httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Apache 2.4 , AuthzProviderAlias doesn't work with SSL Virtualhost
Date Tue, 19 Aug 2014 17:48:43 GMT
Can you enable trace8 logging and post a full error log? There is a
confusing step where authorization stuff runs twice (before/after user
authenticated).

Hopefully you started with 2.4.8 or later, since AuthnProviderAlias
also had this same bug.

On Tue, Aug 19, 2014 at 1:30 PM, Andreatta Sébastien
<sebastien.andreatta@gmail.com> wrote:
> Thanks for your reactivity ;o)
>
> Unfortunately, the patch is not working.
> mod_authz_core.c is well patched
>
> After recompiling the rpm and update it i still can't log me with a ldap
> account :
>
> [Tue Aug 19 19:04:54.929367 2014] [authz_core:debug] [pid 18568]
> mod_authz_core.c(809): [client 109.133.130.18:51359] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
> [Tue Aug 19 19:04:54.929375 2014] [authz_core:debug] [pid 18568]
> mod_authz_core.c(809): [client 109.133.130.18:51359] AH01626: authorization
> result of <RequireAny>: denied (no authenticated user yet)
> [Tue Aug 19 19:04:54.929383 2014] [auth_basic:error] [pid 18568] [client
> 109.133.130.18:51359] AH01618: user Admin not found: /transmission/
>
>
> Something is missing ?
>
> Patch used :
>
> # ./pullrev.sh r1618851
> http://svn.apache.org/viewvc?view=revision&revision=r1618851
>
> --- httpd-2.4.2/modules/aaa/mod_authz_core.c
> +++ httpd-2.4.2/modules/aaa/mod_authz_core.c
> @@ -168,6 +168,13 @@
>      return (void*)conf;
>  }
>
> +/* Only per-server directive we have is GLOBAL_ONLY */
> +static void *merge_authz_core_svr_config(apr_pool_t *p,
> +                                         void *basev, void *newv)
> +{
> +    return basev;
> +}
> +
>  static void *create_authz_core_svr_config(apr_pool_t *p, server_rec *s)
>  {
>      authz_core_srv_conf *authcfg;
> @@ -1140,7 +1148,7 @@ AP_DECLARE_MODULE(authz_core) =
>      create_authz_core_dir_config,   /* dir config creater */
>      merge_authz_core_dir_config,    /* dir merger */
>      create_authz_core_svr_config,   /* server config */
> -    NULL,                           /* merge server config */
> +    merge_authz_core_svr_config ,   /* merge server config */
>      authz_cmds,
>      register_hooks                  /* register hooks */
>  };
>
> Result of patch :
>
> Patch #61 (httpd-2.4.6-r1618851.patch):
> + /usr/bin/cat /home/builder/rpmbuild/SOURCES/httpd-2.4.6-r1618851.patch
> + /usr/bin/patch -p1 -b --suffix .r1618851 --fuzz=0
>
> => No error
>
> Result after the patch :
>
>
>
> /* Only per-server directive we have is GLOBAL_ONLY */
> static void *merge_authz_core_svr_config(apr_pool_t *p,
>                                          void *basev, void *newv)
> {
>     return basev;
> }
> [....]
> AP_DECLARE_MODULE(authz_core) =
> {
>     STANDARD20_MODULE_STUFF,
>     create_authz_core_dir_config,   /* dir config creater */
>     merge_authz_core_dir_config,    /* dir merger */
>     create_authz_core_svr_config,   /* server config */
>     merge_authz_core_svr_config ,   /* merge server config */
>     authz_cmds,
>     register_hooks                  /* register hooks */
> };
>
>
> After upgrade and restart of httpd httpd-tools mod_ldap and mod_ssl i've got
> this in my ssl_error.log
>
> [Tue Aug 19 19:25:37.286379 2014] [authz_core:debug] [pid 20404]
> mod_authz_core.c(809): [client 109.133.130.18:51905] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
> [Tue Aug 19 19:25:37.286384 2014] [authz_core:debug] [pid 20404]
> mod_authz_core.c(809): [client 109.133.130.18:51905] AH01626: authorization
> result of <RequireAny>: denied (no authenticated user yet)
> [Tue Aug 19 19:25:37.286390 2014] [auth_basic:error] [pid 20404] [client
> 109.133.130.18:51905] AH01618: user Crupuk not found: /transmission/
>
>
> Maybe somthing is missing ?
> I don't understand
>
>
>
> Le 19/08/2014 14:47, Eric Covener a écrit :
>
>> I think your issue is fixed in the path in the last comment here:
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=56870
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message