From 9cfa62da9119d2cd62314e5328215f8ea45c64b1 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 8 Jun 2015 00:52:30 +0300
Subject: [PATCH] Disable connection-bound for basic-auth

Clients don't expect this and therefore might inappropriately reuse the
connection for another user identity (with or without creds).

This is currently more of an issue due to issue 22, example:
curl -v http://myhost/ -u usera:passa --next http://myhost/ -u userb:passb

Closes #36

Reviewed-by: Simo Sorce <simo@redhat.com>
---
 src/mod_auth_gssapi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index d351777..a88b653 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -579,6 +579,10 @@ static int mag_auth(request_rec *req)
         goto done;
     }
     if (auth_type == AUTH_TYPE_BASIC) {
+        if (mc) {
+            apr_pool_cleanup_run(mc->parent, mc, mag_conn_destroy);
+            mc = NULL;
+        }
         while (maj == GSS_S_CONTINUE_NEEDED) {
             gss_release_buffer(&min, &input);
             /* output and input are inverted here, this is intentional */
-- 
2.1.4