Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 391848 Details for
Bug 532798
www-apache/mod_auth_pgsql: apply debian patch for apache-2.4 support
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
apache-2.4.patch
apache-2.4.patch (text/plain), 10.14 KB, created by
Pacho Ramos
on 2014-12-17 11:12:22 UTC
(
hide
)
Description:
apache-2.4.patch
Filename:
MIME Type:
Creator:
Pacho Ramos
Created:
2014-12-17 11:12:22 UTC
Size:
10.14 KB
patch
obsolete
>From: Marco Nenciarini <mnencia@debian.org> >Date: Sat, 20 Jul 2013 18:47:04 +0200 >Subject: apache 2.4 > >--- > mod_auth_pgsql.c | 196 ++++++++++++------------------------------------------- > 1 file changed, 41 insertions(+), 155 deletions(-) > >diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c >index 639537d..26d7f90 100644 >--- a/mod_auth_pgsql.c >+++ b/mod_auth_pgsql.c >@@ -109,6 +109,8 @@ > #include "http_request.h" > #include "util_script.h" > >+#include "mod_auth.h" >+ > #ifdef WIN32 > #define crypt apr_password_validate > #else >@@ -191,7 +193,7 @@ module AP_MODULE_DECLARE_DATA auth_pgsql_module; > > > static int pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, >- char *user, char *sent_pw); >+ const char *user, const char *sent_pw); > static char *do_pg_query(request_rec * r, char *query, > pg_auth_config_rec * sec); > >@@ -442,9 +444,8 @@ static char pg_errstr[MAX_STRING_LEN]; > * failures separately > */ > >-static char *auth_pg_md5(char *pw) >+static char *auth_pg_md5(const char *pw) > { >- apr_md5_ctx_t ctx; > unsigned char digest[APR_MD5_DIGESTSIZE]; > static unsigned char md5hash[APR_MD5_DIGESTSIZE * 2 + 1]; > int i; >@@ -459,14 +460,15 @@ static char *auth_pg_md5(char *pw) > } > > >-static char *auth_pg_base64(char *pw) >+static char *auth_pg_base64(const char *pw) > { > if (auth_pgsql_pool_base64 == NULL) > apr_pool_create_ex(&auth_pgsql_pool_base64, NULL, NULL, NULL); > if (auth_pgsql_pool == NULL) > return NULL; > >- return ap_pbase64encode(auth_pgsql_pool, pw); >+ /* NOTE: ap_pbase64encode is no change arg2. so removable const. */ >+ return ap_pbase64encode(auth_pgsql_pool, (char *)pw); > } > > >@@ -557,7 +559,8 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) > > if (!check || strcmp(sec->auth_pg_charset, check)) { > apr_snprintf(pg_errstr, MAX_STRING_LEN, >- "mod_auth_pgsql database character set encoding %s"); >+ "mod_auth_pgsql database character set encoding %s", >+ check); > PQfinish(pg_conn); > return NULL; > } >@@ -614,7 +617,7 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) > return result; > } > >-char *get_pg_pw(request_rec * r, char *user, pg_auth_config_rec * sec) >+char *get_pg_pw(request_rec * r, const char *user, pg_auth_config_rec * sec) > { > char query[MAX_STRING_LEN]; > char *safe_user; >@@ -755,19 +758,20 @@ static char *get_pg_grp(request_rec * r, char *group, char *user, > } > > /* Process authentication request from Apache*/ >-static int pg_authenticate_basic_user(request_rec * r) >+static authn_status check_password(request_rec *r, const char *user, >+ const char *password) > { >+ > pg_auth_config_rec *sec = > (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config, > &auth_pgsql_module); >- char *val = NULL; >- char *sent_pw, *real_pw; >- int res; >- char *user; >+ const char *val = NULL; >+ const char *sent_pw; >+ const char *real_pw; >+ authn_status auth_res; >+ >+ sent_pw = password; > >- if ((res = ap_get_basic_auth_pw(r, (const char **) &sent_pw))) >- return res; >- user = r->user; > > #ifdef DEBUG_AUTH_PGSQL > ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, >@@ -784,7 +788,7 @@ static int pg_authenticate_basic_user(request_rec * r) > if ((!sec->auth_pg_pwd_table) && (!sec->auth_pg_pwd_field)) { > ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, > "[mod_auth_pgsql.c] - missing configuration parameters"); >- return DECLINED; >+ return AUTH_GENERAL_ERROR; > } > pg_errstr[0] = '\0'; > >@@ -809,22 +813,16 @@ static int pg_authenticate_basic_user(request_rec * r) > > if (!real_pw) { > if (pg_errstr[0]) { >- res = HTTP_INTERNAL_SERVER_ERROR; >+ auth_res = AUTH_GENERAL_ERROR; > } else { >- if (sec->auth_pg_authoritative) { > /* force error and access denied */ > apr_snprintf(pg_errstr, MAX_STRING_LEN, > "mod_auth_pgsql: Password for user %s not found (PG-Authoritative)", > user); >- ap_note_basic_auth_failure(r); >- res = HTTP_UNAUTHORIZED; >- } else { >- /* allow fall through to another module */ >- return DECLINED; >- } >+ auth_res = AUTH_USER_NOT_FOUND; > } > ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); >- return res; >+ return auth_res; > } > > /* allow no password, if the flag is set and the password >@@ -836,7 +834,7 @@ static int pg_authenticate_basic_user(request_rec * r) > user); > ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); > pg_log_auth_user(r, sec, user, sent_pw); >- return OK; >+ return AUTH_GRANTED; > }; > > /* if the flag is off however, keep that kind of stuff at >@@ -847,8 +845,7 @@ static int pg_authenticate_basic_user(request_rec * r) > "[mod_auth_pgsql.c] - Empty password rejected for user \"%s\"", > user); > ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); >- ap_note_basic_auth_failure(r); >- return HTTP_UNAUTHORIZED; >+ return AUTH_DENIED; > }; > > if (sec->auth_pg_encrypted) >@@ -877,8 +874,7 @@ static int pg_authenticate_basic_user(request_rec * r) > apr_snprintf(pg_errstr, MAX_STRING_LEN, > "PG user %s: password mismatch", user); > ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); >- ap_note_basic_auth_failure(r); >- return HTTP_UNAUTHORIZED; >+ return AUTH_DENIED; > } > > /* store password in the cache */ >@@ -891,130 +887,13 @@ static int pg_authenticate_basic_user(request_rec * r) > } > > pg_log_auth_user(r, sec, user, sent_pw); >- return OK; >-} >- >-/* Checking ID */ >- >-static int pg_check_auth(request_rec * r) >-{ >- pg_auth_config_rec *sec = >- (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config, >- &auth_pgsql_module); >- char *user = r->user; >- int m = r->method_number; >- int group_result = DECLINED; >- >- >- >- apr_array_header_t *reqs_arr = (apr_array_header_t *) ap_requires(r); >- require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; >- >- register int x, res; >- const char *t; >- char *w; >- >- pg_errstr[0] = '\0'; >- >-#ifdef DEBUG_AUTH_PGSQL >- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, >- "[mod_auth_pgsql.c] - pg_check_auth - going to check auth for user \"%s\" ", >- user); >-#endif /* DEBUG_AUTH_PGSQL */ >- >- >- if (!pg_conn) { >- if (!(pg_conn = pg_connect(sec))) { >- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); >- ap_note_basic_auth_failure(r); >- return HTTP_UNAUTHORIZED; >- } >- } >- >- /* if we cannot do it; leave it to some other guy >- */ >- if ((!sec->auth_pg_grp_table) && (!sec->auth_pg_grp_group_field) >- && (!sec->auth_pg_grp_user_field)) >- return DECLINED; >- >- if (!reqs_arr) { >- if (sec->auth_pg_authoritative) { >- /* force error and access denied */ >- apr_snprintf(pg_errstr, MAX_STRING_LEN, >- "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", >- user); >- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); >- ap_note_basic_auth_failure(r); >- res = HTTP_UNAUTHORIZED; >- } else { >- return DECLINED; >- } >- } >- >- for (x = 0; x < reqs_arr->nelts; x++) { >- >- if (!(reqs[x].method_mask & (1 << m))) >- continue; >- >- t = reqs[x].requirement; >- w = ap_getword(r->pool, &t, ' '); >- >- if (!strcmp(w, "valid-user")) >- return OK; >- >- if (!strcmp(w, "user")) { >- while (t[0]) { >- w = ap_getword_conf(r->pool, &t); >- if (!strcmp(user, w)) >- return OK; >- } >- if (sec->auth_pg_authoritative) { >- /* force error and access denied */ >- apr_snprintf(pg_errstr, MAX_STRING_LEN, >- "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", >- user); >- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); >- ap_note_basic_auth_failure(r); >- return HTTP_UNAUTHORIZED; >- } >- >- } else if (!strcmp(w, "group")) { >- /* look up the membership for each of the groups in the table */ >- pg_errstr[0] = '\0'; >- >- while (t[0]) { >- if (get_pg_grp(r, ap_getword(r->pool, &t, ' '), user, sec)) { >- group_result = OK; >- }; >- }; >- >- if (pg_errstr[0]) { >- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); >- return HTTP_INTERNAL_SERVER_ERROR; >- } >- >- if (group_result == OK) >- return OK; >- >- if (sec->auth_pg_authoritative) { >- apr_snprintf(pg_errstr, MAX_STRING_LEN, >- "[mod_auth_pgsql.c] - user %s not in right groups (PG-Authoritative)", >- user); >- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); >- ap_note_basic_auth_failure(r); >- return HTTP_UNAUTHORIZED; >- }; >- } >- } >- >- return DECLINED; >+ return AUTH_GRANTED; > } > >- > /* Send the authentication to the log table */ > int >-pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, >- char *sent_pw) >+pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, const char *user, >+ const char *sent_pw) > { > char sql[MAX_STRING_LEN]; > char *s; >@@ -1087,7 +966,7 @@ pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, > sec->auth_pg_log_addrs_field); > strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1); > apr_snprintf(sql, MAX_STRING_LEN, ", '%s'", >- r->connection->remote_ip); >+ r->connection->client_ip); > strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1); > } > if (sec->auth_pg_log_pwd_field) { /* Password field , clear WARNING */ >@@ -1140,15 +1019,22 @@ static void *pg_auth_server_config(apr_pool_t * p, server_rec * s) > } > > >+static const authn_provider authn_pgsql_provider = >+{ >+ &check_password, >+ NULL, >+}; >+ > static void register_hooks(apr_pool_t * p) > { > ap_hook_post_config(pg_auth_init_handler, NULL, NULL, APR_HOOK_MIDDLE); >- ap_hook_auth_checker(pg_check_auth, NULL, NULL, APR_HOOK_MIDDLE); >- ap_hook_check_user_id(pg_authenticate_basic_user, NULL, NULL, >- APR_HOOK_MIDDLE); >+ >+ ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "pgsql", >+ AUTHN_PROVIDER_VERSION, >+ &authn_pgsql_provider, AP_AUTH_INTERNAL_PER_CONF); > }; > >-module AP_MODULE_DECLARE_DATA auth_pgsql_module = { >+AP_DECLARE_MODULE(auth_pgsql) = { > STANDARD20_MODULE_STUFF, > create_pg_auth_dir_config, /* dir config creater */ > NULL, /* dir merger --- default is to override */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=391848">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 532798
: 391848
