diff options
| author | Simo Sorce <simo@redhat.com> | 2015-04-19 15:59:51 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-04-19 15:59:51 -0400 |
| commit | 983ac18b86eb0059274692690e0cf925549174ac (patch) | |
| tree | 60912f5b81bacd0a5373405d272a6f39f6aca463 | |
| parent | 0cea28e5b05b340bbb3b2b60e3a326a6a7d1fcb0 (diff) | |
Properly complete context establishment
On success do not forget to send the last negotiate packet (if any)
to the client within the 200 Reply.
Fixes #21
| -rw-r--r-- | src/mod_auth_gssapi.c | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index b168dbf..9cb53ec 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -568,25 +568,23 @@ static int mag_auth(request_rec *req) ret = OK; done: - if (ret == HTTP_UNAUTHORIZED) { - if (output.length != 0) { - replen = apr_base64_encode_len(output.length) + 1; - reply = apr_pcalloc(req->pool, 10 + replen); - if (reply) { - memcpy(reply, "Negotiate ", 10); - apr_base64_encode(&reply[10], output.value, output.length); - apr_table_add(req->err_headers_out, - "WWW-Authenticate", reply); - } - } else { + if ((!is_basic) && (output.length != 0)) { + replen = apr_base64_encode_len(output.length) + 1; + reply = apr_pcalloc(req->pool, 10 + replen); + if (reply) { + memcpy(reply, "Negotiate ", 10); + apr_base64_encode(&reply[10], output.value, output.length); apr_table_add(req->err_headers_out, - "WWW-Authenticate", "Negotiate"); - if (cfg->use_basic_auth) { - apr_table_add(req->err_headers_out, - "WWW-Authenticate", - apr_psprintf(req->pool, "Basic realm=\"%s\"", - ap_auth_name(req))); - } + "WWW-Authenticate", reply); + } + } else if (ret == HTTP_UNAUTHORIZED) { + apr_table_add(req->err_headers_out, + "WWW-Authenticate", "Negotiate"); + if (cfg->use_basic_auth) { + apr_table_add(req->err_headers_out, + "WWW-Authenticate", + apr_psprintf(req->pool, "Basic realm=\"%s\"", + ap_auth_name(req))); } } #ifdef HAVE_GSS_KRB5_CCACHE_NAME |