blob: 8921f6413abb0037a46d49700a804cfd083b1583 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c 2006-05-11 17:52:54.000000000 +0400
+++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c 2006-07-07 19:44:12.000000000 +0400
@@ -997,6 +997,29 @@
: "Authorization");
const char *auth_line2;
+#ifdef APACHE2
+ /* ap_set_keepalive() does not check for
+ "Proxy-Connection: keep-alive", and therefore breaks NTLM auth
+ for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0
+ for CONNECT (like IE6+ does).
+
+ An ugly work-around to fix it here:
+ When "CONNECT .... HTTP/1.0" without any "Connection: ..."
+ but with "Proxy-Connection: keep-alive", set "Connection: keep-alive"
+ manually (which will be successfully eaten by ap_set_keepalive() later)
+ */
+
+ if (r->method_number == M_CONNECT &&
+ r->proto_num == HTTP_VERSION(1,0) &&
+ !apr_table_get(r->headers_in, "Connection") &&
+ ap_find_token(r->pool,
+ apr_table_get(r->headers_in, "Proxy-Connection"),
+ "keep-alive") != 0
+ ) {
+ apr_table_mergen(r->headers_in, "Connection", "keep-alive");
+ }
+#endif
+
/* Trust the authentication on an existing connection */
if (ctxt->connected_user_authenticated && ctxt->connected_user_authenticated->user) {
/* internal redirects cause this to get called more than once
|
