svn commit: lorikeet r784 - in trunk/mod_auth_ntlm_winbind: . contrib

jerry at samba.org jerry at samba.org
Thu Nov 8 15:27:37 GMT 2007


Author: jerry
Date: 2007-11-08 15:27:36 +0000 (Thu, 08 Nov 2007)
New Revision: 784

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=784

Log:
Add a workaround for proxy authorization in IE.

Patch from Dmitry Butskoy <buc at odusz.so-cdu.ru>.
This is a temporary workaround if people need it until the actual
issues is fixed by the upstream Apache maintainers.



Added:
   trunk/mod_auth_ntlm_winbind/contrib/
   trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch


Changeset:
Added: trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch
===================================================================
--- trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch	2007-11-08 15:25:26 UTC (rev 783)
+++ trunk/mod_auth_ntlm_winbind/contrib/mod_auth_ntlm_winbind-20060510-connect_http10.patch	2007-11-08 15:27:36 UTC (rev 784)
@@ -0,0 +1,33 @@
+diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
+--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c	2006-05-11 17:52:54.000000000 +0400
++++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c	2006-07-07 19:44:12.000000000 +0400
+@@ -997,6 +997,29 @@
+                                           : "Authorization");
+     const char *auth_line2;
+ 
++#ifdef APACHE2
++    /*  ap_set_keepalive() does not check for
++	"Proxy-Connection: keep-alive", and therefore breaks NTLM auth
++	for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0
++	for CONNECT (like IE6+ does).
++
++	An ugly work-around to fix it here:
++	When "CONNECT .... HTTP/1.0" without any "Connection: ..."
++	but with "Proxy-Connection: keep-alive", set "Connection: keep-alive"
++	manually (which will be successfully eaten by ap_set_keepalive() later)
++    */
++
++    if (r->method_number == M_CONNECT &&
++	r->proto_num == HTTP_VERSION(1,0) &&
++	!apr_table_get(r->headers_in, "Connection") &&
++	ap_find_token(r->pool,
++		    apr_table_get(r->headers_in, "Proxy-Connection"),
++		    "keep-alive") != 0
++    ) {
++	apr_table_mergen(r->headers_in, "Connection", "keep-alive");
++    }
++#endif
++
+     /* Trust the authentication on an existing connection */
+     if (ctxt->connected_user_authenticated && ctxt->connected_user_authenticated->user) {
+         /* internal redirects cause this to get called more than once



More information about the samba-cvs mailing list