Hello, Alex, I have posted a PR: https://github.com/squid-cache/squid/pull/1597
This is my first contribution to open source. Could you please verify if everything is OK. Kind regards, Ankor. чт, 16 нояб. 2023 г. в 17:01, Alex Rousskov < rouss...@measurement-factory.com>: > On 2023-11-16 07:48, Andrey K wrote: > > > I have slightly patched the negotiate_kerberos_pac.cc to > > implement ResourceGropIds-block parsing. > > Please consider posting tested changes as a GitHub Pull Request: > https://wiki.squid-cache.org/MergeProcedure#pull-request > > > Thank you, > > Alex. > > > > Maybe it will be useful for the community. > > This patch can be included in future Squid-releases. > > > > Kind regards, > > Ankor. > > > > The patch for the > > file src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc below: > > > > @@ -362,6 +362,123 @@ > > return ad_groups; > > } > > > > + > > +char * > > +get_resource_group_domain_sid(uint32_t ResourceGroupDomainSid){ > > + > > + if (ResourceGroupDomainSid!= 0) { > > + uint8_t rev; > > + uint64_t idauth; > > + char dli[256]; > > + char *ag; > > + int l; > > + > > + align(4); > > + > > + uint32_t nauth = get4byt(); > > + > > + size_t length = 1+1+6+nauth*4; > > + > > + ag=(char *)xcalloc((length+1)*sizeof(char),1); > > + // the first byte is a length of the SID > > + ag[0] = (char) length; > > + memcpy((void *)&ag[1],(const void*)&p[bpos],1); > > + memcpy((void *)&ag[2],(const void*)&p[bpos+1],1); > > + ag[2] = ag[2]+1; > > + memcpy((void *)&ag[3],(const void*)&p[bpos+2],6+nauth*4); > > + > > + > > + > > + /* mainly for debug only */ > > + rev = get1byt(); > > + bpos = bpos + 1; /*nsub*/ > > + idauth = get6byt_be(); > > + > > + snprintf(dli,sizeof(dli),"S-%d-%lu",rev,(long unsigned > int)idauth); > > + for ( l=0; l<(int)nauth; l++ ) { > > + uint32_t sauth; > > + sauth = get4byt(); > > + snprintf((char > > *)&dli[strlen(dli)],sizeof(dli)-strlen(dli),"-%u",sauth); > > + } > > + debug((char *) "%s| %s: INFO: Got ResourceGroupDomainSid %s\n", > > LogTime(), PROGRAM, dli); > > + return ag; > > + } > > + > > + return NULL; > > +} > > + > > +char * > > +get_resource_groups(char *ad_groups, char *resource_group_domain_sid, > > uint32_t ResourceGroupIds, uint32_t ResourceGroupCount){ > > + size_t group_domain_sid_len = resource_group_domain_sid[0]; > > + char *ag; > > + size_t length; > > + > > + resource_group_domain_sid++; //now it points to the actual data > > + > > + > > + if (ResourceGroupIds!= 0) { > > + uint32_t ngroup; > > + int l; > > + > > + align(4); > > + ngroup = get4byt(); > > + if ( ngroup != ResourceGroupCount) { > > + debug((char *) "%s| %s: ERROR: Group encoding error => > > ResourceGroupCount: %d Array size: %d\n", > > + LogTime(), PROGRAM, ResourceGroupCount, ngroup); > > + return NULL; > > + } > > + debug((char *) "%s| %s: INFO: Found %d Resource Group rids\n", > > LogTime(), PROGRAM, ResourceGroupCount); > > + > > + //make a group template which begins with the > ResourceGroupDomainID > > + length = group_domain_sid_len+4; //+4 for a rid > > + ag=(char *)xcalloc(length*sizeof(char),1); > > + memcpy((void *)ag,(const void*)resource_group_domain_sid, > > group_domain_sid_len); > > + > > + > > + for ( l=0; l<(int)ResourceGroupCount; l++) { > > + uint32_t sauth; > > + memcpy((void *)&ag[group_domain_sid_len],(const > > void*)&p[bpos],4); > > + > > + if (!pstrcat(ad_groups," group=")) { > > + debug((char *) "%s| %s: WARN: Too many groups ! size > > > %d : %s\n", > > + LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, > ad_groups); > > + xfree(ag); > > + return NULL; > > + } > > + > > + > > + struct base64_encode_ctx ctx; > > + base64_encode_init(&ctx); > > + const uint32_t expectedSz = base64_encode_len(length) +1 /* > > terminator */; > > + char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1)); > > + size_t blen = base64_encode_update(&ctx, b64buf, length, > > reinterpret_cast<uint8_t*>(ag)); > > + blen += base64_encode_final(&ctx, b64buf+blen); > > + b64buf[expectedSz-1] = '\0'; > > + if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) { > > + debug((char *) "%s| %s: WARN: Too many groups ! size > > > %d : %s\n", > > + LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, > ad_groups); > > + xfree(ag); > > + xfree(b64buf); > > + return NULL; > > + } > > + xfree(b64buf); > > + > > + > > + > > + sauth = get4byt(); > > + debug((char *) "%s| %s: Info: Got rid: %u\n", LogTime(), > > PROGRAM, sauth); > > + /* attribute */ > > + bpos = bpos+4; > > + } > > + > > + xfree(ag); > > + return ad_groups; > > + } > > + > > + return NULL; > > +} > > + > > + > > char * > > get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac) > > { > > @@ -379,14 +496,14 @@ > > uint32_t LogonDomainId=0; > > uint32_t SidCount=0; > > uint32_t ExtraSids=0; > > - /* > > uint32_t ResourceGroupDomainSid=0; > > uint32_t ResourceGroupCount=0; > > uint32_t ResourceGroupIds=0; > > - */ > > char **Rids=NULL; > > int l=0; > > > > + char * resource_group_domain_sid=NULL; > > + > > if (!ad_groups) { > > debug((char *) "%s| %s: ERR: No space to store groups\n", > > LogTime(), PROGRAM); > > @@ -454,11 +571,11 @@ > > bpos = bpos+40; > > SidCount = get4byt(); > > ExtraSids = get4byt(); > > - /* 4 bytes ResourceGroupDomainSid > > - * 4 bytes ResourceGroupCount > > - * 4 bytes ResourceGroupIds > > - */ > > - bpos = bpos+12; > > + > > + ResourceGroupDomainSid = get4byt(); > > + ResourceGroupCount = get4byt(); > > + ResourceGroupIds = get4byt(); > > + > > /* > > * Read all data from structure => Now check pointers > > */ > > @@ -483,7 +600,15 @@ > > if ((ad_groups = getextrasids(ad_groups,ExtraSids,SidCount))==NULL) > > goto k5clean; > > > > + resource_group_domain_sid = > > get_resource_group_domain_sid(ResourceGroupDomainSid); > > + if(resource_group_domain_sid && ResourceGroupCount && > > ResourceGroupIds){ > > + get_resource_groups(ad_groups, resource_group_domain_sid, > > ResourceGroupIds, ResourceGroupCount); > > + } > > + > > debug((char *) "%s| %s: INFO: Read %d of %d bytes \n", LogTime(), > > PROGRAM, bpos, (int)ad_data->length); > > + > > + if(resource_group_domain_sid) xfree(resource_group_domain_sid); > > + > > if (Rids) { > > for ( l=0; l<(int)GroupCount; l++) { > > xfree(Rids[l]); > > @@ -493,6 +618,8 @@ > > krb5_free_data(context, ad_data); > > return ad_groups; > > k5clean: > > + if(resource_group_domain_sid) xfree(resource_group_domain_sid); > > + > > if (Rids) { > > for ( l=0; l<(int)GroupCount; l++) { > > xfree(Rids[l]); > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > https://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users