From owner-freebsd-apache@FreeBSD.ORG Sat Oct 24 20:36:20 2009 Return-Path: Delivered-To: apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BFCA106568D for ; Sat, 24 Oct 2009 20:36:20 +0000 (UTC) (envelope-from jbondc@openmv.com) Received: from mail.ca.gdesolutions.com (mail.ca.gdesolutions.com [64.15.152.204]) by mx1.freebsd.org (Postfix) with ESMTP id 49CBF8FC14 for ; Sat, 24 Oct 2009 20:36:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.ca.gdesolutions.com (Postfix) with ESMTP id F1EE45D51 for ; Sat, 24 Oct 2009 16:19:49 -0400 (EDT) X-Virus-Scanned: amavisd-new at gdesolutions.com Received: from mail.ca.gdesolutions.com ([127.0.0.1]) by localhost (mail.ca.gdesolutions.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9HuTaAc41Mw for ; Sat, 24 Oct 2009 16:19:49 -0400 (EDT) Received: from djbondc (modemcable083.208-56-74.mc.videotron.ca [74.56.208.83]) by mail.ca.gdesolutions.com (Postfix) with ESMTP id 70C345D4F for ; Sat, 24 Oct 2009 16:19:49 -0400 (EDT) From: "Jonathan Bond-Caron" To: Date: Sat, 24 Oct 2009 16:19:48 -0400 Message-ID: <002801ca54e7$564f3310$02ed9930$@com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0029_01CA54C5.CF3D9310" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcpU51VlNDNzJS4zTDSBlEHmcLBSxA== Content-Language: en-ca X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: [PATCH] FreeBSD Port: www/mod_authenticache X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Oct 2009 20:36:20 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0029_01CA54C5.CF3D9310 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I had some issues with this apache module say if I had the following config: Require user jbondc Require user mado When going over to /MADOLAINE, the module would re-use cached information. The patch checks if new auth info is provided. # Behavior without patch (credentials re-used) [Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid ticket from jbondc for / [Sat Oct 24 15:59:54 2009] [info] [client xxxxxx] mod_authenticache: valid ticket from jbondc for /MADOLAINE [Sat Oct 24 15:59:54 2009] [error] [client xxxxxx] access to /MADOLAINE failed, reason: user jbondc not allowed access # With patch (if new username/password provided, don't use cookie) [Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid ticket from jbondc for / [Sat Oct 24 16:00:06 2009] [error] [client xxxxxx] PAM: user 'mado' - not authenticated: authentication error ------=_NextPart_000_0029_01CA54C5.CF3D9310 Content-Type: application/octet-stream; name="check_user.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="check_user.patch" --- mod_authenticache.c.orig 2009-10-24 15:49:29.000000000 -0400=0A= +++ mod_authenticache.c 2009-10-24 15:50:54.000000000 -0400=0A= @@ -243,7 +243,8 @@=0A= =0A= authenticache_cfg *c;=0A= apr_table_t *ttab;=0A= -=0A= + char *userPw;=0A= + char *userInCookie;=0A= =0A= c =3D (authenticache_cfg *)ap_get_module_config(r->per_dir_config,=0A= &authenticache_module);=0A= @@ -264,9 +265,16 @@=0A= HTTP_UNAUTHORIZED : DECLINED;=0A= }=0A= =0A= + /* Make sure that user credentials match cookie user */=0A= + userInCookie =3D (char *)apr_table_get(ttab, "user");=0A= +=0A= + ap_get_basic_auth_pw(r, &userPw);=0A= + if(r->user && strcmp(r->user, userInCookie) !=3D 0)=0A= + return DECLINED;=0A= +=0A= /* This ticket passed all checks, set the connection user to the=0A= * ticket's username and log that fact. */=0A= - r->user =3D (char *)apr_table_get(ttab, "user");=0A= + r->user =3D userInCookie;=0A= ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,=0A= "mod_authenticache: valid ticket from %s for %s",=0A= r->user, r->uri);=0A= ------=_NextPart_000_0029_01CA54C5.CF3D9310--