Properly complete context establishment

On success do not forget to send the last negotiate packet (if any) to the client within the 200 Reply. Fixes #21
author: Simo Sorce <simo@redhat.com> 2015-04-19 15:59:51 -0400
committer: Simo Sorce <simo@redhat.com> 2015-04-19 15:59:51 -0400
commit: 983ac18b86eb0059274692690e0cf925549174ac (patch)
tree: 60912f5b81bacd0a5373405d272a6f39f6aca463
parent: 0cea28e5b05b340bbb3b2b60e3a326a6a7d1fcb0 (diff)
download: mod_auth_gssapi-983ac18b86eb0059274692690e0cf925549174ac.tar.gz
mod_auth_gssapi-983ac18b86eb0059274692690e0cf925549174ac.tar.xz
mod_auth_gssapi-983ac18b86eb0059274692690e0cf925549174ac.zip
1 files changed, 16 insertions, 18 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index b168dbf..9cb53ec 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -568,25 +568,23 @@ static int mag_auth(request_rec *req)
     ret = OK;
 
 done:
-    if (ret == HTTP_UNAUTHORIZED) {
-        if (output.length != 0) {
-            replen = apr_base64_encode_len(output.length) + 1;
-            reply = apr_pcalloc(req->pool, 10 + replen);
-            if (reply) {
-                memcpy(reply, "Negotiate ", 10);
-                apr_base64_encode(&reply[10], output.value, output.length);
-                apr_table_add(req->err_headers_out,
-                              "WWW-Authenticate", reply);
-            }
-        } else {
+    if ((!is_basic) && (output.length != 0)) {
+        replen = apr_base64_encode_len(output.length) + 1;
+        reply = apr_pcalloc(req->pool, 10 + replen);
+        if (reply) {
+            memcpy(reply, "Negotiate ", 10);
+            apr_base64_encode(&reply[10], output.value, output.length);
             apr_table_add(req->err_headers_out,
-                          "WWW-Authenticate", "Negotiate");
-            if (cfg->use_basic_auth) {
-                apr_table_add(req->err_headers_out,
-                              "WWW-Authenticate",
-                              apr_psprintf(req->pool, "Basic realm=\"%s\"",
-                                           ap_auth_name(req)));
-            }
+                          "WWW-Authenticate", reply);
+        }
+    } else if (ret == HTTP_UNAUTHORIZED) {
+        apr_table_add(req->err_headers_out,
+                      "WWW-Authenticate", "Negotiate");
+        if (cfg->use_basic_auth) {
+            apr_table_add(req->err_headers_out,
+                          "WWW-Authenticate",
+                          apr_psprintf(req->pool, "Basic realm=\"%s\"",
+                                       ap_auth_name(req)));
         }
     }
 #ifdef HAVE_GSS_KRB5_CCACHE_NAME
author	Simo Sorce <simo@redhat.com>	2015-04-19 15:59:51 -0400
committer	Simo Sorce <simo@redhat.com>	2015-04-19 15:59:51 -0400
commit	983ac18b86eb0059274692690e0cf925549174ac (patch)
tree	60912f5b81bacd0a5373405d272a6f39f6aca463
parent	0cea28e5b05b340bbb3b2b60e3a326a6a7d1fcb0 (diff)
download	mod_auth_gssapi-983ac18b86eb0059274692690e0cf925549174ac.tar.gz mod_auth_gssapi-983ac18b86eb0059274692690e0cf925549174ac.tar.xz mod_auth_gssapi-983ac18b86eb0059274692690e0cf925549174ac.zip