From: Simo Sorce Date: Sun, 19 Apr 2015 19:59:51 +0000 (-0400) Subject: Properly complete context establishment X-Git-Tag: v1.2.0~1 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_gssapi.git;a=commitdiff_plain;h=983ac18b86eb0059274692690e0cf925549174ac Properly complete context establishment On success do not forget to send the last negotiate packet (if any) to the client within the 200 Reply. Fixes #21 --- diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index b168dbf..9cb53ec 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -568,25 +568,23 @@ static int mag_auth(request_rec *req) ret = OK; done: - if (ret == HTTP_UNAUTHORIZED) { - if (output.length != 0) { - replen = apr_base64_encode_len(output.length) + 1; - reply = apr_pcalloc(req->pool, 10 + replen); - if (reply) { - memcpy(reply, "Negotiate ", 10); - apr_base64_encode(&reply[10], output.value, output.length); - apr_table_add(req->err_headers_out, - "WWW-Authenticate", reply); - } - } else { + if ((!is_basic) && (output.length != 0)) { + replen = apr_base64_encode_len(output.length) + 1; + reply = apr_pcalloc(req->pool, 10 + replen); + if (reply) { + memcpy(reply, "Negotiate ", 10); + apr_base64_encode(&reply[10], output.value, output.length); apr_table_add(req->err_headers_out, - "WWW-Authenticate", "Negotiate"); - if (cfg->use_basic_auth) { - apr_table_add(req->err_headers_out, - "WWW-Authenticate", - apr_psprintf(req->pool, "Basic realm=\"%s\"", - ap_auth_name(req))); - } + "WWW-Authenticate", reply); + } + } else if (ret == HTTP_UNAUTHORIZED) { + apr_table_add(req->err_headers_out, + "WWW-Authenticate", "Negotiate"); + if (cfg->use_basic_auth) { + apr_table_add(req->err_headers_out, + "WWW-Authenticate", + apr_psprintf(req->pool, "Basic realm=\"%s\"", + ap_auth_name(req))); } } #ifdef HAVE_GSS_KRB5_CCACHE_NAME