Allow returning errors as Environment Variables

README

@@ -379,3 +379,22 @@ the default owners and/or mode will be retained.
 
 #### Example
     GssapiDelegCcachePerms mode:0660 gid:webuiworkers
+
+
+### GssapiPublishErrors
+
+This option is used to publish errors as Environment Variables for use by
+httpd processes.
+
+A general error type is provided in the MAG_ERROR variable, and can have the
+following values: "GSS ERROR", "INTERNAL ERROR", "AUTH NOT ALLOWED"
+Additionally, in the variable named MAG_ERROR_TEXT there may be a free form
+error message.
+
+When the error type is "GSS ERROR" the variables GSS_ERROR_MAJ and
+GSS_ERROR_MIN contain the numeric errors returned by GSSAPI, and the
+MAG_ERROR_TEXT will contain a GSS Error message, possibly prepended by
+an additional message that provides more context.
+
+- **Enable with:** GssapiPublishErrors On
+- **Default:** GssapiPublishErrors Off

src/environ.c

@@ -97,24 +97,26 @@ static void mag_set_env_name_attr(request_rec *req, struct mag_conn *mc,
     }
 }
 
-static char* mag_escape_display_value(request_rec *req, gss_buffer_desc disp_value)
+static char *mag_escape_display_value(request_rec *req,
+                                      gss_buffer_desc disp_value)
 {
-    /* This function returns a copy (in the pool) of the given gss_buffer_t where every
-     * occurrence of " has been replaced by \". This string is NULL terminated */
+    /* This function returns a copy (in the pool) of the given gss_buffer_t
+     * where every occurrence of " has been replaced by \". This string is
+     * NULL terminated */
     int i = 0, j = 0, n_quotes = 0;
     char *escaped_value = NULL;
     char *value = (char*) disp_value.value;
 
-    // count number of quotes in the input string
+    /* count number of quotes in the input string */
     for (i = 0, j = 0; i < disp_value.length; i++)
         if (value[i] == '"')
             n_quotes++;
 
-    // if there are no quotes, just return a copy of the string
+    /* if there are no quotes, just return a copy of the string */
     if (n_quotes == 0)
         return apr_pstrndup(req->pool, value, disp_value.length);
 
-    // gss_buffer_t are not \0 terminated, but our result will be
+    /* gss_buffer_t are not \0 terminated, but our result will be */
     escaped_value = apr_palloc(req->pool, disp_value.length + n_quotes + 1);
     for (i = 0,j = 0; i < disp_value.length; i++, j++) {
         if (value[i] == '"') {
@@ -123,7 +125,7 @@ static char* mag_escape_display_value(request_rec *req, gss_buffer_desc disp_val
         }
         escaped_value[j] = value[i];
     }
-    // make the string NULL terminated
+    /* make the string NULL terminated */
     escaped_value[j] = '\0';
     return escaped_value;
 }
@@ -364,3 +366,17 @@ void mag_set_req_data(request_rec *req,
     ap_set_module_config(req->request_config, &auth_gssapi_module, mc->env);
     mag_export_req_env(req, mc->env);
 }
+
+void mag_publish_error(request_rec *req, uint32_t maj, uint32_t min,
+                       const char *gss_err, const char *mag_err)
+{
+    if (gss_err) {
+        apr_table_set(req->subprocess_env, "GSS_ERROR_MAJ",
+                      apr_psprintf(req->pool, "%u", (unsigned)maj));
+        apr_table_set(req->subprocess_env, "GSS_ERROR_MIN",
+                      apr_psprintf(req->pool, "%u", (unsigned)min));
+        apr_table_set(req->subprocess_env, "MAG_ERROR_TEXT", gss_err);
+    }
+    if (mag_err)
+        apr_table_set(req->subprocess_env, "MAG_ERROR", mag_err);
+}

src/environ.h

@@ -13,3 +13,6 @@ void mag_export_req_env(request_rec *req, apr_table_t *env);
 void mag_set_req_data(request_rec *req,
                       struct mag_config *cfg,
                       struct mag_conn *mc);
+
+void mag_publish_error(request_rec *req, uint32_t maj, uint32_t min,
+                       const char *gss_err, const char *mag_err);