Bug 1287844 - mod_authz_dbd: group query fails if the user is in multiple group (httpd bug 46421)
mod_authz_dbd: group query fails if the user is in multiple group (httpd bug ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: httpd (Show other bugs)
7.1
Unspecified Linux
unspecified Severity high
: rc
: ---
Assigned To: Web Stack Team
Martin Frodl
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-02 14:45 EST by jouvin
Modified: 2017-11-08 13:24 EST (History)
5 users (show)

See Also:
Fixed In Version: httpd-2.4.6-41.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-04 04:09:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache Bugzilla 46421 None None None Never

  None (edit)
Description jouvin 2015-12-02 14:45:27 EST
Description of problem:

We are suffering httpd bug 46421 (https://bz.apache.org/bugzilla/show_bug.cgi?id=46421) with MySQL backend for authz. We assessed that the last version of mod_authz_dbd (rebuilt from sources, fixed in httpd 2.4.13) works. Any chance to have this patch backported to RHEL7 httpd.


Version-Release number of selected component (if applicable):

httpd 2.4.6-31

How reproducible:

Always

Steps to Reproduce:
1. Create 2 groups (e.g. group1 and group2) into the httpd authz MySQL backend and add the same user in both groups
2. Add a 'require dbd-group group1' (or group2) for one <Directory> or <Location>
3. In a browser, try to access the URL: you'll get a 403 error (forbidden)

Actual results:

403 error

Expected results:

Successful access to the url

Additional info:
Comment 1 Joe Orton 2015-12-18 06:41:55 EST
Thanks for the report.  If this issue is critical or in any way time sensitive,
please raise a ticket through your regular Red Hat support channels to make
certain it receives the proper attention and prioritization to assure a timely
resolution.
Comment 2 jouvin 2015-12-18 08:07:10 EST
Hi Joe,

Thanks for the answer. In fact I'm a CentOS user so I don't think I can report it through the regular RH support channel. I hope it will be taken into account anyway...

Cheers,

Michel
Comment 5 jouvin 2016-03-18 06:56:57 EDT
Thanks!

Michel
Comment 9 errata-xmlrpc 2016-11-04 04:09:49 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2534.html

Note You need to log in before you can comment on or make changes to this bug.