summaryrefslogtreecommitdiffstats
path: root/mod_auth_ntlm_winbind-20060510-connect_http10.patch
diff options
context:
space:
mode:
Diffstat (limited to 'mod_auth_ntlm_winbind-20060510-connect_http10.patch')
-rw-r--r--mod_auth_ntlm_winbind-20060510-connect_http10.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/mod_auth_ntlm_winbind-20060510-connect_http10.patch b/mod_auth_ntlm_winbind-20060510-connect_http10.patch
new file mode 100644
index 0000000..8921f64
--- /dev/null
+++ b/mod_auth_ntlm_winbind-20060510-connect_http10.patch
@@ -0,0 +1,33 @@
+diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
+--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c 2006-05-11 17:52:54.000000000 +0400
++++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c 2006-07-07 19:44:12.000000000 +0400
+@@ -997,6 +997,29 @@
+ : "Authorization");
+ const char *auth_line2;
+
++#ifdef APACHE2
++ /* ap_set_keepalive() does not check for
++ "Proxy-Connection: keep-alive", and therefore breaks NTLM auth
++ for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0
++ for CONNECT (like IE6+ does).
++
++ An ugly work-around to fix it here:
++ When "CONNECT .... HTTP/1.0" without any "Connection: ..."
++ but with "Proxy-Connection: keep-alive", set "Connection: keep-alive"
++ manually (which will be successfully eaten by ap_set_keepalive() later)
++ */
++
++ if (r->method_number == M_CONNECT &&
++ r->proto_num == HTTP_VERSION(1,0) &&
++ !apr_table_get(r->headers_in, "Connection") &&
++ ap_find_token(r->pool,
++ apr_table_get(r->headers_in, "Proxy-Connection"),
++ "keep-alive") != 0
++ ) {
++ apr_table_mergen(r->headers_in, "Connection", "keep-alive");
++ }
++#endif
++
+ /* Trust the authentication on an existing connection */
+ if (ctxt->connected_user_authenticated && ctxt->connected_user_authenticated->user) {
+ /* internal redirects cause this to get called more than once