projects
/
mod_auth_kerb.cvs
/
.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use krb5_rc_resolve_full() to detect the "none" rcache type. The previous code was...
[mod_auth_kerb.cvs/.git]
/
src
/
mod_auth_kerb.c
diff --git
a/src/mod_auth_kerb.c
b/src/mod_auth_kerb.c
index
f567ab6
..
880b6ea
100644
(file)
--- a/
src/mod_auth_kerb.c
+++ b/
src/mod_auth_kerb.c
@@
-50,7
+50,7
@@
#include <stdio.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdarg.h>
-#define MODAUTHKERB_VERSION "5.
0
"
+#define MODAUTHKERB_VERSION "5.
1
"
#define MECH_NEGOTIATE "Negotiate"
#define SERVICE_NAME "HTTP"
#define MECH_NEGOTIATE "Negotiate"
#define SERVICE_NAME "HTTP"
@@
-353,8
+353,8
@@
log_rerror(const char *file, int line, int level, int status,
Username/Password Validation for Krb4
***************************************************************************/
static int
Username/Password Validation for Krb4
***************************************************************************/
static int
-verify_krb4_user(request_rec *r, c
har *name, char *instance, char *realm
,
-
char *password, char *linstance,
char *srvtab, int krb_verify_kdc)
+verify_krb4_user(request_rec *r, c
onst char *name, const char *instance
,
+
const char *realm, const char *password, const char *linstance, const
char *srvtab, int krb_verify_kdc)
{
int ret;
char *phost;
{
int ret;
char *phost;
@@
-402,7
+402,7
@@
verify_krb4_user(request_rec *r, char *name, char *instance, char *realm,
return ret;
}
return ret;
}
- ret = krb_rd_req(&ticket,
linstance, phost, addr, &authdata,
srvtab);
+ ret = krb_rd_req(&ticket,
(char *)linstance, phost, addr, &authdata, (char *)
srvtab);
if (ret) {
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot verify krb4 ticket: krb_rd_req() failed: %s",
if (ret) {
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot verify krb4 ticket: krb_rd_req() failed: %s",
@@
-444,13
+444,6
@@
authenticate_user_krb4pwd(request_rec *r,
sent_pw = ap_pbase64decode(r->pool, auth_line);
sent_name = ap_getword (r->pool, &sent_pw, ':');
sent_pw = ap_pbase64decode(r->pool, auth_line);
sent_name = ap_getword (r->pool, &sent_pw, ':');
- /* do not allow user to override realm setting of server */
- if (ap_strchr_c(sent_name, '@')) {
- log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "specifying realm in user name is prohibited");
- return HTTP_UNAUTHORIZED;
- }
-
sent_instance = strchr(sent_name, '.');
if (sent_instance)
*sent_instance++ = '\0';
sent_instance = strchr(sent_name, '.');
if (sent_instance)
*sent_instance++ = '\0';
@@
-464,10
+457,10
@@
authenticate_user_krb4pwd(request_rec *r,
return HTTP_INTERNAL_SERVER_ERROR;
}
return HTTP_INTERNAL_SERVER_ERROR;
}
- tkt_file_p = ap_pstrdup(r->pool, tkt_file);
- ap
_register_cleanup(r->pool, tkt_file_
p,
-
krb4_cache_cleanup, ap_null_cleanup
);
-
+ tkt_file_p = ap
r
_pstrdup(r->pool, tkt_file);
+ ap
r_pool_cleanup_register(r->pool, tkt_file_p, krb4_cache_cleanu
p,
+
apr_pool_cleanup_null
);
+
krb_set_tkt_string(tkt_file);
all_principals_unkown = 1;
krb_set_tkt_string(tkt_file);
all_principals_unkown = 1;
@@
-510,14
+503,14
@@
authenticate_user_krb4pwd(request_rec *r,
goto end;
}
goto end;
}
- user = ap_pstrdup(r->pool, sent_name);
+ user = ap
r
_pstrdup(r->pool, sent_name);
if (sent_instance)
if (sent_instance)
- user = ap_pstrcat(r->pool, user, ".", sent_instance, NULL);
- user = ap_pstrcat(r->pool, user, "@", realm, NULL);
+ user = ap
r
_pstrcat(r->pool, user, ".", sent_instance, NULL);
+ user = ap
r
_pstrcat(r->pool, user, "@", realm, NULL);
MK_USER = user;
MK_AUTH_TYPE = "Basic";
MK_USER = user;
MK_AUTH_TYPE = "Basic";
- ap_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
+ ap
r
_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
if (!conf->krb_save_credentials)
krb4_cache_cleanup(tkt_file);
if (!conf->krb_save_credentials)
krb4_cache_cleanup(tkt_file);
@@
-1459,8
+1452,8
@@
set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf,
#ifdef KRB4
if (!set_basic &&
((use_krb4 && conf->krb_method_k4pass) || conf->krb_delegate_basic))
#ifdef KRB4
if (!set_basic &&
((use_krb4 && conf->krb_method_k4pass) || conf->krb_delegate_basic))
- ap_table_add(r->err_headers_out, header_name,
- ap_pstrcat(r->pool, "Basic realm=\"", auth_name, "\"", NULL));
+ ap
r
_table_add(r->err_headers_out, header_name,
+ ap
r
_pstrcat(r->pool, "Basic realm=\"", auth_name, "\"", NULL));
#endif
}
#endif
}
@@
-1561,18
+1554,18
@@
have_rcache_type(const char *type)
{
krb5_error_code ret;
krb5_context context;
{
krb5_error_code ret;
krb5_context context;
- krb5_rcache id;
+ krb5_rcache id
= NULL
;
int found;
int found;
- memset(&id, 0, sizeof(id));
-
ret = krb5_init_context(&context);
if (ret)
return 0;
ret = krb5_init_context(&context);
if (ret)
return 0;
- ret = krb5_rc_resolve_
type(context, &id, type
);
+ ret = krb5_rc_resolve_
full(context, &id, "none:"
);
found = (ret == 0);
found = (ret == 0);
+ if (ret == 0)
+ krb5_rc_destroy(context, id);
krb5_free_context(context);
return found;
krb5_free_context(context);
return found;