svn commit: lorikeet r784 - in trunk/mod_auth_ntlm_winbind: . contrib

Thu, 08 Nov 2007 07:27:59 -0800 

Author: jerry
Date: 2007-11-08 15:27:36 +0000 (Thu, 08 Nov 2007)
New Revision: 784

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=784

Log:
Add a workaround for proxy authorization in IE.

Patch from Dmitry Butskoy <[EMAIL PROTECTED]>.
This is a temporary workaround if people need it until the actual
issues is fixed by the upstream Apache maintainers.



Added:
   trunk/mod_auth_ntlm_winbind/contrib/
   
trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch


Changeset:
Added: 
trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch
===================================================================
--- 
trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch
     2007-11-08 15:25:26 UTC (rev 783)
+++ 
trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch
     2007-11-08 15:27:36 UTC (rev 784)
@@ -0,0 +1,33 @@
+diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c 
mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
+--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c      2006-05-11 
17:52:54.000000000 +0400
++++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c   2006-07-07 
19:44:12.000000000 +0400
+@@ -997,6 +997,29 @@
+                                           : "Authorization");
+     const char *auth_line2;
+ 
++#ifdef APACHE2
++    /*  ap_set_keepalive() does not check for
++      "Proxy-Connection: keep-alive", and therefore breaks NTLM auth
++      for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0
++      for CONNECT (like IE6+ does).
++
++      An ugly work-around to fix it here:
++      When "CONNECT .... HTTP/1.0" without any "Connection: ..."
++      but with "Proxy-Connection: keep-alive", set "Connection: keep-alive"
++      manually (which will be successfully eaten by ap_set_keepalive() later)
++    */
++
++    if (r->method_number == M_CONNECT &&
++      r->proto_num == HTTP_VERSION(1,0) &&
++      !apr_table_get(r->headers_in, "Connection") &&
++      ap_find_token(r->pool,
++                  apr_table_get(r->headers_in, "Proxy-Connection"),
++                  "keep-alive") != 0
++    ) {
++      apr_table_mergen(r->headers_in, "Connection", "keep-alive");
++    }
++#endif
++
+     /* Trust the authentication on an existing connection */
+     if (ctxt->connected_user_authenticated && 
ctxt->connected_user_authenticated->user) {
+         /* internal redirects cause this to get called more than once

Reply via email to