static void *mag_create_server_config(apr_pool_t *p, server_rec *s)
{
struct mag_server_config *scfg;
uint32_t maj, min;
apr_status_t rc;
scfg = apr_pcalloc(p, sizeof(struct mag_server_config));
maj = gss_indicate_mechs(&min, &scfg->default_mechs);
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"gss_indicate_mechs() failed");
} else {
/* Register the set in pool */
apr_pool_cleanup_register(p, (void *)scfg->default_mechs,
mag_oid_set_destroy, apr_pool_cleanup_null);
}
rc = SEAL_KEY_CREATE(p, &scfg->mag_skey, NULL);
if (rc != OK) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Failed to generate random sealing key!");
}
return scfg;
}
void mag_attempt_session(request_rec *req,
struct mag_config *cfg, struct mag_conn *mc)
{
session_rec *sess = NULL;
char *sessval = NULL;
struct databuf plainbuf = { 0 };
struct databuf cipherbuf = { 0 };
struct databuf ctxbuf = { 0 };
apr_status_t rc;
/* we save the session only if the authentication is established */
if (!mc->established) return;
rc = mag_session_load(req, &sess);
if (rc != OK || sess == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, req,
"Sessions not available, can't send cookies!");
return;
}
if (!cfg->mag_skey) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, req,
"Session key not available, generating new one.");
rc = SEAL_KEY_CREATE(cfg->pool, &cfg->mag_skey, NULL);
if (rc != OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req,
"Failed to create sealing key!");
return;
}
}
sessval = apr_psprintf(req->pool, "%ld:%s:%s",
(long)mc->expiration, mc->user_name, mc->gss_name);
if (!sessval) return;
plainbuf.length = strlen(sessval) + 1;
plainbuf.value = (unsigned char *)sessval;
rc = SEAL_BUFFER(req->pool, cfg->mag_skey, &plainbuf, &cipherbuf);
if (rc != OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req,
"Failed to seal session data!");
return;
}
ctxbuf.length = apr_base64_encode_len(cipherbuf.length);
ctxbuf.value = apr_pcalloc(req->pool, ctxbuf.length);
if (!ctxbuf.value) return;
ctxbuf.length = apr_base64_encode((char *)ctxbuf.value,
(char *)cipherbuf.value,
cipherbuf.length);
rc = mag_session_set(req, sess, MAG_BEARER_KEY, (char *)ctxbuf.value);
if (rc != OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req,
"Failed to set session data!");
return;
}
}
static const char *mag_sess_key(cmd_parms *parms, void *mconfig, const char *w)
{
struct mag_config *cfg = (struct mag_config *)mconfig;
struct databuf keys;
unsigned char *val;
apr_status_t rc;
const char *k;
int l;
if (strncmp(w, "key:", 4) != 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"Invalid key format, expected prefix 'key:'");
return NULL;
}
k = w + 4;
l = apr_base64_decode_len(k);
val = apr_palloc(parms->temp_pool, l);
keys.length = (int)apr_base64_decode_binary(val, k);
keys.value = (unsigned char *)val;
if (keys.length != 32) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"Invalid key length, expected 32 got %d", keys.length);
return NULL;
}
rc = SEAL_KEY_CREATE(cfg->pool, &cfg->mag_skey, &keys);
if (rc != OK) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"Failed to import sealing key!");
}
return NULL;
}
