From 73abdb71de4655ef5c780774ff7150ee18f35015 Mon Sep 17 00:00:00 2001 From: kouril Date: Tue, 29 Jun 2004 10:56:01 +0000 Subject: [PATCH] Added warning when NTLM authenticator is received --- src/mod_auth_kerb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/mod_auth_kerb.c b/src/mod_auth_kerb.c index a1311f7..2532b30 100644 --- a/src/mod_auth_kerb.c +++ b/src/mod_auth_kerb.c @@ -1009,6 +1009,7 @@ get_gss_creds(request_rec *r, return HTTP_INTERNAL_SERVER_ERROR; } + /* XXX misto buf vypisovat jmeno vracene z display_name() */ log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Acquiring creds for %s", buf); major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE, @@ -1055,8 +1056,6 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid) if (token->length == 0) return GSS_S_DEFECTIVE_TOKEN; - /* XXX if (token->value == NTLMSSP) log_debug("NTLM mechanism used"); */ - p = token->value; if (*p++ != 0x60) return GSS_S_DEFECTIVE_TOKEN; @@ -1179,6 +1178,10 @@ authenticate_user_gss(request_rec *r, kerb_auth_config *conf, } if (GSS_ERROR(major_status)) { + if (input_token.length > 7 && memcmp(input_token.value, "NTLMSSP", 7) == 0) + log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration."); + log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "%s", get_gss_error(r->pool, major_status, minor_status, "gss_accept_sec_context() failed")); -- 2.1.4