2
* -----------------------------------------------------------------------------
4
* Author: Markus Moeller (markus_moeller at compuserve.com)
6
* Copyright (C) 2007 Markus Moeller. All rights reserved.
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; either version 2 of the License, or
11
* (at your option) any later version.
13
* This program is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with this program; if not, write to the Free Software
20
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22
* -----------------------------------------------------------------------------
25
* Hosted at http://sourceforge.net/projects/squidkerbauth
28
#include "ska_config.h"
56
#if !defined(HAVE_DECL_XMALLOC) || !HAVE_DECL_XMALLOC
57
#define xmalloc malloc
59
#if !defined(HAVE_DECL_XSTRDUP) || !HAVE_DECL_XSTRDUP
60
#define xstrdup strdup
65
static const char *LogTime(void);
67
int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char* function);
69
const char *squid_kerb_proxy_auth(char *proxy);
71
#define PROGRAM "squid_kerb_auth_test"
73
static const char *LogTime()
77
static time_t last_t = 0;
80
gettimeofday(&now, NULL);
81
if (now.tv_sec != last_t) {
82
// FreeBSD defines tv_sec as long in non-ARM systems with a TODO note
83
time_t tmp = now.tv_sec;
85
strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
92
#ifndef gss_mech_spnego
93
static gss_OID_desc _gss_mech_spnego = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
94
gss_OID gss_mech_spnego = &_gss_mech_spnego;
98
int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char* function)
100
if (GSS_ERROR(major_status)) {
101
OM_uint32 maj_stat,min_stat;
102
OM_uint32 msg_ctx = 0;
103
gss_buffer_desc status_string;
110
/* convert major status code (GSS-API error) to text */
111
maj_stat = gss_display_status(&min_stat, major_status,
114
&msg_ctx, &status_string);
115
if (maj_stat == GSS_S_COMPLETE) {
116
if (sizeof(buf) > len + status_string.length + 1) {
117
sprintf(buf+len, "%s", (char*) status_string.value);
118
len += status_string.length;
120
gss_release_buffer(&min_stat, &status_string);
123
gss_release_buffer(&min_stat, &status_string);
125
if (sizeof(buf) > len + 2) {
126
sprintf(buf+len, "%s", ". ");
131
/* convert minor status code (underlying routine error) to text */
132
maj_stat = gss_display_status(&min_stat, minor_status,
135
&msg_ctx, &status_string);
136
if (maj_stat == GSS_S_COMPLETE) {
137
if (sizeof(buf) > len + status_string.length ) {
138
sprintf(buf+len, "%s", (char*) status_string.value);
139
len += status_string.length;
141
gss_release_buffer(&min_stat, &status_string);
144
gss_release_buffer(&min_stat, &status_string);
146
fprintf(stderr, "%s| %s: %s failed: %s\n", LogTime(), PROGRAM, function, buf);
152
const char *squid_kerb_proxy_auth(char *proxy)
154
OM_uint32 major_status, minor_status;
155
gss_ctx_id_t gss_context = GSS_C_NO_CONTEXT;
156
gss_name_t server_name = GSS_C_NO_NAME;
157
gss_buffer_desc service = GSS_C_EMPTY_BUFFER;
158
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
159
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
166
fprintf(stderr, "%s| %s: Error: No proxy server name\n", LogTime(), PROGRAM);
170
service.value = xmalloc(strlen("HTTP")+strlen(proxy)+2);
171
snprintf(service.value,strlen("HTTP")+strlen(proxy)+2,"%s@%s","HTTP",proxy);
172
service.length = strlen((char *)service.value);
174
major_status = gss_import_name(&minor_status, &service,
175
gss_nt_service_name, &server_name);
177
if (check_gss_err(major_status,minor_status,"gss_import_name()") )
180
major_status = gss_init_sec_context(&minor_status,
191
GSS_C_NO_CHANNEL_BINDINGS,
198
if (check_gss_err(major_status,minor_status,"gss_init_sec_context()") )
201
if (output_token.length) {
202
token=xmalloc(ska_base64_encode_len(output_token.length));
203
ska_base64_encode(token,(const char*)output_token.value,ska_base64_encode_len(output_token.length),output_token.length);
208
gss_delete_sec_context(&minor_status, &gss_context, NULL);
209
gss_release_buffer(&minor_status, &service);
210
gss_release_buffer(&minor_status, &input_token);
211
gss_release_buffer(&minor_status, &output_token);
212
gss_release_name(&minor_status, &server_name);
217
int main(int argc, char *argv[])
223
fprintf(stderr, "%s| %s: Error: No proxy server name given\n", LogTime(), PROGRAM);
226
Token = (const char *)squid_kerb_proxy_auth(argv[1]);
227
fprintf(stdout,"Token: %s\n",Token?Token:"NULL");