diff options
author | Isaac Boukris <iboukris@gmail.com> | 2015-06-08 00:52:30 +0300 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-06-08 10:15:58 -0400 |
commit | 9cfa62da9119d2cd62314e5328215f8ea45c64b1 (patch) | |
tree | e85296ae9ce07ec8bd3d6fd941812f1c75896548 | |
parent | c1b6fcaea24a51a235f62a7bb03767a120b24872 (diff) | |
download | mod_auth_gssapi-9cfa62da9119d2cd62314e5328215f8ea45c64b1.tar.gz mod_auth_gssapi-9cfa62da9119d2cd62314e5328215f8ea45c64b1.tar.xz mod_auth_gssapi-9cfa62da9119d2cd62314e5328215f8ea45c64b1.zip |
Disable connection-bound for basic-auth
Clients don't expect this and therefore might inappropriately reuse the
connection for another user identity (with or without creds).
This is currently more of an issue due to issue 22, example:
curl -v http://myhost/ -u usera:passa --next http://myhost/ -u userb:passb
Closes #36
Reviewed-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | src/mod_auth_gssapi.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index d351777..a88b653 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -579,6 +579,10 @@ static int mag_auth(request_rec *req) goto done; } if (auth_type == AUTH_TYPE_BASIC) { + if (mc) { + apr_pool_cleanup_run(mc->parent, mc, mag_conn_destroy); + mc = NULL; + } while (maj == GSS_S_CONTINUE_NEEDED) { gss_release_buffer(&min, &input); /* output and input are inverted here, this is intentional */ |