Use different calls when generating memory ccache with Heimdal or MIT

[mod_auth_kerb.git] / src / mod_auth_kerb.c

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index edd5ab0..e3f0708 100644 (file)
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -651,13 +651,6 @@ int authenticate_user_krb5pwd(request_rec *r,
    }
 
    sent_pw = ap_pbase64decode(r->pool, auth_line);
-   if (sent_pw == NULL || *sent_pw == '\0') {
-      log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 
-                "empty passwords are not accepted");
-      ret = HTTP_UNAUTHORIZED;
-      goto end;
-   }
-
    sent_name = ap_getword (r->pool, &sent_pw, ':');
    /* do not allow user to override realm setting of server */
    if (strchr(sent_name, '@')) {
@@ -667,21 +660,21 @@ int authenticate_user_krb5pwd(request_rec *r,
       goto end;
    }
 
-   /* XXX Heimdal allows to use the MEMORY: type with empty argument ? */
-   ccname = ap_psprintf(r->pool, "MEMORY:%s/krb5cc_apache_XXXXXX", P_tmpdir);
-   fd = mkstemp(ccname + strlen("MEMORY:"));
-   if (fd < 0) {
+   if (sent_pw == NULL || *sent_pw == '\0') {
       log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                 "mkstemp() failed: %s", strerror(errno));
-      ret = HTTP_INTERNAL_SERVER_ERROR;
+                "empty passwords are not accepted");
+      ret = HTTP_UNAUTHORIZED;
       goto end;
    }
-   close(fd);
 
-   code = krb5_cc_resolve(kcontext, ccname, &ccache);
+#ifdef HEIMDAL
+   code = krb5_cc_gen_new(kcontext, &krb5_mcc_ops, &ccache);
+#else
+   code = krb5_cc_resolve(kcontext, "MEMORY:", &ccache);
+#endif
    if (code) {
       log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                 "krb5_cc_resolve() failed: %s",
+                "generating new memory ccache failed: %s",
                  krb5_get_err_text(kcontext, code));
       ret = HTTP_INTERNAL_SERVER_ERROR;
       unlink(ccname);