minor update, some debugging info + better memory management

[mod_auth_kerb.cvs/.git] / src / mod_auth_kerb.c

diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index c81d16c..8f59ee7 100644 (file)
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -50,7 +50,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 
-#define MODAUTHKERB_VERSION "5.2"
+#define MODAUTHKERB_VERSION "5.3"
 
 #define MECH_NEGOTIATE "Negotiate"
 #define SERVICE_NAME "HTTP"
@@ -165,6 +165,7 @@ typedef struct {
        char *krb_5_keytab;
        int krb_method_gssapi;
        int krb_method_k5pass;
+       int krb5_do_auth_to_local;
 #endif
 #ifdef KRB4
        char *krb_4_srvtab;
@@ -227,6 +228,9 @@ static const command_rec kerb_auth_cmds[] = {
 
    command("KrbMethodK5Passwd", ap_set_flag_slot, krb_method_k5pass,
      FLAG, "Enable Kerberos V5 password authentication."),
+
+   command("KrbLocalUserMapping", ap_set_flag_slot, krb5_do_auth_to_local,
+     FLAG, "Set to 'on' to have Kerberos do auth_to_local mapping of principal names to system user names."),
 #endif 
 
 #ifdef KRB4
@@ -303,6 +307,10 @@ const krb5_rc_ops_internal mod_auth_kerb_rc_ops = {
 };
 #endif
 
+/*************************************************************************** 
+ Macro To Control krb5_aname_to_localname buffer size
+ ***************************************************************************/
+#define AN_TO_LN_BUFFSIZE_MAX 1024
 
 /*************************************************************************** 
  Auth Configuration Initialization
@@ -320,6 +328,7 @@ static void *kerb_dir_create_config(MK_POOL *p, char *d)
        ((kerb_auth_config *)rec)->krb_ssl_preauthentication = 0;
 #endif
 #ifdef KRB5
+  ((kerb_auth_config *)rec)->krb5_do_auth_to_local = 0;
        ((kerb_auth_config *)rec)->krb_method_k5pass = 1;
        ((kerb_auth_config *)rec)->krb_method_gssapi = 1;
 #endif
@@ -450,7 +459,7 @@ authenticate_user_krb4pwd(request_rec *r,
    int all_principals_unkown;
 
    sent_pw = ap_pbase64decode(r->pool, auth_line);
-   sent_name = ap_getword (r->pool, &sent_pw, ':');
+   sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':');
 
    sent_instance = strchr(sent_name, '.');
    if (sent_instance)
@@ -892,6 +901,7 @@ authenticate_user_krb5pwd(request_rec *r,
    char            *name = NULL;
    int             all_principals_unkown;
    char            *p = NULL;
+   char            *MK_USER_LNAME=NULL;
 
    code = krb5_init_context(&kcontext);
    if (code) {
@@ -901,7 +911,7 @@ authenticate_user_krb5pwd(request_rec *r,
    }
 
    sent_pw = ap_pbase64decode(r->pool, auth_line);
-   sent_name = ap_getword (r->pool, &sent_pw, ':');
+   sent_name = ap_getword_nulls_nc (r->pool, (char **) &sent_pw, ':');
 
    if (sent_pw == NULL || *sent_pw == '\0') {
       log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
@@ -1012,7 +1022,15 @@ authenticate_user_krb5pwd(request_rec *r,
 
    if (conf->krb_save_credentials)
       store_krb5_creds(kcontext, r, conf, ccache);
-
+  
+   if (conf->krb5_do_auth_to_local) {
+    MK_USER_LNAME = malloc(strlen(MK_USER)+1);
+    krb5_aname_to_localname(kcontext, client, strlen(MK_USER), MK_USER_LNAME);
+    log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+             "kerb_authenticate_a_name_to_local_name %s -> %s",
+             (MK_USER)?MK_USER:"(NULL)", (MK_USER_LNAME)?MK_USER_LNAME:"(NULL)");
+         MK_USER = MK_USER_LNAME;
+   }
    ret = OK;
 
 end: