commit: 31bd551b4294b9dfd39858efc1e8a44b013da966 Author: Aaron W. Swenson <titanofold <AT> gentoo <DOT> org> AuthorDate: Mon Mar 21 16:08:19 2016 +0000 Commit: Aaron Swenson <titanofold <AT> gentoo <DOT> org> CommitDate: Mon Mar 21 16:18:00 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31bd551b
www-apache/mod_auth_pgsql: Removal www-apache/mod_auth_pgsql was removed per bug 548974. It hasn’t been updated for somewhere around 10 years and has been superseded by mod_authn_dbd for quite some time. Additionally, mod_auth_pgsql is susceptible to severe security bug(s) that have gone unresolved by upstream, which has also disappeared. If you’re still using mod_auth_pgsql, may God have mercy on your soul. Bug: 255033, 548974 profiles/package.mask | 6 - www-apache/mod_auth_pgsql/Manifest | 1 - .../mod_auth_pgsql/files/80_mod_auth_pgsql.conf | 9 - .../files/mod_auth_pgsql-2.0.3-apache-2.4.patch | 341 --------------------- .../files/mod_auth_pgsql-2.0.3-documentation.patch | 124 -------- .../files/mod_auth_pgsql-2.0.3-encoding.patch | 283 ----------------- .../files/mod_auth_pgsql-2.0.3-fixdoublefree.patch | 87 ------ www-apache/mod_auth_pgsql/metadata.xml | 8 - .../mod_auth_pgsql/mod_auth_pgsql-2.0.3-r1.ebuild | 31 -- .../mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild | 40 --- 10 files changed, 930 deletions(-) diff --git a/profiles/package.mask b/profiles/package.mask index f962e93..ddf7371 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -325,12 +325,6 @@ media-libs/evas # ghc-7.10, bug #561122 dev-haskell/extra:0 -# Aaron W. Swenson <titanof...@gentoo.org> (11 Jan 2016) -# Masked for removal after 2016-03-11. Package hasn't been updated in -# some time and doesn't work with Apache 2.4 without patching by -# Gentoo. (Bug 548974) Use Apache Module mod_authn_dbd instead. -www-apache/mod_auth_pgsql - # Andreas K. Hüttel <dilfri...@gentoo.org> (9 Jan 2016) # Errorneously added. Is already in perl-core. Please uninstall. dev-perl/ExtUtils-Constant diff --git a/www-apache/mod_auth_pgsql/Manifest b/www-apache/mod_auth_pgsql/Manifest deleted file mode 100644 index 55f24a8..0000000 --- a/www-apache/mod_auth_pgsql/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST mod_auth_pgsql-2.0.3.tar.gz 15474 SHA256 51651609d742e21bbc587fd4951b41a39deda53262cbf931b9b40bdda3b5cb92 SHA512 9ec9d9c1075d37e62e98f0f5519147d9fb2042ef7e149ff50461f3966d548afceefc330f4a1c3bd8fc64b5e93ed3e85508571a5b1b9832974c84267737e89cb0 WHIRLPOOL dea354fb9b3a06f668b8b039339b5972e295abd7357d6c5a61f6192a5c3bbcad1227f86a3d9b552e4b564476b8da9ded5f7b175d77f4cba0c3e360567aef13b2 diff --git a/www-apache/mod_auth_pgsql/files/80_mod_auth_pgsql.conf b/www-apache/mod_auth_pgsql/files/80_mod_auth_pgsql.conf deleted file mode 100644 index 96ea129..0000000 --- a/www-apache/mod_auth_pgsql/files/80_mod_auth_pgsql.conf +++ /dev/null @@ -1,9 +0,0 @@ -# To make this module work with apache 2.2 you have to specify -# `AuthBasicAuthoritative Off' in your authentication section. See -# http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative - -<IfDefine AUTH_PGSQL> -LoadModule auth_pgsql_module modules/mod_auth_pgsql.so -</IfDefine> - -# vim: ts=4 filetype=apache diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch deleted file mode 100644 index d9818eb..0000000 --- a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch +++ /dev/null @@ -1,341 +0,0 @@ -From: Marco Nenciarini <mnen...@debian.org> -Date: Sat, 20 Jul 2013 18:47:04 +0200 -Subject: apache 2.4 - ---- - mod_auth_pgsql.c | 196 ++++++++++++------------------------------------------- - 1 file changed, 41 insertions(+), 155 deletions(-) - -diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c -index 639537d..26d7f90 100644 ---- a/mod_auth_pgsql.c -+++ b/mod_auth_pgsql.c -@@ -109,6 +109,8 @@ - #include "http_request.h" - #include "util_script.h" - -+#include "mod_auth.h" -+ - #ifdef WIN32 - #define crypt apr_password_validate - #else -@@ -191,7 +193,7 @@ module AP_MODULE_DECLARE_DATA auth_pgsql_module; - - - static int pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, -- char *user, char *sent_pw); -+ const char *user, const char *sent_pw); - static char *do_pg_query(request_rec * r, char *query, - pg_auth_config_rec * sec); - -@@ -442,9 +444,8 @@ static char pg_errstr[MAX_STRING_LEN]; - * failures separately - */ - --static char *auth_pg_md5(char *pw) -+static char *auth_pg_md5(const char *pw) - { -- apr_md5_ctx_t ctx; - unsigned char digest[APR_MD5_DIGESTSIZE]; - static unsigned char md5hash[APR_MD5_DIGESTSIZE * 2 + 1]; - int i; -@@ -459,14 +460,15 @@ static char *auth_pg_md5(char *pw) - } - - --static char *auth_pg_base64(char *pw) -+static char *auth_pg_base64(const char *pw) - { - if (auth_pgsql_pool_base64 == NULL) - apr_pool_create_ex(&auth_pgsql_pool_base64, NULL, NULL, NULL); - if (auth_pgsql_pool == NULL) - return NULL; - -- return ap_pbase64encode(auth_pgsql_pool, pw); -+ /* NOTE: ap_pbase64encode is no change arg2. so removable const. */ -+ return ap_pbase64encode(auth_pgsql_pool, (char *)pw); - } - - -@@ -557,7 +559,8 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) - - if (!check || strcmp(sec->auth_pg_charset, check)) { - apr_snprintf(pg_errstr, MAX_STRING_LEN, -- "mod_auth_pgsql database character set encoding %s"); -+ "mod_auth_pgsql database character set encoding %s", -+ check); - PQfinish(pg_conn); - return NULL; - } -@@ -614,7 +617,7 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) - return result; - } - --char *get_pg_pw(request_rec * r, char *user, pg_auth_config_rec * sec) -+char *get_pg_pw(request_rec * r, const char *user, pg_auth_config_rec * sec) - { - char query[MAX_STRING_LEN]; - char *safe_user; -@@ -755,19 +758,20 @@ static char *get_pg_grp(request_rec * r, char *group, char *user, - } - - /* Process authentication request from Apache*/ --static int pg_authenticate_basic_user(request_rec * r) -+static authn_status check_password(request_rec *r, const char *user, -+ const char *password) - { -+ - pg_auth_config_rec *sec = - (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config, - &auth_pgsql_module); -- char *val = NULL; -- char *sent_pw, *real_pw; -- int res; -- char *user; -+ const char *val = NULL; -+ const char *sent_pw; -+ const char *real_pw; -+ authn_status auth_res; -+ -+ sent_pw = password; - -- if ((res = ap_get_basic_auth_pw(r, (const char **) &sent_pw))) -- return res; -- user = r->user; - - #ifdef DEBUG_AUTH_PGSQL - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, -@@ -784,7 +788,7 @@ static int pg_authenticate_basic_user(request_rec * r) - if ((!sec->auth_pg_pwd_table) && (!sec->auth_pg_pwd_field)) { - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, - "[mod_auth_pgsql.c] - missing configuration parameters"); -- return DECLINED; -+ return AUTH_GENERAL_ERROR; - } - pg_errstr[0] = '\0'; - -@@ -809,22 +813,16 @@ static int pg_authenticate_basic_user(request_rec * r) - - if (!real_pw) { - if (pg_errstr[0]) { -- res = HTTP_INTERNAL_SERVER_ERROR; -+ auth_res = AUTH_GENERAL_ERROR; - } else { -- if (sec->auth_pg_authoritative) { - /* force error and access denied */ - apr_snprintf(pg_errstr, MAX_STRING_LEN, - "mod_auth_pgsql: Password for user %s not found (PG-Authoritative)", - user); -- ap_note_basic_auth_failure(r); -- res = HTTP_UNAUTHORIZED; -- } else { -- /* allow fall through to another module */ -- return DECLINED; -- } -+ auth_res = AUTH_USER_NOT_FOUND; - } - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); -- return res; -+ return auth_res; - } - - /* allow no password, if the flag is set and the password -@@ -836,7 +834,7 @@ static int pg_authenticate_basic_user(request_rec * r) - user); - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); - pg_log_auth_user(r, sec, user, sent_pw); -- return OK; -+ return AUTH_GRANTED; - }; - - /* if the flag is off however, keep that kind of stuff at -@@ -847,8 +845,7 @@ static int pg_authenticate_basic_user(request_rec * r) - "[mod_auth_pgsql.c] - Empty password rejected for user \"%s\"", - user); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); -- ap_note_basic_auth_failure(r); -- return HTTP_UNAUTHORIZED; -+ return AUTH_DENIED; - }; - - if (sec->auth_pg_encrypted) -@@ -877,8 +874,7 @@ static int pg_authenticate_basic_user(request_rec * r) - apr_snprintf(pg_errstr, MAX_STRING_LEN, - "PG user %s: password mismatch", user); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); -- ap_note_basic_auth_failure(r); -- return HTTP_UNAUTHORIZED; -+ return AUTH_DENIED; - } - - /* store password in the cache */ -@@ -891,130 +887,13 @@ static int pg_authenticate_basic_user(request_rec * r) - } - - pg_log_auth_user(r, sec, user, sent_pw); -- return OK; --} -- --/* Checking ID */ -- --static int pg_check_auth(request_rec * r) --{ -- pg_auth_config_rec *sec = -- (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config, -- &auth_pgsql_module); -- char *user = r->user; -- int m = r->method_number; -- int group_result = DECLINED; -- -- -- -- apr_array_header_t *reqs_arr = (apr_array_header_t *) ap_requires(r); -- require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; -- -- register int x, res; -- const char *t; -- char *w; -- -- pg_errstr[0] = '\0'; -- --#ifdef DEBUG_AUTH_PGSQL -- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, -- "[mod_auth_pgsql.c] - pg_check_auth - going to check auth for user \"%s\" ", -- user); --#endif /* DEBUG_AUTH_PGSQL */ -- -- -- if (!pg_conn) { -- if (!(pg_conn = pg_connect(sec))) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); -- ap_note_basic_auth_failure(r); -- return HTTP_UNAUTHORIZED; -- } -- } -- -- /* if we cannot do it; leave it to some other guy -- */ -- if ((!sec->auth_pg_grp_table) && (!sec->auth_pg_grp_group_field) -- && (!sec->auth_pg_grp_user_field)) -- return DECLINED; -- -- if (!reqs_arr) { -- if (sec->auth_pg_authoritative) { -- /* force error and access denied */ -- apr_snprintf(pg_errstr, MAX_STRING_LEN, -- "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", -- user); -- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); -- ap_note_basic_auth_failure(r); -- res = HTTP_UNAUTHORIZED; -- } else { -- return DECLINED; -- } -- } -- -- for (x = 0; x < reqs_arr->nelts; x++) { -- -- if (!(reqs[x].method_mask & (1 << m))) -- continue; -- -- t = reqs[x].requirement; -- w = ap_getword(r->pool, &t, ' '); -- -- if (!strcmp(w, "valid-user")) -- return OK; -- -- if (!strcmp(w, "user")) { -- while (t[0]) { -- w = ap_getword_conf(r->pool, &t); -- if (!strcmp(user, w)) -- return OK; -- } -- if (sec->auth_pg_authoritative) { -- /* force error and access denied */ -- apr_snprintf(pg_errstr, MAX_STRING_LEN, -- "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", -- user); -- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); -- ap_note_basic_auth_failure(r); -- return HTTP_UNAUTHORIZED; -- } -- -- } else if (!strcmp(w, "group")) { -- /* look up the membership for each of the groups in the table */ -- pg_errstr[0] = '\0'; -- -- while (t[0]) { -- if (get_pg_grp(r, ap_getword(r->pool, &t, ' '), user, sec)) { -- group_result = OK; -- }; -- }; -- -- if (pg_errstr[0]) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); -- return HTTP_INTERNAL_SERVER_ERROR; -- } -- -- if (group_result == OK) -- return OK; -- -- if (sec->auth_pg_authoritative) { -- apr_snprintf(pg_errstr, MAX_STRING_LEN, -- "[mod_auth_pgsql.c] - user %s not in right groups (PG-Authoritative)", -- user); -- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); -- ap_note_basic_auth_failure(r); -- return HTTP_UNAUTHORIZED; -- }; -- } -- } -- -- return DECLINED; -+ return AUTH_GRANTED; - } - -- - /* Send the authentication to the log table */ - int --pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, -- char *sent_pw) -+pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, const char *user, -+ const char *sent_pw) - { - char sql[MAX_STRING_LEN]; - char *s; -@@ -1087,7 +966,7 @@ pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, - sec->auth_pg_log_addrs_field); - strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1); - apr_snprintf(sql, MAX_STRING_LEN, ", '%s'", -- r->connection->remote_ip); -+ r->connection->client_ip); - strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1); - } - if (sec->auth_pg_log_pwd_field) { /* Password field , clear WARNING */ -@@ -1140,15 +1019,22 @@ static void *pg_auth_server_config(apr_pool_t * p, server_rec * s) - } - - -+static const authn_provider authn_pgsql_provider = -+{ -+ &check_password, -+ NULL, -+}; -+ - static void register_hooks(apr_pool_t * p) - { - ap_hook_post_config(pg_auth_init_handler, NULL, NULL, APR_HOOK_MIDDLE); -- ap_hook_auth_checker(pg_check_auth, NULL, NULL, APR_HOOK_MIDDLE); -- ap_hook_check_user_id(pg_authenticate_basic_user, NULL, NULL, -- APR_HOOK_MIDDLE); -+ -+ ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "pgsql", -+ AUTHN_PROVIDER_VERSION, -+ &authn_pgsql_provider, AP_AUTH_INTERNAL_PER_CONF); - }; - --module AP_MODULE_DECLARE_DATA auth_pgsql_module = { -+AP_DECLARE_MODULE(auth_pgsql) = { - STANDARD20_MODULE_STUFF, - create_pg_auth_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch deleted file mode 100644 index 262d07d..0000000 --- a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch +++ /dev/null @@ -1,124 +0,0 @@ -From: Marco Nenciarini <mnen...@debian.org> -Date: Sat, 10 Aug 2013 16:26:41 +0200 -Subject: documentation - ---- - mod_auth_pgsql.html | 47 ++++++++++++++++++++++++++++------------------- - 1 file changed, 28 insertions(+), 19 deletions(-) - -diff --git a/mod_auth_pgsql.html b/mod_auth_pgsql.html -index 3269fe0..d35768b 100644 ---- a/mod_auth_pgsql.html -+++ b/mod_auth_pgsql.html -@@ -48,18 +48,19 @@ Notes</a> |<a href="#Changelog"> Changelog</a> </p> - <li><a href="#host">Auth_PG_host</a> </li> - <li><a href="#port">Auth_PG_port</a> </li> - <li><a href="#options">Auth_PG_options</a> </li> -- <li><a href="#pwd_table">Auth_PG_database</a> </li> -- <li><a href="#PGuser">Auth_PG_user</a> </li> -- <li><a href="PGpwd">Auth_PG_pwd</a> </li> -- <li><a href="#grp_table">Auth_PG_pwd_table</a> </li> -- <li><a href="#uid_field">Auth_PG_grp_table</a> </li> -+ <li><a href="#database">Auth_PG_database</a> </li> -+ <li><a href="#user">Auth_PG_user</a> </li> -+ <li><a href="#pwd">Auth_PG_pwd</a> </li> -+ <li><a href="#pwd_table">Auth_PG_pwd_table</a> </li> -+ <li><a href="#grp_table">Auth_PG_grp_table</a> </li> - <li><a href="#uid_field">Auth_PG_uid_field</a> </li> - <li><a href="#pwd_field">Auth_PG_pwd_field</a> </li> -- <li><a href="#gid_field">Auth_PG_gid_field</a> </li> -+ <li><a href="#grp_group_field">Auth_PG_grp_group_field</a> </li> -+ <li><a href="#grp_user_field">Auth_PG_grp_user_field</a> </li> - <li><a href="#nopasswd">Auth_PG_nopasswd</a> </li> - <li><a href="#authoritative">Auth_PG_authoritative</a> </li> -- <li><a href="#lowercaseuid">Auth_PG_lowercase_uid</a> </li> -- <li><a href="#uppercaseuid">Auth_PG_uppercase_uid</a></li> -+ <li><a href="#lowercase_uid">Auth_PG_lowercase_uid</a> </li> -+ <li><a href="#uppercase_uid">Auth_PG_uppercase_uid</a></li> - <li><a href="#pwd_ignore_case">Auth_PG_pwd_ignore_case</a><br> - </li> - <li><a href="#encrypted">Auth_PG_encrypted</a> </li> -@@ -112,7 +113,7 @@ available options. </p> - information.<br> - <br> - </p> --<h2><a name="PGuser"></a> Auth_PG_user<br> -+<h2><a name="user"></a> Auth_PG_user<br> - </h2> - <b>Syntax:</b> Auth_PG_user <i>username</i><br> - <b>Context:</b> directory, .htaccess <br> -@@ -125,7 +126,7 @@ access on all the log tables (if used).<br> - Needed if the user who make the quey is differrent from the - user runnig apache, or if the posmater is on a different server and you - must autheticate with password<br> --<h2><a name="PGpwd"></a> Auth_PG_pwd</h2> -+<h2><a name="pwd"></a> Auth_PG_pwd</h2> - <p><b>Syntax:</b> Auth_PG_pwd <i>password</i><br> - <b>Context:</b> directory, .htaccess <br> - <b>Override:</b> AuthConfig <br> -@@ -169,17 +170,25 @@ in the Auth_PG_pwd_table relation. </p> - <b>Override:</b> AuthConfig <br> - <b>Status:</b> Extension - <p>Specifies the attribute name of the field containing the encrypted --(see Auth_PG_encrypted) password in the Auth_PGpwd_table relation.<br> -+(see Auth_PG_encrypted) password in the Auth_PG_pwd_table relation.<br> - Please remember to use field of type varchar, not char for the password.<br> - </p> --<h2><a name="gid_field"></a> Auth_PG_gid_field</h2> --<b>Syntax:</b> Auth_PG_gid_field <i>attribute name</i><br> -+<h2><a name="grp_group_field"></a> Auth_PG_grp_group_field</h2> -+<b>Syntax:</b> Auth_PG_grp_group_field <i>attribute name</i><br> - <b>Context:</b> directory, .htaccess <br> - <b>Override:</b> AuthConfig <br> - <b>Status:</b> Extension - <p>Specifies the attribute name of the field containing the group name - in the Auth_PG_grp_table relation. This directive is only necessary if - you want to authenticate by user groups. </p> -+<h2><a name="grp_user_field"></a> Auth_PG_grp_user_field</h2> -+<b>Syntax:</b> Auth_PG_grp_user_field <i>attribute name</i><br> -+<b>Context:</b> directory, .htaccess <br> -+<b>Override:</b> AuthConfig <br> -+<b>Status:</b> Extension -+<p>Specifies the attribute name of the field containing the user name -+in the Auth_PG_grp_table relation. This directive is only necessary if -+you want to authenticate by user groups. </p> - <h2><a name="nopasswd"></a> Auth_PG_nopasswd</h2> - <b>Syntax:</b> Auth_PG_nopasswd <i>on</i> or <i>off</i><br> - <b>Context:</b> directory, .htaccess <br> -@@ -202,7 +211,7 @@ the PostgreSQL scheme, the parent directory scheme will be given - the chance to try and authenticate the user. Exercise caution - when turning this option off. It can be a security risk. Can be - used to use two authentication schemes for the same dir. </p> --<h2><a name="lowercaseuid"></a> Auth_PG_lowercase_uid</h2> -+<h2><a name="lowercase_uid"></a> Auth_PG_lowercase_uid</h2> - <b>Syntax:</b> Auth_PG_lowercase_uid <i>on</i> or <i>off</i><br> - <b>Context:</b> directory, .htaccess <br> - <b>Override:</b> AuthConfig <br> -@@ -211,7 +220,7 @@ used to use two authentication schemes for the same dir. </p> - user UIDs to lowercase before looking them up. When turned on this does - not affect the case of the original user ID should this module decline - to authenticate and a lower level is called.</p> --<h2><a name="uppercaseuid"></a> Auth_PG_uppercase_uid</h2> -+<h2><a name="uppercase_uid"></a> Auth_PG_uppercase_uid</h2> - <b>Syntax:</b> Auth_PG_uppercase_uid <i>on</i> or <i>off</i><br> - <b>Context:</b> directory, .htaccess <br> - <b>Override:</b> AuthConfig <br> -@@ -277,14 +286,14 @@ initial space .</em></p> - <p>This option allows you to exercise greater control over the SQL code - used to retrieve the group name and corresponding user from the - database. You can use this to search for the group name --using more attributes in the table than the gid_field. </p> -+using more attributes in the table than the grp_group_field. </p> - <p>The basic SQL statement used to retrieve a group name and user name - for checking looks like this: </p> - <ul> --select <i><uid_field></i> from <i><grp_table></i> where <i> --<gid_field></i> ='<i><required group></i> ' -+select <i><grp_user_field></i> from <i><grp_table></i> where <i> -+<grp_group_field></i> ='<i><required group></i> ' - </ul> --The gid_whereclause will be added to the end of this statement -+The grp_whereclause will be added to the end of this statement - and must fit logically. <em>The where clause must be double - quoted.<br> - <br> diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch deleted file mode 100644 index 959a97b..0000000 --- a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch +++ /dev/null @@ -1,283 +0,0 @@ -From: Marco Nenciarini <mnen...@debian.org> -Date: Sat, 10 Aug 2013 16:26:41 +0200 -Subject: encoding - ---- - mod_auth_pgsql.c | 144 +++++++++++++++++++++++++++++++--------------------- - mod_auth_pgsql.html | 9 ++++ - 2 files changed, 94 insertions(+), 59 deletions(-) - -diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c -index f13c166..639537d 100644 ---- a/mod_auth_pgsql.c -+++ b/mod_auth_pgsql.c -@@ -151,6 +151,7 @@ typedef struct { - const char *auth_pg_port; - const char *auth_pg_options; - const char *auth_pg_user; -+ const char *auth_pg_charset; - const char *auth_pg_pwd; - const char *auth_pg_pwd_table; - const char *auth_pg_uname_field; -@@ -181,6 +182,8 @@ typedef struct { - - } pg_auth_config_rec; - -+static PGconn *pg_conn; -+ - static apr_pool_t *auth_pgsql_pool = NULL; - static apr_pool_t *auth_pgsql_pool_base64 = NULL; - -@@ -220,6 +223,7 @@ static void *create_pg_auth_dir_config(apr_pool_t * p, char *d) - new_rec->auth_pg_port = NULL; - new_rec->auth_pg_options = NULL; - new_rec->auth_pg_user = NULL; -+ new_rec->auth_pg_charset = NULL; - new_rec->auth_pg_pwd = NULL; - new_rec->auth_pg_pwd_table = NULL; - new_rec->auth_pg_uname_field = NULL; -@@ -324,6 +328,10 @@ static const command_rec pg_auth_cmds[] = { - (void *) APR_OFFSETOF(pg_auth_config_rec, auth_pg_user), - OR_AUTHCFG, - "user name connect as"), -+ AP_INIT_TAKE1("Auth_PG_charset", ap_set_string_slot, -+ (void *) APR_OFFSETOF(pg_auth_config_rec, auth_pg_charset), -+ OR_AUTHCFG, -+ "charset to use for connection"), - AP_INIT_TAKE1("Auth_PG_pwd", ap_set_string_slot, - (void *) APR_OFFSETOF(pg_auth_config_rec, auth_pg_pwd), - OR_AUTHCFG, -@@ -462,53 +470,51 @@ static char *auth_pg_base64(char *pw) - } - - -+PGconn *pg_connect(pg_auth_config_rec *sec) -+{ -+ PGconn *conn; - --/* Got from POstgreSQL 7.2 */ --/* --------------- -- * Escaping arbitrary strings to get valid SQL strings/identifiers. -- * -- * Replaces "\\" with "\\\\" and "'" with "''". -- * length is the length of the buffer pointed to by -- * from. The buffer at to must be at least 2*length + 1 characters -- * long. A terminating NUL character is written. -- * --------------- -- */ -+ conn = PQsetdbLogin(sec->auth_pg_host, sec->auth_pg_port, -+ sec->auth_pg_options, NULL, sec->auth_pg_database, -+ sec->auth_pg_user, sec->auth_pg_pwd); -+ if (PQstatus(conn) != CONNECTION_OK) { -+ PQreset(conn); -+ apr_snprintf(pg_errstr, MAX_STRING_LEN, -+ "mod_auth_pgsql database connection error resetting %s", -+ PQerrorMessage(conn)); -+ if (PQstatus(conn) != CONNECTION_OK) { -+ apr_snprintf(pg_errstr, MAX_STRING_LEN, -+ "mod_auth_pgsql database connection error reset failed %s", -+ PQerrorMessage(conn)); -+ PQfinish(conn); -+ return NULL; -+ } -+ } -+ return conn; -+} - --static size_t pg_check_string(char *to, const char *from, size_t length) --{ -- const char *source = from; -- char *target = to; -- unsigned int remaining = length; -- -- while (remaining > 0) { -- switch (*source) { -- case '\\': -- *target = '\\'; -- target++; -- *target = '\\'; -- /* target and remaining are updated below. */ -- break; - -- case '\'': -- *target = '\''; -- target++; -- *target = '\''; -- /* target and remaining are updated below. */ -- break; -+static size_t pg_check_string(char *to, const char *from, size_t length, request_rec * r, pg_auth_config_rec *sec) -+{ -+ int error; - -- default: -- *target = *source; -- /* target and remaining are updated below. */ -+ if (!pg_conn) { -+ if (!(pg_conn = pg_connect(sec))) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); -+ ap_note_basic_auth_failure(r); -+ return -1; - } -- source++; -- target++; -- remaining--; - } - -- /* Write the terminating NUL character. */ -- *target = '\0'; -+ PQescapeStringConn(pg_conn, to, from, length, &error); -+ -+ if (error) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot escape string"); -+ ap_note_basic_auth_failure(r); -+ return -1; -+ } - -- return target - to; -+ return 0; - } - - -@@ -518,7 +524,6 @@ static size_t pg_check_string(char *to, const char *from, size_t length) - char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) - { - PGresult *pg_result; -- PGconn *pg_conn; - char *val; - char *result = NULL; - -@@ -530,19 +535,10 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) - sec->auth_pg_database); - #endif /* DEBUG_AUTH_PGSQL */ - -- pg_conn = PQsetdbLogin(sec->auth_pg_host, sec->auth_pg_port, -- sec->auth_pg_options, NULL, sec->auth_pg_database, -- sec->auth_pg_user, sec->auth_pg_pwd); -- if (PQstatus(pg_conn) != CONNECTION_OK) { -- PQreset(pg_conn); -- apr_snprintf(pg_errstr, MAX_STRING_LEN, -- "mod_auth_pgsql database connection error resetting %s", -- PQerrorMessage(pg_conn)); -- if (PQstatus(pg_conn) != CONNECTION_OK) { -- apr_snprintf(pg_errstr, MAX_STRING_LEN, -- "mod_auth_pgsql database connection error reset failed %s", -- PQerrorMessage(pg_conn)); -- PQfinish(pg_conn); -+ if (!pg_conn) { -+ if (!(pg_conn = pg_connect(sec))) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); -+ ap_note_basic_auth_failure(r); - return NULL; - } - } -@@ -552,6 +548,21 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) - query); - #endif /* DEBUG_AUTH_PGSQL */ - -+ if (sec->auth_pg_charset) { -+ const char *check; -+ -+ PQsetClientEncoding(pg_conn, sec->auth_pg_charset); -+ -+ check = pg_encoding_to_char(PQclientEncoding(pg_conn)); -+ -+ if (!check || strcmp(sec->auth_pg_charset, check)) { -+ apr_snprintf(pg_errstr, MAX_STRING_LEN, -+ "mod_auth_pgsql database character set encoding %s"); -+ PQfinish(pg_conn); -+ return NULL; -+ } -+ } -+ - pg_result = PQexec(pg_conn, query); - - if (pg_result == NULL) { -@@ -610,7 +621,7 @@ char *get_pg_pw(request_rec * r, char *user, pg_auth_config_rec * sec) - int n; - - safe_user = apr_palloc(r->pool, 1 + 2 * strlen(user)); -- pg_check_string(safe_user, user, strlen(user)); -+ pg_check_string(safe_user, user, strlen(user), r, sec); - - #ifdef DEBUG_AUTH_PGSQL - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, -@@ -685,8 +696,8 @@ static char *get_pg_grp(request_rec * r, char *group, char *user, - #endif /* DEBUG_AUTH_PGSQL */ - - query[0] = '\0'; -- pg_check_string(safe_user, user, strlen(user)); -- pg_check_string(safe_group, group, strlen(group)); -+ pg_check_string(safe_user, user, strlen(user), r, sec); -+ pg_check_string(safe_group, group, strlen(group), r, sec); - - if ((!sec->auth_pg_grp_table) || - (!sec->auth_pg_grp_group_field) || (!sec->auth_pg_grp_user_field)) -@@ -777,6 +788,14 @@ static int pg_authenticate_basic_user(request_rec * r) - } - pg_errstr[0] = '\0'; - -+ if (!pg_conn) { -+ if (!(pg_conn = pg_connect(sec))) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); -+ ap_note_basic_auth_failure(r); -+ return HTTP_UNAUTHORIZED; -+ } -+ } -+ - if (sec->auth_pg_cache_passwords - && (!apr_is_empty_table(sec->cache_pass_table))) { - val = (char *) apr_table_get(sec->cache_pass_table, user); -@@ -904,6 +923,13 @@ static int pg_check_auth(request_rec * r) - #endif /* DEBUG_AUTH_PGSQL */ - - -+ if (!pg_conn) { -+ if (!(pg_conn = pg_connect(sec))) { -+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); -+ ap_note_basic_auth_failure(r); -+ return HTTP_UNAUTHORIZED; -+ } -+ } - - /* if we cannot do it; leave it to some other guy - */ -@@ -1015,9 +1041,9 @@ pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, - } - - /* AUD: MAX_STRING_LEN probably isn't always correct */ -- pg_check_string(safe_user, user, strlen(user)); -- pg_check_string(safe_pw, sent_pw, strlen(sent_pw)); -- pg_check_string(safe_req, r->the_request, strlen(r->the_request)); -+ pg_check_string(safe_user, user, strlen(user), r, sec); -+ pg_check_string(safe_pw, sent_pw, strlen(sent_pw), r, sec); -+ pg_check_string(safe_req, r->the_request, strlen(r->the_request), r, sec); - - - if (sec->auth_pg_lowercaseuid) { -diff --git a/mod_auth_pgsql.html b/mod_auth_pgsql.html -index d35768b..5474314 100644 ---- a/mod_auth_pgsql.html -+++ b/mod_auth_pgsql.html -@@ -48,6 +48,7 @@ Notes</a> |<a href="#Changelog"> Changelog</a> </p> - <li><a href="#host">Auth_PG_host</a> </li> - <li><a href="#port">Auth_PG_port</a> </li> - <li><a href="#options">Auth_PG_options</a> </li> -+ <li><a href="#charset">Auth_PG_charset</a> </li> - <li><a href="#database">Auth_PG_database</a> </li> - <li><a href="#user">Auth_PG_user</a> </li> - <li><a href="#pwd">Auth_PG_pwd</a> </li> -@@ -104,6 +105,14 @@ be found. </p> - <p>Specifies an option string to be passed to the postgreSQL backend - process. Refer to the PostgreSQL user manual for a description of the - available options. </p> -+<h2><a name="charset"></a> Auth_PG_charset</h2> -+<b>Syntax:</b> Auth_PG_options <i>option string</i><br> -+<b>Context:</b> directory, .htaccess <br> -+<b>Override:</b> AuthConfig <br> -+<b>Status:</b> Extension -+<p>Specifies the name of an encoding to be set for the PostgreSQL -+backend process. Refer to the PostgreSQL user manual for a description -+of the available options. </p> - <h2><a name="database"></a> Auth_PG_database</h2> - <b>Syntax:</b> Auth_PG_database <i>database name</i><br> - <b>Context:</b> directory, .htaccess <br> diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch deleted file mode 100644 index c731477..0000000 --- a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch +++ /dev/null @@ -1,87 +0,0 @@ -Description: Avoid double free of connection pointers - . - libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium - . - * Non-maintainer upload. - * Apply patch from Launchpad to set freed pointers to NULL before - subsequent checks against NULL. (Closes: #774313) -Author: Neil Williams <codeh...@debian.org> -Bug-Debian: https://bugs.debian.org/774313 -Origin: ubuntu, https://launchpadlibrarian.net/177475074/doublefree.patch - ---- - ---- libapache2-mod-auth-pgsql-2.0.3.orig/mod_auth_pgsql.c -+++ libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c -@@ -489,6 +489,7 @@ PGconn *pg_connect(pg_auth_config_rec *s - "mod_auth_pgsql database connection error reset failed %s", - PQerrorMessage(conn)); - PQfinish(conn); -+ conn = NULL; - return NULL; - } - } -@@ -562,6 +563,7 @@ char *do_pg_query(request_rec * r, char - "mod_auth_pgsql database character set encoding %s", - check); - PQfinish(pg_conn); -+ pg_conn = NULL; - return NULL; - } - } -@@ -573,12 +575,15 @@ char *do_pg_query(request_rec * r, char - "PGSQL 2: %s -- Query: %s ", - PQerrorMessage(pg_conn), query); - PQfinish(pg_conn); -+ pg_conn = NULL; - return NULL; - } - - if (PQresultStatus(pg_result) == PGRES_EMPTY_QUERY) { - PQclear(pg_result); -+ pg_result = NULL; - PQfinish(pg_conn); -+ pg_conn = NULL; - return NULL; - } - -@@ -586,7 +591,9 @@ char *do_pg_query(request_rec * r, char - apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 3: %s -- Query: %s", - PQerrorMessage(pg_conn), query); - PQclear(pg_result); -+ pg_result = NULL; - PQfinish(pg_conn); -+ pg_conn = NULL; - return NULL; - } - -@@ -596,7 +603,9 @@ char *do_pg_query(request_rec * r, char - apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 4: %s", - PQerrorMessage(pg_conn)); - PQclear(pg_result); -+ pg_result = NULL; - PQfinish(pg_conn); -+ pg_conn = NULL; - return NULL; - } - -@@ -604,7 +613,9 @@ char *do_pg_query(request_rec * r, char - apr_snprintf(pg_errstr, MAX_STRING_LEN, - "Could not get memory for Postgres query."); - PQclear(pg_result); -+ pg_result = NULL; - PQfinish(pg_conn); -+ pg_conn = NULL; - return NULL; - } - -@@ -613,7 +624,9 @@ char *do_pg_query(request_rec * r, char - - /* ignore errors here ! */ - PQclear(pg_result); -+ pg_result = NULL; - PQfinish(pg_conn); -+ pg_conn = NULL; - return result; - } - diff --git a/www-apache/mod_auth_pgsql/metadata.xml b/www-apache/mod_auth_pgsql/metadata.xml deleted file mode 100644 index 711734a..0000000 --- a/www-apache/mod_auth_pgsql/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";> -<pkgmetadata> - <maintainer type="project"> - <email>pgsql-b...@gentoo.org</email> - <name>PostgreSQL and Related Package Development</name> - </maintainer> -</pkgmetadata> diff --git a/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r1.ebuild b/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r1.ebuild deleted file mode 100644 index 26ec2e6..0000000 --- a/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r1.ebuild +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -inherit apache-module multilib - -DESCRIPTION="This module allows user authentication against information stored in a PostgreSQL database" -HOMEPAGE="http://www.giuseppetanzilli.it/mod_auth_pgsql2/"; -SRC_URI="http://www.giuseppetanzilli.it/mod_auth_pgsql2/dist/${P}.tar.gz"; - -LICENSE="freedist" -SLOT="2" -KEYWORDS="amd64 ppc ~sparc x86" -IUSE="" - -DEPEND="dev-db/postgresql" -RDEPEND="${DEPEND}" - -APXS2_ARGS="-a -c -I/usr/include/postgresql -L/usr/$(get_libdir)/postgresql -lpq mod_auth_pgsql.c" - -APACHE2_MOD_CONF="80_mod_auth_pgsql" -APACHE2_MOD_DEFINE="AUTH_PGSQL" - -DOCFILES="INSTALL README mod_auth_pgsql.html" - -need_apache2_2 - -src_install() { - apache-module_src_install - fperms 600 "${APACHE_MODULES_CONFDIR}"/${APACHE2_MOD_CONF}.conf -} diff --git a/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild b/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild deleted file mode 100644 index 4876dc3..0000000 --- a/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 -inherit eutils apache-module multilib - -DESCRIPTION="This module allows user authentication against information stored in a PostgreSQL database" -HOMEPAGE="http://www.giuseppetanzilli.it/mod_auth_pgsql2/"; -SRC_URI="http://www.giuseppetanzilli.it/mod_auth_pgsql2/dist/${P}.tar.gz"; - -LICENSE="freedist" -SLOT="2" -KEYWORDS="~amd64 ~ppc ~sparc ~x86" -IUSE="" - -DEPEND="dev-db/postgresql:*" -RDEPEND="${DEPEND}" - -APXS2_ARGS="-a -c -I/usr/include/postgresql -L/usr/$(get_libdir)/postgresql -lpq mod_auth_pgsql.c" - -APACHE2_MOD_CONF="80_mod_auth_pgsql" -APACHE2_MOD_DEFINE="AUTH_PGSQL" - -DOCFILES="INSTALL README mod_auth_pgsql.html" - -need_apache2_4 - -src_prepare() { - # Debian patches - epatch "${FILESDIR}"/${P}-documentation.patch - epatch "${FILESDIR}"/${P}-encoding.patch - epatch "${FILESDIR}"/${P}-apache-2.4.patch - epatch "${FILESDIR}"/${P}-fixdoublefree.patch -} - -src_install() { - apache-module_src_install - fperms 600 "${APACHE_MODULES_CONFDIR}"/${APACHE2_MOD_CONF}.conf -}
