Upstream tarball 2.2.8upstream/2.2.8

author: Stefan Fritsch <sf@sfritsch.de> 2011-12-27 19:42:17 +0100
committer: Stefan Fritsch <sf@sfritsch.de> 2011-12-27 19:42:17 +0100
commit: 9e615cb6aa4afcee97f8a1646e5a586261a7b81f (patch)
tree: 0e09fde2404555dc5daf167b38243b5f89c16549 /modules/aaa
parent: 1acac7a6b494db24f8f58e44dab7657b6de68742 (diff)
download: apache2-9e615cb6aa4afcee97f8a1646e5a586261a7b81f.tar.gz
4 files changed, 72 insertions, 10 deletions
diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h
index 34704365..1feefb3f 100644
--- a/modules/aaa/mod_auth.h
+++ b/modules/aaa/mod_auth.h
@@ -40,6 +40,8 @@ extern "C" {
 #define AUTHZ_GROUP_NOTE "authz_group_note"
 #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
 
+#define AUTHN_PREFIX "AUTHENTICATE_"
+
 typedef enum {
     AUTH_DENIED,
     AUTH_GRANTED,
diff --git a/modules/aaa/mod_authn_dbd.c b/modules/aaa/mod_authn_dbd.c
index 60dbb954..3bcde864 100644
--- a/modules/aaa/mod_authn_dbd.c
+++ b/modules/aaa/mod_authn_dbd.c
@@ -18,11 +18,13 @@
 #include "httpd.h"
 #include "http_config.h"
 #include "http_log.h"
+#include "apr_lib.h"
 #include "apr_dbd.h"
 #include "mod_dbd.h"
 #include "apr_strings.h"
 #include "mod_auth.h"
 #include "apr_md5.h"
+#include "apu_version.h"
 
 module AP_MODULE_DECLARE_DATA authn_dbd_module;
 
@@ -101,13 +103,13 @@ static authn_status authn_dbd_password(request_rec *r, const char *user,
     }
 
     if (conf->user == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified.");
         return AUTH_GENERAL_ERROR;
     }
 
     statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
     if (statement == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user);
         return AUTH_GENERAL_ERROR;
     }
     if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
@@ -126,6 +128,33 @@ static authn_status authn_dbd_password(request_rec *r, const char *user,
         }
         if (dbd_password == NULL) {
             dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+            /* add the rest of the columns to the environment */
+            int i = 1;
+            const char *name;
+            for (name = apr_dbd_get_name(dbd->driver, res, i);
+                 name != NULL;
+                 name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+                                        name,
+                                        NULL);
+                int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+                while (str[j]) {
+                    if (!apr_isalnum(str[j])) {
+                        str[j] = '_';
+                    }
+                    else {
+                        str[j] = apr_toupper(str[j]);
+                    }
+                    j++;
+                }
+                apr_table_set(r->subprocess_env, str,
+                              apr_dbd_get_entry(dbd->driver, row, i));
+                i++;
+            }
+#endif
         }
         /* we can't break out here or row won't get cleaned up */
     }
@@ -160,12 +189,12 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user,
         return AUTH_GENERAL_ERROR;
     }
     if (conf->realm == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified.");
         return AUTH_GENERAL_ERROR;
     }
     statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
     if (statement == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm);
         return AUTH_GENERAL_ERROR;
     }
     if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
@@ -184,6 +213,33 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user,
         }
         if (dbd_hash == NULL) {
             dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+            /* add the rest of the columns to the environment */
+            int i = 1;
+            const char *name;
+            for (name = apr_dbd_get_name(dbd->driver, res, i);
+                 name != NULL;
+                 name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+                                        name,
+                                        NULL);
+                int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+                while (str[j]) {
+                    if (!apr_isalnum(str[j])) {
+                        str[j] = '_';
+                    }
+                    else {
+                        str[j] = apr_toupper(str[j]);
+                    }
+                    j++;
+                }
+                apr_table_set(r->subprocess_env, str,
+                              apr_dbd_get_entry(dbd->driver, row, i));
+                i++;
+            }
+#endif
         }
         /* we can't break out here or row won't get cleaned up */
     }
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index f520b0ae..7fbff414 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -29,6 +29,7 @@
 #include "apr_xlate.h"
 #define APR_WANT_STRFUNC
 #include "apr_want.h"
+#include "apr_lib.h"
 
 #if APR_HAVE_UNISTD_H
 /* for getpid() */
@@ -400,7 +401,7 @@ start_over:
     util_ldap_connection_close(ldc);
 
     /* sanity check - if server is down, retry it up to 5 times */
-    if (result == LDAP_SERVER_DOWN) {
+    if (AP_LDAP_IS_SERVER_DOWN(result)) {
         if (failures++ <= 5) {
             goto start_over;
         }
@@ -441,12 +442,10 @@ start_over:
         apr_table_t *e = r->subprocess_env;
         int i = 0;
         while (sec->attributes[i]) {
-            char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL);
-            int j = 13;
+            char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL);
+            int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
             while (str[j]) {
-                if (str[j] >= 'a' && str[j] <= 'z') {
-                    str[j] = str[j] - ('a' - 'A');
-                }
+                str[j] = apr_toupper(str[j]);
                 j++;
             }
             apr_table_setn(e, str, vals[i]);
diff --git a/modules/aaa/mod_authz_groupfile.c b/modules/aaa/mod_authz_groupfile.c
index 0d52c8de..4c710507 100644
--- a/modules/aaa/mod_authz_groupfile.c
+++ b/modules/aaa/mod_authz_groupfile.c
@@ -173,6 +173,11 @@ static int check_user_access(request_rec *r)
         return DECLINED; /* XXX change from legacy */
     }
 
+    /* If there's no user, it's a misconfiguration */
+    if (!user) {
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+
     reqs = (require_line *)reqs_arr->elts;
 
     for (x = 0; x < reqs_arr->nelts; x++) {
author	Stefan Fritsch <sf@sfritsch.de>	2011-12-27 19:42:17 +0100
committer	Stefan Fritsch <sf@sfritsch.de>	2011-12-27 19:42:17 +0100
commit	9e615cb6aa4afcee97f8a1646e5a586261a7b81f (patch)
tree	0e09fde2404555dc5daf167b38243b5f89c16549 /modules/aaa
parent	1acac7a6b494db24f8f58e44dab7657b6de68742 (diff)
download	apache2-9e615cb6aa4afcee97f8a1646e5a586261a7b81f.tar.gz