diff options
-rw-r--r-- | www/ap2-auth-mysql/DESCR | 2 | ||||
-rw-r--r-- | www/ap2-auth-mysql/Makefile | 48 | ||||
-rw-r--r-- | www/ap2-auth-mysql/PLIST | 4 | ||||
-rw-r--r-- | www/ap2-auth-mysql/distinfo | 7 | ||||
-rw-r--r-- | www/ap2-auth-mysql/patches/patch-aa | 371 |
5 files changed, 432 insertions, 0 deletions
diff --git a/www/ap2-auth-mysql/DESCR b/www/ap2-auth-mysql/DESCR new file mode 100644 index 00000000000..d3f6e6f5488 --- /dev/null +++ b/www/ap2-auth-mysql/DESCR @@ -0,0 +1,2 @@ +mod_auth_mysql will allow you to use a MySQL database to authenticate users +with the Apache 2 HTTP server. diff --git a/www/ap2-auth-mysql/Makefile b/www/ap2-auth-mysql/Makefile new file mode 100644 index 00000000000..d2520c4f32b --- /dev/null +++ b/www/ap2-auth-mysql/Makefile @@ -0,0 +1,48 @@ +# $NetBSD: Makefile,v 1.1.1.1 2003/12/31 13:03:01 cube Exp $ +# + +DISTNAME= mod_auth_mysql.c +PKGNAME= ap2-auth-mysql-1.11.12 +WRKSRC= ${WRKDIR}/${PKGNAME} +CATEGORIES= www databases +MASTER_SITES= ftp://ftp.kcilink.com/pub/ +DISTFILES= ${DISTNAME}.gz mysql-group-auth.txt + +MAINTAINER= cube@NetBSD.org +HOMEPAGE= ftp://ftp.redhat.com/pub/redhat/linux/9/en/os/i386/SRPMS/ +COMMENT= Module to allow Apache 2 authentication against a MySQL database + +CONFLICTS+= ap-auth-mysql-* + +DIST_SUBDIR= ap2-auth-mysql +EXTRACT_ONLY= ${DISTNAME}.gz + +USE_BUILDLINK2= yes +NO_CONFIGURE= yes + +APACHE_MODULE_NAME= mod_auth_mysql +DOC_DIR= ${PREFIX}/share/doc/${APACHE_MODULE_NAME} + +post-extract: + ${MKDIR} ${WRKSRC} + ${MV} ${WRKDIR}/${DISTNAME} ${WRKSRC} + ${CP} ${DISTDIR}/${DIST_SUBDIR}/mysql-group-auth.txt ${WRKSRC} + +do-build: + cd ${WRKSRC} && \ + ${APXS} -c -n ${APACHE_MODULE_NAME} \ + -I${BUILDLINK_PREFIX.mysql-client}/include \ + -L${BUILDLINK_PREFIX.mysql-client}/lib/mysql \ + -Wl,${RPATH_FLAG} -Wl,${BUILDLINK_PREFIX.mysql-client}/lib/mysql \ + -lmysqlclient ${DISTNAME} + +do-install: + cd ${WRKSRC} && \ + ${APXS} -i -n ${APACHE_MODULE_NAME} ${APACHE_MODULE_NAME}.la + ${INSTALL_DATA_DIR} ${DOC_DIR} + ${INSTALL_DATA} ${WRKSRC}/mysql-group-auth.txt ${DOC_DIR} + +.include "../../www/apache2/buildlink2.mk" +.include "../../databases/mysql-client/buildlink2.mk" + +.include "../../mk/bsd.pkg.mk" diff --git a/www/ap2-auth-mysql/PLIST b/www/ap2-auth-mysql/PLIST new file mode 100644 index 00000000000..e493786fc02 --- /dev/null +++ b/www/ap2-auth-mysql/PLIST @@ -0,0 +1,4 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2003/12/31 13:03:02 cube Exp $ +lib/httpd/mod_auth_mysql.so +share/doc/mod_auth_mysql/mysql-group-auth.txt +@dirrm share/doc/mod_auth_mysql diff --git a/www/ap2-auth-mysql/distinfo b/www/ap2-auth-mysql/distinfo new file mode 100644 index 00000000000..4dce05f77a1 --- /dev/null +++ b/www/ap2-auth-mysql/distinfo @@ -0,0 +1,7 @@ +$NetBSD: distinfo,v 1.1.1.1 2003/12/31 13:03:02 cube Exp $ + +SHA1 (ap2-auth-mysql/mod_auth_mysql.c.gz) = 0e53b22ccd2ebd36a213d5e418b02e6167a1300b +Size (ap2-auth-mysql/mod_auth_mysql.c.gz) = 6900 bytes +SHA1 (ap2-auth-mysql/mysql-group-auth.txt) = 6c0d39ed3ac6a3955d8d8c7c4892e07ba3d3ae77 +Size (ap2-auth-mysql/mysql-group-auth.txt) = 1564 bytes +SHA1 (patch-aa) = cb5d7ce78de0606fc2a3581d693e93cdd16c19ac diff --git a/www/ap2-auth-mysql/patches/patch-aa b/www/ap2-auth-mysql/patches/patch-aa new file mode 100644 index 00000000000..6b607583e17 --- /dev/null +++ b/www/ap2-auth-mysql/patches/patch-aa @@ -0,0 +1,371 @@ +$NetBSD: patch-aa,v 1.1.1.1 2003/12/31 13:03:03 cube Exp $ + +--- mod_auth_mysql.c.orig 2003-11-24 16:36:19.000000000 +0100 ++++ mod_auth_mysql.c +@@ -189,7 +189,9 @@ + #include "http_core.h" + #include "http_log.h" + #include "http_protocol.h" ++#include "apr_strings.h" + #include <mysql/mysql.h> ++#include <unistd.h> + + /* + * structure to hold the configuration details for the request +@@ -221,34 +223,26 @@ static MYSQL *mysql_handle = NULL; + * Callback to close mysql handle when necessary. Also called when a + * child httpd process is terminated. + */ +-static void ++static apr_status_t + mod_auth_mysql_cleanup (void *notused) + { + if (mysql_handle) mysql_close(mysql_handle); + mysql_handle = NULL; /* make sure we don't try to use it later */ ++ return APR_SUCCESS; + } + + /* + * empty function necessary because register_cleanup requires it as one + * of its parameters + */ +-static void ++static apr_status_t + mod_auth_mysql_cleanup_child (void *notused) + { + /* nothing */ ++ return APR_SUCCESS; + } + + /* +- * handler to do cleanup on child exit +- */ +-static void +-child_exit(server_rec *s, pool *p) +-{ +- mod_auth_mysql_cleanup(NULL); +-} +- +- +-/* + * open connection to DB server if necessary. Return TRUE if connection + * is good, FALSE if not able to connect. If false returned, reason + * for failure has been logged to error_log file already. +@@ -280,16 +274,16 @@ open_db_handle(request_rec *r, mysql_aut + + if (!m->mysqlKeepAlive) { + /* close when request done */ +- ap_register_cleanup(r->pool, (void *)NULL, +- mod_auth_mysql_cleanup, +- mod_auth_mysql_cleanup_child); ++ apr_pool_cleanup_register(r->pool, r->server, ++ mod_auth_mysql_cleanup, ++ mod_auth_mysql_cleanup_child); + } /* ELSE... + * Child process is notified when it is terminated so we + * do a graceful close to the server in that handler. + */ + + } else { /* failed to get MySQL connection */ +- ap_log_error (APLOG_MARK, APLOG_ERR, r->server, ++ ap_log_error (APLOG_MARK, APLOG_ERR, 0, r->server, + "MySQL error: %s", mysql_error(&mysql_conn)); + return FALSE; + } +@@ -299,9 +293,9 @@ open_db_handle(request_rec *r, mysql_aut + + + static void * +-create_mysql_auth_dir_config (pool *p, char *d) ++create_mysql_auth_dir_config (apr_pool_t *p, char *d) + { +- mysql_auth_config_rec *m = ap_pcalloc (p, sizeof(mysql_auth_config_rec)); ++ mysql_auth_config_rec *m = apr_pcalloc (p, sizeof(mysql_auth_config_rec)); + if (!m) return NULL; /* failure to get memory is a bad thing */ + + /* defaults values */ +@@ -316,45 +310,45 @@ create_mysql_auth_dir_config (pool *p, c + + static + command_rec mysql_auth_cmds[] = { +- { "AuthMySQLHost", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlhost), +- OR_AUTHCFG, TAKE1, "mysql server host name" }, +- { "AuthMySQLUser", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqluser), +- OR_AUTHCFG, TAKE1, "mysql server user name" }, +- { "AuthMySQLPassword", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlpasswd), +- OR_AUTHCFG, TAKE1, "mysql server user password" }, +- { "AuthMySQLDB", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlDB), +- OR_AUTHCFG, TAKE1, "mysql database name" }, +- { "AuthMySQLUserTable", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlpwtable), +- OR_AUTHCFG, TAKE1, "mysql user table name" }, +- { "AuthMySQLGroupTable", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlgrptable), +- OR_AUTHCFG, TAKE1, "mysql group table name" }, +- { "AuthMySQLNameField", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlNameField), +- OR_AUTHCFG, TAKE1, "mysql User ID field name within table" }, +- { "AuthMySQLGroupField", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlGroupField), +- OR_AUTHCFG, TAKE1, "mysql Group field name within table" }, +- { "AuthMySQLPasswordField", ap_set_string_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlPasswordField), +- OR_AUTHCFG, TAKE1, "mysql Password field name within table" }, +- { "AuthMySQLCryptedPasswords", ap_set_flag_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlCrypted), +- OR_AUTHCFG, FLAG, "mysql passwords are stored encrypted if On" }, +- { "AuthMySQLKeepAlive", ap_set_flag_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlKeepAlive), +- OR_AUTHCFG, FLAG, "mysql connection kept open across requests if On" }, +- { "AuthMySQLAuthoritative", ap_set_flag_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlAuthoritative), +- OR_AUTHCFG, FLAG, "mysql lookup is authoritative if On" }, +- { "AuthMySQLNoPasswd", ap_set_flag_slot, +- (void*)XtOffsetOf(mysql_auth_config_rec, mysqlNoPasswd), +- OR_AUTHCFG, FLAG, "If On, only check if user exists; ignore password" }, ++ AP_INIT_TAKE1("AuthMySQLHost", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlhost), ++ OR_AUTHCFG, "mysql server host name"), ++ AP_INIT_TAKE1("AuthMySQLUser", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqluser), ++ OR_AUTHCFG, "mysql server user name"), ++ AP_INIT_TAKE1("AuthMySQLPassword", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlpasswd), ++ OR_AUTHCFG, "mysql server user password"), ++ AP_INIT_TAKE1("AuthMySQLDB", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlDB), ++ OR_AUTHCFG, "mysql database name"), ++ AP_INIT_TAKE1("AuthMySQLUserTable", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlpwtable), ++ OR_AUTHCFG, "mysql user table name"), ++ AP_INIT_TAKE1("AuthMySQLGroupTable", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlgrptable), ++ OR_AUTHCFG, "mysql group table name"), ++ AP_INIT_TAKE1("AuthMySQLNameField", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlNameField), ++ OR_AUTHCFG, "mysql User ID field name within table"), ++ AP_INIT_TAKE1("AuthMySQLGroupField", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlGroupField), ++ OR_AUTHCFG, "mysql Group field name within table"), ++ AP_INIT_TAKE1("AuthMySQLPasswordField", ap_set_string_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlPasswordField), ++ OR_AUTHCFG, "mysql Password field name within table"), ++ AP_INIT_FLAG("AuthMySQLCryptedPasswords", ap_set_flag_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlCrypted), ++ OR_AUTHCFG, "mysql passwords are stored encrypted if On"), ++ AP_INIT_FLAG("AuthMySQLKeepAlive", ap_set_flag_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlKeepAlive), ++ OR_AUTHCFG, "mysql connection kept open across requests if On"), ++ AP_INIT_FLAG("AuthMySQLAuthoritative", ap_set_flag_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlAuthoritative), ++ OR_AUTHCFG, "mysql lookup is authoritative if On"), ++ AP_INIT_FLAG("AuthMySQLNoPasswd", ap_set_flag_slot, ++ (void*)APR_XtOffsetOf(mysql_auth_config_rec, mysqlNoPasswd), ++ OR_AUTHCFG, "If On, only check if user exists; ignore password"), + { NULL } + }; + +@@ -379,7 +373,7 @@ get_mysql_pw(request_rec *r, char *user, + } + + if (mysql_select_db(mysql_handle,m->mysqlDB) != 0) { +- ap_log_error (APLOG_MARK, APLOG_ERR, r->server, ++ ap_log_error (APLOG_MARK, APLOG_ERR, 0, r->server, + "MySQL error: %s", mysql_error(mysql_handle)); + return NULL; + } +@@ -394,13 +388,13 @@ get_mysql_pw(request_rec *r, char *user, + } + + ulen = strlen(user); +- sql_safe_user = ap_pcalloc(r->pool, ulen*2+1); ++ sql_safe_user = apr_pcalloc(r->pool, ulen*2+1); + mysql_escape_string(sql_safe_user,user,ulen); +- ap_snprintf(query,sizeof(query)-1,"SELECT %s FROM %s WHERE %s='%s'", +- m->mysqlPasswordField, m->mysqlpwtable, +- m->mysqlNameField, sql_safe_user); ++ apr_snprintf(query,sizeof(query)-1,"SELECT %s FROM %s WHERE %s='%s'", ++ m->mysqlPasswordField, m->mysqlpwtable, ++ m->mysqlNameField, sql_safe_user); + if (mysql_query(mysql_handle, query) != 0) { +- ap_log_error (APLOG_MARK, APLOG_ERR, r->server, ++ ap_log_error (APLOG_MARK, APLOG_ERR, 0, r->server, + "MySQL error %s: %s", mysql_error(mysql_handle),r->uri); + return NULL; + } +@@ -409,10 +403,10 @@ get_mysql_pw(request_rec *r, char *user, + if (result && (mysql_num_rows(result) == 1)) { + MYSQL_ROW data = mysql_fetch_row(result); + if (data[0]) { +- pw = ap_pstrdup(r->pool, data[0]); ++ pw = apr_pstrdup(r->pool, data[0]); + } else { /* no password in mysql table returns NULL */ + /* this should never happen, but test for it anyhow */ +- ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "MySQL user %s has no valid password: %s", user, r->uri); + mysql_free_result(result); + return NULL; +@@ -443,19 +437,19 @@ get_mysql_groups(request_rec *r, char *u + } + + if (mysql_select_db(mysql_handle,m->mysqlDB) != 0) { +- ap_log_error (APLOG_MARK, APLOG_ERR, r->server, ++ ap_log_error (APLOG_MARK, APLOG_ERR, 0, r->server, + "MySQL error %s: %s", mysql_error(mysql_handle),r->uri); + return NULL; + } + + ulen = strlen(user); +- sql_safe_user = ap_pcalloc(r->pool, ulen*2+1); ++ sql_safe_user = apr_pcalloc(r->pool, ulen*2+1); + mysql_escape_string(sql_safe_user,user,ulen); +- ap_snprintf(query,sizeof(query)-1,"SELECT %s FROM %s WHERE %s='%s'", +- m->mysqlGroupField, m->mysqlgrptable, +- m->mysqlNameField, sql_safe_user); ++ apr_snprintf(query,sizeof(query)-1,"SELECT %s FROM %s WHERE %s='%s'", ++ m->mysqlGroupField, m->mysqlgrptable, ++ m->mysqlNameField, sql_safe_user); + if (mysql_query(mysql_handle, query) != 0) { +- ap_log_error (APLOG_MARK, APLOG_ERR, r->server, ++ ap_log_error (APLOG_MARK, APLOG_ERR, 0, r->server, + "MySQL error %s: %s", mysql_error(mysql_handle),r->uri); + return NULL; + } +@@ -463,12 +457,12 @@ get_mysql_groups(request_rec *r, char *u + result = mysql_store_result(mysql_handle); + if (result && (mysql_num_rows(result) > 0)) { + int i = mysql_num_rows(result); +- list = (char **)ap_pcalloc(r->pool, sizeof(char *) * (i+1)); ++ list = (char **)apr_pcalloc(r->pool, sizeof(char *) * (i+1)); + list[i] = NULL; /* last element in array is NULL */ + while (i--) { /* populate the array elements */ + MYSQL_ROW data = mysql_fetch_row(result); + if (data[0]) +- list[i] = ap_pstrdup(r->pool, data[0]); ++ list[i] = apr_pstrdup(r->pool, data[0]); + else + list[i] = ""; /* if no data, make it empty, not NULL */ + } +@@ -499,15 +493,15 @@ mysql_authenticate_basic_user (request_r + if(!sec->mysqlpwtable) /* not configured for mysql authorization */ + return DECLINED; + +- if(!(real_pw = get_mysql_pw(r, c->user, sec))) { ++ if(!(real_pw = get_mysql_pw(r, r->user, sec))) { + /* user not found in database */ + if (!sec->mysqlAuthoritative) + return DECLINED; /* let other schemes find user */ + +- ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, +- "MySQL user %s not found: %s", c->user, r->uri); ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, ++ "MySQL user %s not found: %s", r->user, r->uri); + ap_note_basic_auth_failure (r); +- return AUTH_REQUIRED; ++ return HTTP_UNAUTHORIZED; + } + + /* if we don't require password, just return ok since they exist */ +@@ -517,10 +511,10 @@ mysql_authenticate_basic_user (request_r + + /* compare the password, possibly encrypted */ + if(strcmp(real_pw, sec->mysqlCrypted ? crypt(sent_pw,real_pw) : sent_pw)) { +- ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, +- "user %s: password mismatch: %s", c->user, r->uri); ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, ++ "user %s: password mismatch: %s", r->user, r->uri); + ap_note_basic_auth_failure (r); +- return AUTH_REQUIRED; ++ return HTTP_UNAUTHORIZED; + } + return OK; + } +@@ -534,10 +528,10 @@ mysql_check_auth(request_rec *r) + mysql_auth_config_rec *sec = + (mysql_auth_config_rec *)ap_get_module_config(r->per_dir_config, + &mysql_auth_module); +- char *user = r->connection->user; ++ char *user = r->user; + int method = r->method_number; + +- const array_header *reqs_arr = ap_requires(r); ++ const apr_array_header_t *reqs_arr = ap_requires(r); + require_line *reqs = reqs_arr ? (require_line *)reqs_arr->elts : NULL; + + register int x; +@@ -560,11 +554,11 @@ mysql_check_auth(request_rec *r) + if(!strcmp(want,"group")) { + /* check for list of groups from database only first time thru */ + if (!groups && !(groups = get_mysql_groups(r, user, sec))) { +- ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "mysql user %s not in group table %s: %s", + user, sec->mysqlgrptable, r->uri); + ap_note_basic_auth_failure(r); +- return AUTH_REQUIRED; ++ return HTTP_UNAUTHORIZED; + } + + /* loop through list of groups specified in htaccess file */ +@@ -578,35 +572,39 @@ mysql_check_auth(request_rec *r) + ++i; + } + } +- ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "mysql user %s not in right group: %s",user,r->uri); + ap_note_basic_auth_failure(r); +- return AUTH_REQUIRED; ++ return HTTP_UNAUTHORIZED; + } + } + + return DECLINED; + } + ++static void ++child_init(apr_pool_t *p, server_rec *s) ++{ ++ apr_pool_cleanup_register(p, s, ++ mod_auth_mysql_cleanup, ++ mod_auth_mysql_cleanup_child); ++} ++ ++static void ++register_hooks(apr_pool_t *p) ++{ ++ ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE); ++ ap_hook_check_user_id(mysql_authenticate_basic_user, ++ NULL, NULL, APR_HOOK_MIDDLE); ++ ap_hook_auth_checker(mysql_check_auth, NULL, NULL, APR_HOOK_MIDDLE); ++} + +-module mysql_auth_module = { +- STANDARD_MODULE_STUFF, +- NULL, /* initializer */ ++module AP_MODULE_DECLARE_DATA mysql_auth_module = { ++ STANDARD20_MODULE_STUFF, + create_mysql_auth_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + mysql_auth_cmds, /* command table */ +- NULL, /* handlers */ +- NULL, /* filename translation */ +- mysql_authenticate_basic_user, /* check_user_id */ +- mysql_check_auth, /* check auth */ +- NULL, /* check access */ +- NULL, /* type_checker */ +- NULL, /* fixups */ +- NULL, /* logger */ +- NULL, /* header parser */ +- NULL, /* child_init */ +- child_exit, /* child_exit */ +- NULL /* post read-request */ ++ register_hooks /* register hooks */ + }; |