Subject: pkg/31260: www/horde su authentication method fails
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <collver@peak.org>
List: pkgsrc-bugs
Date: 09/09/2005 07:57:52
>Number: 31260
>Category: pkg
>Synopsis: www/horde su authentication method fails
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Sep 09 07:57:52 +0000 2005
>Originator: collver@peak.org
>Release: NetBSD 2.0
>Organization:
>Environment:
System: NetBSD sanctum 2.0 NetBSD 2.0 (SANCTUM) #2: Sat Sep 3 19:25:46 PDT 2005 root@sanctum:/usr/src/sys/arch/i386/compile/SANCTUM i386
Architecture: i386
Machine: i386
>Description:
Horde has web-based configuration, and when you select login (su)
based authentication for users, it silently fails. There is output
in /var/log/httpd/error_log:
su: Only root may use -c
>How-To-Repeat:
>Fix:
Add patches/patch-aa to use shell builtin "exit 0" instead of
OS-specific "/bin/true", and put the -c after the user name.
$NetBSD$
--- lib/Horde/Auth/login.php.orig 2005-03-29 10:59:56.000000000 +0000
+++ lib/Horde/Auth/login.php
@@ -88,7 +88,7 @@ class Auth_login extends Auth {
Horde::fatal(_("No password provided for Login authentication."), __FILE__, __LINE__);
}
- $proc = popen($this->_location . ' -c /bin/true ' . $userId, 'w');
+ $proc = popen($this->_location . ' ' . $userId . ' -c exit 0', 'w');
if (!is_resource($proc)) {
return false;
}