#define MECH_NEGOTIATE "Negotiate"
#define SERVICE_NAME "HTTP"
-#include <ap_provider.h>
-#include <mod_auth.h>
#include <httpd.h>
#include <http_config.h>
#include <http_core.h>
#define apr_pool_cleanup_register ap_register_cleanup
#endif /* STANDARD20_MODULE_STUFF */
+#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER== 2
+#define APACHE22
+#include "mod_auth.h"
+#endif
+
#ifdef _WIN32
#define vsnprintf _vsnprintf
#define snprintf _snprintf
}
/* And this is the operations vector for our replay cache */
-const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
+static const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
0,
"dfl",
krb5_rc_dfl_init,
user = apr_pstrcat(r->pool, user, "@", realm, NULL);
MK_USER = user;
- MK_AUTH_TYPE = "Basic";
+ MK_AUTH_TYPE = "Kerberos";
apr_table_setn(r->subprocess_env, "KRBTKFILE", tkt_file_p);
if (!conf->krb_save_credentials)
static krb5_error_code
verify_krb5_user(request_rec *r, krb5_context context, krb5_principal principal,
const char *password, krb5_principal server,
- krb5_keytab keytab, int krb_verify_kdc, const char *krb_service_name, krb5_ccache *ccache)
+ krb5_keytab keytab, int krb_verify_kdc,
+ const char *krb_service_name, krb5_ccache *ccache)
{
krb5_creds creds;
krb5_get_init_creds_opt options;
goto end;
}
MK_USER = apr_pstrdup (r->pool, name);
- MK_AUTH_TYPE = "Basic";
+ MK_AUTH_TYPE = "Kerberos";
free(name);
if (conf->krb_save_credentials)
return 0;
}
+#ifndef GSSAPI_SUPPORTS_SPNEGO
static int
cmp_gss_type(gss_buffer_t token, gss_OID oid)
{
return memcmp(p, oid->elements, oid->length);
}
+#endif
static int
authenticate_user_gss(request_rec *r, kerb_auth_config *conf,
goto end;
}
-#if 0
- /* This is a _Kerberos_ module so multiple authentication rounds aren't
- * supported. If we wanted a generic GSS authentication we would have to do
- * some magic with exporting context etc. */
+ /* Multiple authentication rounds aren't supported. If we wanted a generic
+ * GSS authentication we would have to do some magic with exporting context
+ * etc. */
if (major_status & GSS_S_CONTINUE_NEEDED) {
+ log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Multi-iteration authentication isn't supported");
ret = HTTP_UNAUTHORIZED;
goto end;
}
-#endif
major_status = gss_display_name(&minor_status, client_name, &output_token, NULL);
gss_release_name(&minor_status, &client_name);
return ret;
}
-int
+static int
have_rcache_type(const char *type)
{
krb5_error_code ret;
static void
kerb_register_hooks(apr_pool_t *p)
{
+#ifdef APACHE22
static const authn_provider authn_krb_provider = {
&authn_krb_password,
+ NULL
};
- ap_register_provider(p, "authn", "kerberos", "0", &authn_krb_provider);
+ ap_register_provider(p, AUTHN_PROVIDER_GROUP, "kerberos", "0", &authn_krb_provider);
+#endif
ap_hook_post_config(kerb_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_check_user_id(kerb_authenticate_user, NULL, NULL, APR_HOOK_MIDDLE);
}