'[PECL-CVS] =?utf-8?q?svn:_/pecl/krb5/trunk/_negotiate=5Fauth.c?='

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pecl-cvs
Subject:    [PECL-CVS] =?utf-8?q?svn:_/pecl/krb5/trunk/_negotiate=5Fauth.c?=
From:       Moritz_Bechler <mbechler () php ! net>
Date:       2017-05-23 11:12:18
Message-ID: svn-mbechler-1495537938-342494-1662939674 () svn ! php ! net
[Download RAW message or body]

mbechler                                 Tue, 23 May 2017 11:12:18 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=342494

Log:
Allow overriding SPN for NegotiateAuth.

Changed paths:
    U   pecl/krb5/trunk/negotiate_auth.c

Modified: pecl/krb5/trunk/negotiate_auth.c
===================================================================
--- pecl/krb5/trunk/negotiate_auth.c	2017-05-22 16:33:58 UTC (rev 342493)
+++ pecl/krb5/trunk/negotiate_auth.c	2017-05-23 11:12:18 UTC (rev 342494)
@@ -59,6 +59,7 @@

 ZEND_BEGIN_ARG_INFO_EX(arginfo_KRB5NegotiateAuth__construct, 0, 0, 1)
 	ZEND_ARG_INFO(0, keytab)
+	ZEND_ARG_INFO(0, spn)
 ZEND_END_ARG_INFO()

 ZEND_BEGIN_ARG_INFO_EX(arginfo_KRB5NegotiateAuth_getDelegatedCredentials, 0, 0, 1)
@@ -190,7 +191,7 @@


 /** KRB5NegotiateAuth Methods **/
-/* {{{ proto bool KRB5NegotiateAuth::__construct( string $keytab )
+/* {{{ proto bool KRB5NegotiateAuth::__construct( string $keytab [, string $spn ] )
    Initialize KRB5NegotitateAuth object with a keytab to use  */
 PHP_METHOD(KRB5NegotiateAuth, __construct)
 {
@@ -198,10 +199,12 @@
 	OM_uint32 status, minor_status;
 	krb5_negotiate_auth_object *object;
 	char *keytab;
+	char *spn = NULL;
 	strsize_t keytab_len = 0;
+	strsize_t spn_len = 0;

 	KRB5_SET_ERROR_HANDLING(EH_THROW);
-	if(zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ARG_PATH, &keytab, &keytab_len) \
== FAILURE) { +	if(zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ARG_PATH "|s", \
&keytab, &keytab_len, &spn, &spn_len) == FAILURE) {  RETURN_FALSE;
 	}
 	KRB5_SET_ERROR_HANDLING(EH_NORMAL);
@@ -209,35 +212,49 @@
 	object = KRB5_THIS_NEGOTIATE_AUTH;

 	/* lookup server's FQDN */
-	zval *server, *server_name;
-	server = zend_compat_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"));
-	if ( server != NULL ) {
-		server_name = zend_compat_hash_find(HASH_OF(server), "SERVER_NAME", \
                sizeof("SERVER_NAME"));
-		if ( server_name != NULL ) {
-			char *hostname = Z_STRVAL_P(server_name);
-			struct hostent* host = gethostbyname(hostname);
+	if ( spn == NULL ) {
+		zval *server, *server_name;
+		server = zend_compat_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"));
+		if ( server != NULL ) {
+			server_name = zend_compat_hash_find(HASH_OF(server), "SERVER_NAME", \
sizeof("SERVER_NAME")); +			if ( server_name != NULL ) {
+				char *hostname = Z_STRVAL_P(server_name);
+				struct hostent* host = gethostbyname(hostname);

-			if(!host) {
-				zend_throw_exception(NULL, "Failed to get server FQDN - Lookup failure", 0 \
                TSRMLS_CC);
-				return;
-			}
+				if(!host) {
+					zend_throw_exception(NULL, "Failed to get server FQDN - Lookup failure", 0 \
TSRMLS_CC); +					return;
+				}

-			nametmp.length = strlen(host->h_name) + 6;
-			nametmp.value = emalloc(sizeof(char)*nametmp.length);
-			snprintf(nametmp.value, nametmp.length, "HTTP@%s",host->h_name);
+				nametmp.length = strlen(host->h_name) + 6;
+				nametmp.value = emalloc(sizeof(char)*nametmp.length);
+				snprintf(nametmp.value, nametmp.length, "HTTP@%s",host->h_name);

-			status = gss_import_name(&minor_status, &nametmp,
-							GSS_C_NT_HOSTBASED_SERVICE, &object->servname);
+				status = gss_import_name(&minor_status, &nametmp,
+								GSS_C_NT_HOSTBASED_SERVICE, &object->servname);

-			if(GSS_ERROR(status)) {
-				php_krb5_gssapi_handle_error(status, minor_status TSRMLS_CC);
-				zend_throw_exception(NULL, "Could not parse server name", 0 TSRMLS_CC);
+				if(GSS_ERROR(status)) {
+					php_krb5_gssapi_handle_error(status, minor_status TSRMLS_CC);
+					zend_throw_exception(NULL, "Could not parse server name", 0 TSRMLS_CC);
+					return;
+				}
+
+				efree(nametmp.value);
+			} else {
+				zend_throw_exception(NULL, "Failed to get server FQDN", 0 TSRMLS_CC);
 				return;
 			}
+		}
+	} else {
+		nametmp.length = spn_len;
+		nametmp.value = spn;

-			efree(nametmp.value);
-		} else {
-			zend_throw_exception(NULL, "Failed to get server FQDN", 0 TSRMLS_CC);
+		status = gss_import_name(&minor_status, &nametmp,
+						(gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME, &object->servname);
+
+		if(GSS_ERROR(status)) {
+			php_krb5_gssapi_handle_error(status, minor_status TSRMLS_CC);
+			zend_throw_exception(NULL, "Could not parse server name", 0 TSRMLS_CC);
 			return;
 		}
 	}



-- 
PECL CVS Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic