You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2015/08/16 15:15:00 UTC

[Bug 58246] New: dbd-group behaving differently to documentatino

https://bz.apache.org/bugzilla/show_bug.cgi?id=58246

            Bug ID: 58246
           Summary: dbd-group behaving differently to documentatino
           Product: Apache httpd-2
           Version: 2.4.6
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_dbd
          Assignee: bugs@httpd.apache.org
          Reporter: john@voipsupport.it

According to this link

http://httpd.apache.org/docs/trunk/mod/mod_authz_dbd.html

AuthzDBDQuery Directive

When used with a Require dbd-group directive, it specifies a query to look up
groups for the current user. This is the standard functionality of other
authorization modules such as mod_authz_groupfile and mod_authz_dbm. The first
column value of each row returned by the query statement should be a string
containing a group name. Zero, one, or more rows may be returned.

I found that if the query returned more than one row, the authorization failed
with "Sun Aug 16 14:09:54.566429 2015] [authz_core:error] [pid 27034] [client
81.174.4.175:52849] AH01631: user john@erba.tv: authorization failure for
"/awstats/awstats.pl": "

If the query contains a single row, then it is successful. The returned value
in the single row may contain more than one group name separated by white
space.

Either the documentation should be changed to explain the functionality or the
code should be changed to handle multiple rows.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58246] dbd-group behaving differently to documentation

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58246

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
Hi and thanks for the report.


This looks like https://bz.apache.org/bugzilla/show_bug.cgi?id=46421 which has
been fixed in release 2.4.13.


Can you try with version 2.4.16?
(2.4.13, .14 and .15 have not been officially released, so the .16 is the
latest version that should include the fix to your problem)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58246] dbd-group behaving differently to documentation

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58246

--- Comment #2 from John Fawcett <jo...@voipsupport.it> ---
This report can be marked as a duplicate of
https://bz.apache.org/bugzilla/show_bug.cgi?id=46421.

>From the description it looks exactly like the same issue.

I am not able to easily try 2.4.16 to verify the fix, since I am using a
distribution based install (Centos 7.1) where the latest version is 2.4.6.

I am currently using a workaround (which I'll mention for the benefit of who
cannot upgrade) of ensuring that the query returns no more than one row, by
specifying the group name in the query. It will be a redundant configuration if
using the fixed version, but works fine for now.

Require dbd-group mygroup
AuthzDBDQuery "SELECT groupname FROM user_group WHERE username = %s AND
status='a' and groupname='mygroup'"

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58246] dbd-group behaving differently to documentation

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58246

John Fawcett <jo...@voipsupport.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|dbd-group behaving          |dbd-group behaving
                   |differently to              |differently to
                   |documentatino               |documentation

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 58246] dbd-group behaving differently to documentation

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=58246

John Fawcett <jo...@voipsupport.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #3 from John Fawcett <jo...@voipsupport.it> ---


*** This bug has been marked as a duplicate of bug 46421 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org