- if (!auth_line) {
- set_kerb_auth_headers(r, conf, use_krb4, use_krb5,
- (use_krb5) ? "\0" : NULL);
- return HTTP_UNAUTHORIZED;
- }
- auth_type = ap_getword_white(r->pool, (const char **)&auth_line);
-
- /* If we are delegating Basic to other modules, DECLINE the request */
- if (conf->krb_delegate_basic &&
-#ifdef KRB5
- !conf->krb_method_k5pass &&
-#endif
-#ifdef KRB4
- !conf->krb_method_k4pass &&
-#endif
- (strcasecmp(auth_type, "Basic") == 0))
- return DECLINED;
-
- if ( (prevauth = already_succeeded(r, auth_line)) == NULL) {
- ret = HTTP_UNAUTHORIZED;
-
-#ifdef KRB5
- if (use_krb5 && conf->krb_method_gssapi &&
- strcasecmp(auth_type, MECH_NEGOTIATE) == 0) {
- ret = authenticate_user_gss(r, conf, auth_line, &negotiate_ret_value);
- } else if (use_krb5 && conf->krb_method_k5pass &&
- strcasecmp(auth_type, "Basic") == 0) {
- ret = authenticate_user_krb5pwd(r, conf, auth_line);
- }
-#endif
-
-#ifdef KRB4
- if (ret == HTTP_UNAUTHORIZED && use_krb4 && conf->krb_method_k4pass &&
- strcasecmp(auth_type, "Basic") == 0)
- ret = authenticate_user_krb4pwd(r, conf, auth_line);
-#endif
-
- if (ret == HTTP_UNAUTHORIZED)
- set_kerb_auth_headers(r, conf, use_krb4, use_krb5, negotiate_ret_value);
-
- } else {
- ret = prevauth->last_return;
- MK_USER = prevauth->user;
- MK_AUTH_TYPE = prevauth->mech;
- }
-
- /*
- * save who was auth'd, if it's not already stashed.
- */
- if(!prevauth) {
- prevauth = (krb5_conn_data *) apr_pcalloc(r->connection->pool, sizeof(krb5_conn_data));
- prevauth->user = apr_pstrdup(r->connection->pool, MK_USER);
- prevauth->authline = apr_pstrdup(r->connection->pool, auth_line);
- prevauth->mech = apr_pstrdup(r->connection->pool, auth_type);
- prevauth->last_return = ret;
- snprintf(keyname, sizeof(keyname) - 1,
- "mod_auth_kerb::connection::%s::%ld",
- r->connection->remote_ip, r->connection->id);
- apr_pool_userdata_set(prevauth, keyname, NULL, r->connection->pool);
- }
-
- if (ret == OK && conf->krb5_do_auth_to_local)
- ret = do_krb5_an_to_ln(r);
-
- /* XXX log_debug: if ret==OK, log(user XY authenticated) */