File: gssapi_any.patch

package info (click to toggle)
libapache-mod-auth-kerb 5.4-2.4
  • links: PTS
  • area: main
  • in suites: bullseye, sid
  • size: 636 kB
  • sloc: ansic: 3,236; makefile: 92; sh: 4
file content (29 lines) | stat: -rw-r--r-- 1,522 bytes parent folder | download | duplicates (7)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Index: libapache-mod-auth-kerb-5.3/README
===================================================================
--- libapache-mod-auth-kerb-5.3.orig/README	2008-05-08 08:25:26.000000000 +0200
+++ libapache-mod-auth-kerb-5.3/README	2008-05-08 08:26:15.000000000 +0200
@@ -66,6 +66,8 @@
    is used. The FQDN part can contain any hostname and can be used to work
    around problems with misconfigured DNS. A corresponding key of this name
    must be stored in the keytab.
+   If this option is set to 'Any', then any prinicpal from the keytab which
+   matches the client's request may be used.
 
 Krb4Srvtab /path/to/srvtab
    This option takes one argument, specifying the path to the Kerberos V4
Index: libapache-mod-auth-kerb-5.3/src/mod_auth_kerb.c
===================================================================
--- libapache-mod-auth-kerb-5.3.orig/src/mod_auth_kerb.c	2008-05-08 08:25:26.000000000 +0200
+++ libapache-mod-auth-kerb-5.3/src/mod_auth_kerb.c	2008-05-08 08:26:15.000000000 +0200
@@ -1140,7 +1140,10 @@
    have_server_princ = conf->krb_service_name && strchr(conf->krb_service_name, '/') != NULL;
    if (have_server_princ)
       strncpy(buf, conf->krb_service_name, sizeof(buf));
-   else
+   else if (conf->krb_service_name && strcmp(conf->krb_service_name, "Any") == 0) {
+      *server_creds = GSS_C_NO_CREDENTIAL;
+      return 0;
+   } else
       snprintf(buf, sizeof(buf), "%s@%s",
 	       (conf->krb_service_name) ? conf->krb_service_name : SERVICE_NAME,
 	       ap_get_server_name(r));