1 int kerb_authenticate_user(request_rec *r) {
2 const char *type; /* AuthType specified */
3 int KerberosV5 = 0; /* Kerberos V5 check enabled */
4 int KerberosV4 = 0; /* Kerberos V4 check enabled */
5 const char *sent_pw; /* Password sent by browser */
6 int res; /* Response holder */
7 const char *authtype; /* AuthType to send back to browser */
8 const char *auth_line = ap_table_get(r->headers_in,
9 (r->proxyreq == STD_PROXY)
10 ? "Proxy-Authorization"
13 type = ap_auth_type(r);
17 if (strncasecmp(type, "KerberosV5", 10) == 0) {
23 if (strncasecmp(type, "KerberosV4", 10) == 0) {
29 if (!KerberosV4 && !KerberosV5) {
33 if (!ap_auth_name(r)) {
34 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
35 "need AuthName: %s", r->uri);
36 return HTTP_INTERNAL_SERVER_ERROR;
40 ap_table_set(r->err_headers_out, "WWW-Authenticate", "Kerberos");
41 return HTTP_UNAUTHORIZED;
44 type = ap_getword_white(r->pool, &auth_line);
45 r->connection->user = ap_getword_nulls(r->pool, &auth_line, ':');
46 r->connection->ap_auth_type = "Kerberos";
47 sent_pw = ap_getword_white(r->pool, &auth_line);
51 if (kerb5_password_validate(r->connection->user, sent_pw)) {
55 return HTTP_UNAUTHORIZED;
61 if (kerb4_password_validate(r->connection->user, sent_pw)) {
65 return HTTP_UNAUTHORIZED;