diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index 717d0cd..a3f2b88 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -988,8 +988,11 @@ static int mag_auth(request_rec *req) if (mc) { if (mc->established && - (auth_header == NULL) && - (mc->auth_type != AUTH_TYPE_BASIC)) { + (cfg->force_session || + ((auth_header == NULL) && + (mc->auth_type != AUTH_TYPE_BASIC)) + ) + ) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, req, "Already established context found!"); mag_set_req_data(req, cfg, mc); @@ -1347,6 +1350,13 @@ static const char *mag_use_sess(cmd_parms *parms, void *mconfig, int on) return NULL; } +static const char *mag_force_sess(cmd_parms *parms, void *mconfig, int on) +{ + struct mag_config *cfg = (struct mag_config *)mconfig; + cfg->force_session = on ? true : false; + return NULL; +} + #ifdef HAVE_CRED_STORE static const char *mag_use_s4u2p(cmd_parms *parms, void *mconfig, int on) { @@ -1836,6 +1846,8 @@ static const command_rec mag_commands[] = { "Send Persitent-Auth header according to connection bound"), AP_INIT_FLAG("GssapiUseSessions", mag_use_sess, NULL, OR_AUTHCFG, "Authentication uses mod_sessions to hold status"), + AP_INIT_FLAG("GssapiForceSession", mag_force_sess, NULL, OR_AUTHCFG, + "Use negotiated session even when Basic auth is requested"), AP_INIT_RAW_ARGS("GssapiSessionKey", mag_sess_key, NULL, OR_AUTHCFG, "Key Used to seal session data."), #ifdef HAVE_CRED_STORE diff --git a/src/mod_auth_gssapi.h b/src/mod_auth_gssapi.h index 136cefd..21ea56a 100644 --- a/src/mod_auth_gssapi.h +++ b/src/mod_auth_gssapi.h @@ -75,6 +75,7 @@ struct mag_config { bool gss_conn_ctx; bool send_persist; bool use_sessions; + bool force_session; #ifdef HAVE_CRED_STORE bool use_s4u2proxy; char *deleg_ccache_dir;