diff options
Diffstat (limited to 'mod_auth_ntlm_winbind-20060510-connect_http10.patch')
-rw-r--r-- | mod_auth_ntlm_winbind-20060510-connect_http10.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/mod_auth_ntlm_winbind-20060510-connect_http10.patch b/mod_auth_ntlm_winbind-20060510-connect_http10.patch new file mode 100644 index 0000000..8921f64 --- /dev/null +++ b/mod_auth_ntlm_winbind-20060510-connect_http10.patch @@ -0,0 +1,33 @@ +diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c +--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c 2006-05-11 17:52:54.000000000 +0400 ++++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c 2006-07-07 19:44:12.000000000 +0400 +@@ -997,6 +997,29 @@ + : "Authorization"); + const char *auth_line2; + ++#ifdef APACHE2 ++ /* ap_set_keepalive() does not check for ++ "Proxy-Connection: keep-alive", and therefore breaks NTLM auth ++ for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0 ++ for CONNECT (like IE6+ does). ++ ++ An ugly work-around to fix it here: ++ When "CONNECT .... HTTP/1.0" without any "Connection: ..." ++ but with "Proxy-Connection: keep-alive", set "Connection: keep-alive" ++ manually (which will be successfully eaten by ap_set_keepalive() later) ++ */ ++ ++ if (r->method_number == M_CONNECT && ++ r->proto_num == HTTP_VERSION(1,0) && ++ !apr_table_get(r->headers_in, "Connection") && ++ ap_find_token(r->pool, ++ apr_table_get(r->headers_in, "Proxy-Connection"), ++ "keep-alive") != 0 ++ ) { ++ apr_table_mergen(r->headers_in, "Connection", "keep-alive"); ++ } ++#endif ++ + /* Trust the authentication on an existing connection */ + if (ctxt->connected_user_authenticated && ctxt->connected_user_authenticated->user) { + /* internal redirects cause this to get called more than once |