apache1/auth_user.c

   1 int kerb_authenticate_user(request_rec *r) {
   2         const char *type;               /* AuthType specified */
   3         int KerberosV5 = 0;             /* Kerberos V5 check enabled */
   4         int KerberosV4 = 0;             /* Kerberos V4 check enabled */
   5         const char *sent_pw;            /* Password sent by browser */
   6         int res;                        /* Response holder */
   7         const char *authtype;           /* AuthType to send back to browser */
   8         const char *auth_line = ap_table_get(r->headers_in,
   9                                         (r->proxyreq == STD_PROXY)
  10                                                 ? "Proxy-Authorization"
  11                                                 : "Authorization");
  12
  13         type = ap_auth_type(r);
  14
  15         if (type != NULL) {
  16 #ifdef KRB5
  17                 if (strncasecmp(type, "KerberosV5", 10) == 0) {
  18                         KerberosV5 = 1;
  19                 }
  20 #endif /* KRB5 */
  21
  22 #ifdef KRB4
  23                 if (strncasecmp(type, "KerberosV4", 10) == 0) {
  24                         KerberosV4 = 1;
  25                 }
  26 #endif /* KRB4 */
  27         }
  28
  29         if (!KerberosV4 && !KerberosV5) {
  30                 return DECLINED;
  31         }
  32
  33         if (!ap_auth_name(r)) {
  34                 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
  35                                 "need AuthName: %s", r->uri);
  36                 return HTTP_INTERNAL_SERVER_ERROR;
  37         }
  38
  39         if (!auth_line) {
  40                 ap_table_set(r->err_headers_out, "WWW-Authenticate", "Kerberos");
  41                 return HTTP_UNAUTHORIZED;
  42         }
  43
  44         type = ap_getword_white(r->pool, &auth_line);
  45         r->connection->user = ap_getword_nulls(r->pool, &auth_line, ':');
  46         r->connection->ap_auth_type = "Kerberos";
  47         sent_pw = ap_getword_white(r->pool, &auth_line);
  48
  49 #ifdef KRB5
  50         if (KerberosV5) {
  51                 if (kerb5_password_validate(r->connection->user, sent_pw)) {
  52                         return OK;
  53                 }
  54                 else {
  55                         return HTTP_UNAUTHORIZED;
  56                 }
  57         }
  58 #endif /* KRB5 */
  59 #ifdef KRB4
  60         if (KerberosV4) {
  61                 if (kerb4_password_validate(r->connection->user, sent_pw)) {
  62                         return OK;
  63                 }
  64                 else {
  65                         return HTTP_UNAUTHORIZED;
  66                 }
  67         }
  68 #endif /* KRB4 */
  69
  70         return DECLINED;
  71 }