I was just trying 4 Jan 20:33 -head httpd, with apr/apr-util of 28 Dec,
to try out mod_authn_dbd with the following configuration:
DBDriver pgsql
DBDParams "dbname=passtest user=prlw1"
<IfModule mod_authn_dbd.c>
<Directory "/usr/local/share/httpd/htdocs/webfolder">
AuthType Basic
AuthName "What's this?"
AuthBasicProvider dbd
Require valid-user
AuthDBDUserPWQuery "select prefname from person where userid=%s"
</Directory>
</IfModule>
Now, try as I might, my password is never accepted. I assumed database
problems etc., but all checked OK. Then I tried:
Index: mod_authn_dbd.c
===================================================================
--- mod_authn_dbd.c (revision 492725)
+++ mod_authn_dbd.c (working copy)
@@ -161,6 +161,8 @@
if (!dbd_password) {
return AUTH_USER_NOT_FOUND;
}
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "Comparing \"%s\" with \"%s\"", password, dbd_password);
rv = apr_password_validate(password, dbd_password);
and saw in the logs:
[Sat Jan 06 00:55:35 2007] [error] [client ::1] (-1)Unknown error: 4294967295: Comparing "Patrick"
with "Patrick"
[Sat Jan 06 00:55:35 2007] [error] [client ::1] user prlw1: authentication failure for "/webfolder":
Password Mismatch
So, it seems that mod_authn_dbd managed to get the password from the web
browser, and from the database.
Now, in apr-util/crypto/apr_md5.c, I see:
/*
* Validate a plaintext password against a smashed one. Uses either
* crypt() (if available) or apr_md5_encode() or apr_sha1_base64(), depending
* upon the format of the smashed input password. Returns APR_SUCCESS if
* they match, or APR_EMISMATCH if they don't. If the platform doesn't
* support crypt, then the default check is against a clear text string.
*/
APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd,
const char *hash)
but here, it looks as though we have to validate a plaintext password against
a plaintext password.
What am I missing?
Cheers,
Patrick
|