1 files changed, 33 insertions, 0 deletions

diff --git a/mod_auth_ntlm_winbind-20060510-connect_http10.patch b/mod_auth_ntlm_winbind-20060510-connect_http10.patch
new file mode 100644
index 0000000..8921f64
--- /dev/null
+++ b/mod_auth_ntlm_winbind-20060510-connect_http10.patch
@@ -0,0 +1,33 @@
+diff -bu mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c
+--- mod_auth_ntlm_winbind/mod_auth_ntlm_winbind.c	2006-05-11 17:52:54.000000000 +0400
++++ mod_auth_ntlm_winbind-OK/mod_auth_ntlm_winbind.c	2006-07-07 19:44:12.000000000 +0400
+@@ -997,6 +997,29 @@
+                                           : "Authorization");
+     const char *auth_line2;
+ 
++#ifdef APACHE2
++    /*  ap_set_keepalive() does not check for
++	"Proxy-Connection: keep-alive", and therefore breaks NTLM auth
++	for the CONNECT proxying ("https" etc.) when a browser uses HTTP/1.0
++	for CONNECT (like IE6+ does).
++
++	An ugly work-around to fix it here:
++	When "CONNECT .... HTTP/1.0" without any "Connection: ..."
++	but with "Proxy-Connection: keep-alive", set "Connection: keep-alive"
++	manually (which will be successfully eaten by ap_set_keepalive() later)
++    */
++
++    if (r->method_number == M_CONNECT &&
++	r->proto_num == HTTP_VERSION(1,0) &&
++	!apr_table_get(r->headers_in, "Connection") &&
++	ap_find_token(r->pool,
++		    apr_table_get(r->headers_in, "Proxy-Connection"),
++		    "keep-alive") != 0
++    ) {
++	apr_table_mergen(r->headers_in, "Connection", "keep-alive");
++    }
++#endif
++
+     /* Trust the authentication on an existing connection */
+     if (ctxt->connected_user_authenticated && ctxt->connected_user_authenticated->user) {
+         /* internal redirects cause this to get called more than once