1 int kerb_authenticate_user(request_rec *r) {
2 const char *type; /* AuthType specified */
3 int KerberosV5 = 0; /* Kerberos V5 check enabled */
4 int KerberosV4 = 0; /* Kerberos V4 check enabled */
5 const char *sent_pw; /* Password sent by browser */
6 int res; /* Response holder */
7 const char *auth_line = apr_table_get(r->headers_in,
8 (PROXYREQ_PROXY == r->proxyreq)
9 ? "Proxy-Authorization"
12 type = ap_auth_type(r);
16 if (strncasecmp(type, "KerberosV5", 10) == 0) {
22 if (strncasecmp(type, "KerberosV4", 10) == 0) {
28 if (!KerberosV4 && !KerberosV5) {
34 if (!(t = ap_auth_type(r)) || strcasecmp(t, "Basic"))
37 if (!ap_auth_name(r)) {
38 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
39 0, r, "need AuthName: %s", r->uri);
40 return HTTP_INTERNAL_SERVER_ERROR;
44 ap_note_basic_auth_failure(r);
45 return HTTP_UNAUTHORIZED;
48 if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
49 /* Client tried to authenticate using wrong auth scheme */
50 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
51 "client used wrong authentication scheme: %s", r->uri);
52 ap_note_basic_auth_failure(r);
53 return HTTP_UNAUTHORIZED;
56 while (*auth_line == ' ' || *auth_line == '\t') {
60 t = ap_pbase64decode(r->pool, auth_line);
61 /* Note that this allocation has to be made from r->connection->pool
62 * because it has the lifetime of the connection. The other allocations
63 * are temporary and can be tossed away any time.
65 r->user = ap_getword_nulls (r->pool, &t, ':');
66 r->ap_auth_type = "Basic";
75 if (kerb5_password_validate(r->connection->user, sent_pw)) {
79 return HTTP_UNAUTHORIZED;
85 if (kerb4_password_validate(r->connection->user, sent_pw)) {
89 return HTTP_UNAUTHORIZED;