Date: Sat, 24 Oct 2009 16:19:48 -0400 From: "Jonathan Bond-Caron" <jbondc@openmv.com> To: <apache@FreeBSD.org> Subject: [PATCH] FreeBSD Port: www/mod_authenticache Message-ID: <002801ca54e7$564f3310$02ed9930$@com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0029_01CA54C5.CF3D9310
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
I had some issues with this apache module say if I had the following config:
<Location />
Require user jbondc
</Location>
<Location /MADOLAINE >
Require user mado
</Location>
When going over to /MADOLAINE, the module would re-use cached information.
The patch checks if new auth info is provided.
# Behavior without patch (credentials re-used)
[Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /
[Sat Oct 24 15:59:54 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /MADOLAINE
[Sat Oct 24 15:59:54 2009] [error] [client xxxxxx] access to /MADOLAINE
failed, reason: user jbondc not allowed access
# With patch (if new username/password provided, don't use cookie)
[Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /
[Sat Oct 24 16:00:06 2009] [error] [client xxxxxx] PAM: user 'mado' - not
authenticated: authentication error
------=_NextPart_000_0029_01CA54C5.CF3D9310
Content-Type: application/octet-stream;
name="check_user.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="check_user.patch"
--- mod_authenticache.c.orig 2009-10-24 15:49:29.000000000 -0400=0A=
+++ mod_authenticache.c 2009-10-24 15:50:54.000000000 -0400=0A=
@@ -243,7 +243,8 @@=0A=
=0A=
authenticache_cfg *c;=0A=
apr_table_t *ttab;=0A=
-=0A=
+ char *userPw;=0A=
+ char *userInCookie;=0A=
=0A=
c =3D (authenticache_cfg *)ap_get_module_config(r->per_dir_config,=0A=
&authenticache_module);=0A=
@@ -264,9 +265,16 @@=0A=
HTTP_UNAUTHORIZED : DECLINED;=0A=
}=0A=
=0A=
+ /* Make sure that user credentials match cookie user */=0A=
+ userInCookie =3D (char *)apr_table_get(ttab, "user");=0A=
+=0A=
+ ap_get_basic_auth_pw(r, &userPw);=0A=
+ if(r->user && strcmp(r->user, userInCookie) !=3D 0)=0A=
+ return DECLINED;=0A=
+=0A=
/* This ticket passed all checks, set the connection user to the=0A=
* ticket's username and log that fact. */=0A=
- r->user =3D (char *)apr_table_get(ttab, "user");=0A=
+ r->user =3D userInCookie;=0A=
ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,=0A=
"mod_authenticache: valid ticket from %s for %s",=0A=
r->user, r->uri);=0A=
------=_NextPart_000_0029_01CA54C5.CF3D9310--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801ca54e7$564f3310$02ed9930$>