Fix auth process in password-testing plugins (#2611)
parent
83e95cd0
Loading
Loading
Pipeline
#15774
passed
with stage
in
21 minutes and 30 seconds
Loading
-
🔧 @maxbesmentioned in issue #2612 (closed)
-
When trying to apply this patch to 2.0.11, I got this:
[error] Bad Autologin rule "$env->{REMOTE_ADDR =~ /^127/: syntax error at (eval 118) line 1, near "/^127/)" Missing right curly or square bracket at (eval 118) line 1, at end of line [Fri Jan 14 16:59:40 2022] [LLNG:2473727] [error] Bad Autologin rule "$env->{REMOTE_ADDR} =~ /^127: Search pattern not terminated at (eval 122) line 1, <FILE> line 1. Use of uninitialized value in hash element at /<<PKGBUILDDIR>>/lemonldap-ng-portal/blib/lib/Lemonldap/NG/Portal/UserDB/Demo.pm line 69, <FILE> line 1. Use of uninitialized value in hash element at /<<PKGBUILDDIR>>/lemonldap-ng-portal/blib/lib/Lemonldap/NG/Portal/UserDB/Demo.pm line 69, <FILE> line 1. # Failed test ' HTTP code is 200' # at t/test-lib.pm line 359. # got: '500' # expected: '200' # Expect 200, get $VAR1 = [ # 500, # [ # 'Content-Type', # 'application/json; charset=utf-8', # 'Cache-Control', # 'no-cache, no-store, must-revalidate', # 'Pragma', # 'no-cache', # 'Expires', # 0, # 'Access-Control-Allow-Origin', # '*', # 'Access-Control-Allow-Credentials', # 'true', # 'Access-Control-Allow-Headers', # '*', # 'Access-Control-Allow-Methods', # 'POST,GET', # 'Access-Control-Expose-Headers', # '*', # 'Access-Control-Max-Age', # 86400 # ], # [ # '{"error":"Bad result during auth: 5"}' # ] # ]; # # Failed test 'response has a result key with value 1' # at t/65-CheckState.t line 84. # got: undef # expected: '1' # Looks like you failed 2 tests of 35. t/65-CheckState.t ................................................. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/35 subtests
-
🔧 @maxbesMaintainerApplying 83e95cd0 and 66946e8f on top of 2.0.11 works fine for me after merging. Could you create a branch with your patch so I can test?
Edited by Maxime Besson -
Not for me. Git repo is here: Debian lemonldap-ng repo, branch bullseye
Use
dh_quilt_patch
to apply patches. New patch is stored indebian/patches/CVE-2021-40874.patch
-
🔧 @maxbesMaintainerIn your patch, the following chunk from CheckState.pm is incorrect:
'getUser', 'authenticate', - @{ $self->p->betweenAuthAndData }, $self->p->sessionData, - @{ $self->p->afterData }, 'storeHistory', + @{ $self->p->beforeAuth }, + $self->p->authProcess, + @{ $self->p->betweenAuthAndData }, + $self->p->sessionData, + @{ $self->p->afterData }, + 'storeHistory',
The correct patch (see above) is supposed to remove the first line (getUser + authenticate), which are called as part of authProcess.
Please register or sign in to comment