You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/03/20 10:18:53 UTC
DO NOT REPLY [Bug 52950] New: Error when set AuthType to None with
valid-user
https://issues.apache.org/bugzilla/show_bug.cgi?id=52950
Bug #: 52950
Summary: Error when set AuthType to None with valid-user
Product: Apache httpd-2
Version: 2.4.1
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authn_core
AssignedTo: bugs@httpd.apache.org
ReportedBy: tixu@cs.ucsd.edu
Classification: Unclassified
To reproduce it, use the following setting in the httpd.conf
<Location /private/>
AuthType None
Require valid-user
</Location>
start the httpd server, and then use the browser to access the /private/. The
browser will show “500 Internal Server Error”, while the server prints the
following message in the error log
[Mon Mar 19 21:14:30.936513 2012] [core:error] [pid 3431:tid 140737100195584]
[client 132.239.17.127:42029] AH00027: Buggy authn provider failed to set user
for /private/
The message here is really very misleading and inaccurate.
---------
use gdb to trace the code, the problem is at server/request.c
access_status = ap_run_access_checker_ex(r);
if (access_status == OK) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
"request authorized without authentication by "
"access_checker_ex hook: %s", r->uri);
}
else if (access_status != DECLINED) {
return decl_die(access_status, "check access", r);
}
else {
if ((access_status = ap_run_check_user_id(r)) != OK) {
return decl_die(access_status, "check user", r);
}
if (r->user == NULL) {
/* don't let buggy authn module crash us in authz */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00028)
"Buggy authn provider failed to set user for %s",
r->uri);
access_status = HTTP_INTERNAL_SERVER_ERROR;
return decl_die(access_status, "check user", r);
}
....,,
}
since AuthType is set to None, the ap_auth_type is always set to be NULL (see
set_authtype() function in modules/aaa/mod_authn_core.c).
In the hooked functions like
authenticate_basic_user (r=0x8b17f0) at mod_auth_basic.c:197
authenticate_form_authn (r=0x8b17f0) at mod_auth_form.c:849
authenticate_no_user (r=0x8b17f0) at mod_authn_core.c:351
r->user cannot be set a value if ap_auth_type is NULL.
So the error occurs.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52950] Error when set AuthType to None with
valid-user
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52950
Tianyin Xu <ti...@cs.ucsd.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tixu@cs.ucsd.edu
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org