Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Oct 2009 16:19:48 -0400
From:      "Jonathan Bond-Caron" <jbondc@openmv.com>
To:        <apache@FreeBSD.org>
Subject:   [PATCH] FreeBSD Port: www/mod_authenticache
Message-ID:  <002801ca54e7$564f3310$02ed9930$@com>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
I had some issues with this apache module say if I had the following config:

 

<Location />

    Require user jbondc

</Location>

 

<Location /MADOLAINE >

    Require user mado

</Location> 

 

When going over to /MADOLAINE, the module would re-use cached information.
The patch checks if new auth info is provided. 

 

# Behavior without patch (credentials re-used)

 

[Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /

[Sat Oct 24 15:59:54 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /MADOLAINE

[Sat Oct 24 15:59:54 2009] [error] [client xxxxxx] access to /MADOLAINE
failed, reason: user jbondc not allowed access

 

# With patch (if new username/password provided, don't use cookie)

[Sat Oct 24 15:58:21 2009] [info] [client xxxxxx] mod_authenticache: valid
ticket from jbondc for /

[Sat Oct 24 16:00:06 2009] [error] [client xxxxxx] PAM: user 'mado' - not
authenticated: authentication error

 


[-- Attachment #2 --]
--- mod_authenticache.c.orig	2009-10-24 15:49:29.000000000 -0400
+++ mod_authenticache.c	2009-10-24 15:50:54.000000000 -0400
@@ -243,7 +243,8 @@
 
 	authenticache_cfg *c;
 	apr_table_t *ttab;
-
+	char *userPw;
+        char *userInCookie;
 
 	c = (authenticache_cfg *)ap_get_module_config(r->per_dir_config,
 			&authenticache_module);
@@ -264,9 +265,16 @@
 			HTTP_UNAUTHORIZED : DECLINED;
 	}
 
+        /* Make sure that user credentials match cookie user */
+        userInCookie = (char *)apr_table_get(ttab, "user");
+
+        ap_get_basic_auth_pw(r, &userPw);
+        if(r->user && strcmp(r->user, userInCookie) != 0)
+                 return DECLINED;
+
 	/* This ticket passed all checks, set the connection user to the
 	 * ticket's username and log that fact. */
-	r->user = (char *)apr_table_get(ttab, "user");
+	r->user = userInCookie;
 	ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r,
 			"mod_authenticache: valid ticket from %s for %s",
 			r->user, r->uri);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801ca54e7$564f3310$02ed9930$>