You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/07/16 02:17:17 UTC

DO NOT REPLY [Bug 45402] New: mod_autoindex incorrectly fails to list files

https://issues.apache.org/bugzilla/show_bug.cgi?id=45402

           Summary: mod_autoindex incorrectly fails to list files
           Product: Apache httpd-2
           Version: 2.2.9
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_autoindex
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: nick.phillips@otago.ac.nz


*** Long-winded description of setup ***

I have a directory on a server which is to be accessible through two different
URLs, one for general use (we'll call it "download") and one for management via
DAV (we'll call it "upload").

The authentication and authorization is different depending on which <Location>
you access it through. The upload uses LDAP for authentication, but download
uses a standard htpasswd file. The download also only requires valid-user,
while the DAV (upload) end also requires a group membership.

Groups are defined in a standard htgroup file, not in LDAP. LDAP is only
available for authentication.

*** Behaviour ***

When I access the download URL, the correct index is generated and files are
accessible.

When I access the upload URL using a DAV client, all is well.

When I access the upload URL using a browser, no files are listed, and "user
myusername not found:" errors are logged for each file.

When I access an individual file using a browser, I am able to retrieve it.


If I modify the configuration to add a <Directory> section for the underlying
directory, requiring the same auth as the <Location> section for the upload
URL, then I can access the upload URL using a standard browser and all files
are correctly listed.

If I add a myusername entry to the htpasswd file which is used for download
with a different password to the LDAP one, the error in the logs changes to
'user myusername: authentication failure for "/some/path/and/file": Password
Mismatch'

If I add a myusername entry to the htpasswd file which is used for download
with the same password as the LDAP one, the directory listing is generated
correctly.

*** The important bit ***

Apart from the fact that my authn/authz setup is probably not optimal (!), it
seems to me likely that the subrequest made by mod_autoindex (using
ap_sub_req_lookup_dirent) is not able to correctly identify whether or not I
have permission to access the files (which is the bug) because it has no idea
which URL I used (and hence which <Location> config is relevant).

The entire configuration is rather complex, besides which I'm not willing to
post it publically. I would however be happy to make it available to relevant
individuals, and/or to describe the config or the problem further either via
IRC or email.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org