diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2015-04-25 15:36:40 +0300 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-05-24 23:12:15 +0200 |
| commit | 908581fd3bca791d24cae7fe5a8ae6adfb614ad8 (patch) | |
| tree | 242980da331cf0df34a4b6f1593ac3bc3bef2cfe | |
| parent | fafb5384785c76c1f96cc689677574cfe459f3b6 (diff) | |
| download | mod_auth_gssapi-908581fd3bca791d24cae7fe5a8ae6adfb614ad8.tar.gz mod_auth_gssapi-908581fd3bca791d24cae7fe5a8ae6adfb614ad8.tar.xz mod_auth_gssapi-908581fd3bca791d24cae7fe5a8ae6adfb614ad8.zip | |
Add GssapiSignalPersistentAuth directive
Controls whether to send the Persistent-Auth header, and sets it only
when necessary/appropriate
Reviewed-by: Simo Sorce <simo@redhat.com>
| -rw-r--r-- | README | 11 | ||||
| -rw-r--r-- | src/mod_auth_gssapi.c | 13 | ||||
| -rw-r--r-- | src/mod_auth_gssapi.h | 1 |
3 files changed, 22 insertions, 3 deletions
@@ -89,12 +89,17 @@ authentication (like NTLMSSP) it is necessary to bind to the authentication to the connection in order to keep the state between round-trips. With this option enable incomplete context are store in the connection and retrieved on the next request for continuation. -When using this option you may also ant to set the Persistent-Auth header for -those clients that make use of it. Example: GssapiConnectionBound On - Header set Persistent-Auth "true" + + +### GssapiSignalPersistentAuth +For clients that make use of Persistent-Auth header, send the header according +to GssapiConnectionBound setting. + +Example: + GssapiSignalPersistentAuth On ### GssapiUseSessions diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index 48300e9..0ca9a27 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -572,6 +572,10 @@ static int mag_auth(request_rec *req) mc->auth_type = auth_type; } + if (cfg->send_persist) + apr_table_set(req->headers_out, "Persistent-Auth", + cfg->gss_conn_ctx ? "true" : "false"); + ret = OK; done: @@ -650,6 +654,13 @@ static const char *mag_conn_ctx(cmd_parms *parms, void *mconfig, int on) return NULL; } +static const char *mag_send_persist(cmd_parms *parms, void *mconfig, int on) +{ + struct mag_config *cfg = (struct mag_config *)mconfig; + cfg->send_persist = on ? true : false; + return NULL; +} + static const char *mag_use_sess(cmd_parms *parms, void *mconfig, int on) { struct mag_config *cfg = (struct mag_config *)mconfig; @@ -803,6 +814,8 @@ static const command_rec mag_commands[] = { "Translate principals to local names"), AP_INIT_FLAG("GssapiConnectionBound", mag_conn_ctx, NULL, OR_AUTHCFG, "Authentication is bound to the TCP connection"), + AP_INIT_FLAG("GssapiSignalPersistentAuth", mag_send_persist, NULL, OR_AUTHCFG, + "Send Persitent-Auth header according to connection bound"), AP_INIT_FLAG("GssapiUseSessions", mag_use_sess, NULL, OR_AUTHCFG, "Authentication uses mod_sessions to hold status"), AP_INIT_RAW_ARGS("GssapiSessionKey", mag_sess_key, NULL, OR_AUTHCFG, diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h index 4cf7d39..b12b0e9 100644 --- a/src/mod_auth_gssapi.h +++ b/src/mod_auth_gssapi.h @@ -39,6 +39,7 @@ struct mag_config { bool ssl_only; bool map_to_local; bool gss_conn_ctx; + bool send_persist; bool use_sessions; bool use_s4u2proxy; char *deleg_ccache_dir; |