r713: Michael Baltaks <mbaltaks@gmail.com> notices that we should only send

"Proxy-Authenticate" replies when we are in a forward proxy.

Otherwise, we should send WWW-Authenticate headers, as if we are the
target server.

Andrew Bartlett

diff --git a/mod_auth_ntlm_winbind.c b/mod_auth_ntlm_winbind.c
index d03ba39959ec4a547208466f0a8f3894059d8c3a..c685ed3688300503ad6faba870031474b597dd42 100644 (file)
--- a/mod_auth_ntlm_winbind.c
+++ b/mod_auth_ntlm_winbind.c
@@ -320,7 +320,7 @@ note_auth_failure(request_rec * r, const char *negotiate_auth_line)
         line = apr_pstrcat(r->pool, NEGOTIATE_AUTH_NAME, " ",
                            negotiate_auth_line, NULL);
         apr_table_add(r->err_headers_out,
-                      r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+                      (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate",
                       line);
     }
 
@@ -328,7 +328,7 @@ note_auth_failure(request_rec * r, const char *negotiate_auth_line)
 
     if (crec->ntlm_on) {
         apr_table_add(r->err_headers_out,
-                      r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+                      (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate",
                       NTLM_AUTH_NAME);
     }
 
@@ -340,7 +340,7 @@ note_auth_failure(request_rec * r, const char *negotiate_auth_line)
                            "Basic realm=\"", crec->ntlm_basic_realm, "\"",
                            NULL);
         apr_table_add(r->err_headers_out,
-                      r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+                      (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate",
                       line);
     }
 
@@ -357,7 +357,7 @@ const char *
 get_auth_header(request_rec * r, ntlm_config_rec * crec, const char *auth_scheme)
 {
     const char *auth_line = apr_table_get(r->headers_in,
-                                          r->proxyreq ? "Proxy-Authorization"
+                                          (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization"
                                           : "Authorization");
 
     if (!auth_line) {
@@ -412,7 +412,7 @@ send_auth_reply(request_rec * r, const char *auth_scheme, const char *reply)
     /* Read negotiate from ntlm_auth */
 
     apr_table_setn(r->err_headers_out,
-                  r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+                  (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate",
                   apr_psprintf(r->pool, "%s %s", auth_scheme, reply));
 
     /* This is to make sure that when receiving later messages
@@ -841,7 +841,7 @@ process_msg(request_rec * r, ntlm_config_rec * crec, const char *auth_type)
             if (!strcmp("*", childarg)) {
                 /* Send last leg (possible mutual authentication token) */
                 apr_table_setn(r->headers_out,
-                              r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+                              (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate",
                               apr_psprintf(r->pool, "%s %s", auth_type, childarg));
             }
 
@@ -946,7 +946,7 @@ static int check_user_id(request_rec * r) {
                                                  &auth_ntlm_winbind_module);
     ntlm_connection_context_t *ctxt = get_connection_context( r->connection );
     const char *auth_line = apr_table_get(r->headers_in,
-                                          r->proxyreq ? "Proxy-Authorization"
+                                          (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization"
                                           : "Authorization");
     const char *auth_line2;