$NetBSD: patch-ad,v 1.5 2011/04/01 15:11:58 wiz Exp $ Some crypt.h changes that were here before, undocumented. All Debian patches up to 4.3.9-13, including a fix for CVE-2008-2384. --- mod_auth_mysql.c.orig 2004-12-23 13:43:14.000000000 +0000 +++ mod_auth_mysql.c @@ -48,19 +48,27 @@ #include #ifdef APACHE2 #include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ +#include #include #include +#include #else #include #include #endif +#ifndef APR_XtOffsetOf +#define APR_XtOffsetOf(x,y) APR_OFFSETOF(x,y) +#endif + #include #include #include #ifdef HAVE_CRYPT_H #include +#else +#include #endif #ifndef TRUE @@ -98,10 +106,14 @@ unsigned long auth_db_client_flag = 0; #define CRYPT_MD5_ENCRYPTION_FLAG 1<<3 #endif #define PHP_MD5_ENCRYPTION_FLAG 1<<4 -#ifdef HAVE_CRYPT_H +#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT) #define CRYPT_ENCRYPTION_FLAG 1<<5 #endif #define SHA1SUM_ENCRYPTION_FLAG 1<<6 +#define APACHE_ENCRYPTION_FLAG 1<<7 + +/* from include/sha1.h from the mysql-server source distribution */ +#define SHA1_HASH_SIZE 20 /* Hash size in bytes */ static int check_no_encryption(const char *passwd, char *enc_passwd) { @@ -131,7 +143,7 @@ static int check_crypt_MD5_encryption(co } #endif -#ifdef HAVE_CRYPT_H +#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT) static int check_crypt_encryption(const char *passwd, char *enc_passwd) { return (!strcmp(crypt(passwd, enc_passwd), enc_passwd)); @@ -229,12 +241,21 @@ static int check_SHA1Sum_encryption(cons static int check_mysql_encryption(const char *passwd, char *enc_passwd) { - char scrambled_passwd[32]; + char scrambled_passwd[2*SHA1_HASH_SIZE + 2]; make_scrambled_password(scrambled_passwd, passwd); return (!strcmp(scrambled_passwd, enc_passwd)); } +static int check_apache_encryption(const char *passwd, char *enc_passwd) +{ +#ifdef APACHE2 + return (!apr_password_validate(passwd, enc_passwd)); +#else + return (!ap_validate_password(passwd, enc_passwd)); +#endif +} + typedef struct { char *name; int (*check_function)(const char *passwd, char *enc_passwd); @@ -250,9 +271,12 @@ encryption_type_entry supported_encrypti #if CRYPT_MD5 { "Crypt_MD5", check_crypt_MD5_encryption, CRYPT_MD5_ENCRYPTION_FLAG }, #endif +#if defined(HAVE_CRYPT_H) || defined(HAVE_LIBCRYPT) { "Crypt", check_crypt_encryption, CRYPT_ENCRYPTION_FLAG }, +#endif { "PHP_MD5", check_PHP_MD5_encryption, PHP_MD5_ENCRYPTION_FLAG }, { "SHA1Sum", check_SHA1Sum_encryption, SHA1SUM_ENCRYPTION_FLAG}, + { "Apache", check_apache_encryption, APACHE_ENCRYPTION_FLAG }, /* add additional encryption types below */ { NULL, NULL, 0 } }; @@ -284,6 +308,7 @@ typedef struct { char *db_user; char *db_pwd; char *db_name; + char *db_charset; MYSQL *dbh; @@ -324,11 +349,14 @@ typedef struct { module auth_mysql_module; +static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec); + #ifdef APACHE2 static apr_status_t #else static void #endif + auth_mysql_cleanup(void *ptr) { mysql_auth_config_rec *sec = ptr; @@ -380,7 +408,7 @@ void *create_mysql_auth_dir_config(pool sizeof(mysql_auth_config_rec)); #endif - sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = NULL; + sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = sec->db_charset = NULL; sec->dbh = NULL; /* When the memory for this connection record is cleaned, we must @@ -489,9 +517,9 @@ static const char *set_scrambled_passwor * server when passed in as part of a query. */ #ifdef APACHE2 -static char *mysql_escape(char *str, apr_pool_t *p) +static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p) #else -static char *mysql_escape(char *str, pool *p) +static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p) #endif { char *dest; @@ -505,7 +533,7 @@ static char *mysql_escape(char *str, poo return str; } - mysql_escape_string(dest, str, strlen(str)); + mysql_real_escape_string(sec->dbh, dest, str, strlen(str)); return dest; } @@ -644,6 +672,24 @@ static const char *enable_mysql(cmd_parm return NULL; } +static const char *set_empty_passwords(cmd_parms *cmd, void *sconf, int arg) +{ + mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf; + + sec->allow_empty_passwords = arg; + APACHELOG(APLOG_DEBUG, cmd, "set_empty_passwords: Setting allow_empty_passwords in %s to %i", sec->dir, sec->allow_empty_passwords); + return NULL; +} + +static const char *set_authoritative(cmd_parms *cmd, void *sconf, int arg) +{ + mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf; + + sec->authoritative = arg; + APACHELOG(APLOG_DEBUG, cmd, "set_authoritative: Setting authoritative in %s to %i", sec->dir, sec->authoritative); + return NULL; +} + /* The command list. What it's called, when it's legal to use it, and * what to do when we find it. Pretty cool, IMHO. */ @@ -655,14 +701,30 @@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, "host, user and password of the MySQL database" ), + AP_INIT_TAKE3( "AuthMySQL_Info", set_auth_mysql_info, + NULL, + RSRC_CONF, "host, user and password of the MySQL database" ), + + AP_INIT_TAKE1( "Auth_MySQL_DefaultHost", set_auth_mysql_host, + NULL, + RSRC_CONF, "Default MySQL host" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultHost", set_auth_mysql_host, NULL, RSRC_CONF, "Default MySQL host" ), + AP_INIT_TAKE1( "Auth_MySQL_DefaultUser", set_auth_mysql_user, + NULL, + RSRC_CONF, "Default MySQL user" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultUser", set_auth_mysql_user, NULL, RSRC_CONF, "Default MySQL user" ), + AP_INIT_TAKE1( "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd, + NULL, + RSRC_CONF, "Default MySQL password" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultPassword", set_auth_mysql_pwd, NULL, RSRC_CONF, "Default MySQL password" ), @@ -671,138 +733,182 @@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, "Default MySQL server port" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultPort", set_auth_mysql_port, + NULL, + RSRC_CONF, "Default MySQL server port" ), + AP_INIT_TAKE1( "Auth_MySQL_DefaultSocket", set_auth_mysql_socket, NULL, RSRC_CONF, "Default MySQL server socket" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultSocket", set_auth_mysql_socket, + NULL, + RSRC_CONF, "Default MySQL server socket" ), + AP_INIT_TAKE1( "Auth_MySQL_General_DB", set_auth_mysql_db, NULL, RSRC_CONF, "default database for MySQL authentication" ), + AP_INIT_TAKE1( "AuthMySQL_General_DB", set_auth_mysql_db, + NULL, + RSRC_CONF, "default database for MySQL authentication" ), + + AP_INIT_TAKE1( "Auth_MySQL_DefaultDB", set_auth_mysql_db, + NULL, + RSRC_CONF, "default database for MySQL authentication" ), + AP_INIT_TAKE1( "AuthMySQL_DefaultDB", set_auth_mysql_db, NULL, RSRC_CONF, "default database for MySQL authentication" ), - AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host), + AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), OR_AUTHCFG, "database host" ), - AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host), + AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), OR_AUTHCFG, "database host" ), AP_INIT_TAKE1( "Auth_MySQL_Socket", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket), OR_AUTHCFG, "database host socket" ), AP_INIT_TAKE1( "AuthMySQL_Socket", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket), OR_AUTHCFG, "database host socket" ), - AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port), + AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_int_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), OR_AUTHCFG, "database host port" ), - AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port), + AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_int_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), OR_AUTHCFG, "database host port" ), AP_INIT_TAKE1( "Auth_MySQL_Username", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + + AP_INIT_TAKE1( "AuthMySQL_Username", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + + AP_INIT_TAKE1( "Auth_MySQL_User", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), OR_AUTHCFG, "database user" ), AP_INIT_TAKE1( "AuthMySQL_User", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), OR_AUTHCFG, "database user" ), AP_INIT_TAKE1( "Auth_MySQL_Password", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), OR_AUTHCFG, "database password" ), AP_INIT_TAKE1( "AuthMySQL_Password", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), OR_AUTHCFG, "database password" ), AP_INIT_TAKE1( "Auth_MySQL_DB", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name), OR_AUTHCFG, "database name" ), AP_INIT_TAKE1( "AuthMySQL_DB", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name), + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name), OR_AUTHCFG, "database name" ), + AP_INIT_TAKE1( "Auth_MySQL_CharacterSet", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, "character set" ), + + AP_INIT_TAKE1( "AuthMySQL_CharacterSet", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, "character set" ), + AP_INIT_TAKE1( "Auth_MySQL_Password_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table), OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ), AP_INIT_TAKE1( "AuthMySQL_Password_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table), OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ), AP_INIT_TAKE1( "Auth_MySQL_Group_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), + OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), + + AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), AP_INIT_TAKE1( "Auth_MySQL_Group_Clause", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_where_clause), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause), OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ), - AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table), - OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), + AP_INIT_TAKE1( "AuthMySQL_Group_Clause", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ), AP_INIT_TAKE1( "Auth_MySQL_Password_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field), OR_AUTHCFG, "The name of the field in the MySQL password table" ), AP_INIT_TAKE1( "AuthMySQL_Password_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field), OR_AUTHCFG, "The name of the field in the MySQL password table" ), AP_INIT_TAKE1( "Auth_MySQL_Password_Clause", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + + AP_INIT_TAKE1( "AuthMySQL_Password_Clause", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), AP_INIT_TAKE1( "Auth_MySQL_Username_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ), AP_INIT_TAKE1( "AuthMySQL_Username_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ), AP_INIT_TAKE1( "Auth_MySQL_Group_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field), OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ), AP_INIT_TAKE1( "AuthMySQL_Group_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field), OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ), AP_INIT_TAKE1( "Auth_MySQL_Group_User_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ), AP_INIT_TAKE1( "AuthMySQL_Group_User_Field", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field), + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field), OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ), - AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), - AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), - AP_INIT_FLAG( "Auth_MySQL_Authoritative", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative), + AP_INIT_FLAG( "Auth_MySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), - AP_INIT_FLAG( "AuthMySQL_Authoritative", ap_set_flag_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative), + AP_INIT_FLAG( "AuthMySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), + AP_INIT_FLAG( "Auth_MySQL_AllowOverride", set_auth_mysql_override, + NULL, + RSRC_CONF, "Allow directory overrides of configuration" ), + AP_INIT_FLAG( "AuthMySQL_AllowOverride", set_auth_mysql_override, NULL, RSRC_CONF, "Allow directory overrides of configuration" ), @@ -835,6 +941,14 @@ command_rec mysql_auth_cmds[] = { NULL, OR_AUTHCFG, "Use non-persistent MySQL links" ), + AP_INIT_FLAG( "AuthMySQL_Non_Persistent", set_non_persistent, + NULL, + OR_AUTHCFG, "Use non-persistent MySQL links" ), + + AP_INIT_FLAG( "Auth_MySQL_Persistent", set_persistent, + NULL, + OR_AUTHCFG, "Use non-persistent MySQL links" ), + AP_INIT_FLAG( "AuthMySQL_Persistent", set_persistent, NULL, OR_AUTHCFG, "Use non-persistent MySQL links" ), @@ -848,7 +962,11 @@ command_rec mysql_auth_cmds[] = { OR_AUTHCFG, "Enable MySQL authentication" ), AP_INIT_TAKE1( "Auth_MySQL_Where", ap_set_string_slot, - (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause), + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + + AP_INIT_TAKE1( "AuthMySQL_Where", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), { NULL } @@ -859,14 +977,30 @@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, TAKE3, "host, user and password of the MySQL database" }, + { "AuthMySQL_Info", set_auth_mysql_info, + NULL, + RSRC_CONF, TAKE3, "host, user and password of the MySQL database" }, + + { "Auth_MySQL_DefaultHost", set_auth_mysql_host, + NULL, + RSRC_CONF, TAKE1, "Default MySQL host" }, + { "AuthMySQL_DefaultHost", set_auth_mysql_host, NULL, RSRC_CONF, TAKE1, "Default MySQL host" }, + { "Auth_MySQL_DefaultUser", set_auth_mysql_user, + NULL, + RSRC_CONF, TAKE1, "Default MySQL user" }, + { "AuthMySQL_DefaultUser", set_auth_mysql_user, NULL, RSRC_CONF, TAKE1, "Default MySQL user" }, + { "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd, + NULL, + RSRC_CONF, TAKE1, "Default MySQL password" }, + { "AuthMySQL_DefaultPassword", set_auth_mysql_pwd, NULL, RSRC_CONF, TAKE1, "Default MySQL password" }, @@ -875,23 +1009,39 @@ command_rec mysql_auth_cmds[] = { NULL, RSRC_CONF, TAKE1, "Default MySQL server port" }, + { "AuthMySQL_DefaultPort", set_auth_mysql_port, + NULL, + RSRC_CONF, TAKE1, "Default MySQL server port" }, + { "Auth_MySQL_DefaultSocket", set_auth_mysql_socket, NULL, RSRC_CONF, TAKE1, "Default MySQL server socket" }, + { "AuthMySQL_DefaultSocket", set_auth_mysql_socket, + NULL, + RSRC_CONF, TAKE1, "Default MySQL server socket" }, + { "Auth_MySQL_General_DB", set_auth_mysql_db, NULL, RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + { "AuthMySQL_General_DB", set_auth_mysql_db, + NULL, + RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + + { "Auth_MySQL_DefaultDB", set_auth_mysql_db, + NULL, + RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + { "AuthMySQL_DefaultDB", set_auth_mysql_db, NULL, RSRC_CONF, TAKE1, "default database for MySQL authentication" }, - { "AuthMySQL_Host", ap_set_string_slot, + { "Auth_MySQL_Host", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_host), OR_AUTHCFG, TAKE1, "database host" }, - { "Auth_MySQL_Host", ap_set_string_slot, + { "AuthMySQL_Host", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_host), OR_AUTHCFG, TAKE1, "database host" }, @@ -899,7 +1049,15 @@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, db_socket), OR_AUTHCFG, TAKE1, "database host socket" }, - { "Auth_MySQL_Port", ap_set_string_slot, + { "AuthMySQL_Socket", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_socket), + OR_AUTHCFG, TAKE1, "database host socket" }, + + { "Auth_MySQL_Port", ap_set_int_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_port), + OR_AUTHCFG, TAKE1, "database host socket" }, + + { "AuthMySQL_Port", ap_set_int_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_port), OR_AUTHCFG, TAKE1, "database host socket" }, @@ -907,6 +1065,14 @@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, db_user), OR_AUTHCFG, TAKE1, "database user" }, + { "AuthMySQL_Username", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_user), + OR_AUTHCFG, TAKE1, "database user" }, + + { "Auth_MySQL_User", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_user), + OR_AUTHCFG, TAKE1, "database user" }, + { "AuthMySQL_User", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, db_user), OR_AUTHCFG, TAKE1, "database user" }, @@ -927,6 +1093,14 @@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, db_name), OR_AUTHCFG, TAKE1, "database name" }, + { "Auth_MySQL_CharacterSet", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, TAKE1, "character set" }, + + { "AuthMySQL_CharacterSet", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_charset), + OR_AUTHCFG, TAKE1, "character set" }, + { "Auth_MySQL_Password_Table", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, user_table), OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the password/user-name combination" }, @@ -939,14 +1113,18 @@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, group_table), OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, + { "AuthMySQL_Group_Table", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, group_table), + OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, + { "Auth_MySQL_Group_Clause", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause), OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" }, - { "AuthMySQL_Group_Table", ap_set_string_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, group_table), - OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, - + { "AuthMySQL_Group_Clause", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" }, + { "Auth_MySQL_Password_Field", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, password_field), OR_AUTHCFG, TAKE1, "The name of the field in the MySQL password table" }, @@ -959,6 +1137,10 @@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { "AuthMySQL_Password_Clause", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { "Auth_MySQL_Username_Field", ap_set_string_slot, (void *) XtOffsetOf(mysql_auth_config_rec, user_field), OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL password (and possibly group) table(s)." }, @@ -983,22 +1165,26 @@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, group_user_field), OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." }, - { "Auth_MySQL_Empty_Passwords", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + { "Auth_MySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." }, - { "AuthMySQL_Empty_Passwords", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), + { "AuthMySQL_Empty_Passwords", set_empty_passwords, + NULL, OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." }, - { "Auth_MySQL_Authoritative", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, authoritative), + { "Auth_MySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, - { "AuthMySQL_Authoritative", ap_set_flag_slot, - (void *) XtOffsetOf(mysql_auth_config_rec, authoritative), + { "AuthMySQL_Authoritative", set_authoritative, + NULL, OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, + { "Auth_MySQL_AllowOverride", set_auth_mysql_override, + NULL, + RSRC_CONF, FLAG, "Allow directory overrides of configuration" }, + { "AuthMySQL_AllowOverride", set_auth_mysql_override, NULL, RSRC_CONF, FLAG, "Allow directory overrides of configuration" }, @@ -1031,6 +1217,14 @@ command_rec mysql_auth_cmds[] = { NULL, OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, + { "AuthMySQL_Non_Persistent", set_non_persistent, + NULL, + OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, + + { "Auth_MySQL_Persistent", set_persistent, + NULL, + OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, + { "AuthMySQL_Persistent", set_persistent, NULL, OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, @@ -1047,6 +1241,10 @@ command_rec mysql_auth_cmds[] = { (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { "AuthMySQL_Where", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + { NULL } }; @@ -1092,6 +1290,10 @@ static int open_auth_dblink(request_rec char *dbname = auth_db_name, *user = auth_db_user, *pwd = auth_db_pwd; void (*sigpipe_handler)(); unsigned long client_flag = 0; +#if MYSQL_VERSION_ID >= 50013 + my_bool do_reconnect = 1; +#endif + char *query; APACHELOG(APLOG_DEBUG, r, "Opening DB connection for %s", sec->dir); @@ -1160,6 +1362,13 @@ static int open_auth_dblink(request_rec return errno; } +#if MYSQL_VERSION_ID >= 50013 + /* The default is no longer to automatically reconnect on failure, + * (as of 5.0.3) so we have to set that option here. The option is + * available from 5.0.13. */ + mysql_options(sec->dbh, MYSQL_OPT_RECONNECT, &do_reconnect); +#endif + signal(SIGPIPE, sigpipe_handler); APACHELOG(APLOG_DEBUG, r, "Persistent in %s is %i", sec->dir, sec->persistent); @@ -1175,6 +1384,23 @@ static int open_auth_dblink(request_rec #endif } + if (sec->db_charset) { + const char *check; + + APACHELOG(APLOG_DEBUG, r, + "Setting character set to %s", sec->db_charset); + + mysql_set_character_set(sec->dbh, sec->db_charset); + + check = mysql_character_set_name(sec->dbh); + + if (!check || strcmp(sec->db_charset, check)) { + APACHELOG(APLOG_ERR, r, + "Failed to set character set to %s", sec->db_charset); + return -1; + } + } + /* W00t! We made it! */ return 0; } @@ -1287,10 +1513,16 @@ static int check_password(const char *pl encryption_type_entry *ete; /* empty password support */ - if (sec->allow_empty_passwords && !strlen(hashed)) { - APACHELOG(APLOG_INFO, r, "User successful on empty password"); - return 1; - } + if (!strlen(hashed)) { + if (sec->allow_empty_passwords) { + APACHELOG(APLOG_INFO, r, "User successful on empty password"); + return 1; + } else { + APACHELOG(APLOG_INFO, r, "Rejecting login because of empty password field in DB"); + return 0; + } + } + for (ete=supported_encryption_types; ete->name; ete++) { if (sec->encryption_types & ete->flag) { @@ -1315,11 +1547,27 @@ static int mysql_check_user_password(req char *auth_table = "mysql_auth", *auth_user_field = "username", *auth_password_field = "passwd", *auth_password_clause = ""; char *query; - char *esc_user = mysql_escape(user, r->pool); + char *esc_user = NULL; MYSQL_RES *result; MYSQL_ROW sql_row; + int error = CR_UNKNOWN_ERROR; int rv; + if (!sec->dbh) { + APACHELOG(APLOG_DEBUG, r, + "No DB connection open - firing one up"); + if ((error = open_auth_dblink(r, sec))) { + APACHELOG(APLOG_DEBUG, r, + "open_auth_dblink returned %i", error); + return error; + } + + APACHELOG(APLOG_DEBUG, r, + "Correctly opened a new DB connection"); + } + + esc_user = mysql_escape(sec, r, user, r->pool); + if (sec->user_table) { auth_table = sec->user_table; } @@ -1405,8 +1653,8 @@ static int mysql_check_group(request_rec { char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause=""; char *query; - char *esc_user = mysql_escape(user, r->pool); - char *esc_group = mysql_escape(group, r->pool); + char *esc_user = mysql_escape(sec, r, user, r->pool); + char *esc_group = mysql_escape(sec, r, group, r->pool); MYSQL_RES *result; MYSQL_ROW row; char *auth_user_field = "username";