X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=blobdiff_plain;f=src%2Fmod_auth_gssapi.c;h=24cee3dac3ea5eb2b87fdccf35cb809984d13276;hp=66c86595b6cdbca3bb4d8253d51149d2917ebcff;hb=10d352bac12353efb5fe6e6efd2655e0562a1f8e;hpb=5cd4e8a90f3db84e57a25570ffdfeaffcf908b6c diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index 66c8659..24cee3d 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -96,9 +96,7 @@ static int mag_pre_connection(conn_rec *c, void *csd) { struct mag_conn *mc; - mc = apr_pcalloc(c->pool, sizeof(struct mag_conn)); - - mc->parent = c->pool; + mc = mag_new_conn_ctx(c->pool); ap_set_module_config(c->conn_config, &auth_gssapi_module, (void*)mc); return OK; } @@ -110,11 +108,35 @@ static apr_status_t mag_conn_destroy(void *ptr) if (mc->ctx) { (void)gss_delete_sec_context(&min, &mc->ctx, GSS_C_NO_BUFFER); - mc->established = false; } return APR_SUCCESS; } +struct mag_conn *mag_new_conn_ctx(apr_pool_t *pool) +{ + struct mag_conn *mc; + + mc = apr_pcalloc(pool, sizeof(struct mag_conn)); + apr_pool_create(&mc->pool, pool); + /* register the context in the memory pool, so it can be freed + * when the connection/request is terminated */ + apr_pool_cleanup_register(mc->pool, (void *)mc, + mag_conn_destroy, apr_pool_cleanup_null); + + return mc; +} + +static void mag_conn_clear(struct mag_conn *mc) +{ + (void)mag_conn_destroy(mc); + apr_pool_t *temp; + + apr_pool_clear(mc->pool); + temp = mc->pool; + memset(mc, 0, sizeof(struct mag_conn)); + mc->pool = temp; +} + static bool mag_conn_is_https(conn_rec *c) { if (mag_is_https) { @@ -422,11 +444,6 @@ static int mag_auth(request_rec *req) auth_header = apr_table_get(req->headers_in, "Authorization"); if (mc) { - /* register the context in the memory pool, so it can be freed - * when the connection/request is terminated */ - apr_pool_cleanup_register(mc->parent, (void *) mc, - mag_conn_destroy, apr_pool_cleanup_null); - if (mc->established && !auth_header) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req, "Already established context found!"); @@ -452,6 +469,13 @@ static int mag_auth(request_rec *req) } } + if (mc && mc->established && auth_type != AUTH_TYPE_BASIC) { + /* if we are re-authenticating make sure the conn context + * is cleaned up so we do not accidentally reuse an existing + * established context */ + mag_conn_clear(mc); + } + switch (auth_type) { case AUTH_TYPE_NEGOTIATE: if (!parse_auth_header(req->pool, &auth_header, &input)) { @@ -477,13 +501,16 @@ static int mag_auth(request_rec *req) ba_user.length = strlen(ba_user.value); ba_pwd.length = strlen(ba_pwd.value); - if (mc && mc->established && - mag_basic_check(cfg, mc, ba_user, ba_pwd)) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req, - "Already established BASIC AUTH context found!"); - mag_set_req_data(req, cfg, mc); - ret = OK; - goto done; + if (mc && mc->established) { + if (mag_basic_check(cfg, mc, ba_user, ba_pwd)) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req, + "Already established BASIC AUTH context found!"); + mag_set_req_data(req, cfg, mc); + ret = OK; + goto done; + } else { + mag_conn_clear(mc); + } } maj = gss_import_name(&min, &ba_user, GSS_C_NT_USER_NAME, &client); @@ -710,8 +737,8 @@ static int mag_auth(request_rec *req) } if (mc) { - mc->user_name = apr_pstrdup(mc->parent, req->user); - mc->gss_name = apr_pstrdup(mc->parent, clientname); + mc->user_name = apr_pstrdup(mc->pool, req->user); + mc->gss_name = apr_pstrdup(mc->pool, clientname); mc->established = true; if (vtime == GSS_C_INDEFINITE || vtime < MIN_SESS_EXP_TIME) { vtime = MIN_SESS_EXP_TIME;