Directory Indexes don't work when using file-based basic auth (ShibCompatValidUser is On)

Description

I'm using Shibboleth 2.5.2 on Apache 2.4, on Ubuntu Server 13.10 64 bit.

When I have a directory with an .htaccess file like this:
AuthType Basic
AuthName "Private Area"
AuthUserFile .htpasswd
Require valid-user

It works fine when mod_shib is not enabled, but when mod_shib is enabled and ShibCompatValidUser On, and I try to get a directory listing, I get a 500 error and the following error message:
shib_auth_checker found no per-request structure

When it's a regular file I'm accessing, or the directory contains an index file, it works just fine.

I tried to hack the source code a bit and these are my observations:

  • Completely ripping out Shibboleth's valid-user handling code doesn't fix it, so it doesn't seem to have anything to do with that.

  • If after line 875 (if (!rc || !rc->sta)) I insert a check whether bCompatValidUser is enabled and return DECLINED, it works, but I have no idea whether this kind of fix is appropriate.

  • The error occurs because rc is NULL

  • I can always reproduce the error, on different servers, including a clean Ubuntu 13.10 64-bit install on a VM.

For now, I'm using a workaround where I turn on ShibDisable by default, and only turn it off when it's actually necessary.

Environment

None

Activity

Scott Cantor December 2, 2013 at 5:06 PM

Closing on release.

Scott Cantor November 20, 2013 at 9:01 PM

Fixed

Details

Assignee

Reporter

Fix versions

Affects versions

Created November 2, 2013 at 3:10 PM
Updated December 2, 2013 at 5:06 PM
Resolved November 20, 2013 at 9:01 PM