108 }
109 
110 int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status,
111  const char *function, int log, int sout);
112 
113 char *gethost_name(void);
114 
115 #if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
116 #define HAVE_PAC_SUPPORT 1
117 #define MAX_PAC_GROUP_SIZE 200*60
118 typedef struct {
119  uint16_t length;
120  uint16_t maxlength;
121  uint32_t pointer;
122 } RPC_UNICODE_STRING;
123 
124 void align(int n);
125 void getustr(RPC_UNICODE_STRING *string);
126 char **getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount);
127 char *getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t GroupCount);
128 char *getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount);
129 uint64_t get6byt_be(void);
130 uint32_t get4byt(void);
131 uint16_t get2byt(void);
132 uint8_t get1byt(void);
133 char *xstrcpy( char *src, const char*dst);
134 char *xstrcat( char *src, const char*dst);
135 int checkustr(RPC_UNICODE_STRING *string);
136 char *get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac);
137 #else
138 #define HAVE_PAC_SUPPORT 0
139 #endif
140 int check_k5_err(krb5_context context, const char *msg, krb5_error_code code);
141 
142 #endif /* SQUID_SRC_AUTH_NEGOTIATE_KERBEROS_NEGOTIATE_KERBEROS_H */
143 
check_gss_err
int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char *function, int log, int sout)
log
void log(char *format,...)
LogTime
const char * LogTime()
Definition: negotiate_kerberos.h:94
check_k5_err
int check_k5_err(krb5_context context, const char *msg, krb5_error_code code)
ntlmProtocol
static const unsigned char ntlmProtocol[]
Definition: negotiate_kerberos.h:91
code
int code
Definition: smb-errors.c:145
gethost_name
char * gethost_name(void)

 

Introduction

Documentation

Support

Miscellaneous