You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

128 lines
4.2 KiB

Index: configure
--- configure.orig 2006-11-22 11:33:58 +0100
+++ configure 2007-12-22 14:25:24 +0100
@@ -3933,7 +3933,6 @@
if test -z "$gssapi_supports_spnego"; then
if test -n "$have_heimdal"; then SPNEGO_SRCS="\
spnegokrb5/asn1_MechType.c \
- spnegokrb5/asn1_MechTypeList.c \
spnegokrb5/asn1_ContextFlags.c \
spnegokrb5/asn1_NegTokenInit.c \
spnegokrb5/asn1_NegTokenTarg.c \
@@ -3941,6 +3940,11 @@
spnegokrb5/accept_sec_context.c \
spnegokrb5/encapsulate.c \
spnegokrb5/decapsulate.c \
+ spnegokrb5/der_get.c \
+ spnegokrb5/der_put.c \
+ spnegokrb5/der_free.c \
+ spnegokrb5/der_length.c \
+ spnegokrb5/der_copy.c \
spnegokrb5/external.c"
else SPNEGO_SRCS="\
spnegokrb5/asn1_MechType.c \
Index: spnegokrb5/der_get.c
--- spnegokrb5/der_get.c.orig 2006-11-22 11:27:17 +0100
+++ spnegokrb5/der_get.c 2007-12-22 14:24:51 +0100
@@ -39,6 +39,17 @@
#include <version.h>
#endif
+#include "config.h"
+#ifdef HEIMDAL
+#define der_get_length my_der_get_length
+#define der_get_tag my_der_get_tag
+#define der_match_tag my_der_match_tag
+#define der_match_tag_and_length my_der_match_tag_and_length
+#define der_get_octet_string my_der_get_octet_string
+#define der_get_oid my_der_get_oid
+#define der_get_general_string my_der_get_general_string
+#endif
+
/*
* All decoding functions take a pointer `p' to first position in
* which to read, from the left, `len' which means the maximum number
Index: spnegokrb5/der_put.c
--- spnegokrb5/der_put.c.orig 2003-09-05 10:54:08 +0200
+++ spnegokrb5/der_put.c 2007-12-22 14:24:51 +0100
@@ -37,6 +37,16 @@
RCSID("$Id: apache-kerberos.patch,v 1.5 2009/03/26 18:58:04 rse Exp $");
#endif
+#include "config.h"
+#ifdef HEIMDAL
+#define der_put_length my_der_put_length
+#define der_put_oid my_der_put_oid
+#define der_put_tag my_der_put_tag
+#define der_put_length_and_tag my_der_put_length_and_tag
+#define der_put_octet_string my_der_put_octet_string
+#define der_put_general_string my_der_put_general_string
+#endif
+
/*
* All encoding functions take a pointer `p' to first position in
* which to write, from the right, `len' which means the maximum
Index: src/mod_auth_kerb.c
--- src/mod_auth_kerb.c.orig 2008-12-04 11:14:03 +0100
+++ src/mod_auth_kerb.c 2009-03-26 19:47:27 +0100
@@ -170,6 +170,7 @@
char *krb_4_srvtab;
int krb_method_k4pass;
#endif
+ int krb_append_realm;
} kerb_auth_config;
typedef struct krb5_conn_data {
@@ -247,6 +248,9 @@
FLAG, "Enable Kerberos V4 password authentication."),
#endif
+ command("KrbAppendRealm", ap_set_flag_slot, krb_append_realm,
+ FLAG, "Append the realm name when setting $REMOTE_USER."),
+
{ NULL }
};
@@ -336,6 +340,7 @@
#ifdef KRB4
((kerb_auth_config *)rec)->krb_method_k4pass = 1;
#endif
+ ((kerb_auth_config *)rec)->krb_append_realm = 1;
return rec;
}
@@ -525,6 +530,8 @@
if (sent_instance)
user = apr_pstrcat(r->pool, user, ".", sent_instance, NULL);
user = apr_pstrcat(r->pool, user, "@", realm, NULL);
+ if (conf->krb_append_realm)
+ user = apr_pstrcat(r->pool, user, "@", realm, NULL);
MK_USER = user;
MK_AUTH_TYPE = "Basic";
@@ -1064,6 +1071,8 @@
MK_AUTH_TYPE = "Basic";
free(name);
+ if (!conf->krb_append_realm && (name = strchr(MK_USER, '@')))
+ *name = '\0';
if (conf->krb_save_credentials)
store_krb5_creds(kcontext, r, conf, ccache);
@@ -1327,6 +1336,7 @@
gss_ctx_id_t context = GSS_C_NO_CONTEXT;
gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL;
OM_uint32 ret_flags = 0;
+ char *name = NULL;
*negotiate_ret_value = "\0";
@@ -1461,6 +1471,8 @@
MK_AUTH_TYPE = MECH_NEGOTIATE;
MK_USER = apr_pstrdup(r->pool, output_token.value);
+ if (!conf->krb_append_realm && (name = strchr(MK_USER, '@')))
+ *name = '\0';
if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL)
store_gss_creds(r, conf, (char *)output_token.value, delegated_cred);