pkgsrc-bugs: pkg/31260: www/horde su authentication method fails

Subject: pkg/31260: www/horde su authentication method fails
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <collver@peak.org>
List: pkgsrc-bugs
Date: 09/09/2005 07:57:52

>Number:         31260
>Category:       pkg
>Synopsis:       www/horde su authentication method fails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 09 07:57:52 +0000 2005
>Originator:     collver@peak.org
>Release:        NetBSD 2.0
>Organization:
>Environment:
System: NetBSD sanctum 2.0 NetBSD 2.0 (SANCTUM) #2: Sat Sep 3 19:25:46 PDT 2005 root@sanctum:/usr/src/sys/arch/i386/compile/SANCTUM i386
Architecture: i386
Machine: i386
>Description:
	Horde has web-based configuration, and when you select login (su)
	based authentication for users, it silently fails.  There is output
	in /var/log/httpd/error_log:

	su: Only root may use -c
>How-To-Repeat:
>Fix:
	Add patches/patch-aa to use shell builtin "exit 0" instead of
	OS-specific "/bin/true", and put the -c after the user name.

$NetBSD$

--- lib/Horde/Auth/login.php.orig	2005-03-29 10:59:56.000000000 +0000
+++ lib/Horde/Auth/login.php
@@ -88,7 +88,7 @@ class Auth_login extends Auth {
             Horde::fatal(_("No password provided for Login authentication."), __FILE__, __LINE__);
         }
 
-        $proc = popen($this->_location . ' -c /bin/true ' . $userId, 'w');
+        $proc = popen($this->_location . ' ' . $userId . ' -c exit 0', 'w');
         if (!is_resource($proc)) {
             return false;
         }