httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.com>
Subject cvs commit: apache/src mod_auth_msql.c
Date Thu, 13 Jun 1996 03:49:23 GMT
brian       96/06/12 20:49:22

  Modified:    src       mod_auth_msql.c
  Log:
  Submitted by:	"Dirk.vanGulik" <Dirk.vanGulik@jrc.it>
  
  Changes:
  
          - Removed obsolete palloc checks, they get trapped in the
            alloc.c
  
          - Removed static msql-err string claim (to make future treading
            easier; although the linked in libmsql still has quite a few)
  
          - Be more strict on the group/user specifications; and output
            some diagnostics to the error log file if the admin does not
            specify a require (valid-)user with a group when the module
            is authorative.
  
  Revision  Changes    Path
  1.7       +52 -43    apache/src/mod_auth_msql.c
  
  Index: mod_auth_msql.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -C3 -r1.6 -r1.7
  *** mod_auth_msql.c	1996/05/29 03:19:20	1.6
  --- mod_auth_msql.c	1996/06/13 03:49:20	1.7
  ***************
  *** 61,67 ****
     * Addapted for use with the mSQL database
     * (see ftp:/ftp.bond.edu.au/pub/Minerva/mSQL)
     *
  !  * Version 0.9 May 1996 - Blame: Dirk.vanGulik@jrc.it.
     *
     * A (sometimes more up to date) version of the documentation
     * can be found at the http://www.apache.org site or at 
  --- 61,67 ----
     * Addapted for use with the mSQL database
     * (see ftp:/ftp.bond.edu.au/pub/Minerva/mSQL)
     *
  !  * Version 1.0 May 1996 - Blame: Dirk.vanGulik@jrc.it.
     *
     * A (sometimes more up to date) version of the documentation
     * can be found at the http://www.apache.org site or at 
  ***************
  *** 282,287 ****
  --- 282,289 ----
     *		msqlClose() statements added upon error. Support for persistent
     *		connections with the mSQL database (riscy). Escaping of ' and \.
     *		Replaced some MAX_STRING_LENGTH claims. 
  +  *	   1.0  removed some error check as they where already done elsehwere
  +  *	        NumFields -> NumRows (Thanks Vitek). More stack memory.
     */
    
    
  ***************
  *** 390,395 ****
  --- 392,398 ----
    #include "http_log.h"
    #include "http_protocol.h"
    #include <msql.h>
  + #include <crypt.h>
    
    typedef struct  {
    
  ***************
  *** 412,418 ****
    void *create_msql_auth_dir_config (pool *p, char *d)
    {
        msql_auth_config_rec * sec= (msql_auth_config_rec *) pcalloc (p, sizeof(msql_auth_config_rec));
  -     if (!sec) return NULL; /* no memory... */
    
        sec->auth_msql_host        = NULL; /* just to enforce the default 'localhost' behaviour
*/
    
  --- 415,420 ----
  ***************
  *** 440,446 ****
        return sec;
    }
    
  - static
    char *set_passwd_flag (cmd_parms *cmd, msql_auth_config_rec *sec, int arg) {
        sec->auth_msql_nopasswd=arg;
        return NULL;
  --- 442,447 ----
  ***************
  *** 538,554 ****
    
    module msql_auth_module;
    
  - char msql_errstr[MAX_STRING_LEN];
  - 		 /* global errno to be able to handle config/sql
  - 		 * failures separately
  - 		 */
  - 
  - 
    /* boring little routine which escapes the ' and \ in the
     * SQL query. See the mSQL FAQ for more information :-) on
     * this very popular subject in the msql-mailing list.
     */
  ! char *msql_escape(char *out, char *in) {
    
      register int i=0,j=0;
    
  --- 539,549 ----
    
    module msql_auth_module;
    
    /* boring little routine which escapes the ' and \ in the
     * SQL query. See the mSQL FAQ for more information :-) on
     * this very popular subject in the msql-mailing list.
     */
  ! char *msql_escape(char *out, char *in, char *msql_errstr) {
    
      register int i=0,j=0;
    
  ***************
  *** 557,563 ****
        if ( (in[i] == '\'') || (in[i] == '\\')) {
    
          /* does this fit ? */
  !       if (j >= (MAX_FIELD_LEN-1)) return NULL;
    
          out[j++] = '\\'; /* insert that escaping slash for good measure */
        };
  --- 552,561 ----
        if ( (in[i] == '\'') || (in[i] == '\\')) {
    
          /* does this fit ? */
  !       if (j >= (MAX_FIELD_LEN-1)) {
  ! 	sprintf(msql_errstr,"Could not escape '%s', longer than %d",in,MAX_FIELD_LEN);
  ! 	return NULL;
  ! 	};
    
          out[j++] = '\\'; /* insert that escaping slash for good measure */
        };
  ***************
  *** 574,580 ****
     * into r. Assume that user is a string and stored
     * as such in the mSQL database
     */
  ! char *do_msql_query(request_rec *r, char *query, msql_auth_config_rec *sec, int once )
{
    
        	static int 	sock=-1;
        	int		hit;
  --- 572,578 ----
     * into r. Assume that user is a string and stored
     * as such in the mSQL database
     */
  ! char *do_msql_query(request_rec *r, char *query, msql_auth_config_rec *sec, int once ,
char *msql_errstr) {
    
        	static int 	sock=-1;
        	int		hit;
  ***************
  *** 584,591 ****
     	char 		*result=NULL;
    	char		*host=sec->auth_msql_host;
    
  - 	msql_errstr[0]='\0';
  - 
    #ifndef KEEP_MSQL_CONNECTION_OPEN
            sock=-1;
    #endif
  --- 582,587 ----
  ***************
  *** 640,646 ****
    		return NULL;
    		};
    
  ! 	hit=msqlNumFields(results);
    
    	if (( once ) && ( hit >1 )) {
              /* complain if there are to many
  --- 636,642 ----
    		return NULL;
    		};
    
  ! 	hit=msqlNumRows(results);
    
    	if (( once ) && ( hit >1 )) {
              /* complain if there are to many
  ***************
  *** 652,658 ****
    	/* if we have a it, try to get it
    	*/
            if ( hit )  {
  ! 		if ((currow=msqlFetchRow(results))) {
    			/* copy the first matching field value */
    			if (!(result=palloc(r->pool,strlen(currow[0])+1))) {
    				sprintf (msql_errstr,"mSQL: Could not get memory for mSQL %s (%s) with [%s]",
  --- 648,654 ----
    	/* if we have a it, try to get it
    	*/
            if ( hit )  {
  ! 		if ( (currow=msqlFetchRow(results)) != NULL) {
    			/* copy the first matching field value */
    			if (!(result=palloc(r->pool,strlen(currow[0])+1))) {
    				sprintf (msql_errstr,"mSQL: Could not get memory for mSQL %s (%s) with [%s]",
  ***************
  *** 682,688 ****
    	return result;
    }
    
  ! char *get_msql_pw(request_rec *r, char *user, msql_auth_config_rec *sec) {
      	char 		query[MAX_QUERY_LEN];
    	char 		esc_user[MAX_FIELD_LEN];
    
  --- 678,684 ----
    	return result;
    }
    
  ! char *get_msql_pw(request_rec *r, char *user, msql_auth_config_rec *sec ,char *msql_errstr)
{
      	char 		query[MAX_QUERY_LEN];
    	char 		esc_user[MAX_FIELD_LEN];
    
  ***************
  *** 701,709 ****
    		return NULL;
    		};
    
  !     	if (!(msql_escape(esc_user, user))) {
    		sprintf(msql_errstr,
  ! 			"mSQL: Could not cope/escape the '%s' user_id value",user);
    		return NULL;
        	};
        	sprintf(query,"select %s from %s where %s='%s'",
  --- 697,705 ----
    		return NULL;
    		};
    
  !     	if (!(msql_escape(esc_user, user, msql_errstr))) {
    		sprintf(msql_errstr,
  ! 			"mSQL: Could not cope/escape the '%s' user_id value; ",user);
    		return NULL;
        	};
        	sprintf(query,"select %s from %s where %s='%s'",
  ***************
  *** 713,722 ****
    		esc_user
    		);
    
  ! 	return do_msql_query(r,query,sec,ONLY_ONCE);
    }
    
  ! char *get_msql_grp(request_rec *r, char *group,char *user, msql_auth_config_rec *sec)
{
      	char 		query[MAX_QUERY_LEN];
    
    	char 		esc_user[MAX_FIELD_LEN];
  --- 709,718 ----
    		esc_user
    		);
    
  ! 	return do_msql_query(r,query,sec,ONLY_ONCE,msql_errstr);
    }
    
  ! char *get_msql_grp(request_rec *r, char *group,char *user, msql_auth_config_rec *sec,
char *msql_errstr) {
      	char 		query[MAX_QUERY_LEN];
    
    	char 		esc_user[MAX_FIELD_LEN];
  ***************
  *** 737,749 ****
    		return NULL;
    		};
    
  !     	if (!(msql_escape(esc_user, user))) {
    		sprintf(msql_errstr,
    			"mSQL: Could not cope/escape the '%s' user_id value",user);
    
    		return NULL;
        	};
  !     	if (!(msql_escape(esc_group, group))) {
    		sprintf(msql_errstr,
    			"mSQL: Could not cope/escape the '%s' group_id value",group);
    
  --- 733,745 ----
    		return NULL;
    		};
    
  !     	if (!(msql_escape(esc_user, user,msql_errstr))) {
    		sprintf(msql_errstr,
    			"mSQL: Could not cope/escape the '%s' user_id value",user);
    
    		return NULL;
        	};
  !     	if (!(msql_escape(esc_group, group,msql_errstr))) {
    		sprintf(msql_errstr,
    			"mSQL: Could not cope/escape the '%s' group_id value",group);
    
  ***************
  *** 757,763 ****
    		sec->auth_msql_grp_field,  esc_group
    		);
    
  ! 	return do_msql_query(r,query,sec,0);
    }
    
    
  --- 753,759 ----
    		sec->auth_msql_grp_field,  esc_group
    		);
    
  ! 	return do_msql_query(r,query,sec,0,msql_errstr);
    }
    
    
  ***************
  *** 766,775 ****
        msql_auth_config_rec *sec =
          (msql_auth_config_rec *)get_module_config (r->per_dir_config,
    						&msql_auth_module);
        conn_rec *c = r->connection;
        char *sent_pw, *real_pw;
        int res;
  ! 
    
        if ((res = get_basic_auth_pw (r, &sent_pw)))
            return res;
  --- 762,772 ----
        msql_auth_config_rec *sec =
          (msql_auth_config_rec *)get_module_config (r->per_dir_config,
    						&msql_auth_module);
  +     char msql_errstr[MAX_STRING_LEN];
        conn_rec *c = r->connection;
        char *sent_pw, *real_pw;
        int res;
  !     msql_errstr[0]='\0';
    
        if ((res = get_basic_auth_pw (r, &sent_pw)))
            return res;
  ***************
  *** 785,792 ****
        	(!sec->auth_msql_pwd_field)
    	 ) return DECLINED;
    
  !     msql_errstr[0]='\0';
  !     if(!(real_pw = get_msql_pw(r, c->user, sec ))) {
    	if ( msql_errstr[0] ) {
    		res = SERVER_ERROR;
    		} else {
  --- 782,788 ----
        	(!sec->auth_msql_pwd_field)
    	 ) return DECLINED;
    
  !     if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
    	if ( msql_errstr[0] ) {
    		res = SERVER_ERROR;
    		} else {
  ***************
  *** 854,879 ****
        msql_auth_config_rec *sec =
          (msql_auth_config_rec *)get_module_config (r->per_dir_config,
    						&msql_auth_module);
        char *user = r->connection->user;
        int m = r->method_number;
  - 
  - 
        array_header *reqs_arr = requires (r);
        require_line *reqs = reqs_arr ? (require_line *)reqs_arr->elts : NULL;
    
        register int x;
        char *t, *w;
  ! 
  ! 
  !     /* if we cannot do it; leave it to some other guy,
  !      */
  ! 
  !     if ((!sec->auth_msql_grp_table)&&(!sec->auth_msql_grp_field))
  ! 	return DECLINED;
    
        if (!reqs_arr) {
    	if (sec->auth_msql_authorative) {
    	        sprintf(msql_errstr,"user %s denied, no access rules specified (MSQL-Authorative)
",user);
    	        note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
    		};
  --- 850,869 ----
        msql_auth_config_rec *sec =
          (msql_auth_config_rec *)get_module_config (r->per_dir_config,
    						&msql_auth_module);
  +     char msql_errstr[MAX_STRING_LEN];
        char *user = r->connection->user;
        int m = r->method_number;
        array_header *reqs_arr = requires (r);
        require_line *reqs = reqs_arr ? (require_line *)reqs_arr->elts : NULL;
    
        register int x;
        char *t, *w;
  !     msql_errstr[0]='\0';
    
        if (!reqs_arr) {
    	if (sec->auth_msql_authorative) {
    	        sprintf(msql_errstr,"user %s denied, no access rules specified (MSQL-Authorative)
",user);
  + 		log_reason (msql_errstr, r->uri, r);
    	        note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
    		};
  ***************
  *** 887,913 ****
            t = reqs[x].requirement;
            w = getword(r->pool, &t, ' ');
    
  !         if(!strcmp(w,"user")) {
                while(t[0]) {
                    w = getword_conf (r->pool, &t);
  !                 if (!strcmp(user,w))
                        user_result= OK;
                }
    	    if ((sec->auth_msql_authorative) && ( user_result != OK)) {
               	sprintf(msql_errstr,"User %s not found (MSQL-Auhtorative)",user);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
    		};
            }
    
  !         if (!strcmp(w,"group")) {
    	   /* look up the membership for each of the groups in the table
                */
  !            msql_errstr[0]='\0';
  ! 
               while ( (t[0]) && (group_result != OK) && (!msql_errstr[0])
) {
  !                 if (get_msql_grp(r,getword(r->pool, &t, ' '),user,sec)) {
    			group_result= OK;
    			};
           		};
    
  --- 877,911 ----
            t = reqs[x].requirement;
            w = getword(r->pool, &t, ' ');
    
  !         if ((user_result != OK) && (!strcmp(w,"user"))) {
  ! 	    user_result=AUTH_REQUIRED;
                while(t[0]) {
                    w = getword_conf (r->pool, &t);
  !                 if (!strcmp(user,w)) {
                        user_result= OK;
  + 		    break;
  + 		};
                }
    	    if ((sec->auth_msql_authorative) && ( user_result != OK)) {
               	sprintf(msql_errstr,"User %s not found (MSQL-Auhtorative)",user);
  + 		log_reason (msql_errstr, r->uri, r);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
    		};
            }
    
  !         if ( (group_result != OK) && 
  ! 	     (!strcmp(w,"group")) &&  
  !              (sec->auth_msql_grp_table) && 
  !              (sec->auth_msql_grp_field)
  !            ) {
    	   /* look up the membership for each of the groups in the table
                */
  ! 	   group_result=AUTH_REQUIRED;
               while ( (t[0]) && (group_result != OK) && (!msql_errstr[0])
) {
  !                 if (get_msql_grp(r,getword(r->pool, &t, ' '),user,sec,msql_errstr))
{
    			group_result= OK;
  + 			break;
    			};
           		};
    
  ***************
  *** 918,930 ****
    
    	   if ( (sec->auth_msql_authorative) && (group_result != OK) ) {
               	sprintf(msql_errstr,"user %s not in right groups (MSQL-Authorative) ",user);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
    		};
               };
    
  !         if(!strcmp(w,"valid-user"))
                user_result= OK;
            }
    
        /* we do not have to check the valid-ness of the group result as
  --- 916,930 ----
    
    	   if ( (sec->auth_msql_authorative) && (group_result != OK) ) {
               	sprintf(msql_errstr,"user %s not in right groups (MSQL-Authorative) ",user);
  + 		log_reason (msql_errstr, r->uri, r);
               	note_basic_auth_failure(r);
    		return AUTH_REQUIRED;
    		};
               };
    
  !         if(!strcmp(w,"valid-user")) {
                user_result= OK;
  + 	    };
            }
    
        /* we do not have to check the valid-ness of the group result as
  ***************
  *** 932,940 ****
  --- 932,949 ----
         */
        if ( (user_result != OK) && (sec->auth_msql_authorative) ) {
            sprintf(msql_errstr,"User %s denied, no access rules applied (MSQL-Authorative)
",user);
  + 	log_reason (msql_errstr, r->uri, r);
            note_basic_auth_failure(r);
    	return AUTH_REQUIRED;
    	};
  + 
  + 
  +     /* if the user is DECLINED, it is up to the group_result to tip
  +      * the balance. But if the group result is AUTH_REQUIRED it should
  +      * always override. A SERVER_ERROR should not get here. 
  +      */
  +     if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED))
  + 	return group_result;
    
        return user_result;
    }
  
  
  

Mime
View raw message