diff options
| -rw-r--r-- | src/mod_auth_gssapi.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index e233110..b168dbf 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -239,6 +239,7 @@ static int mag_auth(request_rec *req) const char *user_ccache = NULL; const char *orig_ccache = NULL; #endif + uint32_t init_flags = 0; type = ap_auth_type(req); if ((type == NULL) || (strcasecmp(type, "GSSAPI") != 0)) { @@ -445,9 +446,15 @@ static int mag_auth(request_rec *req) "failed", maj, min)); goto done; } + + if (cfg->deleg_ccache_dir) { + /* delegate ourselves credentials so we store them as requested */ + init_flags |= GSS_C_DELEG_FLAG; + } + /* output and input are inverted here, this is intentional */ maj = gss_init_sec_context(&min, user_cred, &user_ctx, server, - GSS_C_NO_OID, 0, 300, + GSS_C_NO_OID, init_flags, 300, GSS_C_NO_CHANNEL_BINDINGS, &output, NULL, &input, NULL, NULL); if (GSS_ERROR(maj)) { @@ -473,7 +480,7 @@ static int mag_auth(request_rec *req) gss_release_buffer(&min, &input); /* output and input are inverted here, this is intentional */ maj = gss_init_sec_context(&min, user_cred, &user_ctx, server, - GSS_C_NO_OID, 0, 300, + GSS_C_NO_OID, init_flags, 300, GSS_C_NO_CHANNEL_BINDINGS, &output, NULL, &input, NULL, NULL); if (GSS_ERROR(maj)) { |