X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=blobdiff_plain;f=src%2Fmod_auth_gssapi.c;h=c33ea34a02a4966c215dd7ce74dbef61e0b5de5c;hp=43094f002856a358c7e27b8b6490c3774e5383ae;hb=bb7c20bc7f487b52c79ec0279c3f83d13582f9c2;hpb=ca728e1b8550af7e5f482d715a7889f217c18ad1

diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index 43094f0..c33ea34 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -24,6 +24,7 @@
 
 #include "mod_auth_gssapi.h"
 
+#define MOD_AUTH_GSSAPI_VERSION PACKAGE_NAME "/" PACKAGE_VERSION
 
 module AP_MODULE_DECLARE_DATA auth_gssapi_module;
 
@@ -78,6 +79,7 @@ static int mag_post_config(apr_pool_t *cfgpool, apr_pool_t *log,
     /* FIXME: create mutex to deal with connections and contexts ? */
     mag_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
     mag_post_config_session();
+    ap_add_version_component(cfgpool, MOD_AUTH_GSSAPI_VERSION);
 
     return OK;
 }
@@ -164,6 +166,7 @@ static int mag_auth(request_rec *req)
     gss_name_t client = GSS_C_NO_NAME;
     gss_cred_id_t acquired_cred = GSS_C_NO_CREDENTIAL;
     gss_cred_id_t delegated_cred = GSS_C_NO_CREDENTIAL;
+    gss_cred_usage_t cred_usage = GSS_C_ACCEPT;
     uint32_t flags;
     uint32_t vtime;
     uint32_t maj, min;
@@ -206,7 +209,9 @@ static int mag_auth(request_rec *req)
     }
 
     /* if available, session always supersedes connection bound data */
-    mag_check_session(req, cfg, &mc);
+    if (cfg->use_sessions) {
+        mag_check_session(req, cfg, &mc);
+    }
 
     if (mc) {
         /* register the context in the memory pool, so it can be freed
@@ -245,8 +250,11 @@ static int mag_auth(request_rec *req)
 
 #ifdef HAVE_GSS_ACQUIRE_CRED_FROM
     if (cfg->use_s4u2proxy) {
+        cred_usage = GSS_C_BOTH;
+    }
+    if (cfg->cred_store) {
         maj = gss_acquire_cred_from(&min, GSS_C_NO_NAME, 0,
-                                    GSS_C_NO_OID_SET, GSS_C_BOTH,
+                                    GSS_C_NO_OID_SET, cred_usage,
                                     cfg->cred_store, &acquired_cred,
                                     NULL, NULL);
         if (GSS_ERROR(maj)) {
@@ -329,7 +337,9 @@ static int mag_auth(request_rec *req)
             vtime = MIN_SESS_EXP_TIME;
         }
         mc->expiration = time(NULL) + vtime;
-        mag_attempt_session(req, cfg, mc);
+        if (cfg->use_sessions) {
+            mag_attempt_session(req, cfg, mc);
+        }
     }
 
     ret = OK;
@@ -533,7 +543,7 @@ static const command_rec mag_commands[] = {
     AP_INIT_FLAG("GssapiSSLonly", mag_ssl_only, NULL, OR_AUTHCFG,
                   "Work only if connection is SSL Secured"),
     AP_INIT_FLAG("GssapiLocalName", mag_map_to_local, NULL, OR_AUTHCFG,
-                  "Work only if connection is SSL Secured"),
+                  "Translate principals to local names"),
     AP_INIT_FLAG("GssapiConnectionBound", mag_conn_ctx, NULL, OR_AUTHCFG,
                   "Authentication is bound to the TCP connection"),
     AP_INIT_FLAG("GssapiUseSessions", mag_use_sess, NULL, OR_AUTHCFG,