From 983ac18b86eb0059274692690e0cf925549174ac Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 19 Apr 2015 15:59:51 -0400 Subject: [PATCH] Properly complete context establishment On success do not forget to send the last negotiate packet (if any) to the client within the 200 Reply. Fixes #21 --- src/mod_auth_gssapi.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index b168dbf..9cb53ec 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -568,25 +568,23 @@ static int mag_auth(request_rec *req) ret = OK; done: - if (ret == HTTP_UNAUTHORIZED) { - if (output.length != 0) { - replen = apr_base64_encode_len(output.length) + 1; - reply = apr_pcalloc(req->pool, 10 + replen); - if (reply) { - memcpy(reply, "Negotiate ", 10); - apr_base64_encode(&reply[10], output.value, output.length); - apr_table_add(req->err_headers_out, - "WWW-Authenticate", reply); - } - } else { + if ((!is_basic) && (output.length != 0)) { + replen = apr_base64_encode_len(output.length) + 1; + reply = apr_pcalloc(req->pool, 10 + replen); + if (reply) { + memcpy(reply, "Negotiate ", 10); + apr_base64_encode(&reply[10], output.value, output.length); apr_table_add(req->err_headers_out, - "WWW-Authenticate", "Negotiate"); - if (cfg->use_basic_auth) { - apr_table_add(req->err_headers_out, - "WWW-Authenticate", - apr_psprintf(req->pool, "Basic realm=\"%s\"", - ap_auth_name(req))); - } + "WWW-Authenticate", reply); + } + } else if (ret == HTTP_UNAUTHORIZED) { + apr_table_add(req->err_headers_out, + "WWW-Authenticate", "Negotiate"); + if (cfg->use_basic_auth) { + apr_table_add(req->err_headers_out, + "WWW-Authenticate", + apr_psprintf(req->pool, "Basic realm=\"%s\"", + ap_auth_name(req))); } } #ifdef HAVE_GSS_KRB5_CCACHE_NAME -- 2.1.4