diff options
Diffstat (limited to 'src/mod_auth_gssapi.c')
-rw-r--r-- | src/mod_auth_gssapi.c | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index 9f311c5..ed4342b 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -107,7 +107,10 @@ struct mag_conn *mag_new_conn_ctx(apr_pool_t *pool) struct mag_conn *mc; mc = apr_pcalloc(pool, sizeof(struct mag_conn)); + apr_pool_create(&mc->pool, pool); + mc->env = apr_table_make(mc->pool, 1); + /* register the context in the memory pool, so it can be freed * when the connection/request is terminated */ apr_pool_cleanup_register(mc->pool, (void *)mc, @@ -124,6 +127,7 @@ static void mag_conn_clear(struct mag_conn *mc) temp = mc->pool; memset(mc, 0, sizeof(struct mag_conn)); mc->pool = temp; + mc->env = apr_table_make(mc->pool, 1); } static bool mag_conn_is_https(conn_rec *c) @@ -823,20 +827,45 @@ static int mag_auth(request_rec *req) return HTTP_UNAUTHORIZED; } + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req, + "URI: %s, %s main, %s prev", req->uri ?: "no-uri", + req->main ? "with" : "no", req->prev ? "with" : "no"); + /* implicit auth for subrequests if main auth already happened */ - if (!ap_is_initial_req(req) && req->main != NULL) { - type = ap_auth_type(req->main); + if (!ap_is_initial_req(req)) { + request_rec *main_req = req; + + /* Not initial means either a subrequest or an internal redirect */ + while (!ap_is_initial_req(main_req)) + if (main_req->main) + main_req = main_req->main; + else + main_req = main_req->prev; + + type = ap_auth_type(main_req); if ((type != NULL) && (strcasecmp(type, "GSSAPI") == 0)) { /* warn if the subrequest location and the main request * location have different configs */ - if (cfg != ap_get_module_config(req->main->per_dir_config, + if (cfg != ap_get_module_config(main_req->per_dir_config, &auth_gssapi_module)) { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, req, "Subrequest authentication bypass on " "location with different configuration!"); } - if (req->main->user) { - req->user = apr_pstrdup(req->pool, req->main->user); + if (main_req->user) { + apr_table_t *env; + + req->user = apr_pstrdup(req->pool, main_req->user); + req->ap_auth_type = main_req->ap_auth_type; + + env = ap_get_module_config(main_req->request_config, + &auth_gssapi_module); + if (!env) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, req, + "Failed to lookup env table in subrequest"); + } else + mag_export_req_env(req, env); + return OK; } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, req, |