From 908581fd3bca791d24cae7fe5a8ae6adfb614ad8 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 25 Apr 2015 15:36:40 +0300 Subject: [PATCH] Add GssapiSignalPersistentAuth directive Controls whether to send the Persistent-Auth header, and sets it only when necessary/appropriate Reviewed-by: Simo Sorce --- README | 11 ++++++++--- src/mod_auth_gssapi.c | 13 +++++++++++++ src/mod_auth_gssapi.h | 1 + 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/README b/README index e23f745..e8d3031 100644 --- a/README +++ b/README @@ -89,12 +89,17 @@ authentication (like NTLMSSP) it is necessary to bind to the authentication to the connection in order to keep the state between round-trips. With this option enable incomplete context are store in the connection and retrieved on the next request for continuation. -When using this option you may also ant to set the Persistent-Auth header for -those clients that make use of it. Example: GssapiConnectionBound On - Header set Persistent-Auth "true" + + +### GssapiSignalPersistentAuth +For clients that make use of Persistent-Auth header, send the header according +to GssapiConnectionBound setting. + +Example: + GssapiSignalPersistentAuth On ### GssapiUseSessions diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index 48300e9..0ca9a27 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -572,6 +572,10 @@ static int mag_auth(request_rec *req) mc->auth_type = auth_type; } + if (cfg->send_persist) + apr_table_set(req->headers_out, "Persistent-Auth", + cfg->gss_conn_ctx ? "true" : "false"); + ret = OK; done: @@ -650,6 +654,13 @@ static const char *mag_conn_ctx(cmd_parms *parms, void *mconfig, int on) return NULL; } +static const char *mag_send_persist(cmd_parms *parms, void *mconfig, int on) +{ + struct mag_config *cfg = (struct mag_config *)mconfig; + cfg->send_persist = on ? true : false; + return NULL; +} + static const char *mag_use_sess(cmd_parms *parms, void *mconfig, int on) { struct mag_config *cfg = (struct mag_config *)mconfig; @@ -803,6 +814,8 @@ static const command_rec mag_commands[] = { "Translate principals to local names"), AP_INIT_FLAG("GssapiConnectionBound", mag_conn_ctx, NULL, OR_AUTHCFG, "Authentication is bound to the TCP connection"), + AP_INIT_FLAG("GssapiSignalPersistentAuth", mag_send_persist, NULL, OR_AUTHCFG, + "Send Persitent-Auth header according to connection bound"), AP_INIT_FLAG("GssapiUseSessions", mag_use_sess, NULL, OR_AUTHCFG, "Authentication uses mod_sessions to hold status"), AP_INIT_RAW_ARGS("GssapiSessionKey", mag_sess_key, NULL, OR_AUTHCFG, diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h index 4cf7d39..b12b0e9 100644 --- a/src/mod_auth_gssapi.h +++ b/src/mod_auth_gssapi.h @@ -39,6 +39,7 @@ struct mag_config { bool ssl_only; bool map_to_local; bool gss_conn_ctx; + bool send_persist; bool use_sessions; bool use_s4u2proxy; char *deleg_ccache_dir; -- 2.1.4