File: [cvs.NetBSD.org] / pkgsrc / www / ap-auth-mysql / patches / Attic / patch-ad (download)
Revision 1.5, Fri Apr 1 15:11:58 2011 UTC (12 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1
Changes since 1.4: +736 -5
lines
Add all Debian patches up to 4.3.9-13, including a fix for CVE-2008-2384.
Bump PKGREVISION.
|
$NetBSD: patch-ad,v 1.5 2011/04/01 15:11:58 wiz Exp $
Some crypt.h changes that were here before, undocumented.
All Debian patches up to 4.3.9-13, including a fix for
CVE-2008-2384.
--- mod_auth_mysql.c.orig 2004-12-23 13:43:14.000000000 +0000
+++ mod_auth_mysql.c
@@ -48,19 +48,27 @@
#include <http_log.h>
#ifdef APACHE2
#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/
+#include <apr_general.h>
#include <apr_md5.h>
#include <apr_sha1.h>
+#include <apr_strings.h>
#else
#include <ap_md5.h>
#include <ap_sha1.h>
#endif
+#ifndef APR_XtOffsetOf
+#define APR_XtOffsetOf(x,y) APR_OFFSETOF(x,y)
+#endif
+
#include <mysql.h>
#include <errmsg.h>
#include <mysqld_error.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
+#else
+#include <unistd.h>
#endif
#ifndef TRUE
@@ -98,10 +106,14 @@ unsigned long auth_db_client_flag = 0;
#define CRYPT_MD5_ENCRYPTION_FLAG 1<<3
#endif
#define PHP_MD5_ENCRYPTION_FLAG 1<<4
-#ifdef HAVE_CRYPT_H
+#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT)
#define CRYPT_ENCRYPTION_FLAG 1<<5
#endif
#define SHA1SUM_ENCRYPTION_FLAG 1<<6
+#define APACHE_ENCRYPTION_FLAG 1<<7
+
+/* from include/sha1.h from the mysql-server source distribution */
+#define SHA1_HASH_SIZE 20 /* Hash size in bytes */
static int check_no_encryption(const char *passwd, char *enc_passwd)
{
@@ -131,7 +143,7 @@ static int check_crypt_MD5_encryption(co
}
#endif
-#ifdef HAVE_CRYPT_H
+#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT)
static int check_crypt_encryption(const char *passwd, char *enc_passwd)
{
return (!strcmp(crypt(passwd, enc_passwd), enc_passwd));
@@ -229,12 +241,21 @@ static int check_SHA1Sum_encryption(cons
static int check_mysql_encryption(const char *passwd, char *enc_passwd)
{
- char scrambled_passwd[32];
+ char scrambled_passwd[2*SHA1_HASH_SIZE + 2];
make_scrambled_password(scrambled_passwd, passwd);
return (!strcmp(scrambled_passwd, enc_passwd));
}
+static int check_apache_encryption(const char *passwd, char *enc_passwd)
+{
+#ifdef APACHE2
+ return (!apr_password_validate(passwd, enc_passwd));
+#else
+ return (!ap_validate_password(passwd, enc_passwd));
+#endif
+}
+
typedef struct {
char *name;
int (*check_function)(const char *passwd, char *enc_passwd);
@@ -250,9 +271,12 @@ encryption_type_entry supported_encrypti
#if CRYPT_MD5
{ "Crypt_MD5", check_crypt_MD5_encryption, CRYPT_MD5_ENCRYPTION_FLAG },
#endif
+#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT)
{ "Crypt", check_crypt_encryption, CRYPT_ENCRYPTION_FLAG },
+#endif
{ "PHP_MD5", check_PHP_MD5_encryption, PHP_MD5_ENCRYPTION_FLAG },
{ "SHA1Sum", check_SHA1Sum_encryption, SHA1SUM_ENCRYPTION_FLAG},
+ { "Apache", check_apache_encryption, APACHE_ENCRYPTION_FLAG },
/* add additional encryption types below */
{ NULL, NULL, 0 }
};
@@ -284,6 +308,7 @@ typedef struct {
char *db_user;
char *db_pwd;
char *db_name;
+ char *db_charset;
MYSQL *dbh;
@@ -324,11 +349,14 @@ typedef struct {
module auth_mysql_module;
+static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec);
+
#ifdef APACHE2
static apr_status_t
#else
static void
#endif
+
auth_mysql_cleanup(void *ptr)
{
mysql_auth_config_rec *sec = ptr;
@@ -380,7 +408,7 @@ void *create_mysql_auth_dir_config(pool
sizeof(mysql_auth_config_rec));
#endif
- sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = NULL;
+ sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = sec->db_charset = NULL;
sec->dbh = NULL;
/* When the memory for this connection record is cleaned, we must
@@ -489,9 +517,9 @@ static const char *set_scrambled_passwor
* server when passed in as part of a query.
*/
#ifdef APACHE2
-static char *mysql_escape(char *str, apr_pool_t *p)
+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p)
#else
-static char *mysql_escape(char *str, pool *p)
+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p)
#endif
{
char *dest;
@@ -505,7 +533,7 @@ static char *mysql_escape(char *str, poo
return str;
}
- mysql_escape_string(dest, str, strlen(str));
+ mysql_real_escape_string(sec->dbh, dest, str, strlen(str));
return dest;
}
@@ -644,6 +672,24 @@ static const char *enable_mysql(cmd_parm
return NULL;
}
+static const char *set_empty_passwords(cmd_parms *cmd, void *sconf, int arg)
+{
+ mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
+
+ sec->allow_empty_passwords = arg;
+ APACHELOG(APLOG_DEBUG, cmd, "set_empty_passwords: Setting allow_empty_passwords in %s to %i", sec->dir, sec->allow_empty_passwords);
+ return NULL;
+}
+
+static const char *set_authoritative(cmd_parms *cmd, void *sconf, int arg)
+{
+ mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
+
+ sec->authoritative = arg;
+ APACHELOG(APLOG_DEBUG, cmd, "set_authoritative: Setting authoritative in %s to %i", sec->dir, sec->authoritative);
+ return NULL;
+}
+
/* The command list. What it's called, when it's legal to use it, and
* what to do when we find it. Pretty cool, IMHO.
*/
@@ -655,14 +701,30 @@ command_rec mysql_auth_cmds[] = {
NULL,
RSRC_CONF, "host, user and password of the MySQL database" ),
+ AP_INIT_TAKE3( "AuthMySQL_Info", set_auth_mysql_info,
+ NULL,
+ RSRC_CONF, "host, user and password of the MySQL database" ),
+
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultHost", set_auth_mysql_host,
+ NULL,
+ RSRC_CONF, "Default MySQL host" ),
+
AP_INIT_TAKE1( "AuthMySQL_DefaultHost", set_auth_mysql_host,
NULL,
RSRC_CONF, "Default MySQL host" ),
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultUser", set_auth_mysql_user,
+ NULL,
+ RSRC_CONF, "Default MySQL user" ),
+
AP_INIT_TAKE1( "AuthMySQL_DefaultUser", set_auth_mysql_user,
NULL,
RSRC_CONF, "Default MySQL user" ),
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd,
+ NULL,
+ RSRC_CONF, "Default MySQL password" ),
+
AP_INIT_TAKE1( "AuthMySQL_DefaultPassword", set_auth_mysql_pwd,
NULL,
RSRC_CONF, "Default MySQL password" ),
@@ -671,138 +733,182 @@ command_rec mysql_auth_cmds[] = {
NULL,
RSRC_CONF, "Default MySQL server port" ),
+ AP_INIT_TAKE1( "AuthMySQL_DefaultPort", set_auth_mysql_port,
+ NULL,
+ RSRC_CONF, "Default MySQL server port" ),
+
AP_INIT_TAKE1( "Auth_MySQL_DefaultSocket", set_auth_mysql_socket,
NULL,
RSRC_CONF, "Default MySQL server socket" ),
+ AP_INIT_TAKE1( "AuthMySQL_DefaultSocket", set_auth_mysql_socket,
+ NULL,
+ RSRC_CONF, "Default MySQL server socket" ),
+
AP_INIT_TAKE1( "Auth_MySQL_General_DB", set_auth_mysql_db,
NULL,
RSRC_CONF, "default database for MySQL authentication" ),
+ AP_INIT_TAKE1( "AuthMySQL_General_DB", set_auth_mysql_db,
+ NULL,
+ RSRC_CONF, "default database for MySQL authentication" ),
+
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultDB", set_auth_mysql_db,
+ NULL,
+ RSRC_CONF, "default database for MySQL authentication" ),
+
AP_INIT_TAKE1( "AuthMySQL_DefaultDB", set_auth_mysql_db,
NULL,
RSRC_CONF, "default database for MySQL authentication" ),
- AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host),
+ AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host),
OR_AUTHCFG, "database host" ),
- AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host),
+ AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host),
OR_AUTHCFG, "database host" ),
AP_INIT_TAKE1( "Auth_MySQL_Socket", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket),
OR_AUTHCFG, "database host socket" ),
AP_INIT_TAKE1( "AuthMySQL_Socket", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket),
OR_AUTHCFG, "database host socket" ),
- AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port),
+ AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_int_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port),
OR_AUTHCFG, "database host port" ),
- AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port),
+ AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_int_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port),
OR_AUTHCFG, "database host port" ),
AP_INIT_TAKE1( "Auth_MySQL_Username", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
+ OR_AUTHCFG, "database user" ),
+
+ AP_INIT_TAKE1( "AuthMySQL_Username", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
+ OR_AUTHCFG, "database user" ),
+
+ AP_INIT_TAKE1( "Auth_MySQL_User", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
OR_AUTHCFG, "database user" ),
AP_INIT_TAKE1( "AuthMySQL_User", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
OR_AUTHCFG, "database user" ),
AP_INIT_TAKE1( "Auth_MySQL_Password", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd),
OR_AUTHCFG, "database password" ),
AP_INIT_TAKE1( "AuthMySQL_Password", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd),
OR_AUTHCFG, "database password" ),
AP_INIT_TAKE1( "Auth_MySQL_DB", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name),
OR_AUTHCFG, "database name" ),
AP_INIT_TAKE1( "AuthMySQL_DB", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name),
OR_AUTHCFG, "database name" ),
+ AP_INIT_TAKE1( "Auth_MySQL_CharacterSet", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset),
+ OR_AUTHCFG, "character set" ),
+
+ AP_INIT_TAKE1( "AuthMySQL_CharacterSet", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset),
+ OR_AUTHCFG, "character set" ),
+
AP_INIT_TAKE1( "Auth_MySQL_Password_Table", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table),
OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ),
AP_INIT_TAKE1( "AuthMySQL_Password_Table", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table),
OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ),
AP_INIT_TAKE1( "Auth_MySQL_Group_Table", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table),
+ OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
+
+ AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table),
OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
AP_INIT_TAKE1( "Auth_MySQL_Group_Clause", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_where_clause),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause),
OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ),
- AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table),
- OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
+ AP_INIT_TAKE1( "AuthMySQL_Group_Clause", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause),
+ OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ),
AP_INIT_TAKE1( "Auth_MySQL_Password_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field),
OR_AUTHCFG, "The name of the field in the MySQL password table" ),
AP_INIT_TAKE1( "AuthMySQL_Password_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field),
OR_AUTHCFG, "The name of the field in the MySQL password table" ),
AP_INIT_TAKE1( "Auth_MySQL_Password_Clause", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
+ OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
+
+ AP_INIT_TAKE1( "AuthMySQL_Password_Clause", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
AP_INIT_TAKE1( "Auth_MySQL_Username_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field),
OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ),
AP_INIT_TAKE1( "AuthMySQL_Username_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field),
OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ),
AP_INIT_TAKE1( "Auth_MySQL_Group_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field),
OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ),
AP_INIT_TAKE1( "AuthMySQL_Group_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field),
OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ),
AP_INIT_TAKE1( "Auth_MySQL_Group_User_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field),
OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ),
AP_INIT_TAKE1( "AuthMySQL_Group_User_Field", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field),
OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ),
- AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", ap_set_flag_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
+ AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", set_empty_passwords,
+ NULL,
OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ),
- AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", ap_set_flag_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
+ AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", set_empty_passwords,
+ NULL,
OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ),
- AP_INIT_FLAG( "Auth_MySQL_Authoritative", ap_set_flag_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
+ AP_INIT_FLAG( "Auth_MySQL_Authoritative", set_authoritative,
+ NULL,
OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ),
- AP_INIT_FLAG( "AuthMySQL_Authoritative", ap_set_flag_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
+ AP_INIT_FLAG( "AuthMySQL_Authoritative", set_authoritative,
+ NULL,
OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ),
+ AP_INIT_FLAG( "Auth_MySQL_AllowOverride", set_auth_mysql_override,
+ NULL,
+ RSRC_CONF, "Allow directory overrides of configuration" ),
+
AP_INIT_FLAG( "AuthMySQL_AllowOverride", set_auth_mysql_override,
NULL,
RSRC_CONF, "Allow directory overrides of configuration" ),
@@ -835,6 +941,14 @@ command_rec mysql_auth_cmds[] = {
NULL,
OR_AUTHCFG, "Use non-persistent MySQL links" ),
+ AP_INIT_FLAG( "AuthMySQL_Non_Persistent", set_non_persistent,
+ NULL,
+ OR_AUTHCFG, "Use non-persistent MySQL links" ),
+
+ AP_INIT_FLAG( "Auth_MySQL_Persistent", set_persistent,
+ NULL,
+ OR_AUTHCFG, "Use non-persistent MySQL links" ),
+
AP_INIT_FLAG( "AuthMySQL_Persistent", set_persistent,
NULL,
OR_AUTHCFG, "Use non-persistent MySQL links" ),
@@ -848,7 +962,11 @@ command_rec mysql_auth_cmds[] = {
OR_AUTHCFG, "Enable MySQL authentication" ),
AP_INIT_TAKE1( "Auth_MySQL_Where", ap_set_string_slot,
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause),
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
+ OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
+
+ AP_INIT_TAKE1( "AuthMySQL_Where", ap_set_string_slot,
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
{ NULL }
@@ -859,14 +977,30 @@ command_rec mysql_auth_cmds[] = {
NULL,
RSRC_CONF, TAKE3, "host, user and password of the MySQL database" },
+ { "AuthMySQL_Info", set_auth_mysql_info,
+ NULL,
+ RSRC_CONF, TAKE3, "host, user and password of the MySQL database" },
+
+ { "Auth_MySQL_DefaultHost", set_auth_mysql_host,
+ NULL,
+ RSRC_CONF, TAKE1, "Default MySQL host" },
+
{ "AuthMySQL_DefaultHost", set_auth_mysql_host,
NULL,
RSRC_CONF, TAKE1, "Default MySQL host" },
+ { "Auth_MySQL_DefaultUser", set_auth_mysql_user,
+ NULL,
+ RSRC_CONF, TAKE1, "Default MySQL user" },
+
{ "AuthMySQL_DefaultUser", set_auth_mysql_user,
NULL,
RSRC_CONF, TAKE1, "Default MySQL user" },
+ { "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd,
+ NULL,
+ RSRC_CONF, TAKE1, "Default MySQL password" },
+
{ "AuthMySQL_DefaultPassword", set_auth_mysql_pwd,
NULL,
RSRC_CONF, TAKE1, "Default MySQL password" },
@@ -875,23 +1009,39 @@ command_rec mysql_auth_cmds[] = {
NULL,
RSRC_CONF, TAKE1, "Default MySQL server port" },
+ { "AuthMySQL_DefaultPort", set_auth_mysql_port,
+ NULL,
+ RSRC_CONF, TAKE1, "Default MySQL server port" },
+
{ "Auth_MySQL_DefaultSocket", set_auth_mysql_socket,
NULL,
RSRC_CONF, TAKE1, "Default MySQL server socket" },
+ { "AuthMySQL_DefaultSocket", set_auth_mysql_socket,
+ NULL,
+ RSRC_CONF, TAKE1, "Default MySQL server socket" },
+
{ "Auth_MySQL_General_DB", set_auth_mysql_db,
NULL,
RSRC_CONF, TAKE1, "default database for MySQL authentication" },
+ { "AuthMySQL_General_DB", set_auth_mysql_db,
+ NULL,
+ RSRC_CONF, TAKE1, "default database for MySQL authentication" },
+
+ { "Auth_MySQL_DefaultDB", set_auth_mysql_db,
+ NULL,
+ RSRC_CONF, TAKE1, "default database for MySQL authentication" },
+
{ "AuthMySQL_DefaultDB", set_auth_mysql_db,
NULL,
RSRC_CONF, TAKE1, "default database for MySQL authentication" },
- { "AuthMySQL_Host", ap_set_string_slot,
+ { "Auth_MySQL_Host", ap_set_string_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, db_host),
OR_AUTHCFG, TAKE1, "database host" },
- { "Auth_MySQL_Host", ap_set_string_slot,
+ { "AuthMySQL_Host", ap_set_string_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, db_host),
OR_AUTHCFG, TAKE1, "database host" },
@@ -899,7 +1049,15 @@ command_rec mysql_auth_cmds[] = {
(void *) XtOffsetOf(mysql_auth_config_rec, db_socket),
OR_AUTHCFG, TAKE1, "database host socket" },
- { "Auth_MySQL_Port", ap_set_string_slot,
+ { "AuthMySQL_Socket", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_socket),
+ OR_AUTHCFG, TAKE1, "database host socket" },
+
+ { "Auth_MySQL_Port", ap_set_int_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_port),
+ OR_AUTHCFG, TAKE1, "database host socket" },
+
+ { "AuthMySQL_Port", ap_set_int_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, db_port),
OR_AUTHCFG, TAKE1, "database host socket" },
@@ -907,6 +1065,14 @@ command_rec mysql_auth_cmds[] = {
(void *) XtOffsetOf(mysql_auth_config_rec, db_user),
OR_AUTHCFG, TAKE1, "database user" },
+ { "AuthMySQL_Username", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
+ OR_AUTHCFG, TAKE1, "database user" },
+
+ { "Auth_MySQL_User", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
+ OR_AUTHCFG, TAKE1, "database user" },
+
{ "AuthMySQL_User", ap_set_string_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, db_user),
OR_AUTHCFG, TAKE1, "database user" },
@@ -927,6 +1093,14 @@ command_rec mysql_auth_cmds[] = {
(void *) XtOffsetOf(mysql_auth_config_rec, db_name),
OR_AUTHCFG, TAKE1, "database name" },
+ { "Auth_MySQL_CharacterSet", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_charset),
+ OR_AUTHCFG, TAKE1, "character set" },
+
+ { "AuthMySQL_CharacterSet", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_charset),
+ OR_AUTHCFG, TAKE1, "character set" },
+
{ "Auth_MySQL_Password_Table", ap_set_string_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, user_table),
OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the password/user-name combination" },
@@ -939,14 +1113,18 @@ command_rec mysql_auth_cmds[] = {
(void *) XtOffsetOf(mysql_auth_config_rec, group_table),
OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
+ { "AuthMySQL_Group_Table", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, group_table),
+ OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
+
{ "Auth_MySQL_Group_Clause", ap_set_string_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause),
OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" },
- { "AuthMySQL_Group_Table", ap_set_string_slot,
- (void *) XtOffsetOf(mysql_auth_config_rec, group_table),
- OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
-
+ { "AuthMySQL_Group_Clause", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause),
+ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" },
+
{ "Auth_MySQL_Password_Field", ap_set_string_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, password_field),
OR_AUTHCFG, TAKE1, "The name of the field in the MySQL password table" },
@@ -959,6 +1137,10 @@ command_rec mysql_auth_cmds[] = {
(void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
+ { "AuthMySQL_Password_Clause", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
+ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
+
{ "Auth_MySQL_Username_Field", ap_set_string_slot,
(void *) XtOffsetOf(mysql_auth_config_rec, user_field),
OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL password (and possibly group) table(s)." },
@@ -983,22 +1165,26 @@ command_rec mysql_auth_cmds[] = {
(void *) XtOffsetOf(mysql_auth_config_rec, group_user_field),
OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." },
- { "Auth_MySQL_Empty_Passwords", ap_set_flag_slot,
- (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
+ { "Auth_MySQL_Empty_Passwords", set_empty_passwords,
+ NULL,
OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." },
- { "AuthMySQL_Empty_Passwords", ap_set_flag_slot,
- (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
+ { "AuthMySQL_Empty_Passwords", set_empty_passwords,
+ NULL,
OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." },
- { "Auth_MySQL_Authoritative", ap_set_flag_slot,
- (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
+ { "Auth_MySQL_Authoritative", set_authoritative,
+ NULL,
OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." },
- { "AuthMySQL_Authoritative", ap_set_flag_slot,
- (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
+ { "AuthMySQL_Authoritative", set_authoritative,
+ NULL,
OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." },
+ { "Auth_MySQL_AllowOverride", set_auth_mysql_override,
+ NULL,
+ RSRC_CONF, FLAG, "Allow directory overrides of configuration" },
+
{ "AuthMySQL_AllowOverride", set_auth_mysql_override,
NULL,
RSRC_CONF, FLAG, "Allow directory overrides of configuration" },
@@ -1031,6 +1217,14 @@ command_rec mysql_auth_cmds[] = {
NULL,
OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
+ { "AuthMySQL_Non_Persistent", set_non_persistent,
+ NULL,
+ OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
+
+ { "Auth_MySQL_Persistent", set_persistent,
+ NULL,
+ OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
+
{ "AuthMySQL_Persistent", set_persistent,
NULL,
OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
@@ -1047,6 +1241,10 @@ command_rec mysql_auth_cmds[] = {
(void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
+ { "AuthMySQL_Where", ap_set_string_slot,
+ (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
+ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
+
{ NULL }
};
@@ -1092,6 +1290,10 @@ static int open_auth_dblink(request_rec
char *dbname = auth_db_name, *user = auth_db_user, *pwd = auth_db_pwd;
void (*sigpipe_handler)();
unsigned long client_flag = 0;
+#if MYSQL_VERSION_ID >= 50013
+ my_bool do_reconnect = 1;
+#endif
+ char *query;
APACHELOG(APLOG_DEBUG, r, "Opening DB connection for %s", sec->dir);
@@ -1160,6 +1362,13 @@ static int open_auth_dblink(request_rec
return errno;
}
+#if MYSQL_VERSION_ID >= 50013
+ /* The default is no longer to automatically reconnect on failure,
+ * (as of 5.0.3) so we have to set that option here. The option is
+ * available from 5.0.13. */
+ mysql_options(sec->dbh, MYSQL_OPT_RECONNECT, &do_reconnect);
+#endif
+
signal(SIGPIPE, sigpipe_handler);
APACHELOG(APLOG_DEBUG, r, "Persistent in %s is %i", sec->dir, sec->persistent);
@@ -1175,6 +1384,23 @@ static int open_auth_dblink(request_rec
#endif
}
+ if (sec->db_charset) {
+ const char *check;
+
+ APACHELOG(APLOG_DEBUG, r,
+ "Setting character set to %s", sec->db_charset);
+
+ mysql_set_character_set(sec->dbh, sec->db_charset);
+
+ check = mysql_character_set_name(sec->dbh);
+
+ if (!check || strcmp(sec->db_charset, check)) {
+ APACHELOG(APLOG_ERR, r,
+ "Failed to set character set to %s", sec->db_charset);
+ return -1;
+ }
+ }
+
/* W00t! We made it! */
return 0;
}
@@ -1287,10 +1513,16 @@ static int check_password(const char *pl
encryption_type_entry *ete;
/* empty password support */
- if (sec->allow_empty_passwords && !strlen(hashed)) {
- APACHELOG(APLOG_INFO, r, "User successful on empty password");
- return 1;
- }
+ if (!strlen(hashed)) {
+ if (sec->allow_empty_passwords) {
+ APACHELOG(APLOG_INFO, r, "User successful on empty password");
+ return 1;
+ } else {
+ APACHELOG(APLOG_INFO, r, "Rejecting login because of empty password field in DB");
+ return 0;
+ }
+ }
+
for (ete=supported_encryption_types; ete->name; ete++) {
if (sec->encryption_types & ete->flag) {
@@ -1315,11 +1547,27 @@ static int mysql_check_user_password(req
char *auth_table = "mysql_auth", *auth_user_field = "username",
*auth_password_field = "passwd", *auth_password_clause = "";
char *query;
- char *esc_user = mysql_escape(user, r->pool);
+ char *esc_user = NULL;
MYSQL_RES *result;
MYSQL_ROW sql_row;
+ int error = CR_UNKNOWN_ERROR;
int rv;
+ if (!sec->dbh) {
+ APACHELOG(APLOG_DEBUG, r,
+ "No DB connection open - firing one up");
+ if ((error = open_auth_dblink(r, sec))) {
+ APACHELOG(APLOG_DEBUG, r,
+ "open_auth_dblink returned %i", error);
+ return error;
+ }
+
+ APACHELOG(APLOG_DEBUG, r,
+ "Correctly opened a new DB connection");
+ }
+
+ esc_user = mysql_escape(sec, r, user, r->pool);
+
if (sec->user_table) {
auth_table = sec->user_table;
}
@@ -1405,8 +1653,8 @@ static int mysql_check_group(request_rec
{
char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause="";
char *query;
- char *esc_user = mysql_escape(user, r->pool);
- char *esc_group = mysql_escape(group, r->pool);
+ char *esc_user = mysql_escape(sec, r, user, r->pool);
+ char *esc_group = mysql_escape(sec, r, group, r->pool);
MYSQL_RES *result;
MYSQL_ROW row;
char *auth_user_field = "username";
![[BACK]](/icons/back.gif){kind=icon}
Return to patch-ad CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / www / ap-auth-mysql / patches