Lines 340-345
typedef struct {
Link Here
|
340 |
|
340 |
|
341 |
module auth_mysql_module; |
341 |
module auth_mysql_module; |
342 |
|
342 |
|
|
|
343 |
static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec); |
344 |
|
343 |
#ifdef APACHE2 |
345 |
#ifdef APACHE2 |
344 |
static apr_status_t |
346 |
static apr_status_t |
345 |
#else |
347 |
#else |
Lines 506-514
static const char *set_scrambled_passwor
Link Here
|
506 |
* server when passed in as part of a query. |
508 |
* server when passed in as part of a query. |
507 |
*/ |
509 |
*/ |
508 |
#ifdef APACHE2 |
510 |
#ifdef APACHE2 |
509 |
static char *mysql_escape(char *str, apr_pool_t *p) |
511 |
static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p) |
510 |
#else |
512 |
#else |
511 |
static char *mysql_escape(char *str, pool *p) |
513 |
static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p) |
512 |
#endif |
514 |
#endif |
513 |
{ |
515 |
{ |
514 |
char *dest; |
516 |
char *dest; |
Lines 522-528
static char *mysql_escape(char *str, poo
Link Here
|
522 |
return str; |
524 |
return str; |
523 |
} |
525 |
} |
524 |
|
526 |
|
525 |
mysql_escape_string(dest, str, strlen(str)); |
527 |
mysql_real_escape_string(sec->dbh, dest, str, strlen(str)); |
526 |
|
528 |
|
527 |
return dest; |
529 |
return dest; |
528 |
} |
530 |
} |
Lines 1374-1398
static int open_auth_dblink(request_rec
Link Here
|
1374 |
} |
1376 |
} |
1375 |
|
1377 |
|
1376 |
if (sec->db_charset) { |
1378 |
if (sec->db_charset) { |
|
|
1379 |
const char *check; |
1380 |
|
1377 |
APACHELOG(APLOG_DEBUG, r, |
1381 |
APACHELOG(APLOG_DEBUG, r, |
1378 |
"Setting character set to %s", sec->db_charset); |
1382 |
"Setting character set to %s", sec->db_charset); |
1379 |
|
1383 |
|
1380 |
query = (char *) PSTRCAT(r->pool, "SET CHARACTER SET ", sec->db_charset, NULL); |
1384 |
mysql_set_character_set(sec->dbh, sec->db_charset); |
1381 |
if (!query) { |
|
|
1382 |
APACHELOG(APLOG_ERR, r, |
1383 |
"Failed to create query string - we're no good..."); |
1384 |
return -1; |
1385 |
} |
1386 |
|
1385 |
|
1387 |
if (mysql_query(sec->dbh, query)) { |
1386 |
check = mysql_character_set_name(sec->dbh); |
1388 |
if (sec->dbh) |
|
|
1389 |
{ |
1390 |
APACHELOG(APLOG_ERR, r, |
1391 |
"Query call failed: %s (%i)", mysql_error(sec->dbh), |
1392 |
mysql_errno(sec->dbh)); |
1393 |
} |
1394 |
|
1387 |
|
1395 |
APACHELOG(APLOG_DEBUG, r, "Failed query was: [%s]", query); |
1388 |
if (!check || strcmp(sec->db_charset, check)) { |
|
|
1389 |
APACHELOG(APLOG_ERR, r, |
1390 |
"Failed to set character set to %s", sec->db_charset); |
1396 |
return -1; |
1391 |
return -1; |
1397 |
} |
1392 |
} |
1398 |
} |
1393 |
} |
Lines 1537-1547
static int mysql_check_user_password(req
Link Here
|
1537 |
char *auth_table = "mysql_auth", *auth_user_field = "username", |
1532 |
char *auth_table = "mysql_auth", *auth_user_field = "username", |
1538 |
*auth_password_field = "passwd", *auth_password_clause = ""; |
1533 |
*auth_password_field = "passwd", *auth_password_clause = ""; |
1539 |
char *query; |
1534 |
char *query; |
1540 |
char *esc_user = mysql_escape(user, r->pool); |
1535 |
char *esc_user = NULL; |
1541 |
MYSQL_RES *result; |
1536 |
MYSQL_RES *result; |
1542 |
MYSQL_ROW sql_row; |
1537 |
MYSQL_ROW sql_row; |
|
|
1538 |
int error = CR_UNKNOWN_ERROR; |
1543 |
int rv; |
1539 |
int rv; |
1544 |
|
1540 |
|
|
|
1541 |
if (!sec->dbh) { |
1542 |
APACHELOG(APLOG_DEBUG, r, |
1543 |
"No DB connection open - firing one up"); |
1544 |
if ((error = open_auth_dblink(r, sec))) { |
1545 |
APACHELOG(APLOG_DEBUG, r, |
1546 |
"open_auth_dblink returned %i", error); |
1547 |
return error; |
1548 |
} |
1549 |
|
1550 |
APACHELOG(APLOG_DEBUG, r, |
1551 |
"Correctly opened a new DB connection"); |
1552 |
} |
1553 |
|
1554 |
esc_user = mysql_escape(sec, r, user, r->pool); |
1555 |
|
1545 |
if (sec->user_table) { |
1556 |
if (sec->user_table) { |
1546 |
auth_table = sec->user_table; |
1557 |
auth_table = sec->user_table; |
1547 |
} |
1558 |
} |
Lines 1627-1634
static int mysql_check_group(request_rec
Link Here
|
1627 |
{ |
1638 |
{ |
1628 |
char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause=""; |
1639 |
char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause=""; |
1629 |
char *query; |
1640 |
char *query; |
1630 |
char *esc_user = mysql_escape(user, r->pool); |
1641 |
char *esc_user = mysql_escape(sec, r, user, r->pool); |
1631 |
char *esc_group = mysql_escape(group, r->pool); |
1642 |
char *esc_group = mysql_escape(sec, r, group, r->pool); |
1632 |
MYSQL_RES *result; |
1643 |
MYSQL_RES *result; |
1633 |
MYSQL_ROW row; |
1644 |
MYSQL_ROW row; |
1634 |
char *auth_user_field = "username"; |
1645 |
char *auth_user_field = "username"; |