head 1.6; access; symbols pkgsrc-2017Q4:1.5.0.58 pkgsrc-2017Q4-base:1.5 pkgsrc-2017Q3:1.5.0.56 pkgsrc-2017Q3-base:1.5 pkgsrc-2017Q2:1.5.0.52 pkgsrc-2017Q2-base:1.5 pkgsrc-2017Q1:1.5.0.50 pkgsrc-2017Q1-base:1.5 pkgsrc-2016Q4:1.5.0.48 pkgsrc-2016Q4-base:1.5 pkgsrc-2016Q3:1.5.0.46 pkgsrc-2016Q3-base:1.5 pkgsrc-2016Q2:1.5.0.44 pkgsrc-2016Q2-base:1.5 pkgsrc-2016Q1:1.5.0.42 pkgsrc-2016Q1-base:1.5 pkgsrc-2015Q4:1.5.0.40 pkgsrc-2015Q4-base:1.5 pkgsrc-2015Q3:1.5.0.38 pkgsrc-2015Q3-base:1.5 pkgsrc-2015Q2:1.5.0.36 pkgsrc-2015Q2-base:1.5 pkgsrc-2015Q1:1.5.0.34 pkgsrc-2015Q1-base:1.5 pkgsrc-2014Q4:1.5.0.32 pkgsrc-2014Q4-base:1.5 pkgsrc-2014Q3:1.5.0.30 pkgsrc-2014Q3-base:1.5 pkgsrc-2014Q2:1.5.0.28 pkgsrc-2014Q2-base:1.5 pkgsrc-2014Q1:1.5.0.26 pkgsrc-2014Q1-base:1.5 pkgsrc-2013Q4:1.5.0.24 pkgsrc-2013Q4-base:1.5 pkgsrc-2013Q3:1.5.0.22 pkgsrc-2013Q3-base:1.5 pkgsrc-2013Q2:1.5.0.20 pkgsrc-2013Q2-base:1.5 pkgsrc-2013Q1:1.5.0.18 pkgsrc-2013Q1-base:1.5 pkgsrc-2012Q4:1.5.0.16 pkgsrc-2012Q4-base:1.5 pkgsrc-2012Q3:1.5.0.14 pkgsrc-2012Q3-base:1.5 pkgsrc-2012Q2:1.5.0.12 pkgsrc-2012Q2-base:1.5 pkgsrc-2012Q1:1.5.0.10 pkgsrc-2012Q1-base:1.5 pkgsrc-2011Q4:1.5.0.8 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q3:1.5.0.6 pkgsrc-2011Q3-base:1.5 pkgsrc-2011Q2:1.5.0.4 pkgsrc-2011Q2-base:1.5 pkgsrc-2011Q1:1.5.0.2 pkgsrc-2011Q1-base:1.5 pkgsrc-2010Q4:1.3.0.34 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.32 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.30 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.28 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.26 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.24 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.22 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.20 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.18 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.16 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.14 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.12 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.10 pkgsrc-2008Q1:1.3.0.8 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.6 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.4 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.2 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.2.0.22 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.20 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.18 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.16 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.14 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.12 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.10 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.8 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.6 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.4 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.2 pkgsrc-2004Q3-base:1.2 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.6 date 2018.01.01.10.23.05; author wiz; state dead; branches; next 1.5; commitid zjUBNlZlngYbU9lA; 1.5 date 2011.04.01.15.11.58; author wiz; state Exp; branches; next 1.4; 1.4 date 2011.04.01.15.03.48; author wiz; state Exp; branches; next 1.3; 1.3 date 2007.06.29.22.58.55; author joerg; state Exp; branches; next 1.2; 1.2 date 2004.07.19.00.08.41; author kristerw; state Exp; branches; next 1.1; 1.1 date 2004.07.16.11.28.19; author jdolecek; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2004.07.16.11.28.19; author jdolecek; state Exp; branches; next ; desc @@ 1.6 log @apache22: remove, it was eol'd in June 2017 Remove packages that only work with apache22. Remove apache22 references. @ text @$NetBSD: patch-ad,v 1.5 2011/04/01 15:11:58 wiz Exp $ Some crypt.h changes that were here before, undocumented. All Debian patches up to 4.3.9-13, including a fix for CVE-2008-2384. --- mod_auth_mysql.c.orig 2004-12-23 13:43:14.000000000 +0000 +++ mod_auth_mysql.c @@@@ -48,19 +48,27 @@@@ #include #ifdef APACHE2 #include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ +#include #include #include +#include #else #include #include #endif +#ifndef APR_XtOffsetOf +#define APR_XtOffsetOf(x,y) APR_OFFSETOF(x,y) +#endif + #include #include #include #ifdef HAVE_CRYPT_H #include +#else +#include #endif #ifndef TRUE @@@@ -98,10 +106,14 @@@@ unsigned long auth_db_client_flag = 0; #define CRYPT_MD5_ENCRYPTION_FLAG 1<<3 #endif #define PHP_MD5_ENCRYPTION_FLAG 1<<4 -#ifdef HAVE_CRYPT_H +#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT) #define CRYPT_ENCRYPTION_FLAG 1<<5 #endif #define SHA1SUM_ENCRYPTION_FLAG 1<<6 +#define APACHE_ENCRYPTION_FLAG 1<<7 + +/* from include/sha1.h from the mysql-server source distribution */ +#define SHA1_HASH_SIZE 20 /* Hash size in bytes */ static int check_no_encryption(const char *passwd, char *enc_passwd) { @@@@ -131,7 +143,7 @@@@ static int check_crypt_MD5_encryption(co } #endif -#ifdef HAVE_CRYPT_H +#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT) static int check_crypt_encryption(const char *passwd, char *enc_passwd) { return (!strcmp(crypt(passwd, enc_passwd), enc_passwd)); @@@@ -229,12 +241,21 @@@@ static int check_SHA1Sum_encryption(cons static int check_mysql_encryption(const char *passwd, char *enc_passwd) { - char scrambled_passwd[32]; + char scrambled_passwd[2*SHA1_HASH_SIZE + 2]; make_scrambled_password(scrambled_passwd, passwd); return (!strcmp(scrambled_passwd, enc_passwd)); } +static int check_apache_encryption(const char *passwd, char *enc_passwd) +{ +#ifdef APACHE2 + return (!apr_password_validate(passwd, enc_passwd)); +#else + return (!ap_validate_password(passwd, enc_passwd)); +#endif +} + typedef struct { char *name; int (*check_function)(const char *passwd, char *enc_passwd); @@@@ -250,9 +271,12 @@@@ encryption_type_entry supported_encrypti #if CRYPT_MD5 { "Crypt_MD5", check_crypt_MD5_encryption, CRYPT_MD5_ENCRYPTION_FLAG }, #endif +#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT) { "Crypt", check_crypt_encryption, CRYPT_ENCRYPTION_FLAG }, +#endif { "PHP_MD5", check_PHP_MD5_encryption, PHP_MD5_ENCRYPTION_FLAG }, { "SHA1Sum", check_SHA1Sum_encryption, SHA1SUM_ENCRYPTION_FLAG}, + { "Apache", check_apache_encryption, APACHE_ENCRYPTION_FLAG }, /* add additional encryption types below */ { NULL, NULL, 0 } }; @@@@ -284,6 +308,7 @@@@ typedef struct { char *db_user; char *db_pwd; char *db_name; + char *db_charset; MYSQL *dbh; @@@@ -324,11 +349,14 @@@@ typedef struct { module auth_mysql_module; +static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec); + #ifdef APACHE2 static apr_status_t #else static void #endif + auth_mysql_cleanup(void *ptr) { mysql_auth_config_rec *sec = ptr; @@@@ -380,7 +408,7 @@@@ void *create_mysql_auth_dir_config(pool sizeof(mysql_auth_config_rec)); #endif - sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = NULL; + sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = sec->db_charset = NULL; sec->dbh = NULL; /* When the memory for this connection record is cleaned, we must @@@@ -489,9 +517,9 @@@@ static const char *set_scrambled_passwor * server when passed in as part of a query. */ #ifdef APACHE2 -static char *mysql_escape(char *str, apr_pool_t *p) +static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p) #else -static char *mysql_escape(char *str, pool *p) +static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p) #endif { char *dest; @@@@ -505,7 +533,7 @@@@ static char *mysql_escape(char *str, poo return str; } - mysql_escape_string(dest, str, strlen(str)); + mysql_real_escape_string(sec->dbh, dest, str, strlen(str)); return dest; } @@@@ -644,6 +672,24 @@@@ static const char *enable_mysql(cmd_parm return NULL; } +static const char *set_empty_passwords(cmd_parms *cmd, void *sconf, int arg) +{ + mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf; + + sec->allow_empty_passwords = arg; + APACHELOG(APLOG_DEBUG, cmd, "set_empty_passwords: Setting allow_empty_passwords in %s to %i", sec->dir, sec->allow_empty_passwords); + return NULL; +} + +static const char *set_authoritative(cmd_parms *cmd, void *sconf, int arg) +{ + mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf; + + sec->authoritative = arg; + APACHELOG(APLOG_DEBUG, cmd, "set_authoritative: Setting authoritative in %s to %i", sec->dir, sec->authoritative); + return NULL; +} + /* The command list. What it's called, when it's legal to use it, and * what to do when we find it. Pretty cool, IMHO. */ @@@@ -655,14 +701,30 @@@@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, "host, user and password of the MySQL database" ), + AP_INIT_TAKE3( "AuthMySQL_Info", set_auth_mysql_info, + NULL, + RSRC_CONF, "host, user and password of the MySQL database" ), + + AP_INIT_TAKE1( "Auth_MySQL_DefaultHost", set_auth_mysql_host, + NULL, + RSRC_CONF, "Default MySQL host" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultHost", set_auth_mysql_host, NULL, RSRC_CONF, "Default MySQL host" ), + AP_INIT_TAKE1( "Auth_MySQL_DefaultUser", set_auth_mysql_user, + NULL, + RSRC_CONF, "Default MySQL user" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultUser", set_auth_mysql_user, NULL, RSRC_CONF, "Default MySQL user" ), + AP_INIT_TAKE1( "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd, + NULL, + RSRC_CONF, "Default MySQL password" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultPassword", set_auth_mysql_pwd, NULL, RSRC_CONF, "Default MySQL password" ), @@@@ -671,138 +733,182 @@@@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, "Default MySQL server port" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultPort", set_auth_mysql_port, + NULL, + RSRC_CONF, "Default MySQL server port" ), + AP_INIT_TAKE1( "Auth_MySQL_DefaultSocket", set_auth_mysql_socket, NULL, RSRC_CONF, "Default MySQL server socket" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultSocket", set_auth_mysql_socket, + NULL, + RSRC_CONF, "Default MySQL server socket" ), + AP_INIT_TAKE1( "Auth_MySQL_General_DB", set_auth_mysql_db, NULL, RSRC_CONF, "default database for MySQL authentication" ), + AP_INIT_TAKE1( "AuthMySQL_General_DB", set_auth_mysql_db, + NULL, + RSRC_CONF, "default database for MySQL authentication" ), + + AP_INIT_TAKE1( "Auth_MySQL_DefaultDB", set_auth_mysql_db, + NULL, + RSRC_CONF, "default database for MySQL authentication" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultDB", set_auth_mysql_db, NULL, RSRC_CONF, "default database for MySQL authentication" ), - AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host), + AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), OR_AUTHCFG, "database host" ), - AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host), + AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), OR_AUTHCFG, "database host" ), AP_INIT_TAKE1( "Auth_MySQL_Socket", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket), OR_AUTHCFG, "database host socket" ), AP_INIT_TAKE1( "AuthMySQL_Socket", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket), OR_AUTHCFG, "database host socket" ), - AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port), + AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_int_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), OR_AUTHCFG, "database host port" ), - AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port), + AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_int_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), OR_AUTHCFG, "database host port" ), AP_INIT_TAKE1( "Auth_MySQL_Username", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + + AP_INIT_TAKE1( "AuthMySQL_Username", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + + AP_INIT_TAKE1( "Auth_MySQL_User", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), OR_AUTHCFG, "database user" ), AP_INIT_TAKE1( "AuthMySQL_User", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), OR_AUTHCFG, "database user" ), AP_INIT_TAKE1( "Auth_MySQL_Password", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), OR_AUTHCFG, "database password" ), AP_INIT_TAKE1( "AuthMySQL_Password", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), OR_AUTHCFG, "database password" ), AP_INIT_TAKE1( "Auth_MySQL_DB", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name), OR_AUTHCFG, "database name" ), AP_INIT_TAKE1( "AuthMySQL_DB", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name), OR_AUTHCFG, "database name" ), + AP_INIT_TAKE1( "Auth_MySQL_CharacterSet", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, "character set" ), + + AP_INIT_TAKE1( "AuthMySQL_CharacterSet", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, "character set" ), + AP_INIT_TAKE1( "Auth_MySQL_Password_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table), OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ), AP_INIT_TAKE1( "AuthMySQL_Password_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table), OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ), AP_INIT_TAKE1( "Auth_MySQL_Group_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), + OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), + + AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), AP_INIT_TAKE1( "Auth_MySQL_Group_Clause", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_where_clause), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause), OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ), - AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table), - OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), + AP_INIT_TAKE1( "AuthMySQL_Group_Clause", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ), AP_INIT_TAKE1( "Auth_MySQL_Password_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field), OR_AUTHCFG, "The name of the field in the MySQL password table" ), AP_INIT_TAKE1( "AuthMySQL_Password_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field), OR_AUTHCFG, "The name of the field in the MySQL password table" ), AP_INIT_TAKE1( "Auth_MySQL_Password_Clause", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + + AP_INIT_TAKE1( "AuthMySQL_Password_Clause", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), AP_INIT_TAKE1( "Auth_MySQL_Username_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ), AP_INIT_TAKE1( "AuthMySQL_Username_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ), AP_INIT_TAKE1( "Auth_MySQL_Group_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field), OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ), AP_INIT_TAKE1( "AuthMySQL_Group_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field), OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ), AP_INIT_TAKE1( "Auth_MySQL_Group_User_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ), AP_INIT_TAKE1( "AuthMySQL_Group_User_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ), - AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), - AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), - AP_INIT_FLAG( "Auth_MySQL_Authoritative", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative), + AP_INIT_FLAG( "Auth_MySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), - AP_INIT_FLAG( "AuthMySQL_Authoritative", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative), + AP_INIT_FLAG( "AuthMySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), + AP_INIT_FLAG( "Auth_MySQL_AllowOverride", set_auth_mysql_override, + NULL, + RSRC_CONF, "Allow directory overrides of configuration" ), + AP_INIT_FLAG( "AuthMySQL_AllowOverride", set_auth_mysql_override, NULL, RSRC_CONF, "Allow directory overrides of configuration" ), @@@@ -835,6 +941,14 @@@@ command_rec mysql_auth_cmds[] = { NULL, OR_AUTHCFG, "Use non-persistent MySQL links" ), + AP_INIT_FLAG( "AuthMySQL_Non_Persistent", set_non_persistent, + NULL, + OR_AUTHCFG, "Use non-persistent MySQL links" ), + + AP_INIT_FLAG( "Auth_MySQL_Persistent", set_persistent, + NULL, + OR_AUTHCFG, "Use non-persistent MySQL links" ), + AP_INIT_FLAG( "AuthMySQL_Persistent", set_persistent, NULL, OR_AUTHCFG, "Use non-persistent MySQL links" ), @@@@ -848,7 +962,11 @@@@ command_rec mysql_auth_cmds[] = { OR_AUTHCFG, "Enable MySQL authentication" ), AP_INIT_TAKE1( "Auth_MySQL_Where", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + + AP_INIT_TAKE1( "AuthMySQL_Where", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), { NULL } @@@@ -859,14 +977,30 @@@@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, TAKE3, "host, user and password of the MySQL database" }, + { "AuthMySQL_Info", set_auth_mysql_info, + NULL, + RSRC_CONF, TAKE3, "host, user and password of the MySQL database" }, + + { "Auth_MySQL_DefaultHost", set_auth_mysql_host, + NULL, + RSRC_CONF, TAKE1, "Default MySQL host" }, + { "AuthMySQL_DefaultHost", set_auth_mysql_host, NULL, RSRC_CONF, TAKE1, "Default MySQL host" }, + { "Auth_MySQL_DefaultUser", set_auth_mysql_user, + NULL, + RSRC_CONF, TAKE1, "Default MySQL user" }, + { "AuthMySQL_DefaultUser", set_auth_mysql_user, NULL, RSRC_CONF, TAKE1, "Default MySQL user" }, + { "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd, + NULL, + RSRC_CONF, TAKE1, "Default MySQL password" }, + { "AuthMySQL_DefaultPassword", set_auth_mysql_pwd, NULL, RSRC_CONF, TAKE1, "Default MySQL password" }, @@@@ -875,23 +1009,39 @@@@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, TAKE1, "Default MySQL server port" }, + { "AuthMySQL_DefaultPort", set_auth_mysql_port, + NULL, + RSRC_CONF, TAKE1, "Default MySQL server port" }, + { "Auth_MySQL_DefaultSocket", set_auth_mysql_socket, NULL, RSRC_CONF, TAKE1, "Default MySQL server socket" }, + { "AuthMySQL_DefaultSocket", set_auth_mysql_socket, + NULL, + RSRC_CONF, TAKE1, "Default MySQL server socket" }, + { "Auth_MySQL_General_DB", set_auth_mysql_db, NULL, RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + { "AuthMySQL_General_DB", set_auth_mysql_db, + NULL, + RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + + { "Auth_MySQL_DefaultDB", set_auth_mysql_db, + NULL, + RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + { "AuthMySQL_DefaultDB", set_auth_mysql_db, NULL, RSRC_CONF, TAKE1, "default database for MySQL authentication" }, - { "AuthMySQL_Host", ap_set_string_slot, + { "Auth_MySQL_Host", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_host), OR_AUTHCFG, TAKE1, "database host" }, - { "Auth_MySQL_Host", ap_set_string_slot, + { "AuthMySQL_Host", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_host), OR_AUTHCFG, TAKE1, "database host" }, @@@@ -899,7 +1049,15 @@@@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, db_socket), OR_AUTHCFG, TAKE1, "database host socket" }, - { "Auth_MySQL_Port", ap_set_string_slot, + { "AuthMySQL_Socket", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_socket), + OR_AUTHCFG, TAKE1, "database host socket" }, + + { "Auth_MySQL_Port", ap_set_int_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_port), + OR_AUTHCFG, TAKE1, "database host socket" }, + + { "AuthMySQL_Port", ap_set_int_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_port), OR_AUTHCFG, TAKE1, "database host socket" }, @@@@ -907,6 +1065,14 @@@@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, db_user), OR_AUTHCFG, TAKE1, "database user" }, + { "AuthMySQL_Username", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_user), + OR_AUTHCFG, TAKE1, "database user" }, + + { "Auth_MySQL_User", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_user), + OR_AUTHCFG, TAKE1, "database user" }, + { "AuthMySQL_User", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_user), OR_AUTHCFG, TAKE1, "database user" }, @@@@ -927,6 +1093,14 @@@@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, db_name), OR_AUTHCFG, TAKE1, "database name" }, + { "Auth_MySQL_CharacterSet", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, TAKE1, "character set" }, + + { "AuthMySQL_CharacterSet", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, TAKE1, "character set" }, + { "Auth_MySQL_Password_Table", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, user_table), OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the password/user-name combination" }, @@@@ -939,14 +1113,18 @@@@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, group_table), OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, + { "AuthMySQL_Group_Table", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, group_table), + OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, + { "Auth_MySQL_Group_Clause", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause), OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" }, - { "AuthMySQL_Group_Table", ap_set_string_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, group_table), - OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, - + { "AuthMySQL_Group_Clause", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" }, + { "Auth_MySQL_Password_Field", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, password_field), OR_AUTHCFG, TAKE1, "The name of the field in the MySQL password table" }, @@@@ -959,6 +1137,10 @@@@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { "AuthMySQL_Password_Clause", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { "Auth_MySQL_Username_Field", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, user_field), OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL password (and possibly group) table(s)." }, @@@@ -983,22 +1165,26 @@@@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, group_user_field), OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." }, - { "Auth_MySQL_Empty_Passwords", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + { "Auth_MySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." }, - { "AuthMySQL_Empty_Passwords", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + { "AuthMySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." }, - { "Auth_MySQL_Authoritative", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, authoritative), + { "Auth_MySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, - { "AuthMySQL_Authoritative", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, authoritative), + { "AuthMySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, + { "Auth_MySQL_AllowOverride", set_auth_mysql_override, + NULL, + RSRC_CONF, FLAG, "Allow directory overrides of configuration" }, + { "AuthMySQL_AllowOverride", set_auth_mysql_override, NULL, RSRC_CONF, FLAG, "Allow directory overrides of configuration" }, @@@@ -1031,6 +1217,14 @@@@ command_rec mysql_auth_cmds[] = { NULL, OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, + { "AuthMySQL_Non_Persistent", set_non_persistent, + NULL, + OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, + + { "Auth_MySQL_Persistent", set_persistent, + NULL, + OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, + { "AuthMySQL_Persistent", set_persistent, NULL, OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, @@@@ -1047,6 +1241,10 @@@@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { "AuthMySQL_Where", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { NULL } }; @@@@ -1092,6 +1290,10 @@@@ static int open_auth_dblink(request_rec char *dbname = auth_db_name, *user = auth_db_user, *pwd = auth_db_pwd; void (*sigpipe_handler)(); unsigned long client_flag = 0; +#if MYSQL_VERSION_ID >= 50013 + my_bool do_reconnect = 1; +#endif + char *query; APACHELOG(APLOG_DEBUG, r, "Opening DB connection for %s", sec->dir); @@@@ -1160,6 +1362,13 @@@@ static int open_auth_dblink(request_rec return errno; } +#if MYSQL_VERSION_ID >= 50013 + /* The default is no longer to automatically reconnect on failure, + * (as of 5.0.3) so we have to set that option here. The option is + * available from 5.0.13. */ + mysql_options(sec->dbh, MYSQL_OPT_RECONNECT, &do_reconnect); +#endif + signal(SIGPIPE, sigpipe_handler); APACHELOG(APLOG_DEBUG, r, "Persistent in %s is %i", sec->dir, sec->persistent); @@@@ -1175,6 +1384,23 @@@@ static int open_auth_dblink(request_rec #endif } + if (sec->db_charset) { + const char *check; + + APACHELOG(APLOG_DEBUG, r, + "Setting character set to %s", sec->db_charset); + + mysql_set_character_set(sec->dbh, sec->db_charset); + + check = mysql_character_set_name(sec->dbh); + + if (!check || strcmp(sec->db_charset, check)) { + APACHELOG(APLOG_ERR, r, + "Failed to set character set to %s", sec->db_charset); + return -1; + } + } + /* W00t! We made it! */ return 0; } @@@@ -1287,10 +1513,16 @@@@ static int check_password(const char *pl encryption_type_entry *ete; /* empty password support */ - if (sec->allow_empty_passwords && !strlen(hashed)) { - APACHELOG(APLOG_INFO, r, "User successful on empty password"); - return 1; - } + if (!strlen(hashed)) { + if (sec->allow_empty_passwords) { + APACHELOG(APLOG_INFO, r, "User successful on empty password"); + return 1; + } else { + APACHELOG(APLOG_INFO, r, "Rejecting login because of empty password field in DB"); + return 0; + } + } + for (ete=supported_encryption_types; ete->name; ete++) { if (sec->encryption_types & ete->flag) { @@@@ -1315,11 +1547,27 @@@@ static int mysql_check_user_password(req char *auth_table = "mysql_auth", *auth_user_field = "username", *auth_password_field = "passwd", *auth_password_clause = ""; char *query; - char *esc_user = mysql_escape(user, r->pool); + char *esc_user = NULL; MYSQL_RES *result; MYSQL_ROW sql_row; + int error = CR_UNKNOWN_ERROR; int rv; + if (!sec->dbh) { + APACHELOG(APLOG_DEBUG, r, + "No DB connection open - firing one up"); + if ((error = open_auth_dblink(r, sec))) { + APACHELOG(APLOG_DEBUG, r, + "open_auth_dblink returned %i", error); + return error; + } + + APACHELOG(APLOG_DEBUG, r, + "Correctly opened a new DB connection"); + } + + esc_user = mysql_escape(sec, r, user, r->pool); + if (sec->user_table) { auth_table = sec->user_table; } @@@@ -1405,8 +1653,8 @@@@ static int mysql_check_group(request_rec { char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause=""; char *query; - char *esc_user = mysql_escape(user, r->pool); - char *esc_group = mysql_escape(group, r->pool); + char *esc_user = mysql_escape(sec, r, user, r->pool); + char *esc_group = mysql_escape(sec, r, group, r->pool); MYSQL_RES *result; MYSQL_ROW row; char *auth_user_field = "username"; @ 1.5 log @Add all Debian patches up to 4.3.9-13, including a fix for CVE-2008-2384. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.4 2011/04/01 15:03:48 wiz Exp $ @ 1.4 log @Update to 4.3.9, changes not found (as preparation for security fix). @ text @d1 5 a5 1 $NetBSD: patch-ad,v 1.3 2007/06/29 22:58:55 joerg Exp $ d9 10 a18 1 @@@@ -55,12 +55,18 @@@@ d37 1 a37 1 @@@@ -98,7 +104,7 @@@@ unsigned long auth_db_client_flag = 0; d46 8 a53 1 @@@@ -131,7 +137,7 @@@@ static int check_crypt_MD5_encryption(co d62 24 a85 1 @@@@ -250,7 +256,9 @@@@ encryption_type_entry supported_encrypti d94 1 d96 687 @ 1.3 log @If APR_XtOffsetOf is not defined, fallback to APR_OFFSETOF. The compat macro was removed with APR 1.x. Also include unistd.h if crypt.h does not exist, that's the place in DragonFly. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- mod_auth_mysql.c.orig 2004-06-27 11:34:55.000000000 +0000 d5 2 a6 19 @@@@ -29,14 +29,14 @@@@ #define SNPRINTF apr_snprintf #define PSTRDUP apr_pstrdup #define PSTRCAT apr_pstrcat -#define APACHELOG(severity, handle, message ...) ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_##severity, 0, handle->server, message) +#define APACHELOG(severity, handle, message...) ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_##severity, 0, handle->server, message) #else #define PALLOC ap_palloc #define PCALLOC ap_pcalloc #define SNPRINTF ap_snprintf #define PSTRDUP ap_pstrdup #define PSTRCAT ap_pstrcat -#define APACHELOG(severity, handle, message ...) ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_##severity, handle->server, message) +#define APACHELOG(severity, handle, message...) ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_##severity, handle->server, message) #endif #include @@@@ -51,12 +51,18 @@@@ #include d24 1 a24 1 @@@@ -94,7 +100,7 @@@@ unsigned long auth_db_client_flag = 0; d32 2 a33 2 @@@@ -126,7 +132,7 @@@@ static int check_crypt_MD5_encryption(co d42 1 a42 1 @@@@ -206,7 +212,9 @@@@ encryption_type_entry supported_encrypti d50 1 a51 21 { NULL, NULL, 0 } @@@@ -1463,14 +1471,17 @@@@ int mysql_authenticate_basic_user(reques return res; } +#ifdef APACHE2 APACHELOG(DEBUG, r, "Starting basic user auth for [%s] in %s, child pid %i", -#ifdef APACHE2 r->user, + sec->dir, getpid()); #else + APACHELOG(DEBUG, r, + "Starting basic user auth for [%s] in %s, child pid %i", c->user, -#endif sec->dir, getpid()); +#endif #ifdef APACHE2 switch (mysql_check_user_password(r, r->user, sent_pw, sec)) { @ 1.2 log @Fix a case of invalid use of preprocessing directives within macro args that breaks compilation whith gcc 2.95. @ text @d3 2 a4 2 --- mod_auth_mysql.c.orig Sun Jun 27 13:34:55 2004 +++ mod_auth_mysql.c Mon Jul 19 01:57:11 2004 d22 20 a41 1 @@@@ -94,7 +94,7 @@@@ d50 1 a50 1 @@@@ -126,7 +126,7 @@@@ d59 1 a59 1 @@@@ -206,7 +206,9 @@@@ d69 1 a69 1 @@@@ -1463,14 +1465,17 @@@@ @ 1.1 log @Initial revision @ text @d3 20 a22 3 --- mod_auth_mysql.c.orig 2003-11-18 13:59:00.000000000 +0100 +++ mod_auth_mysql.c @@@@ -62,7 +62,7 @@@@ static int auth_db_override = 1; d31 1 a31 1 @@@@ -94,7 +94,7 @@@@ static int check_crypt_MD5_encryption(co d40 1 a40 1 @@@@ -165,7 +165,9 @@@@ encryption_type_entry supported_encrypti d50 20 @ 1.1.1.1 log @Import ap-auth-mysql 4.3.1, Apache module for user authentication using information stored in a MySQL database. Based on pkgwip package done by cube@@, thanks a lot! Package should support both Apache 1.x and 2.x, but only Apache 1.x tested at the moment. @ text @@