Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   user change under webserver authentication not recognized, posted by Frank Heyroth on Fri Jan 19 15:49:13 2024 
    icon2.gif   Re: user change under webserver authentication not recognized, posted by Frank Heyroth on Wed Jan 24 14:50:21 2024 
       icon2.gif   Re: user change under webserver authentication not recognized, posted by Stefan Ritt on Fri Feb 23 15:13:46 2024 
Message ID: 69725     Entry time: Wed Jan 24 14:50:21 2024     In reply to: 69721     Reply to this: 69742
Icon: Reply  Author: Frank Heyroth  Author Email: heyroth (at) cmat.uni-halle.de 
Category: Bug report  OS: Linux  ELOG Version: 3.1.5-1 
Subject: Re: user change under webserver authentication not recognized 

I found the reason of the bug:
In line 27441 of elogd.cxx the http_user is overwritten by the user saved in the sid_ array as a sideeffect of the sid_check function:
sid_check(getparam("sid"), http_user)

It can solved by changing elogd.cxx @ line 27441

27441c27441,27446
<          if (!sid_check(getparam("sid"), http_user)) { /*  if we don't have a sid yet, set it */
---
>          i=sid_check(getparam("sid"), thumb_name);
>          if (i && strcmp(http_user,thumb_name)!=0) {  /* user changed */
>             sid_remove(getparam("sid"));
>             i=FALSE;
>          }
>          if (!i) { /*  if we don't have a sid yet, set it */

Remark: I have used the variables i & thumb_name of the function in a local context.

ELOG V3.1.5-fe60aaf