Date: Sat, 24 Oct 2009 16:19:48 -0400 From: "Jonathan Bond-Caron" <jbondc@openmv.com> To: <apache@FreeBSD.org> Subject: [PATCH] FreeBSD Port: www/mod_authenticache Message-ID: <002801ca54e7$564f3310$02ed9930$@com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0029_01CA54C5.CF3D9310 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I had some issues with this apache module say if I had the following config: <Location /> Require user jbondc </Location> <Location /MADOLAINE > Require user mado </Location> When going over to /MADOLAINE, the module would re-use cached information. The patch checks if new auth info is provided. # Behavior without patch (credentials re-used) [Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid ticket from jbondc for / [Sat Oct 24 15:59:54 2009] [info] [client xxxxxx] mod_authenticache: valid ticket from jbondc for /MADOLAINE [Sat Oct 24 15:59:54 2009] [error] [client xxxxxx] access to /MADOLAINE failed, reason: user jbondc not allowed access # With patch (if new username/password provided, don't use cookie) [Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid ticket from jbondc for / [Sat Oct 24 16:00:06 2009] [error] [client xxxxxx] PAM: user 'mado' - not authenticated: authentication error ------=_NextPart_000_0029_01CA54C5.CF3D9310 Content-Type: application/octet-stream; name="check_user.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="check_user.patch" --- mod_authenticache.c.orig 2009-10-24 15:49:29.000000000 -0400=0A= +++ mod_authenticache.c 2009-10-24 15:50:54.000000000 -0400=0A= @@ -243,7 +243,8 @@=0A= =0A= authenticache_cfg *c;=0A= apr_table_t *ttab;=0A= -=0A= + char *userPw;=0A= + char *userInCookie;=0A= =0A= c =3D (authenticache_cfg *)ap_get_module_config(r->per_dir_config,=0A= &authenticache_module);=0A= @@ -264,9 +265,16 @@=0A= HTTP_UNAUTHORIZED : DECLINED;=0A= }=0A= =0A= + /* Make sure that user credentials match cookie user */=0A= + userInCookie =3D (char *)apr_table_get(ttab, "user");=0A= +=0A= + ap_get_basic_auth_pw(r, &userPw);=0A= + if(r->user && strcmp(r->user, userInCookie) !=3D 0)=0A= + return DECLINED;=0A= +=0A= /* This ticket passed all checks, set the connection user to the=0A= * ticket's username and log that fact. */=0A= - r->user =3D (char *)apr_table_get(ttab, "user");=0A= + r->user =3D userInCookie;=0A= ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,=0A= "mod_authenticache: valid ticket from %s for %s",=0A= r->user, r->uri);=0A= ------=_NextPart_000_0029_01CA54C5.CF3D9310--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801ca54e7$564f3310$02ed9930$>