← Back to branch summary

~clint-fewbar/ubuntu/precise/squid3/ignore-sighup-early

« back to all changes in this revision

Viewing changes to helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth_test.c

  • Committer: Bazaar Package Importer
  • Author(s): Luigi Gangitano
  • Date: 2009-09-24 14:51:06 UTC
  • mfrom: (1.1.12 upstream)
  • mto: (20.2.1 sid)
  • mto: This revision was merged to the branch mainline in revision 21.
  • Revision ID: james.westby@ubuntu.com-20090924145106-38jgrzmj0d73pha5
Tags: 3.1.0.13-1
http://bugs.debian.org/523943
http://bugs.debian.org/432351
* Upload to experimental

* New upstream release
  - Fixes Follow-X-Forwarded-For support (Closes: #523943)
  - Adds IPv6 support (Closes: #432351)

* debian/rules
  - Removed obsolete configuration options
  - Enable db and radius basic authentication modules

* debian/patches/01-cf.data.debian
  - Adapted to new upstream version

* debian/patches/02-makefile-defaults
  - Adapted to new upstream version

* debian/{squid.postinst,squid.rc,README.Debian,watch}
  - Updated references to squid 3.1

* debian/squid3.install
  - Install CSS file for error pages
  - Install manual pages for new authentication modules

* debian/squid3-common.install
  - Install documented version of configuration file in /usr/share/doc/squid3

Show diffs side-by-side

added added

removed removed

Lines of Context:
helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth_test.c
 
1
/*
 
2
 * -----------------------------------------------------------------------------
 
3
 *
 
4
 * Author: Markus Moeller (markus_moeller at compuserve.com)
 
5
 *
 
6
 * Copyright (C) 2007 Markus Moeller. All rights reserved.
 
7
 *
 
8
 *   This program is free software; you can redistribute it and/or modify
 
9
 *   it under the terms of the GNU General Public License as published by
 
10
 *   the Free Software Foundation; either version 2 of the License, or
 
11
 *   (at your option) any later version.
 
12
 *
 
13
 *   This program is distributed in the hope that it will be useful,
 
14
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 
15
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
16
 *   GNU General Public License for more details.
 
17
 *
 
18
 *   You should have received a copy of the GNU General Public License
 
19
 *   along with this program; if not, write to the Free Software
 
20
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
 
21
 *
 
22
 * -----------------------------------------------------------------------------
 
23
 */
 
24
/*
 
25
 * Hosted at http://sourceforge.net/projects/squidkerbauth
 
26
 */
 
27
 
 
28
#include "ska_config.h"
 
29
 
 
30
#if HAVE_STRING_H
 
31
#include <string.h>
 
32
#endif
 
33
#if HAVE_STDIO_H
 
34
#include <stdio.h>
 
35
#endif
 
36
#if HAVE_STDLIB_H
 
37
#include <stdlib.h>
 
38
#endif
 
39
#if HAVE_NETDB_H
 
40
#include <netdb.h>
 
41
#endif
 
42
#if HAVE_UNISTD_H
 
43
#include <unistd.h>
 
44
#endif
 
45
#if HAVE_TIME_H
 
46
#include <time.h>
 
47
#endif
 
48
#if HAVE_SYS_TIME_H
 
49
#include <sys/time.h>
 
50
#endif
 
51
#if HAVE_ERRNO_H
 
52
#include <errno.h>
 
53
#endif
 
54
 
 
55
 
 
56
#if !defined(HAVE_DECL_XMALLOC) || !HAVE_DECL_XMALLOC
 
57
#define xmalloc malloc
 
58
#endif
 
59
#if !defined(HAVE_DECL_XSTRDUP) || !HAVE_DECL_XSTRDUP
 
60
#define xstrdup strdup
 
61
#endif
 
62
 
 
63
#include "base64.h"
 
64
 
 
65
static const char *LogTime(void);
 
66
 
 
67
int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char* function);
 
68
 
 
69
const char *squid_kerb_proxy_auth(char *proxy);
 
70
 
 
71
#define PROGRAM "squid_kerb_auth_test"
 
72
 
 
73
static const char *LogTime()
 
74
{
 
75
    struct tm *tm;
 
76
    struct timeval now;
 
77
    static time_t last_t = 0;
 
78
    static char buf[128];
 
79
 
 
80
    gettimeofday(&now, NULL);
 
81
    if (now.tv_sec != last_t) {
 
82
        // FreeBSD defines tv_sec as long in non-ARM systems with a TODO note
 
83
        time_t tmp = now.tv_sec;
 
84
        tm = localtime(&tmp);
 
85
        strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
 
86
        last_t = now.tv_sec;
 
87
    }
 
88
    return buf;
 
89
}
 
90
 
 
91
#ifdef HAVE_SPNEGO
 
92
#ifndef gss_mech_spnego
 
93
static gss_OID_desc _gss_mech_spnego  = {6, (void *)"\x2b\x06\x01\x05\x05\x02"};
 
94
gss_OID gss_mech_spnego = &_gss_mech_spnego;
 
95
#endif
 
96
#endif
 
97
 
 
98
int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, const char* function)
 
99
{
 
100
    if (GSS_ERROR(major_status)) {
 
101
        OM_uint32 maj_stat,min_stat;
 
102
        OM_uint32 msg_ctx = 0;
 
103
        gss_buffer_desc status_string;
 
104
        char buf[1024];
 
105
        size_t len;
 
106
 
 
107
        len = 0;
 
108
        msg_ctx = 0;
 
109
        while (!msg_ctx) {
 
110
            /* convert major status code (GSS-API error) to text */
 
111
            maj_stat = gss_display_status(&min_stat, major_status,
 
112
                                          GSS_C_GSS_CODE,
 
113
                                          GSS_C_NULL_OID,
 
114
                                          &msg_ctx, &status_string);
 
115
            if (maj_stat == GSS_S_COMPLETE) {
 
116
                if (sizeof(buf) > len + status_string.length + 1) {
 
117
                    sprintf(buf+len, "%s", (char*) status_string.value);
 
118
                    len += status_string.length;
 
119
                }
 
120
                gss_release_buffer(&min_stat, &status_string);
 
121
                break;
 
122
            }
 
123
            gss_release_buffer(&min_stat, &status_string);
 
124
        }
 
125
        if (sizeof(buf) > len + 2) {
 
126
            sprintf(buf+len, "%s", ". ");
 
127
            len += 2;
 
128
        }
 
129
        msg_ctx = 0;
 
130
        while (!msg_ctx) {
 
131
            /* convert minor status code (underlying routine error) to text */
 
132
            maj_stat = gss_display_status(&min_stat, minor_status,
 
133
                                          GSS_C_MECH_CODE,
 
134
                                          GSS_C_NULL_OID,
 
135
                                          &msg_ctx, &status_string);
 
136
            if (maj_stat == GSS_S_COMPLETE) {
 
137
                if (sizeof(buf) > len + status_string.length ) {
 
138
                    sprintf(buf+len, "%s", (char*) status_string.value);
 
139
                    len += status_string.length;
 
140
                }
 
141
                gss_release_buffer(&min_stat, &status_string);
 
142
                break;
 
143
            }
 
144
            gss_release_buffer(&min_stat, &status_string);
 
145
        }
 
146
        fprintf(stderr, "%s| %s: %s failed: %s\n", LogTime(), PROGRAM, function, buf);
 
147
        return(1);
 
148
    }
 
149
    return(0);
 
150
}
 
151
 
 
152
const char *squid_kerb_proxy_auth(char *proxy)
 
153
{
 
154
    OM_uint32 major_status, minor_status;
 
155
    gss_ctx_id_t          gss_context = GSS_C_NO_CONTEXT;
 
156
    gss_name_t            server_name = GSS_C_NO_NAME;
 
157
    gss_buffer_desc       service = GSS_C_EMPTY_BUFFER;
 
158
    gss_buffer_desc       input_token = GSS_C_EMPTY_BUFFER;
 
159
    gss_buffer_desc       output_token = GSS_C_EMPTY_BUFFER;
 
160
    char   *token = NULL;
 
161
 
 
162
    setbuf(stdout,NULL);
 
163
    setbuf(stdin,NULL);
 
164
 
 
165
    if (!proxy ) {
 
166
        fprintf(stderr, "%s| %s: Error: No proxy server name\n", LogTime(), PROGRAM);
 
167
        return NULL;
 
168
    }
 
169
 
 
170
    service.value = xmalloc(strlen("HTTP")+strlen(proxy)+2);
 
171
    snprintf(service.value,strlen("HTTP")+strlen(proxy)+2,"%s@%s","HTTP",proxy);
 
172
    service.length = strlen((char *)service.value);
 
173
 
 
174
    major_status = gss_import_name(&minor_status, &service,
 
175
                                   gss_nt_service_name, &server_name);
 
176
 
 
177
    if (check_gss_err(major_status,minor_status,"gss_import_name()") )
 
178
        goto cleanup;
 
179
 
 
180
    major_status = gss_init_sec_context(&minor_status,
 
181
                                        GSS_C_NO_CREDENTIAL,
 
182
                                        &gss_context,
 
183
                                        server_name,
 
184
#ifdef HAVE_SPNEGO
 
185
                                        gss_mech_spnego,
 
186
#else
 
187
                                        0,
 
188
#endif
 
189
                                        0,
 
190
                                        0,
 
191
                                        GSS_C_NO_CHANNEL_BINDINGS,
 
192
                                        &input_token,
 
193
                                        NULL,
 
194
                                        &output_token,
 
195
                                        NULL,
 
196
                                        NULL);
 
197
 
 
198
    if (check_gss_err(major_status,minor_status,"gss_init_sec_context()") )
 
199
        goto cleanup;
 
200
 
 
201
    if (output_token.length) {
 
202
        token=xmalloc(ska_base64_encode_len(output_token.length));
 
203
        ska_base64_encode(token,(const char*)output_token.value,ska_base64_encode_len(output_token.length),output_token.length);
 
204
    }
 
205
 
 
206
 
 
207
cleanup:
 
208
    gss_delete_sec_context(&minor_status, &gss_context, NULL);
 
209
    gss_release_buffer(&minor_status, &service);
 
210
    gss_release_buffer(&minor_status, &input_token);
 
211
    gss_release_buffer(&minor_status, &output_token);
 
212
    gss_release_name(&minor_status, &server_name);
 
213
 
 
214
    return token;
 
215
}
 
216
 
 
217
int main(int argc, char *argv[])
 
218
{
 
219
 
 
220
    const char *Token;
 
221
 
 
222
    if (argc < 1) {
 
223
        fprintf(stderr, "%s| %s: Error: No proxy server name given\n", LogTime(), PROGRAM);
 
224
        exit(99);
 
225
    }
 
226
    Token = (const char *)squid_kerb_proxy_auth(argv[1]);
 
227
    fprintf(stdout,"Token: %s\n",Token?Token:"NULL");
 
228
 
 
229
    exit(0);
 
230
}
 
231