#2 AuthShadow off fallback mod_auth fix

open
nobody
None
5
2004-08-13
2004-08-13
Anonymous
No

To fix the incorrect authorization result use together
with mod_auth. If "AuthShadow off" is specified, it
should fall back to "mod_auth" (if enabled). But before
patching it will always fail if specified "require group"
in .htaccess.

The following .htaccess can demonstrate the abnormal
behaviour:

AuthShadow off
AuthType Basic
AuthName "My Test"
AuthUserFile /home/alan/myuserfile
AuthGroupFile /home/alan/mygroupfile
require group mygroup

Discussion

  • Logged In: YES
    user_id=1329957

    Uargh! I'm battling with the exact same problem... Breaks
    FrontPage module as it uses the 'require group' directive.

    Anyone have a patch for this?

     
  • Marcin Owsiany
    Marcin Owsiany
    2005-09-22

    Logged In: YES
    user_id=1349753

    Please try the following patch. It works for me. It will
    probably apply with some fuzz, but that's OK.

    --- mod-auth-shadow-1.4.orig/mod_auth_shadow.c
    +++ mod-auth-shadow-1.4/mod_auth_shadow.c
    @@ -311,6 +307,11 @@
    int method_restricted = 0;
    const char *line; /* The requires line. */
    const char *w; /* A word from the
    requires line. */
    + auth_shadow_config_rec *s = (auth_shadow_config_rec *)
    + ap_get_module_config(r->per_dir_config,
    &authshadow_module);
    +
    + if (s->auth_shadow_flag != 1)
    + return DECLINED;

    if (!req_arr) {
    /* No requires lines. Any user will do. */