rpms / mod_auth_mellon

Clone
Source Code
GIT

Blame enabled_in_check_uid.patch

f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 main rawhide
  1.   f23
  2.   enabled_in_check_uid.patch
Blob History Raw
c114e9c 
commit 912aa852ebd78577f59cf7958c709acea98ace4c
c114e9c 
Author: John Dennis <jdennis@redhat.com>
c114e9c 
Date:   Fri Apr 8 09:01:22 2016 -0400
c114e9c
c114e9c 
    am_check_uid() should be no-op if mellon not enabled
c114e9c
c114e9c 
    mod_auth_mellon was interferring with other Apache authentication
c114e9c 
    modules (e.g. mod_auth_kerb) because when the Apache check_user_id
c114e9c 
    hook ran the logic in am_check_uid would execute even if mellon was
c114e9c 
    not enabled for the location. This short circuited the hook execution
c114e9c 
    and never allowed the authentication enabled for the location to
c114e9c 
    execute. It resulted in HTTP_UNAUTHORIZED being returned with the
c114e9c 
    client then expecting a WWW-Authenticate header field causing the
c114e9c 
    client to attempt to authenticate again.
c114e9c
c114e9c 
    Signed-off-by: John Dennis <jdennis@redhat.com>
c114e9c
c114e9c 
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
c114e9c 
index a72e1ca..864396f 100644
c114e9c 
--- a/auth_mellon_handler.c
c114e9c 
+++ b/auth_mellon_handler.c
c114e9c 
@@ -3625,6 +3625,12 @@ int am_check_uid(request_rec *r)
c114e9c 
         return OK;
c114e9c 
     }
c114e9c
c114e9c 
+    /* Check that the user has enabled authentication for this directory. */
c114e9c 
+    if(dir->enable_mellon == am_enable_off
c114e9c 
+       || dir->enable_mellon == am_enable_default) {
c114e9c 
+	return DECLINED;
c114e9c 
+    }
c114e9c 
+
c114e9c 
 #ifdef HAVE_ECP
c114e9c 
     am_req_cfg_rec *req_cfg = am_get_req_cfg(r);
c114e9c 
     if (req_cfg->ecp_authn_req) {
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.