michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-02-03 06:03:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

baseuser is needed when validating a session

Browse Source
This commit is contained in:
Jamie Cameron
2021-05-23 22:35:19 -07:00
parent 87a2f5d635
commit e281083c85
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
miniserv.pl
View File

@@ -2016,7 +2016,9 @@ if ($config{'userfile'}) {
}
if ($authuser) {
# We got a session .. but does the user still exist?
my $auser = &get_user_details($authuser);
my @can = &can_user_login($authuser, undef, $host);
$baseauthuser = $can[3] || $authuser;
my $auser = &get_user_details($baseauthuser, $authuser);
if (!$auser) {
print STDERR "Session $session_id is for user ",
"$authuser who does not exist\n";
@@ -2162,8 +2164,10 @@ if ($config{'userfile'}) {
}
else {
# Get the real Webmin username
local @can = &can_user_login($authuser, undef, $host);
$baseauthuser = $can[3] || $authuser;
if (!$baseauthuser) {
local @can = &can_user_login($authuser, undef, $host);
$baseauthuser = $can[3] || $authuser;
}
if ($config{'remoteuser'} && !$< && $validated) {
# Switch to the UID of the remote user (if he exists)
@@ -6344,7 +6348,6 @@ $token =~ s/\s+$//;
$token || return "No two-factor token entered";
$uinfo->{'twofactor_provider'} || return undef;
pipe(TOKENr, TOKENw);
print STDERR join(" ", $config{'twofactor_wrapper'}, $user, $uinfo->{'twofactor_provider'}, $uinfo->{'twofactor_id'}, $token, $uinfo->{'twofactor_apikey'}),"\n";
my $pid = &execute_webmin_command($config{'twofactor_wrapper'},
[ $user, $uinfo->{'twofactor_provider'}, $uinfo->{'twofactor_id'},
$token, $uinfo->{'twofactor_apikey'} ],