#include <stdarg.h>
#define MODAUTHKERB_VERSION "5.0-rc6"
+#define MECH_NEGOTIATE "Negotiate"
#include <httpd.h>
#include <http_config.h>
const char *sent_pw = NULL;
const char *sent_name = NULL;
const char *realms = NULL;
+ const char *realm = NULL;
krb5_context kcontext = NULL;
krb5_error_code code;
krb5_principal client = NULL;
all_principals_unkown = 1;
realms = conf->krb_auth_realms;
do {
- if (realms && (code = krb5_set_default_realm(kcontext,
- ap_getword_white(r->pool, &realms)))){
- log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "krb5_set_default_realm() failed: %s",
- krb5_get_err_text(kcontext, code));
- continue;
- }
+ name = sent_name;
+ if (realms && (realm = ap_getword_white(r->pool, &realms)))
+ name = ap_psprintf(r->pool, "%s@%s", sent_name, realm);
if (client) {
krb5_free_principal(kcontext, client);
client = NULL;
}
- code = krb5_parse_name(kcontext, sent_name, &client);
+
+ code = krb5_parse_name(kcontext, name, &client);
if (code) {
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"krb5_parse_name() failed: %s",
end:
log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"kerb_authenticate_user_krb5pwd ret=%d user=%s authtype=%s",
- ret, (MK_USER)?MK_USER:"(NULL)", MK_AUTH_TYPE);
+ ret, (MK_USER)?MK_USER:"(NULL)", (MK_AUTH_TYPE)?MK_AUTH_TYPE:"(NULL)");
if (client)
krb5_free_principal(kcontext, client);
if (ccache)
*negotiate_ret_value = token;
log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"GSS-API token of length %d bytes will be sent back",
- major_status, output_token.length);
+ output_token.length);
gss_release_buffer(&minor_status2, &output_token);
}
goto end;
}
- MK_AUTH_TYPE = "Negotiate";
+ MK_AUTH_TYPE = MECH_NEGOTIATE;
MK_USER = ap_pstrdup(r->pool, output_token.value);
if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL)
{
if (ap_is_initial_req(r) || MK_AUTH_TYPE == NULL)
return 0;
- if (strcmp(MK_AUTH_TYPE, "Negotiate") ||
+ if (strcmp(MK_AUTH_TYPE, MECH_NEGOTIATE) ||
(strcmp(MK_AUTH_TYPE, "Basic") && strchr(MK_USER, '@')))
return 1;
return 0;
* apache in the proxy mode should retain client's authN headers? */
#ifdef KRB5
if (negotiate_ret_value != NULL && conf->krb_method_gssapi) {
- negoauth_param = (*negotiate_ret_value == '\0') ? "Negotiate" :
- ap_pstrcat(r->pool, "Negotiate ", negotiate_ret_value, NULL);
+ negoauth_param = (*negotiate_ret_value == '\0') ? MECH_NEGOTIATE :
+ ap_pstrcat(r->pool, MECH_NEGOTIATE " ", negotiate_ret_value, NULL);
ap_table_add(r->err_headers_out, header_name, negoauth_param);
}
if ((use_krb5pwd && conf->krb_method_k5pass) || conf->krb_delegate_basic) {
#ifdef KRB5
if (use_krb5 && conf->krb_method_gssapi &&
- strcasecmp(auth_type, "Negotiate") == 0) {
+ strcasecmp(auth_type, MECH_NEGOTIATE) == 0) {
ret = authenticate_user_gss(r, conf, auth_line, &negotiate_ret_value);
} else if (use_krb5 && conf->krb_method_k5pass &&
strcasecmp(auth_type, "Basic") == 0) {