apache2/auth_user.c

   1 int kerb_authenticate_user(request_rec *r) {
   2         const char *type;               /* AuthType specified */
   3         int KerberosV5 = 0;             /* Kerberos V5 check enabled */
   4         int KerberosV4 = 0;             /* Kerberos V4 check enabled */
   5         const char *sent_pw;            /* Password sent by browser */
   6         const char *t;                  /* Return value holder */
   7         int res;                        /* Response holder */
   8
   9         const char *auth_line = apr_table_get(r->headers_in,
  10                                         (PROXYREQ_PROXY == r->proxyreq)
  11                                                 ? "Proxy-Authorization"
  12                                                 : "Authorization");
  13
  14         type = ap_auth_type(r);
  15
  16         if (type != NULL) {
  17 #ifdef KRB5
  18                 if (strncasecmp(type, "KerberosV5", 10) == 0) {
  19                         KerberosV5 = 1;
  20                 }
  21 #endif /* KRB5 */
  22
  23 #ifdef KRB4
  24                 if (strncasecmp(type, "KerberosV4", 10) == 0) {
  25                         KerberosV4 = 1;
  26                 }
  27 #endif /* KRB4 */
  28         }
  29
  30         if (!KerberosV4 && !KerberosV5) {
  31                 return DECLINED;
  32         }
  33
  34         if (!ap_auth_name(r)) {
  35                 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
  36                         0, r, "need AuthName: %s", r->uri);
  37                 return HTTP_INTERNAL_SERVER_ERROR;
  38         }
  39
  40         if (!auth_line) {
  41                 ap_note_basic_auth_failure(r);
  42                 return HTTP_UNAUTHORIZED;
  43         }
  44
  45         if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
  46                 /* Client tried to authenticate using wrong auth scheme */
  47                 ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
  48                       "client used wrong authentication scheme: %s", r->uri);
  49                 ap_note_basic_auth_failure(r);
  50                 return HTTP_UNAUTHORIZED;
  51         }
  52
  53         while (*auth_line == ' ' || *auth_line == '\t') {
  54                 auth_line++;
  55         }
  56
  57         t = ap_pbase64decode(r->pool, auth_line);
  58         r->user = ap_getword_nulls(r->pool, &t, ':');
  59         sent_pw = t;
  60
  61 #ifdef KRB5
  62         if (KerberosV5) {
  63                 r->ap_auth_type = "KerberosV5";
  64                 if (kerb5_password_validate(r->user, sent_pw)) {
  65                         return OK;
  66                 }
  67                 else {
  68                         return HTTP_UNAUTHORIZED;
  69                 }
  70         }
  71 #endif /* KRB5 */
  72 #ifdef KRB4
  73         if (KerberosV4) {
  74                 r->ap_auth_type = "KerberosV4";
  75                 if (kerb4_password_validate(r->user, sent_pw)) {
  76                         return OK;
  77                 }
  78                 else {
  79                         return HTTP_UNAUTHORIZED;
  80                 }
  81         }
  82 #endif /* KRB4 */
  83
  84         return DECLINED;
  85 }