Project

General

Profile

Feature #2967 » 0001-mod_authn_gssapi-allow-authentication-without-delega.patch

lameventanas, 2019-07-17 03:07

View differences:

src/mod_authn_gssapi.c
421 421
        goto end;
422 422
    }
423 423

  
424
    if (!(acc_flags & GSS_C_DELEG_FLAG)) {
425
        log_error_write(srv, __FILE__, __LINE__, "ss", "Unable to delegate credentials for user:", token_out.value);
426
        goto end;
427
    }
428

  
429 424
    /* check the allow-rules */
430
    if (!http_auth_match_rules(require, token_out.value, NULL, NULL)) {
425
    ret = http_auth_match_rules(require, token_out.value, NULL, NULL);
426

  
427
    if (!ret)
431 428
        goto end;
432
    }
433 429

  
434
    ret = mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred);
435
    if (ret)
436
        http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI"));
430
    http_auth_setenv(con, token_out.value, token_out.length, CONST_STR_LEN("GSSAPI"));
431

  
432
    /* store delegated credentials */
433
    if (acc_flags & GSS_C_DELEG_FLAG)
434
        if (!(mod_authn_gssapi_store_gss_creds(srv, con, p, token_out.value, client_cred)))
435
            log_error_write(srv, __FILE__, __LINE__, "ss", "Unable to store delegated credentials for user:", token_out.value);
437 436

  
438 437
    end:
439 438
        buffer_free(t_in);
(1-1/2)