#include <stdio.h>
#include <stdarg.h>
-#define MODAUTHKERB_VERSION "5.2"
+#define MODAUTHKERB_VERSION "5.3"
#define MECH_NEGOTIATE "Negotiate"
#define SERVICE_NAME "HTTP"
char *krb_5_keytab;
int krb_method_gssapi;
int krb_method_k5pass;
+ int krb5_do_auth_to_local;
#endif
#ifdef KRB4
char *krb_4_srvtab;
command("KrbMethodK5Passwd", ap_set_flag_slot, krb_method_k5pass,
FLAG, "Enable Kerberos V5 password authentication."),
+
+ command("KrbLocalUserMapping", ap_set_flag_slot, krb5_do_auth_to_local,
+ FLAG, "Set to 'on' to have Kerberos do auth_to_local mapping of principal names to system user names."),
#endif
#ifdef KRB4
};
#endif
+/***************************************************************************
+ Macro To Control krb5_aname_to_localname buffer size
+ ***************************************************************************/
+#define AN_TO_LN_BUFFSIZE_MAX 1024
/***************************************************************************
Auth Configuration Initialization
((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
#endif
#ifdef KRB5
+ ((kerb_auth_config *)rec)->krb5_do_auth_to_local = 0;
((kerb_auth_config *)rec)->krb_method_k5pass = 1;
((kerb_auth_config *)rec)->krb_method_gssapi = 1;
#endif
int all_principals_unkown;
sent_pw = ap_pbase64decode(r->pool, auth_line);
- sent_name = ap_getword (r->pool, &sent_pw, ':');
+ sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':');
sent_instance = strchr(sent_name, '.');
if (sent_instance)
char *name = NULL;
int all_principals_unkown;
char *p = NULL;
+ char *MK_USER_LNAME=NULL;
code = krb5_init_context(&kcontext);
if (code) {
}
sent_pw = ap_pbase64decode(r->pool, auth_line);
- sent_name = ap_getword (r->pool, &sent_pw, ':');
+ sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':');
if (sent_pw == NULL || *sent_pw == '\0') {
log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
if (conf->krb_save_credentials)
store_krb5_creds(kcontext, r, conf, ccache);
-
+
+ if (conf->krb5_do_auth_to_local) {
+ MK_USER_LNAME = malloc(strlen(MK_USER)+1);
+ krb5_aname_to_localname(kcontext, client, strlen(MK_USER), MK_USER_LNAME);
+ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "kerb_authenticate_a_name_to_local_name %s -> %s",
+ (MK_USER)?MK_USER:"(NULL)", (MK_USER_LNAME)?MK_USER_LNAME:"(NULL)");
+ MK_USER = MK_USER_LNAME;
+ }
ret = OK;
end: