mirror of
https://github.com/Stichting-MINIX-Research-Foundation/pkgsrc-ng.git
synced 2025-09-13 22:36:06 -04:00
783 lines
30 KiB
Plaintext
783 lines
30 KiB
Plaintext
$NetBSD: patch-ad,v 1.5 2011/04/01 15:11:58 wiz Exp $
|
|
|
|
Some crypt.h changes that were here before, undocumented.
|
|
All Debian patches up to 4.3.9-13, including a fix for
|
|
CVE-2008-2384.
|
|
|
|
--- mod_auth_mysql.c.orig 2004-12-23 13:43:14.000000000 +0000
|
|
+++ mod_auth_mysql.c
|
|
@@ -48,19 +48,27 @@
|
|
#include <http_log.h>
|
|
#ifdef APACHE2
|
|
#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/
|
|
+#include <apr_general.h>
|
|
#include <apr_md5.h>
|
|
#include <apr_sha1.h>
|
|
+#include <apr_strings.h>
|
|
#else
|
|
#include <ap_md5.h>
|
|
#include <ap_sha1.h>
|
|
#endif
|
|
|
|
+#ifndef APR_XtOffsetOf
|
|
+#define APR_XtOffsetOf(x,y) APR_OFFSETOF(x,y)
|
|
+#endif
|
|
+
|
|
#include <mysql.h>
|
|
#include <errmsg.h>
|
|
#include <mysqld_error.h>
|
|
|
|
#ifdef HAVE_CRYPT_H
|
|
#include <crypt.h>
|
|
+#else
|
|
+#include <unistd.h>
|
|
#endif
|
|
|
|
#ifndef TRUE
|
|
@@ -98,10 +106,14 @@ unsigned long auth_db_client_flag = 0;
|
|
#define CRYPT_MD5_ENCRYPTION_FLAG 1<<3
|
|
#endif
|
|
#define PHP_MD5_ENCRYPTION_FLAG 1<<4
|
|
-#ifdef HAVE_CRYPT_H
|
|
+#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT)
|
|
#define CRYPT_ENCRYPTION_FLAG 1<<5
|
|
#endif
|
|
#define SHA1SUM_ENCRYPTION_FLAG 1<<6
|
|
+#define APACHE_ENCRYPTION_FLAG 1<<7
|
|
+
|
|
+/* from include/sha1.h from the mysql-server source distribution */
|
|
+#define SHA1_HASH_SIZE 20 /* Hash size in bytes */
|
|
|
|
static int check_no_encryption(const char *passwd, char *enc_passwd)
|
|
{
|
|
@@ -131,7 +143,7 @@ static int check_crypt_MD5_encryption(co
|
|
}
|
|
#endif
|
|
|
|
-#ifdef HAVE_CRYPT_H
|
|
+#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT)
|
|
static int check_crypt_encryption(const char *passwd, char *enc_passwd)
|
|
{
|
|
return (!strcmp(crypt(passwd, enc_passwd), enc_passwd));
|
|
@@ -229,12 +241,21 @@ static int check_SHA1Sum_encryption(cons
|
|
|
|
static int check_mysql_encryption(const char *passwd, char *enc_passwd)
|
|
{
|
|
- char scrambled_passwd[32];
|
|
+ char scrambled_passwd[2*SHA1_HASH_SIZE + 2];
|
|
|
|
make_scrambled_password(scrambled_passwd, passwd);
|
|
return (!strcmp(scrambled_passwd, enc_passwd));
|
|
}
|
|
|
|
+static int check_apache_encryption(const char *passwd, char *enc_passwd)
|
|
+{
|
|
+#ifdef APACHE2
|
|
+ return (!apr_password_validate(passwd, enc_passwd));
|
|
+#else
|
|
+ return (!ap_validate_password(passwd, enc_passwd));
|
|
+#endif
|
|
+}
|
|
+
|
|
typedef struct {
|
|
char *name;
|
|
int (*check_function)(const char *passwd, char *enc_passwd);
|
|
@@ -250,9 +271,12 @@ encryption_type_entry supported_encrypti
|
|
#if CRYPT_MD5
|
|
{ "Crypt_MD5", check_crypt_MD5_encryption, CRYPT_MD5_ENCRYPTION_FLAG },
|
|
#endif
|
|
+#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT)
|
|
{ "Crypt", check_crypt_encryption, CRYPT_ENCRYPTION_FLAG },
|
|
+#endif
|
|
{ "PHP_MD5", check_PHP_MD5_encryption, PHP_MD5_ENCRYPTION_FLAG },
|
|
{ "SHA1Sum", check_SHA1Sum_encryption, SHA1SUM_ENCRYPTION_FLAG},
|
|
+ { "Apache", check_apache_encryption, APACHE_ENCRYPTION_FLAG },
|
|
/* add additional encryption types below */
|
|
{ NULL, NULL, 0 }
|
|
};
|
|
@@ -284,6 +308,7 @@ typedef struct {
|
|
char *db_user;
|
|
char *db_pwd;
|
|
char *db_name;
|
|
+ char *db_charset;
|
|
|
|
MYSQL *dbh;
|
|
|
|
@@ -324,11 +349,14 @@ typedef struct {
|
|
|
|
module auth_mysql_module;
|
|
|
|
+static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec);
|
|
+
|
|
#ifdef APACHE2
|
|
static apr_status_t
|
|
#else
|
|
static void
|
|
#endif
|
|
+
|
|
auth_mysql_cleanup(void *ptr)
|
|
{
|
|
mysql_auth_config_rec *sec = ptr;
|
|
@@ -380,7 +408,7 @@ void *create_mysql_auth_dir_config(pool
|
|
sizeof(mysql_auth_config_rec));
|
|
#endif
|
|
|
|
- sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = NULL;
|
|
+ sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = sec->db_charset = NULL;
|
|
|
|
sec->dbh = NULL;
|
|
/* When the memory for this connection record is cleaned, we must
|
|
@@ -489,9 +517,9 @@ static const char *set_scrambled_passwor
|
|
* server when passed in as part of a query.
|
|
*/
|
|
#ifdef APACHE2
|
|
-static char *mysql_escape(char *str, apr_pool_t *p)
|
|
+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p)
|
|
#else
|
|
-static char *mysql_escape(char *str, pool *p)
|
|
+static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p)
|
|
#endif
|
|
{
|
|
char *dest;
|
|
@@ -505,7 +533,7 @@ static char *mysql_escape(char *str, poo
|
|
return str;
|
|
}
|
|
|
|
- mysql_escape_string(dest, str, strlen(str));
|
|
+ mysql_real_escape_string(sec->dbh, dest, str, strlen(str));
|
|
|
|
return dest;
|
|
}
|
|
@@ -644,6 +672,24 @@ static const char *enable_mysql(cmd_parm
|
|
return NULL;
|
|
}
|
|
|
|
+static const char *set_empty_passwords(cmd_parms *cmd, void *sconf, int arg)
|
|
+{
|
|
+ mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
|
|
+
|
|
+ sec->allow_empty_passwords = arg;
|
|
+ APACHELOG(APLOG_DEBUG, cmd, "set_empty_passwords: Setting allow_empty_passwords in %s to %i", sec->dir, sec->allow_empty_passwords);
|
|
+ return NULL;
|
|
+}
|
|
+
|
|
+static const char *set_authoritative(cmd_parms *cmd, void *sconf, int arg)
|
|
+{
|
|
+ mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
|
|
+
|
|
+ sec->authoritative = arg;
|
|
+ APACHELOG(APLOG_DEBUG, cmd, "set_authoritative: Setting authoritative in %s to %i", sec->dir, sec->authoritative);
|
|
+ return NULL;
|
|
+}
|
|
+
|
|
/* The command list. What it's called, when it's legal to use it, and
|
|
* what to do when we find it. Pretty cool, IMHO.
|
|
*/
|
|
@@ -655,14 +701,30 @@ command_rec mysql_auth_cmds[] = {
|
|
NULL,
|
|
RSRC_CONF, "host, user and password of the MySQL database" ),
|
|
|
|
+ AP_INIT_TAKE3( "AuthMySQL_Info", set_auth_mysql_info,
|
|
+ NULL,
|
|
+ RSRC_CONF, "host, user and password of the MySQL database" ),
|
|
+
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultHost", set_auth_mysql_host,
|
|
+ NULL,
|
|
+ RSRC_CONF, "Default MySQL host" ),
|
|
+
|
|
AP_INIT_TAKE1( "AuthMySQL_DefaultHost", set_auth_mysql_host,
|
|
NULL,
|
|
RSRC_CONF, "Default MySQL host" ),
|
|
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultUser", set_auth_mysql_user,
|
|
+ NULL,
|
|
+ RSRC_CONF, "Default MySQL user" ),
|
|
+
|
|
AP_INIT_TAKE1( "AuthMySQL_DefaultUser", set_auth_mysql_user,
|
|
NULL,
|
|
RSRC_CONF, "Default MySQL user" ),
|
|
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd,
|
|
+ NULL,
|
|
+ RSRC_CONF, "Default MySQL password" ),
|
|
+
|
|
AP_INIT_TAKE1( "AuthMySQL_DefaultPassword", set_auth_mysql_pwd,
|
|
NULL,
|
|
RSRC_CONF, "Default MySQL password" ),
|
|
@@ -671,138 +733,182 @@ command_rec mysql_auth_cmds[] = {
|
|
NULL,
|
|
RSRC_CONF, "Default MySQL server port" ),
|
|
|
|
+ AP_INIT_TAKE1( "AuthMySQL_DefaultPort", set_auth_mysql_port,
|
|
+ NULL,
|
|
+ RSRC_CONF, "Default MySQL server port" ),
|
|
+
|
|
AP_INIT_TAKE1( "Auth_MySQL_DefaultSocket", set_auth_mysql_socket,
|
|
NULL,
|
|
RSRC_CONF, "Default MySQL server socket" ),
|
|
|
|
+ AP_INIT_TAKE1( "AuthMySQL_DefaultSocket", set_auth_mysql_socket,
|
|
+ NULL,
|
|
+ RSRC_CONF, "Default MySQL server socket" ),
|
|
+
|
|
AP_INIT_TAKE1( "Auth_MySQL_General_DB", set_auth_mysql_db,
|
|
NULL,
|
|
RSRC_CONF, "default database for MySQL authentication" ),
|
|
|
|
+ AP_INIT_TAKE1( "AuthMySQL_General_DB", set_auth_mysql_db,
|
|
+ NULL,
|
|
+ RSRC_CONF, "default database for MySQL authentication" ),
|
|
+
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_DefaultDB", set_auth_mysql_db,
|
|
+ NULL,
|
|
+ RSRC_CONF, "default database for MySQL authentication" ),
|
|
+
|
|
AP_INIT_TAKE1( "AuthMySQL_DefaultDB", set_auth_mysql_db,
|
|
NULL,
|
|
RSRC_CONF, "default database for MySQL authentication" ),
|
|
|
|
- AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host),
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host),
|
|
OR_AUTHCFG, "database host" ),
|
|
|
|
- AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host),
|
|
+ AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host),
|
|
OR_AUTHCFG, "database host" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Socket", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket),
|
|
OR_AUTHCFG, "database host socket" ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_Socket", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket),
|
|
OR_AUTHCFG, "database host socket" ),
|
|
|
|
- AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port),
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_int_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port),
|
|
OR_AUTHCFG, "database host port" ),
|
|
|
|
- AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port),
|
|
+ AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_int_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port),
|
|
OR_AUTHCFG, "database host port" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Username", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
|
|
+ OR_AUTHCFG, "database user" ),
|
|
+
|
|
+ AP_INIT_TAKE1( "AuthMySQL_Username", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
|
|
+ OR_AUTHCFG, "database user" ),
|
|
+
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_User", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
|
|
OR_AUTHCFG, "database user" ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_User", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user),
|
|
OR_AUTHCFG, "database user" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Password", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd),
|
|
OR_AUTHCFG, "database password" ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_Password", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd),
|
|
OR_AUTHCFG, "database password" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_DB", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name),
|
|
OR_AUTHCFG, "database name" ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_DB", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name),
|
|
OR_AUTHCFG, "database name" ),
|
|
|
|
+ AP_INIT_TAKE1( "Auth_MySQL_CharacterSet", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset),
|
|
+ OR_AUTHCFG, "character set" ),
|
|
+
|
|
+ AP_INIT_TAKE1( "AuthMySQL_CharacterSet", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset),
|
|
+ OR_AUTHCFG, "character set" ),
|
|
+
|
|
AP_INIT_TAKE1( "Auth_MySQL_Password_Table", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table),
|
|
OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_Password_Table", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table),
|
|
OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Group_Table", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table),
|
|
+ OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
|
|
+
|
|
+ AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table),
|
|
OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Group_Clause", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_where_clause),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause),
|
|
OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ),
|
|
|
|
- AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table),
|
|
- OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ),
|
|
+ AP_INIT_TAKE1( "AuthMySQL_Group_Clause", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause),
|
|
+ OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Password_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field),
|
|
OR_AUTHCFG, "The name of the field in the MySQL password table" ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_Password_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field),
|
|
OR_AUTHCFG, "The name of the field in the MySQL password table" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Password_Clause", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
|
|
+ OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
|
|
+
|
|
+ AP_INIT_TAKE1( "AuthMySQL_Password_Clause", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
|
|
OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Username_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field),
|
|
OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_Username_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field),
|
|
OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Group_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field),
|
|
OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_Group_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field),
|
|
OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Group_User_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field),
|
|
OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ),
|
|
|
|
AP_INIT_TAKE1( "AuthMySQL_Group_User_Field", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field),
|
|
OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ),
|
|
|
|
- AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", ap_set_flag_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
|
|
+ AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", set_empty_passwords,
|
|
+ NULL,
|
|
OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ),
|
|
|
|
- AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", ap_set_flag_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
|
|
+ AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", set_empty_passwords,
|
|
+ NULL,
|
|
OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ),
|
|
|
|
- AP_INIT_FLAG( "Auth_MySQL_Authoritative", ap_set_flag_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
|
|
+ AP_INIT_FLAG( "Auth_MySQL_Authoritative", set_authoritative,
|
|
+ NULL,
|
|
OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ),
|
|
|
|
- AP_INIT_FLAG( "AuthMySQL_Authoritative", ap_set_flag_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
|
|
+ AP_INIT_FLAG( "AuthMySQL_Authoritative", set_authoritative,
|
|
+ NULL,
|
|
OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ),
|
|
|
|
+ AP_INIT_FLAG( "Auth_MySQL_AllowOverride", set_auth_mysql_override,
|
|
+ NULL,
|
|
+ RSRC_CONF, "Allow directory overrides of configuration" ),
|
|
+
|
|
AP_INIT_FLAG( "AuthMySQL_AllowOverride", set_auth_mysql_override,
|
|
NULL,
|
|
RSRC_CONF, "Allow directory overrides of configuration" ),
|
|
@@ -835,6 +941,14 @@ command_rec mysql_auth_cmds[] = {
|
|
NULL,
|
|
OR_AUTHCFG, "Use non-persistent MySQL links" ),
|
|
|
|
+ AP_INIT_FLAG( "AuthMySQL_Non_Persistent", set_non_persistent,
|
|
+ NULL,
|
|
+ OR_AUTHCFG, "Use non-persistent MySQL links" ),
|
|
+
|
|
+ AP_INIT_FLAG( "Auth_MySQL_Persistent", set_persistent,
|
|
+ NULL,
|
|
+ OR_AUTHCFG, "Use non-persistent MySQL links" ),
|
|
+
|
|
AP_INIT_FLAG( "AuthMySQL_Persistent", set_persistent,
|
|
NULL,
|
|
OR_AUTHCFG, "Use non-persistent MySQL links" ),
|
|
@@ -848,7 +962,11 @@ command_rec mysql_auth_cmds[] = {
|
|
OR_AUTHCFG, "Enable MySQL authentication" ),
|
|
|
|
AP_INIT_TAKE1( "Auth_MySQL_Where", ap_set_string_slot,
|
|
- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause),
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
|
|
+ OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
|
|
+
|
|
+ AP_INIT_TAKE1( "AuthMySQL_Where", ap_set_string_slot,
|
|
+ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause),
|
|
OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ),
|
|
|
|
{ NULL }
|
|
@@ -859,14 +977,30 @@ command_rec mysql_auth_cmds[] = {
|
|
NULL,
|
|
RSRC_CONF, TAKE3, "host, user and password of the MySQL database" },
|
|
|
|
+ { "AuthMySQL_Info", set_auth_mysql_info,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE3, "host, user and password of the MySQL database" },
|
|
+
|
|
+ { "Auth_MySQL_DefaultHost", set_auth_mysql_host,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE1, "Default MySQL host" },
|
|
+
|
|
{ "AuthMySQL_DefaultHost", set_auth_mysql_host,
|
|
NULL,
|
|
RSRC_CONF, TAKE1, "Default MySQL host" },
|
|
|
|
+ { "Auth_MySQL_DefaultUser", set_auth_mysql_user,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE1, "Default MySQL user" },
|
|
+
|
|
{ "AuthMySQL_DefaultUser", set_auth_mysql_user,
|
|
NULL,
|
|
RSRC_CONF, TAKE1, "Default MySQL user" },
|
|
|
|
+ { "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE1, "Default MySQL password" },
|
|
+
|
|
{ "AuthMySQL_DefaultPassword", set_auth_mysql_pwd,
|
|
NULL,
|
|
RSRC_CONF, TAKE1, "Default MySQL password" },
|
|
@@ -875,23 +1009,39 @@ command_rec mysql_auth_cmds[] = {
|
|
NULL,
|
|
RSRC_CONF, TAKE1, "Default MySQL server port" },
|
|
|
|
+ { "AuthMySQL_DefaultPort", set_auth_mysql_port,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE1, "Default MySQL server port" },
|
|
+
|
|
{ "Auth_MySQL_DefaultSocket", set_auth_mysql_socket,
|
|
NULL,
|
|
RSRC_CONF, TAKE1, "Default MySQL server socket" },
|
|
|
|
+ { "AuthMySQL_DefaultSocket", set_auth_mysql_socket,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE1, "Default MySQL server socket" },
|
|
+
|
|
{ "Auth_MySQL_General_DB", set_auth_mysql_db,
|
|
NULL,
|
|
RSRC_CONF, TAKE1, "default database for MySQL authentication" },
|
|
|
|
+ { "AuthMySQL_General_DB", set_auth_mysql_db,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE1, "default database for MySQL authentication" },
|
|
+
|
|
+ { "Auth_MySQL_DefaultDB", set_auth_mysql_db,
|
|
+ NULL,
|
|
+ RSRC_CONF, TAKE1, "default database for MySQL authentication" },
|
|
+
|
|
{ "AuthMySQL_DefaultDB", set_auth_mysql_db,
|
|
NULL,
|
|
RSRC_CONF, TAKE1, "default database for MySQL authentication" },
|
|
|
|
- { "AuthMySQL_Host", ap_set_string_slot,
|
|
+ { "Auth_MySQL_Host", ap_set_string_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, db_host),
|
|
OR_AUTHCFG, TAKE1, "database host" },
|
|
|
|
- { "Auth_MySQL_Host", ap_set_string_slot,
|
|
+ { "AuthMySQL_Host", ap_set_string_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, db_host),
|
|
OR_AUTHCFG, TAKE1, "database host" },
|
|
|
|
@@ -899,7 +1049,15 @@ command_rec mysql_auth_cmds[] = {
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, db_socket),
|
|
OR_AUTHCFG, TAKE1, "database host socket" },
|
|
|
|
- { "Auth_MySQL_Port", ap_set_string_slot,
|
|
+ { "AuthMySQL_Socket", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_socket),
|
|
+ OR_AUTHCFG, TAKE1, "database host socket" },
|
|
+
|
|
+ { "Auth_MySQL_Port", ap_set_int_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_port),
|
|
+ OR_AUTHCFG, TAKE1, "database host socket" },
|
|
+
|
|
+ { "AuthMySQL_Port", ap_set_int_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, db_port),
|
|
OR_AUTHCFG, TAKE1, "database host socket" },
|
|
|
|
@@ -907,6 +1065,14 @@ command_rec mysql_auth_cmds[] = {
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, db_user),
|
|
OR_AUTHCFG, TAKE1, "database user" },
|
|
|
|
+ { "AuthMySQL_Username", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
|
|
+ OR_AUTHCFG, TAKE1, "database user" },
|
|
+
|
|
+ { "Auth_MySQL_User", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_user),
|
|
+ OR_AUTHCFG, TAKE1, "database user" },
|
|
+
|
|
{ "AuthMySQL_User", ap_set_string_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, db_user),
|
|
OR_AUTHCFG, TAKE1, "database user" },
|
|
@@ -927,6 +1093,14 @@ command_rec mysql_auth_cmds[] = {
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, db_name),
|
|
OR_AUTHCFG, TAKE1, "database name" },
|
|
|
|
+ { "Auth_MySQL_CharacterSet", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_charset),
|
|
+ OR_AUTHCFG, TAKE1, "character set" },
|
|
+
|
|
+ { "AuthMySQL_CharacterSet", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, db_charset),
|
|
+ OR_AUTHCFG, TAKE1, "character set" },
|
|
+
|
|
{ "Auth_MySQL_Password_Table", ap_set_string_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, user_table),
|
|
OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the password/user-name combination" },
|
|
@@ -939,14 +1113,18 @@ command_rec mysql_auth_cmds[] = {
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, group_table),
|
|
OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
|
|
|
|
+ { "AuthMySQL_Group_Table", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, group_table),
|
|
+ OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
|
|
+
|
|
{ "Auth_MySQL_Group_Clause", ap_set_string_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause),
|
|
OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" },
|
|
|
|
- { "AuthMySQL_Group_Table", ap_set_string_slot,
|
|
- (void *) XtOffsetOf(mysql_auth_config_rec, group_table),
|
|
- OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." },
|
|
-
|
|
+ { "AuthMySQL_Group_Clause", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause),
|
|
+ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" },
|
|
+
|
|
{ "Auth_MySQL_Password_Field", ap_set_string_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, password_field),
|
|
OR_AUTHCFG, TAKE1, "The name of the field in the MySQL password table" },
|
|
@@ -959,6 +1137,10 @@ command_rec mysql_auth_cmds[] = {
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
|
|
OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
|
|
|
|
+ { "AuthMySQL_Password_Clause", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
|
|
+ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
|
|
+
|
|
{ "Auth_MySQL_Username_Field", ap_set_string_slot,
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, user_field),
|
|
OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL password (and possibly group) table(s)." },
|
|
@@ -983,22 +1165,26 @@ command_rec mysql_auth_cmds[] = {
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, group_user_field),
|
|
OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." },
|
|
|
|
- { "Auth_MySQL_Empty_Passwords", ap_set_flag_slot,
|
|
- (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
|
|
+ { "Auth_MySQL_Empty_Passwords", set_empty_passwords,
|
|
+ NULL,
|
|
OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." },
|
|
|
|
- { "AuthMySQL_Empty_Passwords", ap_set_flag_slot,
|
|
- (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
|
|
+ { "AuthMySQL_Empty_Passwords", set_empty_passwords,
|
|
+ NULL,
|
|
OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." },
|
|
|
|
- { "Auth_MySQL_Authoritative", ap_set_flag_slot,
|
|
- (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
|
|
+ { "Auth_MySQL_Authoritative", set_authoritative,
|
|
+ NULL,
|
|
OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." },
|
|
|
|
- { "AuthMySQL_Authoritative", ap_set_flag_slot,
|
|
- (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
|
|
+ { "AuthMySQL_Authoritative", set_authoritative,
|
|
+ NULL,
|
|
OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." },
|
|
|
|
+ { "Auth_MySQL_AllowOverride", set_auth_mysql_override,
|
|
+ NULL,
|
|
+ RSRC_CONF, FLAG, "Allow directory overrides of configuration" },
|
|
+
|
|
{ "AuthMySQL_AllowOverride", set_auth_mysql_override,
|
|
NULL,
|
|
RSRC_CONF, FLAG, "Allow directory overrides of configuration" },
|
|
@@ -1031,6 +1217,14 @@ command_rec mysql_auth_cmds[] = {
|
|
NULL,
|
|
OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
|
|
|
|
+ { "AuthMySQL_Non_Persistent", set_non_persistent,
|
|
+ NULL,
|
|
+ OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
|
|
+
|
|
+ { "Auth_MySQL_Persistent", set_persistent,
|
|
+ NULL,
|
|
+ OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
|
|
+
|
|
{ "AuthMySQL_Persistent", set_persistent,
|
|
NULL,
|
|
OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" },
|
|
@@ -1047,6 +1241,10 @@ command_rec mysql_auth_cmds[] = {
|
|
(void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
|
|
OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
|
|
|
|
+ { "AuthMySQL_Where", ap_set_string_slot,
|
|
+ (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause),
|
|
+ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" },
|
|
+
|
|
{ NULL }
|
|
};
|
|
|
|
@@ -1092,6 +1290,10 @@ static int open_auth_dblink(request_rec
|
|
char *dbname = auth_db_name, *user = auth_db_user, *pwd = auth_db_pwd;
|
|
void (*sigpipe_handler)();
|
|
unsigned long client_flag = 0;
|
|
+#if MYSQL_VERSION_ID >= 50013
|
|
+ my_bool do_reconnect = 1;
|
|
+#endif
|
|
+ char *query;
|
|
|
|
APACHELOG(APLOG_DEBUG, r, "Opening DB connection for %s", sec->dir);
|
|
|
|
@@ -1160,6 +1362,13 @@ static int open_auth_dblink(request_rec
|
|
return errno;
|
|
}
|
|
|
|
+#if MYSQL_VERSION_ID >= 50013
|
|
+ /* The default is no longer to automatically reconnect on failure,
|
|
+ * (as of 5.0.3) so we have to set that option here. The option is
|
|
+ * available from 5.0.13. */
|
|
+ mysql_options(sec->dbh, MYSQL_OPT_RECONNECT, &do_reconnect);
|
|
+#endif
|
|
+
|
|
signal(SIGPIPE, sigpipe_handler);
|
|
|
|
APACHELOG(APLOG_DEBUG, r, "Persistent in %s is %i", sec->dir, sec->persistent);
|
|
@@ -1175,6 +1384,23 @@ static int open_auth_dblink(request_rec
|
|
#endif
|
|
}
|
|
|
|
+ if (sec->db_charset) {
|
|
+ const char *check;
|
|
+
|
|
+ APACHELOG(APLOG_DEBUG, r,
|
|
+ "Setting character set to %s", sec->db_charset);
|
|
+
|
|
+ mysql_set_character_set(sec->dbh, sec->db_charset);
|
|
+
|
|
+ check = mysql_character_set_name(sec->dbh);
|
|
+
|
|
+ if (!check || strcmp(sec->db_charset, check)) {
|
|
+ APACHELOG(APLOG_ERR, r,
|
|
+ "Failed to set character set to %s", sec->db_charset);
|
|
+ return -1;
|
|
+ }
|
|
+ }
|
|
+
|
|
/* W00t! We made it! */
|
|
return 0;
|
|
}
|
|
@@ -1287,10 +1513,16 @@ static int check_password(const char *pl
|
|
encryption_type_entry *ete;
|
|
|
|
/* empty password support */
|
|
- if (sec->allow_empty_passwords && !strlen(hashed)) {
|
|
- APACHELOG(APLOG_INFO, r, "User successful on empty password");
|
|
- return 1;
|
|
- }
|
|
+ if (!strlen(hashed)) {
|
|
+ if (sec->allow_empty_passwords) {
|
|
+ APACHELOG(APLOG_INFO, r, "User successful on empty password");
|
|
+ return 1;
|
|
+ } else {
|
|
+ APACHELOG(APLOG_INFO, r, "Rejecting login because of empty password field in DB");
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+
|
|
|
|
for (ete=supported_encryption_types; ete->name; ete++) {
|
|
if (sec->encryption_types & ete->flag) {
|
|
@@ -1315,11 +1547,27 @@ static int mysql_check_user_password(req
|
|
char *auth_table = "mysql_auth", *auth_user_field = "username",
|
|
*auth_password_field = "passwd", *auth_password_clause = "";
|
|
char *query;
|
|
- char *esc_user = mysql_escape(user, r->pool);
|
|
+ char *esc_user = NULL;
|
|
MYSQL_RES *result;
|
|
MYSQL_ROW sql_row;
|
|
+ int error = CR_UNKNOWN_ERROR;
|
|
int rv;
|
|
|
|
+ if (!sec->dbh) {
|
|
+ APACHELOG(APLOG_DEBUG, r,
|
|
+ "No DB connection open - firing one up");
|
|
+ if ((error = open_auth_dblink(r, sec))) {
|
|
+ APACHELOG(APLOG_DEBUG, r,
|
|
+ "open_auth_dblink returned %i", error);
|
|
+ return error;
|
|
+ }
|
|
+
|
|
+ APACHELOG(APLOG_DEBUG, r,
|
|
+ "Correctly opened a new DB connection");
|
|
+ }
|
|
+
|
|
+ esc_user = mysql_escape(sec, r, user, r->pool);
|
|
+
|
|
if (sec->user_table) {
|
|
auth_table = sec->user_table;
|
|
}
|
|
@@ -1405,8 +1653,8 @@ static int mysql_check_group(request_rec
|
|
{
|
|
char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause="";
|
|
char *query;
|
|
- char *esc_user = mysql_escape(user, r->pool);
|
|
- char *esc_group = mysql_escape(group, r->pool);
|
|
+ char *esc_user = mysql_escape(sec, r, user, r->pool);
|
|
+ char *esc_group = mysql_escape(sec, r, group, r->pool);
|
|
MYSQL_RES *result;
|
|
MYSQL_ROW row;
|
|
char *auth_user_field = "username";
|