[Rt-commit] r5487 - in RT-Authen-Bitcard: . lib/RT/Authen

kevinr at bestpractical.com kevinr at bestpractical.com
Wed Jun 28 20:55:11 EDT 2006


Author: kevinr
Date: Wed Jun 28 20:55:10 2006
New Revision: 5487

Modified:
   RT-Authen-Bitcard/   (props changed)
   RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth
   RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm

Log:
 r14070 at SAD-GIRL-IN-SNOW:  kevinr | 2006-06-28 20:53:00 -0400
 RT-Ticket: 7277 
 RT-Status: resolved
 RT-Update: correspond
 
 Fixed the exploit which allowed users to end up logged in as RT_SystemUser.


Modified: RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth
==============================================================================
--- RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth	(original)
+++ RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth	Wed Jun 28 20:55:10 2006
@@ -7,8 +7,12 @@
 
   my $user = $bc->verify(\%ARGS);
 
-  # if the user isn't logged in and we got credentials from Bitcard, load them
-  if ( (! $session{'CurrentUser'}) && ($user) ) {
+  ### changing the 'defined $user->{'email}' line back to '$user' enables the
+  ### fsck.com #7277 exploit, if you've saved the 'Manage your Bitcard account'
+  ### URL from a previous successful Bitcard login.
+
+  # if the user isn't logged in and we got credentials from Bitcard, load the user
+  if ( (! $session{'CurrentUser'}) && (defined $user->{'email'}) ) {
 
       # set a global user so we know elsewhere we're using Bitcard for auth
       $session{'BitcardUser'} = $user;
@@ -38,6 +42,7 @@
           else {
               # we couldn't create the user.  abort abort abort!
               delete $session{'CurrentUser'};
+              delete $session{'BitcardUser'};
               my $qs = $m->comp('/Elements/QueryString',
                                  Error => loc("Cannot create user: [_1]", $msg));
               $m->redirect($RT::WebPath . '/?' . $qs);

Modified: RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm
==============================================================================
--- RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm	(original)
+++ RT-Authen-Bitcard/lib/RT/Authen/Bitcard.pm	Wed Jun 28 20:55:10 2006
@@ -7,7 +7,7 @@
 
 =cut
 
-package RT::Auth::TypeKey;
+package RT::Authen::Bitcard;
 
 our $VERSION = '0.01';
 


More information about the Rt-commit mailing list