From 2fd284bc32fbd3cfd7d5e74bc02b278eef207090 Mon Sep 17 00:00:00 2001 From: Edwin Balani Date: Mon, 11 May 2020 20:06:43 +0100 Subject: [PATCH] Stop AAAuthService overwriting logout service URL When merging default configuration settings in apply_config_defaults(), the value that should be set by 'AALogoutService' (specifying a URL to which the user can be directed to log out of the central authentication service) will be clobbered if a custom 'AAAuthService' has also been specified in configuration. This is due to a typo. The end result is that the AALogoutService directive is useless (even the default value will be blown away) if AAAuthService is specified. This bug has probably never been discovered to date, because (almost) nobody uses a service that isn't production Raven, whose auth service and logout URLs are is hard-coded as defaults. --- mod_ucam_webauth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod_ucam_webauth.c b/mod_ucam_webauth.c index ca00309..581bb5f 100644 --- a/mod_ucam_webauth.c +++ b/mod_ucam_webauth.c @@ -1608,7 +1608,7 @@ apply_config_defaults(request_rec *r, n->auth_service = c->auth_service != NULL ? c->auth_service : apr_pstrdup(r->pool,DEFAULT_auth_service); - n->logout_service = c->logout_service != NULL ? c->auth_service : + n->logout_service = c->logout_service != NULL ? c->logout_service : apr_pstrdup(r->pool, DEFAULT_logout_service); n->description = c->description != NULL ? c->description : DEFAULT_description;