+2002-07-07 Daniel Henninger <daniel@ncsu.edu>
+
+ * TODO:
+ Finished creation of TODO file and went through all submissions.
+
+ * apache1/auth_user.c:
+ * apache2/auth_user.c:
+ Added KerberosDualV5V4 and KerberosDualV4V5 support.
+
2002-05-08 Daniel Henninger <daniel@ncsu.edu>
* *:
-- Dual Auth Support
- Try Kerberos V5 and then V4 or visa versa.
-
- Save Creds/Tickets
Retrieve and store krbtgt and set env variable of file path.
const char *type; /* AuthType specified */
int KerberosV5 = 0; /* Kerberos V5 check enabled */
int KerberosV4 = 0; /* Kerberos V4 check enabled */
+ int KerberosV4first = 0; /* Kerberos V4 check first */
const char *sent_pw; /* Password sent by browser */
int res; /* Response holder */
+ int retcode; /* Return code holder */
const char *t; /* Decoded auth_line */
const char *authtype; /* AuthType to send back to browser */
const char *auth_line = ap_table_get(r->headers_in,
KerberosV4 = 1;
}
#endif /* KRB4 */
+
+#if defined(KRB5) && defined(KRB4)
+ if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) {
+ KerberosV5 = 1;
+ KerberosV4 = 1;
+ }
+
+ if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) {
+ KerberosV5 = 1;
+ KerberosV4 = 1;
+ KerberosV4first = 1;
+ }
+#endif /* KRB5 && KRB4 */
}
if (!KerberosV4 && !KerberosV5) {
r->connection->ap_auth_type = "Kerberos";
sent_pw = ap_getword_white(r->pool, &t);
+ retcode = DECLINED;
+
#ifdef KRB5
- if (KerberosV5) {
+ if (KerberosV5 && !KerberosV4first && retcode != OK) {
if (kerb5_password_validate(r->connection->user, sent_pw)) {
- return OK;
+ retcode = OK;
}
else {
- return HTTP_UNAUTHORIZED;
+ retcode = HTTP_UNAUTHORIZED;
}
}
#endif /* KRB5 */
+
#ifdef KRB4
- if (KerberosV4) {
+ if (KerberosV4 && retcode != OK) {
if (kerb4_password_validate(r->connection->user, sent_pw)) {
- return OK;
+ retcode = OK;
}
else {
- return HTTP_UNAUTHORIZED;
+ retcode = HTTP_UNAUTHORIZED;
}
}
#endif /* KRB4 */
- return DECLINED;
+#if defined(KRB5) && defined(KRB4)
+ if (KerberosV5 && KerberosV4first && retcode != OK) {
+ if (kerb5_password_validate(r->connection->user, sent_pw)) {
+ retcode = OK;
+ }
+ else {
+ retcode = HTTP_UNAUTHORIZED;
+ }
+ }
+#endif /* KRB5 && KRB4 */
+
+ return retcode;
}
const char *type; /* AuthType specified */
int KerberosV5 = 0; /* Kerberos V5 check enabled */
int KerberosV4 = 0; /* Kerberos V4 check enabled */
+ int KerberosV4first = 0; /* Kerberos V4 check first */
const char *sent_pw; /* Password sent by browser */
const char *t; /* Return value holder */
int res; /* Response holder */
+ int retcode; /* Return code holder */
const char *auth_line = apr_table_get(r->headers_in,
(PROXYREQ_PROXY == r->proxyreq)
KerberosV4 = 1;
}
#endif /* KRB4 */
+
+#if defined(KRB5) && defined(KRB4)
+ if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) {
+ KerberosV5 = 1;
+ KerberosV4 = 1;
+ }
+
+ if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) {
+ KerberosV5 = 1;
+ KerberosV4 = 1;
+ KerberosV4first = 1;
+ }
+#endif /* KRB5 && KRB4 */
}
if (!KerberosV4 && !KerberosV5) {
r->ap_auth_type = "Kerberos";
sent_pw = ap_getword_white(r->pool, &t);
+ retcode = DECLINED;
+
#ifdef KRB5
- if (KerberosV5) {
+ if (KerberosV5 && !KerberosV4first && retcode != OK) {
r->ap_auth_type = "KerberosV5";
if (kerb5_password_validate(r->user, sent_pw)) {
- return OK;
+ retcode = OK;
}
else {
- return HTTP_UNAUTHORIZED;
+ retcode = HTTP_UNAUTHORIZED;
}
}
#endif /* KRB5 */
+
#ifdef KRB4
- if (KerberosV4) {
+ if (KerberosV4 && retcode != OK) {
r->ap_auth_type = "KerberosV4";
if (kerb4_password_validate(r->user, sent_pw)) {
- return OK;
+ retcode = OK;
}
else {
- return HTTP_UNAUTHORIZED;
+ retcode = HTTP_UNAUTHORIZED;
}
}
#endif /* KRB4 */
- return DECLINED;
+#if defined(KRB5) && defined(KRB4)
+ if (KerberosV5 && KerberosV4first && retcode != OK) {
+ r->ap_auth_type = "KerberosV5";
+ if (kerb5_password_validate(r->user, sent_pw)) {
+ retcode = OK;
+ }
+ else {
+ retcode = HTTP_UNAUTHORIZED;
+ }
+ }
+#endif /* KRB5 && KRB4 */
+
+ return retcode;
}