Not able to substitute user login with admin login
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Unassigned |
Bug Description
As a site or list admin I sometimes want to view the private
archives of a mailing list. This was possible without problems in
older Mailman installations. Mailman 2.1 rejects my login attempts.
I even found the reason for the problem: For example in
Mailman/
the authentication is done by calling the following code in line 116:
<code>
if not mlist.WebAuthen
</code>
If I try to login with the site password I do not enter a username.
Keep this in mind :)
In <code>WebAuthen
py, l. 203) the authcontexts are passed to
<code>Authentic
if
no cookie exists yet.
There the function <code>authentic
(OldStyleMember
in authcontexts (AuthUser) and calls
<code>getMember
99) which raises an <code>Errors.
exception; that's ok as I did not provide a username.
But: The exception is first handled in
<code>WebAuthen
<code>Authentic
be given a try before returning a failure.
I submitted a patch (#864674) which puts a try-except-block around
the call of <code>authentic
SecurityManager.py (l. 195) which prevents exiting the for-loop
before all possible authcontexts are checked.
[http://
Sorry for the <code>-stuff. It makes the bug report hard to read --
I
intented the opposite :( I hoped it would work ... and found no
documentation about reporting bugs.
Stephan