Squid Web Cache master
Loading...
Searching...
No Matches
negotiate_kerberos.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 * -----------------------------------------------------------------------------
11 *
12 * Author: Markus Moeller (markus_moeller at compuserve.com)
13 *
14 * Copyright (C) 2013 Markus Moeller. All rights reserved.
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
29 *
30 * As a special exemption, M Moeller gives permission to link this program
31 * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute
32 * the resulting executable, without including the source code for
33 * the Libraries in the source distribution.
34 *
35 * -----------------------------------------------------------------------------
36 */
37
38#ifndef SQUID_SRC_AUTH_NEGOTIATE_KERBEROS_NEGOTIATE_KERBEROS_H
39#define SQUID_SRC_AUTH_NEGOTIATE_KERBEROS_NEGOTIATE_KERBEROS_H
40
41#include <cstring>
42#include <ctime>
43#if HAVE_NETDB_H
44#include <netdb.h>
45#endif
46#if HAVE_UNISTD_H
47#include <unistd.h>
48#endif
49
50#include "base64.h"
51#include "compat/krb5.h"
52#include "util.h"
53
54#if HAVE_GSS_H
55#include <gss.h>
56#endif
57
58#if USE_APPLE_KRB5
59#define GSSKRB_APPLE_DEPRECATED(x)
60#endif
61#if HAVE_GSSAPI_GSSAPI_H
62#include <gssapi/gssapi.h>
63#elif HAVE_GSSAPI_H
64#include <gssapi.h>
65#endif
66#if HAVE_GSSAPI_GSSAPI_KRB5_H
67#include <gssapi/gssapi_krb5.h>
68#endif
69#if HAVE_GSSAPI_GSSAPI_GENERIC_H
70#include <gssapi/gssapi_generic.h>
71#endif
72#if HAVE_GSSAPI_GSSAPI_EXT_H
73#include <gssapi/gssapi_ext.h>
74#endif
75
76#ifndef gss_nt_service_name
77#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
78#endif
79
80#define PROGRAM "negotiate_kerberos_auth"
81
82#ifndef MAX_AUTHTOKEN_LEN
83#define MAX_AUTHTOKEN_LEN 65535
84#endif
85#ifndef SQUID_KERB_AUTH_VERSION
86#define SQUID_KERB_AUTH_VERSION "3.1.0sq"
87#endif
88
89char *gethost_name(void);
90
91static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
92
93inline const char *
94LogTime()
95{
96 struct timeval now;
97 static time_t last_t = 0;
98 static char buf[128];
99
100 gettimeofday(&now, nullptr);
101 if (now.tv_sec != last_t) {
102 struct tm *tm;
103 tm = localtime((time_t *) & now.tv_sec);
104 strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
105 last_t = now.tv_sec;
106 }
107 return buf;
108}
109
110int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status,
111 const char *function, int log, int sout);
112
113char *gethost_name(void);
114
115#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
116#define HAVE_PAC_SUPPORT 1
117
131#define MAX_PAC_GROUP_SIZE (1024*98)
132typedef struct {
133 uint16_t length;
134 uint16_t maxlength;
135 uint32_t pointer;
136} RPC_UNICODE_STRING;
137
138void align(int n);
139void getustr(RPC_UNICODE_STRING *string);
140char **getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount);
141char *getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t GroupCount);
142char *getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount);
143uint64_t get6byt_be(void);
144uint32_t get4byt(void);
145uint16_t get2byt(void);
146uint8_t get1byt(void);
147char *xstrcpy( char *src, const char*dst);
148char *xstrcat( char *src, const char*dst);
149int checkustr(RPC_UNICODE_STRING *string);
150char *get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac);
151#else
152#define HAVE_PAC_SUPPORT 0
153#endif
154int check_k5_err(krb5_context context, const char *msg, krb5_error_code code);
155
156#endif /* SQUID_SRC_AUTH_NEGOTIATE_KERBEROS_NEGOTIATE_KERBEROS_H */
157
log
void log(char *format,...)
gethost_name
char * gethost_name(void)
LogTime
const char * LogTime()
Definition negotiate_kerberos.h:94
check_gss_err
int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char *function, int log, int sout)
check_k5_err
int check_k5_err(krb5_context context, const char *msg, krb5_error_code code)
ntlmProtocol
static const unsigned char ntlmProtocol[]
Definition negotiate_kerberos.h:91