void ne_session_proxy(ne_session *sess, const char *hostname,
unsigned int port)
{
free_proxies(sess);
sess->proxies = ne_calloc(sizeof *sess->proxies);
sess->any_proxy_http = 1;
set_hostinfo(sess->proxies, PROXY_HTTP, hostname, port);
}
void ne_session_destroy(ne_session *sess)
{
NE_DEBUG_WINSCP_CONTEXT(sess);
struct hook *hk;
NE_DEBUG(NE_DBG_HTTP, "sess: Destroying session.\n");
/* Run the destroy hooks. */
for (hk = sess->destroy_sess_hooks; hk != NULL; hk = hk->next) {
ne_destroy_sess_fn fn = (ne_destroy_sess_fn)hk->fn;
fn(hk->userdata);
}
/* Close the connection; note that the notifier callback could
* still be invoked here. */
if (sess->connected) {
ne_close_connection(sess);
}
destroy_hooks(sess->create_req_hooks);
destroy_hooks(sess->pre_send_hooks);
destroy_hooks(sess->post_headers_hooks);
destroy_hooks(sess->post_send_hooks);
destroy_hooks(sess->destroy_req_hooks);
destroy_hooks(sess->destroy_sess_hooks);
destroy_hooks(sess->close_conn_hooks);
destroy_hooks(sess->private);
ne_free(sess->scheme);
free_hostinfo(&sess->server);
free_proxies(sess);
if (sess->user_agent) ne_free(sess->user_agent);
if (sess->socks_user) ne_free(sess->socks_user);
if (sess->socks_password) ne_free(sess->socks_password);
#ifdef NE_HAVE_SSL
if (sess->ssl_context)
ne_ssl_context_destroy(sess->ssl_context);
if (sess->server_cert)
ne_ssl_cert_free(sess->server_cert);
if (sess->client_cert)
ne_ssl_clicert_free(sess->client_cert);
#endif
ne_free(sess);
}
void ne_session_socks_proxy(ne_session *sess, enum ne_sock_sversion vers,
const char *hostname, unsigned int port,
const char *username, const char *password)
{
free_proxies(sess);
sess->proxies = ne_calloc(sizeof *sess->proxies);
set_hostinfo(sess->proxies, PROXY_SOCKS, hostname, port);
sess->socks_ver = vers;
if (username) sess->socks_user = ne_strdup(username);
if (password) sess->socks_password = ne_strdup(password);
}
void ne_set_addrlist2(ne_session *sess, unsigned int port,
const ne_inet_addr **addrs, size_t n)
{
struct host_info *hi, **lasthi;
size_t i;
free_proxies(sess);
lasthi = &sess->proxies;
for (i = 0; i < n; i++) {
*lasthi = hi = ne_calloc(sizeof *hi);
hi->proxy = PROXY_NONE;
hi->network = addrs[i];
hi->port = port;
lasthi = &hi->next;
}
}
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
char *user, *pw;
char *service;
char **proxies;
char netid[14];
int i, success;
Flags f = NONE;
/* initialize proxy array */
proxies = (char **)malloc(sizeof(char **));
proxies[0] = NULL;
/* get username and password */
if (pam_get_user(pamh, (const char**) &user, NULL) != PAM_SUCCESS)
return PAM_AUTH_ERR;
if (pam_get_item(pamh, PAM_AUTHTOK, (const void**) &pw) != PAM_SUCCESS)
return PAM_AUTH_ERR;
/*
* Abort if the password doesn't look like a ticket. This speeds things
* up and reduces the likelihood that the user's password will end up
* in an HTTPD log.
*/
if ((strncmp(CAS_BEGIN_PT, pw, strlen(CAS_BEGIN_PT)) != 0)
&& (strncmp(CAS_BEGIN_ST, pw, strlen(CAS_BEGIN_ST)) != 0))
return PAM_AUTH_ERR;
/* prepare log */
openlog("PAM_cas", LOG_PID, LOG_AUTH);
/* check arguments */
for (i = 0; i < argc; i++) {
if (!strcmp(argv[i], "debug"))
f |= DEBUG;
else if (!strncmp(argv[i], "-s", 2)) {
service = strdup(argv[i] + 2);
} else if (!strncmp(argv[i], "-p", 2)) {
proxies = add_proxy(proxies, argv[i] + 2);
} else if (!strncmp(argv[i], "-e", 2)) {
/* don't let the username pass through if it's excluded */
if (!strcmp(argv[i] + 2, user)) {
syslog(LOG_NOTICE, "user '%s' is excluded from the CAS PAM",
user);
free_proxies(proxies);
return PAM_AUTH_ERR;
}
} else
syslog(LOG_ERR, "invalid option '%s'", argv[i]);
}
/* determine the CAS-authenticated username */
success = cas_validate(pw,
service,
netid,
sizeof(netid),
proxies);
/* free the memory used by the proxy array */
free_proxies(proxies);
/* Confirm the user and return appropriately. */
if ((success == CAS_SUCCESS) && (!strcmp(user, netid))) {
closelog();
return PAM_SUCCESS;
} else {
syslog(LOG_NOTICE,
"authentication failure code %d for user '%s'", success, user);
closelog();
return PAM_AUTH_ERR;
}
}
void ne_session_system_proxy(ne_session *sess, unsigned int flags)
{
#ifdef HAVE_LIBPROXY
pxProxyFactory *pxf = px_proxy_factory_new();
struct host_info *hi, **lasthi;
char *url, **proxies;
ne_uri uri;
unsigned n;
free_proxies(sess);
/* Create URI for session to pass off to libproxy */
memset(&uri, 0, sizeof uri);
ne_fill_server_uri(sess, &uri);
uri.path = "/"; /* make valid URI structure. */
url = ne_uri_unparse(&uri);
uri.path = NULL;
/* Get list of pseudo-URIs from libproxy: */
proxies = px_proxy_factory_get_proxies(pxf, url);
for (n = 0, lasthi = &sess->proxies; proxies[n]; n++) {
enum proxy_type ptype;
ne_uri_free(&uri);
NE_DEBUG(NE_DBG_HTTP, "sess: libproxy #%u=%s\n",
n, proxies[n]);
if (ne_uri_parse(proxies[n], &uri))
continue;
if (!uri.scheme) continue;
if (ne_strcasecmp(uri.scheme, "http") == 0)
ptype = PROXY_HTTP;
else if (ne_strcasecmp(uri.scheme, "socks") == 0)
ptype = PROXY_SOCKS;
else if (ne_strcasecmp(uri.scheme, "direct") == 0)
ptype = PROXY_NONE;
else
continue;
/* Hostname/port required for http/socks schemes. */
if (ptype != PROXY_NONE && !(uri.host && uri.port))
continue;
/* Do nothing if libproxy returned only a single "direct://"
* entry -- a single "direct" (noop) proxy is equivalent to
* having none. */
if (n == 0 && proxies[1] == NULL && ptype == PROXY_NONE)
break;
NE_DEBUG(NE_DBG_HTTP, "sess: Got proxy %s://%s:%d\n",
uri.scheme, uri.host ? uri.host : "(none)",
uri.port);
hi = *lasthi = ne_calloc(sizeof *hi);
if (ptype == PROXY_NONE) {
/* A "direct" URI requires an attempt to connect directly to
* the origin server, so dup the server details. */
set_hostinfo(hi, ptype, sess->server.hostname,
sess->server.port);
}
else {
/* SOCKS/HTTP proxy. */
set_hostinfo(hi, ptype, uri.host, uri.port);
if (ptype == PROXY_HTTP)
sess->any_proxy_http = 1;
else if (ptype == PROXY_SOCKS)
sess->socks_ver = NE_SOCK_SOCKSV5;
}
lasthi = &hi->next;
}
/* Free up the proxies array: */
for (n = 0; proxies[n]; n++)
free(proxies[n]);
free(proxies[n]);
ne_free(url);
ne_uri_free(&uri);
px_proxy_factory_free(pxf);
#endif
}
