1 int kerb_authenticate_user(request_rec *r) {
2 const char *name; /* AuthName specified */
3 const char *type; /* AuthType specified */
4 int KerberosV5 = 0; /* Kerberos V5 check enabled */
5 int KerberosV4 = 0; /* Kerberos V4 check enabled */
6 const char *sent_pw; /* Password sent by browser */
7 const char *t; /* Return value holder */
8 int res; /* Response holder */
10 const char *auth_line = apr_table_get(r->headers_in,
11 (PROXYREQ_PROXY == r->proxyreq)
12 ? "Proxy-Authorization"
15 type = ap_auth_type(r);
19 if (strncasecmp(type, "KerberosV5", 10) == 0) {
25 if (strncasecmp(type, "KerberosV4", 10) == 0) {
31 if (!KerberosV4 && !KerberosV5) {
35 name = ap_auth_name(r);
37 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
38 0, r, "need AuthName: %s", r->uri);
39 return HTTP_INTERNAL_SERVER_ERROR;
43 apr_table_set(r->err_headers_out, "WWW-Authenticate",
44 (char *)apr_pstrcat(r->pool, "Basic realm=\"", name, "\"", NULL));
45 return HTTP_UNAUTHORIZED;
48 type = ap_getword_white(r->pool, &auth_line);
49 t = ap_pbase64decode(r->pool, auth_line);
50 r->user = ap_getword_nulls(r->pool, &t, ':');
51 r->ap_auth_type = "Kerberos";
52 sent_pw = ap_getword_white(r->pool, &t);
56 r->ap_auth_type = "KerberosV5";
57 if (kerb5_password_validate(r->user, sent_pw)) {
61 return HTTP_UNAUTHORIZED;
67 r->ap_auth_type = "KerberosV4";
68 if (kerb4_password_validate(r->user, sent_pw)) {
72 return HTTP_UNAUTHORIZED;