Check basic auth result against != NGX_OK rather than == NGX_DECLINED

This corrects the error handling case when ngx_http_auth_spnego_basic is called with a bad configuration or bad username. These cases return NGX_ERROR, which allowed basic auth to proceed. Thanks to Prakapovich Pavel aka Flyguy.by for pointing this out.
stnoonan · Feb 26, 2021 · a06f9ef · a06f9ef
1 parent 72c8ee0
commit a06f9ef
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ngx_http_auth_spnego_module.c b/ngx_http_auth_spnego_module.c
@@ -1043,7 +1043,7 @@ ngx_http_auth_spnego_handler(
             /* If basic auth is enabled and basic creds are supplied
              * attempt basic auth.  If we attempt basic auth, we do
              * not fall through to real SPNEGO */
-            if (NGX_DECLINED == ngx_http_auth_spnego_basic(r, ctx, alcf)) {
+            if (NGX_OK != ngx_http_auth_spnego_basic(r, ctx, alcf)) {
                 spnego_debug0("Basic auth failed");
                 if (NGX_ERROR == ngx_http_auth_spnego_headers_basic_only(r, ctx, alcf)) {
                     spnego_debug0("Error setting headers");