Index: configure --- configure.orig 2006-11-22 11:33:58 +0100 +++ configure 2007-12-22 14:25:24 +0100 @@ -3933,7 +3933,6 @@ if test -z "$gssapi_supports_spnego"; then if test -n "$have_heimdal"; then SPNEGO_SRCS="\ spnegokrb5/asn1_MechType.c \ - spnegokrb5/asn1_MechTypeList.c \ spnegokrb5/asn1_ContextFlags.c \ spnegokrb5/asn1_NegTokenInit.c \ spnegokrb5/asn1_NegTokenTarg.c \ @@ -3941,6 +3940,11 @@ spnegokrb5/accept_sec_context.c \ spnegokrb5/encapsulate.c \ spnegokrb5/decapsulate.c \ + spnegokrb5/der_get.c \ + spnegokrb5/der_put.c \ + spnegokrb5/der_free.c \ + spnegokrb5/der_length.c \ + spnegokrb5/der_copy.c \ spnegokrb5/external.c" else SPNEGO_SRCS="\ spnegokrb5/asn1_MechType.c \ Index: spnegokrb5/der_get.c --- spnegokrb5/der_get.c.orig 2006-11-22 11:27:17 +0100 +++ spnegokrb5/der_get.c 2007-12-22 14:24:51 +0100 @@ -39,6 +39,17 @@ #include #endif +#include "config.h" +#ifdef HEIMDAL +#define der_get_length my_der_get_length +#define der_get_tag my_der_get_tag +#define der_match_tag my_der_match_tag +#define der_match_tag_and_length my_der_match_tag_and_length +#define der_get_octet_string my_der_get_octet_string +#define der_get_oid my_der_get_oid +#define der_get_general_string my_der_get_general_string +#endif + /* * All decoding functions take a pointer `p' to first position in * which to read, from the left, `len' which means the maximum number Index: spnegokrb5/der_put.c --- spnegokrb5/der_put.c.orig 2003-09-05 10:54:08 +0200 +++ spnegokrb5/der_put.c 2007-12-22 14:24:51 +0100 @@ -37,6 +37,16 @@ RCSID("$Id: apache-kerberos.patch,v 1.5 2009/03/26 18:58:04 rse Exp $"); #endif +#include "config.h" +#ifdef HEIMDAL +#define der_put_length my_der_put_length +#define der_put_oid my_der_put_oid +#define der_put_tag my_der_put_tag +#define der_put_length_and_tag my_der_put_length_and_tag +#define der_put_octet_string my_der_put_octet_string +#define der_put_general_string my_der_put_general_string +#endif + /* * All encoding functions take a pointer `p' to first position in * which to write, from the right, `len' which means the maximum Index: src/mod_auth_kerb.c --- src/mod_auth_kerb.c.orig 2008-12-04 11:14:03 +0100 +++ src/mod_auth_kerb.c 2009-03-26 19:47:27 +0100 @@ -170,6 +170,7 @@ char *krb_4_srvtab; int krb_method_k4pass; #endif + int krb_append_realm; } kerb_auth_config; typedef struct krb5_conn_data { @@ -247,6 +248,9 @@ FLAG, "Enable Kerberos V4 password authentication."), #endif + command("KrbAppendRealm", ap_set_flag_slot, krb_append_realm, + FLAG, "Append the realm name when setting $REMOTE_USER."), + { NULL } }; @@ -336,6 +340,7 @@ #ifdef KRB4 ((kerb_auth_config *)rec)->krb_method_k4pass = 1; #endif + ((kerb_auth_config *)rec)->krb_append_realm = 1; return rec; } @@ -525,6 +530,8 @@ if (sent_instance) user = apr_pstrcat(r->pool, user, ".", sent_instance, NULL); user = apr_pstrcat(r->pool, user, "@", realm, NULL); + if (conf->krb_append_realm) + user = apr_pstrcat(r->pool, user, "@", realm, NULL); MK_USER = user; MK_AUTH_TYPE = "Basic"; @@ -1064,6 +1071,8 @@ MK_AUTH_TYPE = "Basic"; free(name); + if (!conf->krb_append_realm && (name = strchr(MK_USER, '@'))) + *name = '\0'; if (conf->krb_save_credentials) store_krb5_creds(kcontext, r, conf, ccache); @@ -1327,6 +1336,7 @@ gss_ctx_id_t context = GSS_C_NO_CONTEXT; gss_cred_id_t server_creds = GSS_C_NO_CREDENTIAL; OM_uint32 ret_flags = 0; + char *name = NULL; *negotiate_ret_value = "\0"; @@ -1461,6 +1471,8 @@ MK_AUTH_TYPE = MECH_NEGOTIATE; MK_USER = apr_pstrdup(r->pool, output_token.value); + if (!conf->krb_append_realm && (name = strchr(MK_USER, '@'))) + *name = '\0'; if (conf->krb_save_credentials && delegated_cred != GSS_C_NO_CREDENTIAL) store_gss_creds(r, conf, (char *)output_token.value, delegated_cred);