--- mod_auth_kerb-5.1/src/mod_auth_kerb.c.cache +++ mod_auth_kerb-5.1/src/mod_auth_kerb.c @@ -85,6 +85,8 @@ #define snprintf _snprintf #endif +#include <unistd.h> + #ifdef KRB5 #include <krb5.h> #ifdef HEIMDAL @@ -1238,6 +1240,8 @@ return memcmp(p, oid->elements, oid->length); } +#define NAMEKEY "mod_auth_kerb:client_name" + static int authenticate_user_gss(request_rec *r, kerb_auth_config *conf, const char *auth_line, char **negotiate_ret_value) @@ -1390,6 +1394,15 @@ MK_AUTH_TYPE = MECH_NEGOTIATE; MK_USER = apr_pstrdup(r->pool, output_token.value); +#ifndef APXS1 + { + apr_status_t rv; + rv = apr_pool_userdata_set(r->user, NAMEKEY, NULL, r->connection->pool); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, + "set cached name %s for connection", r->user); + } +#endif + if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL) store_gss_creds(r, conf, (char *)output_token.value, delegated_cred); @@ -1417,17 +1430,6 @@ } #endif /* KRB5 */ -static int -already_succeeded(request_rec *r) -{ - if (ap_is_initial_req(r) || MK_AUTH_TYPE == NULL) - return 0; - if (strcmp(MK_AUTH_TYPE, MECH_NEGOTIATE) || - (strcmp(MK_AUTH_TYPE, "Basic") && strchr(MK_USER, '@'))) - return 1; - return 0; -} - static void set_kerb_auth_headers(request_rec *r, const kerb_auth_config *conf, int use_krb4, int use_krb5pwd, char *negotiate_ret_value) @@ -1475,7 +1477,6 @@ const char *type = NULL; int use_krb5 = 0, use_krb4 = 0; int ret; - static int last_return = HTTP_UNAUTHORIZED; char *negotiate_ret_value = NULL; /* get the type specified in .htaccess */ @@ -1504,6 +1505,23 @@ } #endif +#ifndef APXS1 + if (use_krb5 && conf->krb_method_gssapi) { + void *data = NULL; + const char *name; + + if (apr_pool_userdata_get(&data, NAMEKEY, r->connection->pool) == APR_SUCCESS + && data != NULL) { + name = data; + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "using cached name %s", name); + r->user = apr_pstrdup(r->pool, name); + r->ap_auth_type = "Negotiate"; + return OK; + } + } +#endif + /* get what the user sent us in the HTTP header */ auth_line = MK_TABLE_GET(r->headers_in, (r->proxyreq == PROXYREQ_PROXY) ? "Proxy-Authorization" @@ -1526,9 +1544,6 @@ (strcasecmp(auth_type, "Basic") == 0)) return DECLINED; - if (already_succeeded(r)) - return last_return; - ret = HTTP_UNAUTHORIZED; #ifdef KRB5 @@ -1552,7 +1567,6 @@ /* XXX log_debug: if ret==OK, log(user XY authenticated) */ - last_return = ret; return ret; }