Bug#287160: Same Problem with 'require group xxx'

Adrian Bridgett Tue, 04 Jul 2006 09:24:09 -0700

w00t - found it.  The code was using ap_set_flag_slot which sets an
int, however the data structure was only a char.  So any setting of
Auth_MySQL_Empty_Passwords was overwriting authoritative and setting
it to zero.   Patch attached (manually edited from one that has SHA512
in it).


> > Auth_MySQL_DB jira
> 
> I feel for you.  At least I only have to use it -- I can't imagine what it
> must be like to have to administer it...

heh :-)  I quite like it, but packaging Java apps is a right PITA.

Adrian

--- libapache-mod-auth-mysql-4.3.9.orig/mod_auth_mysql.c
+++ libapache-mod-auth-mysql-4.3.9/mod_auth_mysql.c
@@ -643,6 +643,25 @@
        APACHELOG(APLOG_DEBUG, cmd, "enable_mysql: Setting enable_mysql_auth in 
%s to %i", sec->dir, sec->enable_mysql_auth);
        return NULL;
 }
+/* we cannot use ap_set_flag_slot since it expects an int, not a char */
+static const char *set_empty_passwords(cmd_parms *cmd, void *sconf, int arg)
+{
+       mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
+
+       sec->allow_empty_passwords = arg;
+       APACHELOG(APLOG_DEBUG, cmd, "set_empty_passwords: Setting 
allow_empty_passwords in %s to %i", sec->dir, sec->allow_empty_passwords);
+       return NULL;
+}
+
+/* we cannot use ap_set_flag_slot since it expects an int, not a char */
+static const char *set_authoritative(cmd_parms *cmd, void *sconf, int arg)
+{
+       mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf;
+
+       sec->authoritative = arg;
+       APACHELOG(APLOG_DEBUG, cmd, "set_authoritative: Setting authoritative 
in %s to %i", sec->dir, sec->authoritative);
+       return NULL;
+}
 
 /* The command list.  What it's called, when it's legal to use it, and
  * what to do when we find it.  Pretty cool, IMHO.
@@ -787,20 +806,20 @@
                  (void*)APR_XtOffsetOf(mysql_auth_config_rec, 
group_user_field),
                  OR_AUTHCFG,   "The name of the user-name field in the MySQL 
group table; defaults to the same as the username field for the password 
table." ),
 
-   AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords",         ap_set_flag_slot,
-                (void*)APR_XtOffsetOf(mysql_auth_config_rec, 
allow_empty_passwords),
+   AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords",         set_empty_passwords,
+                NULL,
                 OR_AUTHCFG,    "Enable (on) or disable (off) empty password 
strings; in which case any user password is accepted." ),
 
-   AP_INIT_FLAG( "AuthMySQL_Empty_Passwords",          ap_set_flag_slot,
-                (void*)APR_XtOffsetOf(mysql_auth_config_rec, 
allow_empty_passwords),
+   AP_INIT_FLAG( "AuthMySQL_Empty_Passwords",          set_empty_passwords,
+                NULL,
                 OR_AUTHCFG,    "Enable (on) or disable (off) empty password 
strings; in which case any user password is accepted." ),
 
-   AP_INIT_FLAG( "Auth_MySQL_Authoritative",           ap_set_flag_slot,
-                (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
+   AP_INIT_FLAG( "Auth_MySQL_Authoritative",           set_authoritative,
+                NULL,
                 OR_AUTHCFG,    "When 'on' the MySQL database is taken to be 
authoritative and access control is not passed along to other db or access 
modules." ),
 
-   AP_INIT_FLAG( "AuthMySQL_Authoritative",            ap_set_flag_slot,
-                (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative),
+   AP_INIT_FLAG( "AuthMySQL_Authoritative",            set_authoritative,
+                NULL,
                 OR_AUTHCFG,    "When 'on' the MySQL database is taken to be 
authoritative and access control is not passed along to other db or access 
modules." ),
 
    AP_INIT_FLAG( "AuthMySQL_AllowOverride",            set_auth_mysql_override,
@@ -983,20 +1002,20 @@
          (void *) XtOffsetOf(mysql_auth_config_rec, group_user_field),
          OR_AUTHCFG,   TAKE1,  "The name of the user-name field in the MySQL 
group table; defaults to the same as the username field for the password 
table." },
 
-       { "Auth_MySQL_Empty_Passwords",         ap_set_flag_slot,
-         (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
+       { "Auth_MySQL_Empty_Passwords",         set_empty_passwords,
+         NULL,
          OR_AUTHCFG,   FLAG,   "Enable (on) or disable (off) empty password 
strings; in which case any user password is accepted." },
 
-       { "AuthMySQL_Empty_Passwords",          ap_set_flag_slot,
-         (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords),
+       { "AuthMySQL_Empty_Passwords",          set_empty_passwords,
+         NULL,
          OR_AUTHCFG,   FLAG,   "Enable (on) or disable (off) empty password 
strings; in which case any user password is accepted." },
 
-       { "Auth_MySQL_Authoritative",           ap_set_flag_slot,
-         (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
+       { "Auth_MySQL_Authoritative",           set_authoritative,
+         NULL,
          OR_AUTHCFG,   FLAG,   "When 'on' the MySQL database is taken to be 
authoritative and access control is not passed along to other db or access 
modules." },
 
-       { "AuthMySQL_Authoritative",            ap_set_flag_slot,
-         (void *) XtOffsetOf(mysql_auth_config_rec, authoritative),
+       { "AuthMySQL_Authoritative",            set_authoritative,
+         NULL,
          OR_AUTHCFG,   FLAG,   "When 'on' the MySQL database is taken to be 
authoritative and access control is not passed along to other db or access 
modules." },
 
        { "AuthMySQL_AllowOverride",            set_auth_mysql_override,

Bug#287160: Same Problem with 'require group xxx'

Reply via email to