pacho 15/05/09 07:43:14
Added: mod_auth_pgsql-2.0.3-apache-2.4.patch
mod_auth_pgsql-2.0.3-documentation.patch
mod_auth_pgsql-2.0.3-fixdoublefree.patch
mod_auth_pgsql-2.0.3-encoding.patch
Log:
Apply some Debian patches also adding apache 2.4 support (#532798)
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key
A188FBD4)
Revision Changes Path
1.1
www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch?rev=1.1&content-type=text/plain
Index: mod_auth_pgsql-2.0.3-apache-2.4.patch
===================================================================
From: Marco Nenciarini <[email protected]>
Date: Sat, 20 Jul 2013 18:47:04 +0200
Subject: apache 2.4
---
mod_auth_pgsql.c | 196 ++++++++++++-------------------------------------------
1 file changed, 41 insertions(+), 155 deletions(-)
diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c
index 639537d..26d7f90 100644
--- a/mod_auth_pgsql.c
+++ b/mod_auth_pgsql.c
@@ -109,6 +109,8 @@
#include "http_request.h"
#include "util_script.h"
+#include "mod_auth.h"
+
#ifdef WIN32
#define crypt apr_password_validate
#else
@@ -191,7 +193,7 @@ module AP_MODULE_DECLARE_DATA auth_pgsql_module;
static int pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec,
- char *user, char *sent_pw);
+ const char *user, const char *sent_pw);
static char *do_pg_query(request_rec * r, char *query,
pg_auth_config_rec * sec);
@@ -442,9 +444,8 @@ static char pg_errstr[MAX_STRING_LEN];
* failures separately
*/
-static char *auth_pg_md5(char *pw)
+static char *auth_pg_md5(const char *pw)
{
- apr_md5_ctx_t ctx;
unsigned char digest[APR_MD5_DIGESTSIZE];
static unsigned char md5hash[APR_MD5_DIGESTSIZE * 2 + 1];
int i;
@@ -459,14 +460,15 @@ static char *auth_pg_md5(char *pw)
}
-static char *auth_pg_base64(char *pw)
+static char *auth_pg_base64(const char *pw)
{
if (auth_pgsql_pool_base64 == NULL)
apr_pool_create_ex(&auth_pgsql_pool_base64, NULL, NULL, NULL);
if (auth_pgsql_pool == NULL)
return NULL;
- return ap_pbase64encode(auth_pgsql_pool, pw);
+ /* NOTE: ap_pbase64encode is no change arg2. so removable const. */
+ return ap_pbase64encode(auth_pgsql_pool, (char *)pw);
}
@@ -557,7 +559,8 @@ char *do_pg_query(request_rec * r, char *query,
pg_auth_config_rec * sec)
if (!check || strcmp(sec->auth_pg_charset, check)) {
apr_snprintf(pg_errstr, MAX_STRING_LEN,
- "mod_auth_pgsql database
character set encoding %s");
+ "mod_auth_pgsql database
character set encoding %s",
+ check);
PQfinish(pg_conn);
return NULL;
}
@@ -614,7 +617,7 @@ char *do_pg_query(request_rec * r, char *query,
pg_auth_config_rec * sec)
return result;
}
-char *get_pg_pw(request_rec * r, char *user, pg_auth_config_rec * sec)
+char *get_pg_pw(request_rec * r, const char *user, pg_auth_config_rec * sec)
{
char query[MAX_STRING_LEN];
char *safe_user;
@@ -755,19 +758,20 @@ static char *get_pg_grp(request_rec * r, char *group,
char *user,
}
/* Process authentication request from Apache*/
-static int pg_authenticate_basic_user(request_rec * r)
+static authn_status check_password(request_rec *r, const char *user,
+ const char *password)
{
+
pg_auth_config_rec *sec =
(pg_auth_config_rec *) ap_get_module_config(r->per_dir_config,
&auth_pgsql_module);
- char *val = NULL;
- char *sent_pw, *real_pw;
- int res;
- char *user;
+ const char *val = NULL;
+ const char *sent_pw;
+ const char *real_pw;
+ authn_status auth_res;
+
+ sent_pw = password;
- if ((res = ap_get_basic_auth_pw(r, (const char **) &sent_pw)))
- return res;
- user = r->user;
#ifdef DEBUG_AUTH_PGSQL
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
@@ -784,7 +788,7 @@ static int pg_authenticate_basic_user(request_rec * r)
if ((!sec->auth_pg_pwd_table) && (!sec->auth_pg_pwd_field)) {
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"[mod_auth_pgsql.c] - missing
configuration parameters");
- return DECLINED;
+ return AUTH_GENERAL_ERROR;
}
pg_errstr[0] = '\0';
@@ -809,22 +813,16 @@ static int pg_authenticate_basic_user(request_rec * r)
if (!real_pw) {
if (pg_errstr[0]) {
- res = HTTP_INTERNAL_SERVER_ERROR;
+ auth_res = AUTH_GENERAL_ERROR;
} else {
- if (sec->auth_pg_authoritative) {
/* force error and access denied */
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"mod_auth_pgsql:
Password for user %s not found (PG-Authoritative)",
user);
- ap_note_basic_auth_failure(r);
- res = HTTP_UNAUTHORIZED;
- } else {
- /* allow fall through to another module */
- return DECLINED;
- }
+ auth_res = AUTH_USER_NOT_FOUND;
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c]
- ERROR - %s", pg_errstr);
- return res;
+ return auth_res;
}
/* allow no password, if the flag is set and the password
@@ -836,7 +834,7 @@ static int pg_authenticate_basic_user(request_rec * r)
user);
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
pg_log_auth_user(r, sec, user, sent_pw);
- return OK;
+ return AUTH_GRANTED;
};
/* if the flag is off however, keep that kind of stuff at
@@ -847,8 +845,7 @@ static int pg_authenticate_basic_user(request_rec * r)
"[mod_auth_pgsql.c] - Empty password
rejected for user \"%s\"",
user);
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c]
- ERROR - %s", pg_errstr);
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
+ return AUTH_DENIED;
};
if (sec->auth_pg_encrypted)
@@ -877,8 +874,7 @@ static int pg_authenticate_basic_user(request_rec * r)
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"PG user %s: password
mismatch", user);
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
+ return AUTH_DENIED;
}
/* store password in the cache */
@@ -891,130 +887,13 @@ static int pg_authenticate_basic_user(request_rec * r)
}
pg_log_auth_user(r, sec, user, sent_pw);
- return OK;
-}
-
-/* Checking ID */
-
-static int pg_check_auth(request_rec * r)
-{
- pg_auth_config_rec *sec =
- (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-
&auth_pgsql_module);
- char *user = r->user;
- int m = r->method_number;
- int group_result = DECLINED;
-
-
-
- apr_array_header_t *reqs_arr = (apr_array_header_t *) ap_requires(r);
- require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
-
- register int x, res;
- const char *t;
- char *w;
-
- pg_errstr[0] = '\0';
-
-#ifdef DEBUG_AUTH_PGSQL
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
- "[mod_auth_pgsql.c] - pg_check_auth - going
to check auth for user \"%s\" ",
- user);
-#endif /* DEBUG_AUTH_PGSQL */
-
-
- if (!pg_conn) {
- if (!(pg_conn = pg_connect(sec))) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - cannot connect to database");
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
- }
- }
-
- /* if we cannot do it; leave it to some other guy
- */
- if ((!sec->auth_pg_grp_table) && (!sec->auth_pg_grp_group_field)
- && (!sec->auth_pg_grp_user_field))
- return DECLINED;
-
- if (!reqs_arr) {
- if (sec->auth_pg_authoritative) {
- /* force error and access denied */
- apr_snprintf(pg_errstr, MAX_STRING_LEN,
- "mod_auth_pgsql: user %s
denied, no access rules specified (PG-Authoritative)",
- user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
- ap_note_basic_auth_failure(r);
- res = HTTP_UNAUTHORIZED;
- } else {
- return DECLINED;
- }
- }
-
- for (x = 0; x < reqs_arr->nelts; x++) {
-
- if (!(reqs[x].method_mask & (1 << m)))
- continue;
-
- t = reqs[x].requirement;
- w = ap_getword(r->pool, &t, ' ');
-
- if (!strcmp(w, "valid-user"))
- return OK;
-
- if (!strcmp(w, "user")) {
- while (t[0]) {
- w = ap_getword_conf(r->pool, &t);
- if (!strcmp(user, w))
- return OK;
- }
- if (sec->auth_pg_authoritative) {
- /* force error and access denied */
- apr_snprintf(pg_errstr, MAX_STRING_LEN,
- "mod_auth_pgsql: user
%s denied, no access rules specified (PG-Authoritative)",
- user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
- }
-
- } else if (!strcmp(w, "group")) {
- /* look up the membership for each of the groups in the
table */
- pg_errstr[0] = '\0';
-
- while (t[0]) {
- if (get_pg_grp(r, ap_getword(r->pool, &t, ' '),
user, sec)) {
- group_result = OK;
- };
- };
-
- if (pg_errstr[0]) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- if (group_result == OK)
- return OK;
-
- if (sec->auth_pg_authoritative) {
- apr_snprintf(pg_errstr, MAX_STRING_LEN,
- "[mod_auth_pgsql.c] -
user %s not in right groups (PG-Authoritative)",
- user);
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - ERROR - %s", pg_errstr);
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
- };
- }
- }
-
- return DECLINED;
+ return AUTH_GRANTED;
}
-
/* Send the authentication to the log table */
int
-pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user,
- char *sent_pw)
+pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, const char *user,
+ const char *sent_pw)
{
char sql[MAX_STRING_LEN];
char *s;
@@ -1087,7 +966,7 @@ pg_log_auth_user(request_rec * r, pg_auth_config_rec *
sec, char *user,
sec->auth_pg_log_addrs_field);
strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1);
apr_snprintf(sql, MAX_STRING_LEN, ", '%s'",
- r->connection->remote_ip);
+ r->connection->client_ip);
strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1);
}
if (sec->auth_pg_log_pwd_field) { /* Password field , clear
WARNING */
@@ -1140,15 +1019,22 @@ static void *pg_auth_server_config(apr_pool_t * p,
server_rec * s)
}
+static const authn_provider authn_pgsql_provider =
+{
+ &check_password,
+ NULL,
+};
+
static void register_hooks(apr_pool_t * p)
{
ap_hook_post_config(pg_auth_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_auth_checker(pg_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_check_user_id(pg_authenticate_basic_user, NULL, NULL,
- APR_HOOK_MIDDLE);
+
+ ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "pgsql",
+
AUTHN_PROVIDER_VERSION,
+
&authn_pgsql_provider, AP_AUTH_INTERNAL_PER_CONF);
};
-module AP_MODULE_DECLARE_DATA auth_pgsql_module = {
+AP_DECLARE_MODULE(auth_pgsql) = {
STANDARD20_MODULE_STUFF,
create_pg_auth_dir_config, /* dir config creater */
NULL, /* dir merger ---
default is to override */
1.1
www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch?rev=1.1&content-type=text/plain
Index: mod_auth_pgsql-2.0.3-documentation.patch
===================================================================
From: Marco Nenciarini <[email protected]>
Date: Sat, 10 Aug 2013 16:26:41 +0200
Subject: documentation
---
mod_auth_pgsql.html | 47 ++++++++++++++++++++++++++++-------------------
1 file changed, 28 insertions(+), 19 deletions(-)
diff --git a/mod_auth_pgsql.html b/mod_auth_pgsql.html
index 3269fe0..d35768b 100644
--- a/mod_auth_pgsql.html
+++ b/mod_auth_pgsql.html
@@ -48,18 +48,19 @@ Notes</a> |<a href="#Changelog"> Changelog</a> </p>
<li><a href="#host">Auth_PG_host</a> </li>
<li><a href="#port">Auth_PG_port</a> </li>
<li><a href="#options">Auth_PG_options</a> </li>
- <li><a href="#pwd_table">Auth_PG_database</a> </li>
- <li><a href="#PGuser">Auth_PG_user</a> </li>
- <li><a href="PGpwd">Auth_PG_pwd</a> </li>
- <li><a href="#grp_table">Auth_PG_pwd_table</a> </li>
- <li><a href="#uid_field">Auth_PG_grp_table</a> </li>
+ <li><a href="#database">Auth_PG_database</a> </li>
+ <li><a href="#user">Auth_PG_user</a> </li>
+ <li><a href="#pwd">Auth_PG_pwd</a> </li>
+ <li><a href="#pwd_table">Auth_PG_pwd_table</a> </li>
+ <li><a href="#grp_table">Auth_PG_grp_table</a> </li>
<li><a href="#uid_field">Auth_PG_uid_field</a> </li>
<li><a href="#pwd_field">Auth_PG_pwd_field</a> </li>
- <li><a href="#gid_field">Auth_PG_gid_field</a> </li>
+ <li><a href="#grp_group_field">Auth_PG_grp_group_field</a> </li>
+ <li><a href="#grp_user_field">Auth_PG_grp_user_field</a> </li>
<li><a href="#nopasswd">Auth_PG_nopasswd</a> </li>
<li><a href="#authoritative">Auth_PG_authoritative</a> </li>
- <li><a href="#lowercaseuid">Auth_PG_lowercase_uid</a> </li>
- <li><a href="#uppercaseuid">Auth_PG_uppercase_uid</a></li>
+ <li><a href="#lowercase_uid">Auth_PG_lowercase_uid</a> </li>
+ <li><a href="#uppercase_uid">Auth_PG_uppercase_uid</a></li>
<li><a href="#pwd_ignore_case">Auth_PG_pwd_ignore_case</a><br>
</li>
<li><a href="#encrypted">Auth_PG_encrypted</a> </li>
@@ -112,7 +113,7 @@ available options. </p>
information.<br>
<br>
</p>
-<h2><a name="PGuser"></a> Auth_PG_user<br>
+<h2><a name="user"></a> Auth_PG_user<br>
</h2>
<b>Syntax:</b> Auth_PG_user <i>username</i><br>
<b>Context:</b> directory, .htaccess <br>
@@ -125,7 +126,7 @@ access on all the log tables (if used).<br>
Needed if the user who make the quey is differrent from the
user runnig apache, or if the posmater is on a different server and you
must autheticate with password<br>
-<h2><a name="PGpwd"></a> Auth_PG_pwd</h2>
+<h2><a name="pwd"></a> Auth_PG_pwd</h2>
<p><b>Syntax:</b> Auth_PG_pwd <i>password</i><br>
<b>Context:</b> directory, .htaccess <br>
<b>Override:</b> AuthConfig <br>
@@ -169,17 +170,25 @@ in the Auth_PG_pwd_table relation. </p>
<b>Override:</b> AuthConfig <br>
<b>Status:</b> Extension
<p>Specifies the attribute name of the field containing the encrypted
-(see Auth_PG_encrypted) password in the Auth_PGpwd_table relation.<br>
+(see Auth_PG_encrypted) password in the Auth_PG_pwd_table relation.<br>
Please remember to use field of type varchar, not char for the password.<br>
</p>
-<h2><a name="gid_field"></a> Auth_PG_gid_field</h2>
-<b>Syntax:</b> Auth_PG_gid_field <i>attribute name</i><br>
+<h2><a name="grp_group_field"></a> Auth_PG_grp_group_field</h2>
+<b>Syntax:</b> Auth_PG_grp_group_field <i>attribute name</i><br>
<b>Context:</b> directory, .htaccess <br>
<b>Override:</b> AuthConfig <br>
<b>Status:</b> Extension
<p>Specifies the attribute name of the field containing the group name
in the Auth_PG_grp_table relation. This directive is only necessary if
you want to authenticate by user groups. </p>
+<h2><a name="grp_user_field"></a> Auth_PG_grp_user_field</h2>
+<b>Syntax:</b> Auth_PG_grp_user_field <i>attribute name</i><br>
+<b>Context:</b> directory, .htaccess <br>
+<b>Override:</b> AuthConfig <br>
+<b>Status:</b> Extension
+<p>Specifies the attribute name of the field containing the user name
+in the Auth_PG_grp_table relation. This directive is only necessary if
+you want to authenticate by user groups. </p>
<h2><a name="nopasswd"></a> Auth_PG_nopasswd</h2>
<b>Syntax:</b> Auth_PG_nopasswd <i>on</i> or <i>off</i><br>
<b>Context:</b> directory, .htaccess <br>
@@ -202,7 +211,7 @@ the PostgreSQL scheme, the parent directory scheme will be
given
the chance to try and authenticate the user. Exercise caution
when turning this option off. It can be a security risk. Can be
used to use two authentication schemes for the same dir. </p>
-<h2><a name="lowercaseuid"></a> Auth_PG_lowercase_uid</h2>
+<h2><a name="lowercase_uid"></a> Auth_PG_lowercase_uid</h2>
<b>Syntax:</b> Auth_PG_lowercase_uid <i>on</i> or <i>off</i><br>
<b>Context:</b> directory, .htaccess <br>
<b>Override:</b> AuthConfig <br>
@@ -211,7 +220,7 @@ used to use two authentication schemes for the same dir.
</p>
user UIDs to lowercase before looking them up. When turned on this does
not affect the case of the original user ID should this module decline
to authenticate and a lower level is called.</p>
-<h2><a name="uppercaseuid"></a> Auth_PG_uppercase_uid</h2>
+<h2><a name="uppercase_uid"></a> Auth_PG_uppercase_uid</h2>
<b>Syntax:</b> Auth_PG_uppercase_uid <i>on</i> or <i>off</i><br>
<b>Context:</b> directory, .htaccess <br>
<b>Override:</b> AuthConfig <br>
@@ -277,14 +286,14 @@ initial space .</em></p>
<p>This option allows you to exercise greater control over the SQL code
used to retrieve the group name and corresponding user from the
database. You can use this to search for the group name
-using more attributes in the table than the gid_field. </p>
+using more attributes in the table than the grp_group_field. </p>
<p>The basic SQL statement used to retrieve a group name and user name
for checking looks like this: </p>
<ul>
-select <i><uid_field></i> from <i><grp_table></i> where <i>
-<gid_field></i> ='<i><required group></i> '
+select <i><grp_user_field></i> from <i><grp_table></i> where <i>
+<grp_group_field></i> ='<i><required group></i> '
</ul>
-The gid_whereclause will be added to the end of this statement
+The grp_whereclause will be added to the end of this statement
and must fit logically. <em>The where clause must be double
quoted.<br>
<br>
1.1
www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch?rev=1.1&content-type=text/plain
Index: mod_auth_pgsql-2.0.3-fixdoublefree.patch
===================================================================
Description: Avoid double free of connection pointers
.
libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply patch from Launchpad to set freed pointers to NULL before
subsequent checks against NULL. (Closes: #774313)
Author: Neil Williams <[email protected]>
Bug-Debian: https://bugs.debian.org/774313
Origin: ubuntu, https://launchpadlibrarian.net/177475074/doublefree.patch
---
--- libapache2-mod-auth-pgsql-2.0.3.orig/mod_auth_pgsql.c
+++ libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c
@@ -489,6 +489,7 @@ PGconn *pg_connect(pg_auth_config_rec *s
"mod_auth_pgsql database
connection error reset failed %s",
PQerrorMessage(conn));
PQfinish(conn);
+ conn = NULL;
return NULL;
}
}
@@ -562,6 +563,7 @@ char *do_pg_query(request_rec * r, char
"mod_auth_pgsql database
character set encoding %s",
check);
PQfinish(pg_conn);
+ pg_conn = NULL;
return NULL;
}
}
@@ -573,12 +575,15 @@ char *do_pg_query(request_rec * r, char
"PGSQL 2: %s -- Query: %s ",
PQerrorMessage(pg_conn), query);
PQfinish(pg_conn);
+ pg_conn = NULL;
return NULL;
}
if (PQresultStatus(pg_result) == PGRES_EMPTY_QUERY) {
PQclear(pg_result);
+ pg_result = NULL;
PQfinish(pg_conn);
+ pg_conn = NULL;
return NULL;
}
@@ -586,7 +591,9 @@ char *do_pg_query(request_rec * r, char
apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 3: %s -- Query:
%s",
PQerrorMessage(pg_conn), query);
PQclear(pg_result);
+ pg_result = NULL;
PQfinish(pg_conn);
+ pg_conn = NULL;
return NULL;
}
@@ -596,7 +603,9 @@ char *do_pg_query(request_rec * r, char
apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 4: %s",
PQerrorMessage(pg_conn));
PQclear(pg_result);
+ pg_result = NULL;
PQfinish(pg_conn);
+ pg_conn = NULL;
return NULL;
}
@@ -604,7 +613,9 @@ char *do_pg_query(request_rec * r, char
apr_snprintf(pg_errstr, MAX_STRING_LEN,
"Could not get memory for
Postgres query.");
PQclear(pg_result);
+ pg_result = NULL;
PQfinish(pg_conn);
+ pg_conn = NULL;
return NULL;
}
@@ -613,7 +624,9 @@ char *do_pg_query(request_rec * r, char
/* ignore errors here ! */
PQclear(pg_result);
+ pg_result = NULL;
PQfinish(pg_conn);
+ pg_conn = NULL;
return result;
}
1.1
www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch?rev=1.1&content-type=text/plain
Index: mod_auth_pgsql-2.0.3-encoding.patch
===================================================================
From: Marco Nenciarini <[email protected]>
Date: Sat, 10 Aug 2013 16:26:41 +0200
Subject: encoding
---
mod_auth_pgsql.c | 144 +++++++++++++++++++++++++++++++---------------------
mod_auth_pgsql.html | 9 ++++
2 files changed, 94 insertions(+), 59 deletions(-)
diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c
index f13c166..639537d 100644
--- a/mod_auth_pgsql.c
+++ b/mod_auth_pgsql.c
@@ -151,6 +151,7 @@ typedef struct {
const char *auth_pg_port;
const char *auth_pg_options;
const char *auth_pg_user;
+ const char *auth_pg_charset;
const char *auth_pg_pwd;
const char *auth_pg_pwd_table;
const char *auth_pg_uname_field;
@@ -181,6 +182,8 @@ typedef struct {
} pg_auth_config_rec;
+static PGconn *pg_conn;
+
static apr_pool_t *auth_pgsql_pool = NULL;
static apr_pool_t *auth_pgsql_pool_base64 = NULL;
@@ -220,6 +223,7 @@ static void *create_pg_auth_dir_config(apr_pool_t * p, char
*d)
new_rec->auth_pg_port = NULL;
new_rec->auth_pg_options = NULL;
new_rec->auth_pg_user = NULL;
+ new_rec->auth_pg_charset = NULL;
new_rec->auth_pg_pwd = NULL;
new_rec->auth_pg_pwd_table = NULL;
new_rec->auth_pg_uname_field = NULL;
@@ -324,6 +328,10 @@ static const command_rec pg_auth_cmds[] = {
(void *) APR_OFFSETOF(pg_auth_config_rec,
auth_pg_user),
OR_AUTHCFG,
"user name connect as"),
+ AP_INIT_TAKE1("Auth_PG_charset", ap_set_string_slot,
+ (void *) APR_OFFSETOF(pg_auth_config_rec,
auth_pg_charset),
+ OR_AUTHCFG,
+ "charset to use for connection"),
AP_INIT_TAKE1("Auth_PG_pwd", ap_set_string_slot,
(void *) APR_OFFSETOF(pg_auth_config_rec,
auth_pg_pwd),
OR_AUTHCFG,
@@ -462,53 +470,51 @@ static char *auth_pg_base64(char *pw)
}
+PGconn *pg_connect(pg_auth_config_rec *sec)
+{
+ PGconn *conn;
-/* Got from POstgreSQL 7.2 */
-/* ---------------
- * Escaping arbitrary strings to get valid SQL strings/identifiers.
- *
- * Replaces "\\" with "\\\\" and "'" with "''".
- * length is the length of the buffer pointed to by
- * from. The buffer at to must be at least 2*length + 1 characters
- * long. A terminating NUL character is written.
- * ---------------
- */
+ conn = PQsetdbLogin(sec->auth_pg_host, sec->auth_pg_port,
+ sec->auth_pg_options, NULL, sec->auth_pg_database,
+ sec->auth_pg_user, sec->auth_pg_pwd);
+ if (PQstatus(conn) != CONNECTION_OK) {
+ PQreset(conn);
+ apr_snprintf(pg_errstr, MAX_STRING_LEN,
+ "mod_auth_pgsql database connection
error resetting %s",
+ PQerrorMessage(conn));
+ if (PQstatus(conn) != CONNECTION_OK) {
+ apr_snprintf(pg_errstr, MAX_STRING_LEN,
+ "mod_auth_pgsql database
connection error reset failed %s",
+ PQerrorMessage(conn));
+ PQfinish(conn);
+ return NULL;
+ }
+ }
+ return conn;
+}
-static size_t pg_check_string(char *to, const char *from, size_t length)
-{
- const char *source = from;
- char *target = to;
- unsigned int remaining = length;
-
- while (remaining > 0) {
- switch (*source) {
- case '\\':
- *target = '\\';
- target++;
- *target = '\\';
- /* target and remaining are updated below. */
- break;
- case '\'':
- *target = '\'';
- target++;
- *target = '\'';
- /* target and remaining are updated below. */
- break;
+static size_t pg_check_string(char *to, const char *from, size_t length,
request_rec * r, pg_auth_config_rec *sec)
+{
+ int error;
- default:
- *target = *source;
- /* target and remaining are updated below. */
+ if (!pg_conn) {
+ if (!(pg_conn = pg_connect(sec))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - cannot connect to database");
+ ap_note_basic_auth_failure(r);
+ return -1;
}
- source++;
- target++;
- remaining--;
}
- /* Write the terminating NUL character. */
- *target = '\0';
+ PQescapeStringConn(pg_conn, to, from, length, &error);
+
+ if (error) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c]
- cannot escape string");
+ ap_note_basic_auth_failure(r);
+ return -1;
+ }
- return target - to;
+ return 0;
}
@@ -518,7 +524,6 @@ static size_t pg_check_string(char *to, const char *from,
size_t length)
char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec)
{
PGresult *pg_result;
- PGconn *pg_conn;
char *val;
char *result = NULL;
@@ -530,19 +535,10 @@ char *do_pg_query(request_rec * r, char *query,
pg_auth_config_rec * sec)
sec->auth_pg_database);
#endif /* DEBUG_AUTH_PGSQL */
- pg_conn = PQsetdbLogin(sec->auth_pg_host, sec->auth_pg_port,
- sec->auth_pg_options, NULL, sec->auth_pg_database,
- sec->auth_pg_user, sec->auth_pg_pwd);
- if (PQstatus(pg_conn) != CONNECTION_OK) {
- PQreset(pg_conn);
- apr_snprintf(pg_errstr, MAX_STRING_LEN,
- "mod_auth_pgsql database connection
error resetting %s",
- PQerrorMessage(pg_conn));
- if (PQstatus(pg_conn) != CONNECTION_OK) {
- apr_snprintf(pg_errstr, MAX_STRING_LEN,
- "mod_auth_pgsql database
connection error reset failed %s",
- PQerrorMessage(pg_conn));
- PQfinish(pg_conn);
+ if (!pg_conn) {
+ if (!(pg_conn = pg_connect(sec))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - cannot connect to database");
+ ap_note_basic_auth_failure(r);
return NULL;
}
}
@@ -552,6 +548,21 @@ char *do_pg_query(request_rec * r, char *query,
pg_auth_config_rec * sec)
query);
#endif /* DEBUG_AUTH_PGSQL */
+ if (sec->auth_pg_charset) {
+ const char *check;
+
+ PQsetClientEncoding(pg_conn, sec->auth_pg_charset);
+
+ check = pg_encoding_to_char(PQclientEncoding(pg_conn));
+
+ if (!check || strcmp(sec->auth_pg_charset, check)) {
+ apr_snprintf(pg_errstr, MAX_STRING_LEN,
+ "mod_auth_pgsql database
character set encoding %s");
+ PQfinish(pg_conn);
+ return NULL;
+ }
+ }
+
pg_result = PQexec(pg_conn, query);
if (pg_result == NULL) {
@@ -610,7 +621,7 @@ char *get_pg_pw(request_rec * r, char *user,
pg_auth_config_rec * sec)
int n;
safe_user = apr_palloc(r->pool, 1 + 2 * strlen(user));
- pg_check_string(safe_user, user, strlen(user));
+ pg_check_string(safe_user, user, strlen(user), r, sec);
#ifdef DEBUG_AUTH_PGSQL
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
@@ -685,8 +696,8 @@ static char *get_pg_grp(request_rec * r, char *group, char
*user,
#endif /* DEBUG_AUTH_PGSQL */
query[0] = '\0';
- pg_check_string(safe_user, user, strlen(user));
- pg_check_string(safe_group, group, strlen(group));
+ pg_check_string(safe_user, user, strlen(user), r, sec);
+ pg_check_string(safe_group, group, strlen(group), r, sec);
if ((!sec->auth_pg_grp_table) ||
(!sec->auth_pg_grp_group_field) ||
(!sec->auth_pg_grp_user_field))
@@ -777,6 +788,14 @@ static int pg_authenticate_basic_user(request_rec * r)
}
pg_errstr[0] = '\0';
+ if (!pg_conn) {
+ if (!(pg_conn = pg_connect(sec))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - cannot connect to database");
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+
if (sec->auth_pg_cache_passwords
&& (!apr_is_empty_table(sec->cache_pass_table))) {
val = (char *) apr_table_get(sec->cache_pass_table, user);
@@ -904,6 +923,13 @@ static int pg_check_auth(request_rec * r)
#endif /* DEBUG_AUTH_PGSQL */
+ if (!pg_conn) {
+ if (!(pg_conn = pg_connect(sec))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"[mod_auth_pgsql.c] - cannot connect to database");
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ }
/* if we cannot do it; leave it to some other guy
*/
@@ -1015,9 +1041,9 @@ pg_log_auth_user(request_rec * r, pg_auth_config_rec *
sec, char *user,
}
/* AUD: MAX_STRING_LEN probably isn't always correct */
- pg_check_string(safe_user, user, strlen(user));
- pg_check_string(safe_pw, sent_pw, strlen(sent_pw));
- pg_check_string(safe_req, r->the_request, strlen(r->the_request));
+ pg_check_string(safe_user, user, strlen(user), r, sec);
+ pg_check_string(safe_pw, sent_pw, strlen(sent_pw), r, sec);
+ pg_check_string(safe_req, r->the_request, strlen(r->the_request), r,
sec);
if (sec->auth_pg_lowercaseuid) {
diff --git a/mod_auth_pgsql.html b/mod_auth_pgsql.html
index d35768b..5474314 100644
--- a/mod_auth_pgsql.html
+++ b/mod_auth_pgsql.html
@@ -48,6 +48,7 @@ Notes</a> |<a href="#Changelog"> Changelog</a> </p>
<li><a href="#host">Auth_PG_host</a> </li>
<li><a href="#port">Auth_PG_port</a> </li>
<li><a href="#options">Auth_PG_options</a> </li>
+ <li><a href="#charset">Auth_PG_charset</a> </li>
<li><a href="#database">Auth_PG_database</a> </li>
<li><a href="#user">Auth_PG_user</a> </li>
<li><a href="#pwd">Auth_PG_pwd</a> </li>
@@ -104,6 +105,14 @@ be found. </p>
<p>Specifies an option string to be passed to the postgreSQL backend
process. Refer to the PostgreSQL user manual for a description of the
available options. </p>
+<h2><a name="charset"></a> Auth_PG_charset</h2>
+<b>Syntax:</b> Auth_PG_options <i>option string</i><br>
+<b>Context:</b> directory, .htaccess <br>
+<b>Override:</b> AuthConfig <br>
+<b>Status:</b> Extension
+<p>Specifies the name of an encoding to be set for the PostgreSQL
+backend process. Refer to the PostgreSQL user manual for a description
+of the available options. </p>
<h2><a name="database"></a> Auth_PG_database</h2>
<b>Syntax:</b> Auth_PG_database <i>database name</i><br>
<b>Context:</b> directory, .htaccess <br>
