[Bug 63912] New: Inconsistent authorization process for dbm cannot open error

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 63912] New: Inconsistent authorization process for dbm cannot open error

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63912

            Bug ID: 63912
           Summary: Inconsistent authorization process for dbm cannot open
                    error
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_authn_dbm
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

In function

static authz_status dbmgroup_check_authorization(request_rec *r,
                                                 const char *require_args,
                                                 const void
*parsed_require_args)
...
        status = get_dbm_grp(r, apr_pstrcat(r->pool, user, ":", realm, NULL),
                             user, conf->grpfile, conf->dbmtype, &groups);

        if (status != APR_SUCCESS) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01799)
                          "could not open dbm (type %s) group access "
                          "file: %s", conf->dbmtype, conf->grpfile);
            return AUTHZ_GENERAL_ERROR;
        }
}

If the dbm file cannot be opened, such authorization will be returned with
AUTHZ_GENERAL_ERROR. However, there is an inconsistent behavior of such cases
just in another method:

static authz_status dbmfilegroup_check_authorization(request_rec *r,
                                                     const char *require_args,
                                                     const void
*parsed_require_args)
{
...
    status = get_dbm_grp(r, apr_pstrcat(r->pool, user, ":", realm, NULL),
                         user, conf->grpfile, conf->dbmtype, &groups);

    if (status != APR_SUCCESS) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01803)
                      "could not open dbm (type %s) group access "
                      "file: %s", conf->dbmtype, conf->grpfile);
        return AUTHZ_DENIED;
    }
...
}

Such authorization will be denied by AUTHZ_DENIED.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]