1 int kerb_authenticate_user(request_rec *r) {
2 const char *name; /* AuthName specified */
3 const char *type; /* AuthType specified */
4 int KerberosV5 = 0; /* Kerberos V5 check enabled */
5 int KerberosV4 = 0; /* Kerberos V4 check enabled */
6 int KerberosV4first = 0; /* Kerberos V4 check first */
7 const char *sent_pw; /* Password sent by browser */
8 int res; /* Response holder */
9 int retcode; /* Return code holder */
10 const char *t; /* Decoded auth_line */
11 const char *authtype; /* AuthType to send back to browser */
12 const char *auth_line = ap_table_get(r->headers_in,
13 (r->proxyreq == STD_PROXY)
14 ? "Proxy-Authorization"
17 type = ap_auth_type(r);
21 if (strncasecmp(type, "KerberosV5", 10) == 0) {
27 if (strncasecmp(type, "KerberosV4", 10) == 0) {
32 #if defined(KRB5) && defined(KRB4)
33 if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) {
38 if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) {
43 #endif /* KRB5 && KRB4 */
46 if (!KerberosV4 && !KerberosV5) {
50 name = ap_auth_name(r);
52 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
53 "need AuthName: %s", r->uri);
54 return HTTP_INTERNAL_SERVER_ERROR;
58 ap_table_set(r->err_headers_out, "WWW-Authenticate",
59 ap_pstrcat(r->pool, "Basic realm=\"", name, "\"", NULL));
60 return HTTP_UNAUTHORIZED;
63 type = ap_getword_white(r->pool, &auth_line);
64 t = ap_pbase64decode(r->pool, auth_line);
65 r->connection->user = ap_getword_nulls(r->pool, &t, ':');
66 r->connection->ap_auth_type = "Kerberos";
67 sent_pw = ap_getword_white(r->pool, &t);
72 if (KerberosV5 && !KerberosV4first && retcode != OK) {
73 if (kerb5_password_validate(r->connection->user, sent_pw)) {
77 retcode = HTTP_UNAUTHORIZED;
83 if (KerberosV4 && retcode != OK) {
84 if (kerb4_password_validate(r->connection->user, sent_pw)) {
88 retcode = HTTP_UNAUTHORIZED;
93 #if defined(KRB5) && defined(KRB4)
94 if (KerberosV5 && KerberosV4first && retcode != OK) {
95 if (kerb5_password_validate(r->connection->user, sent_pw)) {
99 retcode = HTTP_UNAUTHORIZED;
102 #endif /* KRB5 && KRB4 */