projects / mod_auth_kerb.cvs / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 36747dc)
accepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor...
authorbaalberith <baalberith>
Wed, 17 Sep 2008 14:01:55 +0000 (14:01 +0000)
committerbaalberith <baalberith>
Wed, 17 Sep 2008 14:01:55 +0000 (14:01 +0000)
README patch | blob | history
src/mod_auth_kerb.c patch | blob | history

diff --git a/README b/README
index 4303e80..0906b7c 100644 (file)
--- a/README
+++ b/README
@@ -66,6 +66,8 @@ KrbServiceName server_principal
    is used. The FQDN part can contain any hostname and can be used to work
    around problems with misconfigured DNS. A corresponding key of this name
    must be stored in the keytab.
    is used. The FQDN part can contain any hostname and can be used to work
    around problems with misconfigured DNS. A corresponding key of this name
    must be stored in the keytab.
+   If this option is set to 'Any', then any prinicpal from the keytab which
+   matches the client's request may be used.
 
 Krb4Srvtab /path/to/srvtab
    This option takes one argument, specifying the path to the Kerberos V4
 
 Krb4Srvtab /path/to/srvtab
    This option takes one argument, specifying the path to the Kerberos V4
diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c
index 587e930..3f3a3fb 100644 (file)
--- a/src/mod_auth_kerb.c
+++ b/src/mod_auth_kerb.c
@@ -897,6 +897,10 @@ authenticate_user_krb5pwd(request_rec *r,
    int             all_principals_unkown;
    char            *p = NULL;
 
    int             all_principals_unkown;
    char            *p = NULL;
 
+   //temporary fix for KrbServiceName Any
+   if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0)
+      snprintf(conf->krb_service_name, 5,"%s","HTTP");
+
    code = krb5_init_context(&kcontext);
    if (code) {
       log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    code = krb5_init_context(&kcontext);
    if (code) {
       log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
@@ -1154,6 +1158,10 @@ get_gss_creds(request_rec *r,
    have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL;
    if (have_server_princ)
       strncpy(buf, conf->krb_service_name, sizeof(buf));
    have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL;
    if (have_server_princ)
       strncpy(buf, conf->krb_service_name, sizeof(buf));
+   else if (conf->krb_service_name && strcmp(conf->krb_service_name,"Any") == 0) {      
+      *server_creds = GSS_C_NO_CREDENTIAL;
+      return 0;
+   }
    else
       snprintf(buf, sizeof(buf), "%s@%s",
               (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,
    else
       snprintf(buf, sizeof(buf), "%s@%s",
               (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,
Firefox and Apache Integration