From: Pacho Ramos Date: Sat, 9 May 2015 07:43:15 +0000 (+0000) Subject: Apply some Debian patches also adding apache 2.4 support (#532798) X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=371333ecf5102e774539c59bc0bd32a77e7aa5d6;p=gentoo.git Apply some Debian patches also adding apache 2.4 support (#532798) Package-Manager: portage-2.2.18/cvs/Linux x86_64 Manifest-Sign-Key: 0xA188FBD4 --- diff --git a/www-apache/mod_auth_pgsql/ChangeLog b/www-apache/mod_auth_pgsql/ChangeLog index e71d1f7239c0..148c82ea8d24 100644 --- a/www-apache/mod_auth_pgsql/ChangeLog +++ b/www-apache/mod_auth_pgsql/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for www-apache/mod_auth_pgsql -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_auth_pgsql/ChangeLog,v 1.12 2014/12/28 16:59:35 titanofold Exp $ +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_auth_pgsql/ChangeLog,v 1.13 2015/05/09 07:43:14 pacho Exp $ + +*mod_auth_pgsql-2.0.3-r2 (09 May 2015) + + 09 May 2015; Pacho Ramos + +files/mod_auth_pgsql-2.0.3-apache-2.4.patch, + +files/mod_auth_pgsql-2.0.3-documentation.patch, + +files/mod_auth_pgsql-2.0.3-encoding.patch, + +files/mod_auth_pgsql-2.0.3-fixdoublefree.patch, + +mod_auth_pgsql-2.0.3-r2.ebuild: + Apply some Debian patches also adding apache 2.4 support (#532798) 28 Dec 2014; Aaron W. Swenson mod_auth_pgsql-2.0.3-r1.ebuild: diff --git a/www-apache/mod_auth_pgsql/Manifest b/www-apache/mod_auth_pgsql/Manifest index b5851c18604f..1516a68b6cc0 100644 --- a/www-apache/mod_auth_pgsql/Manifest +++ b/www-apache/mod_auth_pgsql/Manifest @@ -2,14 +2,19 @@ Hash: SHA256 AUX 80_mod_auth_pgsql.conf 331 SHA256 abbdc5bc506d3bcced0f5594563fca4d75d3649af34d1f46169d5f13b7290956 SHA512 e4fc23b450f9bd15e5bff93a50d782adfd7e27d3e9d2fc4fdbda4dfd6e4a2e3c9adcf1dcdfc746e2636c9fd8e536b06e81904c1ccca35569a7e4c41f5cbfe5bd WHIRLPOOL 9c5f8f4c8b14938401da3a4acc0ab2c7dfb7c017c640f3d7459d5e52e74d178673908d44172482f31937507cb1ed5bfd162857713ab9054e3aea040a9a48e70d +AUX mod_auth_pgsql-2.0.3-apache-2.4.patch 10381 SHA256 92aec3c6343656683ba4ec7309665be035757bc7f7ceb05a9568b42a9c864d58 SHA512 051825f6ffd3fa83b1579e78b991048d057d888331351abb291211e0af4b0e65878e6ccbc61173dc86818daa75e77ae4a9cecf6c2be1715d7dc5d270b755203f WHIRLPOOL 700b4ddb62f8d70adb8612ee87ed29e20d93f3c4b071aabe5e447bccd39eaa4cea2822fc905415bc8ba932d839520da8aaf6f3028a224312e6bfbf392d0f6354 +AUX mod_auth_pgsql-2.0.3-documentation.patch 6200 SHA256 2c32c7beeb5c23d965a98171f0619c93d9c6189f81ac093df3a36659f91df426 SHA512 d7159488eae05dd229c450b433db6e1449ee37d5deb43842f822182e38c471af7828716c23320c6d4c6c2d9e3ab96353d1d0bd1a236b641a5a02c00bcd06107e WHIRLPOOL ed9fa0bad304f4483d2e51747fd853dce073517f4b7f8bb2701a343373a6277877b69f6f44dd0a45b7ee384c4237a4f1c631cd8a3c1cb827139208a5f1f81ce8 +AUX mod_auth_pgsql-2.0.3-encoding.patch 9389 SHA256 660f2ea757b9599faaba10ec1ceebdefc57d4e9bdfbbf3bbd6cc52e31cc82c7f SHA512 303a130877aa3f89a462be477af6011aa0c354c73d1d5fcfc711570e24be318154ef437825c17935e883a0ab9965c332cc82e8a4983fa6a87879014133ed510f WHIRLPOOL 98b39df4c5994feaad8515edf3716870ce26ea50e4854f25e967132aeaac5ee949b2139c21ad1556716fe3af355df142df4953d6dbb3357b6e2e4057df6eea17 +AUX mod_auth_pgsql-2.0.3-fixdoublefree.patch 2355 SHA256 40cabf9d0ca7cee4b324dc70d99f072eaea336358e51d8402470bb86fdf7c6c4 SHA512 a76ff149eb5be83ff586ff129749cc594d3ed0a00c295f59c39afad75c561a89f6f1d6c716fb6355cc50887a09296e15c2fb271fbb494e35658a03a429fc54df WHIRLPOOL f73d149be815d956a738c053c23fec923ba995585fb04fc041e202687ef85099e9f638e2586088d7e3b1e1581da141c39a5bb2110559d21d6cc017c6edf06f61 DIST mod_auth_pgsql-2.0.3.tar.gz 15474 SHA256 51651609d742e21bbc587fd4951b41a39deda53262cbf931b9b40bdda3b5cb92 SHA512 9ec9d9c1075d37e62e98f0f5519147d9fb2042ef7e149ff50461f3966d548afceefc330f4a1c3bd8fc64b5e93ed3e85508571a5b1b9832974c84267737e89cb0 WHIRLPOOL dea354fb9b3a06f668b8b039339b5972e295abd7357d6c5a61f6192a5c3bbcad1227f86a3d9b552e4b564476b8da9ded5f7b175d77f4cba0c3e360567aef13b2 EBUILD mod_auth_pgsql-2.0.3-r1.ebuild 974 SHA256 a97b05d3add688c8ff573d77b8c9826598f636fea95fcecc46cde6dbe058ff22 SHA512 d75e04fd90ca049085370c0eb1ee2b5033fb600ab22fa3b48f605f10c436820e9f8ad6abfd29a6fbccb149359f56d69bfd3acca5c7f957b1d405d7d50aeb5759 WHIRLPOOL 003ec7b05bf97a0717ab16f56fde194844b34cdd6ff179114bfd9cb205f40d0e038abd58f7b73518c1665e29c8fb0bb89b461b9c74a430e37b0767a5df7acfb6 -MISC ChangeLog 6479 SHA256 bfaf9727d135df68c485974f76fa533210df72344fd4fa9cc19e4dae49a4a03f SHA512 013eb2faed13a1f7522e5536a7a2cc98df51dc76a1fa922f42684b3e9f3e86ad245aa0a68b3a2bbff7b48379abd8f680df6d43c6c2abda12b722bb76678bedaf WHIRLPOOL 1d8bfb73e70d89184dffbadc1dc7ea4b6c7441ce2984f6166f2bc22ea588606b443d9c168daccd8606f7673ff2f7ca6f9487726e4d635e55a595b411ab2af403 +EBUILD mod_auth_pgsql-2.0.3-r2.ebuild 1205 SHA256 4fd5febd5d608ef370b93d46adbd918e8bb78193ffe2df29c01e1366e99bc02d SHA512 0c420f1c43b79ba6b2c5621bf57c9897ee48c2895331379331a58811e8dbe862a5bca7be0722709e600d4190315b411df6046c054c59100b77c4a45a73ef114c WHIRLPOOL 3d4b417a3b54389e04be31e2b32517ced4ee9cc7ad9687313fabc86c3997a7d14ab40a1ef74486c679770919d036796040734bdaae042f8ff2a47940e6dac21b +MISC ChangeLog 6861 SHA256 f72555d3ebcfe2aca72e74f0415d00455113faa92b5744ffc95c6eeac5d7f22d SHA512 f20a79b4b13d9c188e870317952678a754a6b634d4ccf1318802f69a665d6c3d4de88ae8f0ade7e57b673dc889e488a1cdf54b7ad7c6c28982dc38b1383d689c WHIRLPOOL 2a2d6021ff423808acb9ead33db2ecb541b7acec6ae11b548c780c0e846934940eb60c2fccbcb903718d0b032234cca4b9ab77a2e1db70b8f75c7d577ffa0552 MISC metadata.xml 164 SHA256 7e8e8126bc8701c4a42c7dfed8bb755ac6040fe3d0e3f994d888f8b2b4fa7d8b SHA512 45b3f5ba6ebbeb2f990e5612b545bee41bb8c9f29e7f31de34021384760fcfc4694de0782fc0bdf556fe81ed3b334fc96c33563b0fddc2545484099a2cd76bb2 WHIRLPOOL 5fd1b0fc651f51ed3d1715cff87d86e7c0fe9c7825529069c7c3fed13641aee24bee1971b6e1057797b7b191ef0d50a1ea68c9f24588872d7d960787f9f02bfa -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iF4EAREIAAYFAlSgNvgACgkQVxOqA9G7/aBkYAD7BjU9ms0cGcrwgHDx9v189HKv -kDuoas3YxAs4ZEhRiQEA+wVbs+PAq73XD6ol6V3O3+3N+u22whoW03/4b+7nDj6m -=ES21 +iEYEAREIAAYFAlVNupMACgkQCaWpQKGI+9TaoACfV2uDfxKe4z3eAKGknbvHbp9X +4noAn2RZJZOCGha1c6qOWafccs5cHbgd +=RkMt -----END PGP SIGNATURE----- diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch new file mode 100644 index 000000000000..d9818eb7a136 --- /dev/null +++ b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-apache-2.4.patch @@ -0,0 +1,341 @@ +From: Marco Nenciarini +Date: Sat, 20 Jul 2013 18:47:04 +0200 +Subject: apache 2.4 + +--- + mod_auth_pgsql.c | 196 ++++++++++++------------------------------------------- + 1 file changed, 41 insertions(+), 155 deletions(-) + +diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c +index 639537d..26d7f90 100644 +--- a/mod_auth_pgsql.c ++++ b/mod_auth_pgsql.c +@@ -109,6 +109,8 @@ + #include "http_request.h" + #include "util_script.h" + ++#include "mod_auth.h" ++ + #ifdef WIN32 + #define crypt apr_password_validate + #else +@@ -191,7 +193,7 @@ module AP_MODULE_DECLARE_DATA auth_pgsql_module; + + + static int pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, +- char *user, char *sent_pw); ++ const char *user, const char *sent_pw); + static char *do_pg_query(request_rec * r, char *query, + pg_auth_config_rec * sec); + +@@ -442,9 +444,8 @@ static char pg_errstr[MAX_STRING_LEN]; + * failures separately + */ + +-static char *auth_pg_md5(char *pw) ++static char *auth_pg_md5(const char *pw) + { +- apr_md5_ctx_t ctx; + unsigned char digest[APR_MD5_DIGESTSIZE]; + static unsigned char md5hash[APR_MD5_DIGESTSIZE * 2 + 1]; + int i; +@@ -459,14 +460,15 @@ static char *auth_pg_md5(char *pw) + } + + +-static char *auth_pg_base64(char *pw) ++static char *auth_pg_base64(const char *pw) + { + if (auth_pgsql_pool_base64 == NULL) + apr_pool_create_ex(&auth_pgsql_pool_base64, NULL, NULL, NULL); + if (auth_pgsql_pool == NULL) + return NULL; + +- return ap_pbase64encode(auth_pgsql_pool, pw); ++ /* NOTE: ap_pbase64encode is no change arg2. so removable const. */ ++ return ap_pbase64encode(auth_pgsql_pool, (char *)pw); + } + + +@@ -557,7 +559,8 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) + + if (!check || strcmp(sec->auth_pg_charset, check)) { + apr_snprintf(pg_errstr, MAX_STRING_LEN, +- "mod_auth_pgsql database character set encoding %s"); ++ "mod_auth_pgsql database character set encoding %s", ++ check); + PQfinish(pg_conn); + return NULL; + } +@@ -614,7 +617,7 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) + return result; + } + +-char *get_pg_pw(request_rec * r, char *user, pg_auth_config_rec * sec) ++char *get_pg_pw(request_rec * r, const char *user, pg_auth_config_rec * sec) + { + char query[MAX_STRING_LEN]; + char *safe_user; +@@ -755,19 +758,20 @@ static char *get_pg_grp(request_rec * r, char *group, char *user, + } + + /* Process authentication request from Apache*/ +-static int pg_authenticate_basic_user(request_rec * r) ++static authn_status check_password(request_rec *r, const char *user, ++ const char *password) + { ++ + pg_auth_config_rec *sec = + (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config, + &auth_pgsql_module); +- char *val = NULL; +- char *sent_pw, *real_pw; +- int res; +- char *user; ++ const char *val = NULL; ++ const char *sent_pw; ++ const char *real_pw; ++ authn_status auth_res; ++ ++ sent_pw = password; + +- if ((res = ap_get_basic_auth_pw(r, (const char **) &sent_pw))) +- return res; +- user = r->user; + + #ifdef DEBUG_AUTH_PGSQL + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, +@@ -784,7 +788,7 @@ static int pg_authenticate_basic_user(request_rec * r) + if ((!sec->auth_pg_pwd_table) && (!sec->auth_pg_pwd_field)) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + "[mod_auth_pgsql.c] - missing configuration parameters"); +- return DECLINED; ++ return AUTH_GENERAL_ERROR; + } + pg_errstr[0] = '\0'; + +@@ -809,22 +813,16 @@ static int pg_authenticate_basic_user(request_rec * r) + + if (!real_pw) { + if (pg_errstr[0]) { +- res = HTTP_INTERNAL_SERVER_ERROR; ++ auth_res = AUTH_GENERAL_ERROR; + } else { +- if (sec->auth_pg_authoritative) { + /* force error and access denied */ + apr_snprintf(pg_errstr, MAX_STRING_LEN, + "mod_auth_pgsql: Password for user %s not found (PG-Authoritative)", + user); +- ap_note_basic_auth_failure(r); +- res = HTTP_UNAUTHORIZED; +- } else { +- /* allow fall through to another module */ +- return DECLINED; +- } ++ auth_res = AUTH_USER_NOT_FOUND; + } + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); +- return res; ++ return auth_res; + } + + /* allow no password, if the flag is set and the password +@@ -836,7 +834,7 @@ static int pg_authenticate_basic_user(request_rec * r) + user); + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); + pg_log_auth_user(r, sec, user, sent_pw); +- return OK; ++ return AUTH_GRANTED; + }; + + /* if the flag is off however, keep that kind of stuff at +@@ -847,8 +845,7 @@ static int pg_authenticate_basic_user(request_rec * r) + "[mod_auth_pgsql.c] - Empty password rejected for user \"%s\"", + user); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); +- ap_note_basic_auth_failure(r); +- return HTTP_UNAUTHORIZED; ++ return AUTH_DENIED; + }; + + if (sec->auth_pg_encrypted) +@@ -877,8 +874,7 @@ static int pg_authenticate_basic_user(request_rec * r) + apr_snprintf(pg_errstr, MAX_STRING_LEN, + "PG user %s: password mismatch", user); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); +- ap_note_basic_auth_failure(r); +- return HTTP_UNAUTHORIZED; ++ return AUTH_DENIED; + } + + /* store password in the cache */ +@@ -891,130 +887,13 @@ static int pg_authenticate_basic_user(request_rec * r) + } + + pg_log_auth_user(r, sec, user, sent_pw); +- return OK; +-} +- +-/* Checking ID */ +- +-static int pg_check_auth(request_rec * r) +-{ +- pg_auth_config_rec *sec = +- (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config, +- &auth_pgsql_module); +- char *user = r->user; +- int m = r->method_number; +- int group_result = DECLINED; +- +- +- +- apr_array_header_t *reqs_arr = (apr_array_header_t *) ap_requires(r); +- require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; +- +- register int x, res; +- const char *t; +- char *w; +- +- pg_errstr[0] = '\0'; +- +-#ifdef DEBUG_AUTH_PGSQL +- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, +- "[mod_auth_pgsql.c] - pg_check_auth - going to check auth for user \"%s\" ", +- user); +-#endif /* DEBUG_AUTH_PGSQL */ +- +- +- if (!pg_conn) { +- if (!(pg_conn = pg_connect(sec))) { +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); +- ap_note_basic_auth_failure(r); +- return HTTP_UNAUTHORIZED; +- } +- } +- +- /* if we cannot do it; leave it to some other guy +- */ +- if ((!sec->auth_pg_grp_table) && (!sec->auth_pg_grp_group_field) +- && (!sec->auth_pg_grp_user_field)) +- return DECLINED; +- +- if (!reqs_arr) { +- if (sec->auth_pg_authoritative) { +- /* force error and access denied */ +- apr_snprintf(pg_errstr, MAX_STRING_LEN, +- "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", +- user); +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); +- ap_note_basic_auth_failure(r); +- res = HTTP_UNAUTHORIZED; +- } else { +- return DECLINED; +- } +- } +- +- for (x = 0; x < reqs_arr->nelts; x++) { +- +- if (!(reqs[x].method_mask & (1 << m))) +- continue; +- +- t = reqs[x].requirement; +- w = ap_getword(r->pool, &t, ' '); +- +- if (!strcmp(w, "valid-user")) +- return OK; +- +- if (!strcmp(w, "user")) { +- while (t[0]) { +- w = ap_getword_conf(r->pool, &t); +- if (!strcmp(user, w)) +- return OK; +- } +- if (sec->auth_pg_authoritative) { +- /* force error and access denied */ +- apr_snprintf(pg_errstr, MAX_STRING_LEN, +- "mod_auth_pgsql: user %s denied, no access rules specified (PG-Authoritative)", +- user); +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); +- ap_note_basic_auth_failure(r); +- return HTTP_UNAUTHORIZED; +- } +- +- } else if (!strcmp(w, "group")) { +- /* look up the membership for each of the groups in the table */ +- pg_errstr[0] = '\0'; +- +- while (t[0]) { +- if (get_pg_grp(r, ap_getword(r->pool, &t, ' '), user, sec)) { +- group_result = OK; +- }; +- }; +- +- if (pg_errstr[0]) { +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); +- return HTTP_INTERNAL_SERVER_ERROR; +- } +- +- if (group_result == OK) +- return OK; +- +- if (sec->auth_pg_authoritative) { +- apr_snprintf(pg_errstr, MAX_STRING_LEN, +- "[mod_auth_pgsql.c] - user %s not in right groups (PG-Authoritative)", +- user); +- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); +- ap_note_basic_auth_failure(r); +- return HTTP_UNAUTHORIZED; +- }; +- } +- } +- +- return DECLINED; ++ return AUTH_GRANTED; + } + +- + /* Send the authentication to the log table */ + int +-pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, +- char *sent_pw) ++pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, const char *user, ++ const char *sent_pw) + { + char sql[MAX_STRING_LEN]; + char *s; +@@ -1087,7 +966,7 @@ pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, + sec->auth_pg_log_addrs_field); + strncat(fields, sql, MAX_STRING_LEN - strlen(fields) - 1); + apr_snprintf(sql, MAX_STRING_LEN, ", '%s'", +- r->connection->remote_ip); ++ r->connection->client_ip); + strncat(values, sql, MAX_STRING_LEN - strlen(values) - 1); + } + if (sec->auth_pg_log_pwd_field) { /* Password field , clear WARNING */ +@@ -1140,15 +1019,22 @@ static void *pg_auth_server_config(apr_pool_t * p, server_rec * s) + } + + ++static const authn_provider authn_pgsql_provider = ++{ ++ &check_password, ++ NULL, ++}; ++ + static void register_hooks(apr_pool_t * p) + { + ap_hook_post_config(pg_auth_init_handler, NULL, NULL, APR_HOOK_MIDDLE); +- ap_hook_auth_checker(pg_check_auth, NULL, NULL, APR_HOOK_MIDDLE); +- ap_hook_check_user_id(pg_authenticate_basic_user, NULL, NULL, +- APR_HOOK_MIDDLE); ++ ++ ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "pgsql", ++ AUTHN_PROVIDER_VERSION, ++ &authn_pgsql_provider, AP_AUTH_INTERNAL_PER_CONF); + }; + +-module AP_MODULE_DECLARE_DATA auth_pgsql_module = { ++AP_DECLARE_MODULE(auth_pgsql) = { + STANDARD20_MODULE_STUFF, + create_pg_auth_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch new file mode 100644 index 000000000000..262d07dd59bf --- /dev/null +++ b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-documentation.patch @@ -0,0 +1,124 @@ +From: Marco Nenciarini +Date: Sat, 10 Aug 2013 16:26:41 +0200 +Subject: documentation + +--- + mod_auth_pgsql.html | 47 ++++++++++++++++++++++++++++------------------- + 1 file changed, 28 insertions(+), 19 deletions(-) + +diff --git a/mod_auth_pgsql.html b/mod_auth_pgsql.html +index 3269fe0..d35768b 100644 +--- a/mod_auth_pgsql.html ++++ b/mod_auth_pgsql.html +@@ -48,18 +48,19 @@ Notes | Changelog

+
  • Auth_PG_host
    • +
  • Auth_PG_port
    • +
  • Auth_PG_options
    • +-
  • Auth_PG_database
    • +-
  • Auth_PG_user
    • +-
  • Auth_PG_pwd
    • +-
  • Auth_PG_pwd_table
    • +-
  • Auth_PG_grp_table
    • ++
  • Auth_PG_database
    • ++
  • Auth_PG_user
    • ++
  • Auth_PG_pwd
    • ++
  • Auth_PG_pwd_table
    • ++
  • Auth_PG_grp_table
    • +
  • Auth_PG_uid_field
    • +
  • Auth_PG_pwd_field
    • +-
  • Auth_PG_gid_field
    • ++
  • Auth_PG_grp_group_field
    • ++
  • Auth_PG_grp_user_field
    • +
  • Auth_PG_nopasswd
    • +
  • Auth_PG_authoritative
    • +-
  • Auth_PG_lowercase_uid
    • +-
  • Auth_PG_uppercase_uid
    • ++
  • Auth_PG_lowercase_uid
    • ++
  • Auth_PG_uppercase_uid
    • +
  • Auth_PG_pwd_ignore_case
    +
    • +
  • Auth_PG_encrypted
    • +@@ -112,7 +113,7 @@ available options.

    + information.
    +
    +

    +-

    Auth_PG_user
    ++

    Auth_PG_user
    +

    + Syntax: Auth_PG_user username
    + Context: directory, .htaccess
    +@@ -125,7 +126,7 @@ access on all the log tables (if used).
    + Needed if the user who make the quey is differrent from the + user runnig apache, or if the posmater is on a different server and you + must autheticate with password
    +-

    Auth_PG_pwd

    ++

    Auth_PG_pwd

    +

    Syntax: Auth_PG_pwd password
    + Context: directory, .htaccess
    + Override: AuthConfig
    +@@ -169,17 +170,25 @@ in the Auth_PG_pwd_table relation.

    + Override: AuthConfig
    + Status: Extension +

    Specifies the attribute name of the field containing the encrypted +-(see Auth_PG_encrypted) password in the Auth_PGpwd_table relation.
    ++(see Auth_PG_encrypted) password in the Auth_PG_pwd_table relation.
    + Please remember to use field of type varchar, not char for the password.
    +

    +-

    Auth_PG_gid_field

    +-Syntax: Auth_PG_gid_field attribute name
    ++

    Auth_PG_grp_group_field

    ++Syntax: Auth_PG_grp_group_field attribute name
    + Context: directory, .htaccess
    + Override: AuthConfig
    + Status: Extension +

    Specifies the attribute name of the field containing the group name + in the Auth_PG_grp_table relation. This directive is only necessary if + you want to authenticate by user groups.

    ++

    Auth_PG_grp_user_field

    ++Syntax: Auth_PG_grp_user_field attribute name
    ++Context: directory, .htaccess
    ++Override: AuthConfig
    ++Status: Extension ++

    Specifies the attribute name of the field containing the user name ++in the Auth_PG_grp_table relation. This directive is only necessary if ++you want to authenticate by user groups.

    +

    Auth_PG_nopasswd

    + Syntax: Auth_PG_nopasswd on or off
    + Context: directory, .htaccess
    +@@ -202,7 +211,7 @@ the PostgreSQL scheme, the parent directory scheme will be given + the chance to try and authenticate the user. Exercise caution + when turning this option off. It can be a security risk. Can be + used to use two authentication schemes for the same dir.

    +-

    Auth_PG_lowercase_uid

    ++

    Auth_PG_lowercase_uid

    + Syntax: Auth_PG_lowercase_uid on or off
    + Context: directory, .htaccess
    + Override: AuthConfig
    +@@ -211,7 +220,7 @@ used to use two authentication schemes for the same dir.

    + user UIDs to lowercase before looking them up. When turned on this does + not affect the case of the original user ID should this module decline + to authenticate and a lower level is called.

    +-

    Auth_PG_uppercase_uid

    ++

    Auth_PG_uppercase_uid

    + Syntax: Auth_PG_uppercase_uid on or off
    + Context: directory, .htaccess
    + Override: AuthConfig
    +@@ -277,14 +286,14 @@ initial space .

    +

    This option allows you to exercise greater control over the SQL code + used to retrieve the group name and corresponding user from the + database. You can use this to search for the group name +-using more attributes in the table than the gid_field.

    ++using more attributes in the table than the grp_group_field.

    +

    The basic SQL statement used to retrieve a group name and user name + for checking looks like this:

    +
      +-select <uid_field> from <grp_table> where +-<gid_field> ='<required group> ' ++select <grp_user_field> from <grp_table> where ++<grp_group_field> ='<required group> ' +
    +-The gid_whereclause will be added to the end of this statement ++The grp_whereclause will be added to the end of this statement + and must fit logically. The where clause must be double + quoted.
    +
    diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch new file mode 100644 index 000000000000..959a97b562e2 --- /dev/null +++ b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-encoding.patch @@ -0,0 +1,283 @@ +From: Marco Nenciarini +Date: Sat, 10 Aug 2013 16:26:41 +0200 +Subject: encoding + +--- + mod_auth_pgsql.c | 144 +++++++++++++++++++++++++++++++--------------------- + mod_auth_pgsql.html | 9 ++++ + 2 files changed, 94 insertions(+), 59 deletions(-) + +diff --git a/mod_auth_pgsql.c b/mod_auth_pgsql.c +index f13c166..639537d 100644 +--- a/mod_auth_pgsql.c ++++ b/mod_auth_pgsql.c +@@ -151,6 +151,7 @@ typedef struct { + const char *auth_pg_port; + const char *auth_pg_options; + const char *auth_pg_user; ++ const char *auth_pg_charset; + const char *auth_pg_pwd; + const char *auth_pg_pwd_table; + const char *auth_pg_uname_field; +@@ -181,6 +182,8 @@ typedef struct { + + } pg_auth_config_rec; + ++static PGconn *pg_conn; ++ + static apr_pool_t *auth_pgsql_pool = NULL; + static apr_pool_t *auth_pgsql_pool_base64 = NULL; + +@@ -220,6 +223,7 @@ static void *create_pg_auth_dir_config(apr_pool_t * p, char *d) + new_rec->auth_pg_port = NULL; + new_rec->auth_pg_options = NULL; + new_rec->auth_pg_user = NULL; ++ new_rec->auth_pg_charset = NULL; + new_rec->auth_pg_pwd = NULL; + new_rec->auth_pg_pwd_table = NULL; + new_rec->auth_pg_uname_field = NULL; +@@ -324,6 +328,10 @@ static const command_rec pg_auth_cmds[] = { + (void *) APR_OFFSETOF(pg_auth_config_rec, auth_pg_user), + OR_AUTHCFG, + "user name connect as"), ++ AP_INIT_TAKE1("Auth_PG_charset", ap_set_string_slot, ++ (void *) APR_OFFSETOF(pg_auth_config_rec, auth_pg_charset), ++ OR_AUTHCFG, ++ "charset to use for connection"), + AP_INIT_TAKE1("Auth_PG_pwd", ap_set_string_slot, + (void *) APR_OFFSETOF(pg_auth_config_rec, auth_pg_pwd), + OR_AUTHCFG, +@@ -462,53 +470,51 @@ static char *auth_pg_base64(char *pw) + } + + ++PGconn *pg_connect(pg_auth_config_rec *sec) ++{ ++ PGconn *conn; + +-/* Got from POstgreSQL 7.2 */ +-/* --------------- +- * Escaping arbitrary strings to get valid SQL strings/identifiers. +- * +- * Replaces "\\" with "\\\\" and "'" with "''". +- * length is the length of the buffer pointed to by +- * from. The buffer at to must be at least 2*length + 1 characters +- * long. A terminating NUL character is written. +- * --------------- +- */ ++ conn = PQsetdbLogin(sec->auth_pg_host, sec->auth_pg_port, ++ sec->auth_pg_options, NULL, sec->auth_pg_database, ++ sec->auth_pg_user, sec->auth_pg_pwd); ++ if (PQstatus(conn) != CONNECTION_OK) { ++ PQreset(conn); ++ apr_snprintf(pg_errstr, MAX_STRING_LEN, ++ "mod_auth_pgsql database connection error resetting %s", ++ PQerrorMessage(conn)); ++ if (PQstatus(conn) != CONNECTION_OK) { ++ apr_snprintf(pg_errstr, MAX_STRING_LEN, ++ "mod_auth_pgsql database connection error reset failed %s", ++ PQerrorMessage(conn)); ++ PQfinish(conn); ++ return NULL; ++ } ++ } ++ return conn; ++} + +-static size_t pg_check_string(char *to, const char *from, size_t length) +-{ +- const char *source = from; +- char *target = to; +- unsigned int remaining = length; +- +- while (remaining > 0) { +- switch (*source) { +- case '\\': +- *target = '\\'; +- target++; +- *target = '\\'; +- /* target and remaining are updated below. */ +- break; + +- case '\'': +- *target = '\''; +- target++; +- *target = '\''; +- /* target and remaining are updated below. */ +- break; ++static size_t pg_check_string(char *to, const char *from, size_t length, request_rec * r, pg_auth_config_rec *sec) ++{ ++ int error; + +- default: +- *target = *source; +- /* target and remaining are updated below. */ ++ if (!pg_conn) { ++ if (!(pg_conn = pg_connect(sec))) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); ++ ap_note_basic_auth_failure(r); ++ return -1; + } +- source++; +- target++; +- remaining--; + } + +- /* Write the terminating NUL character. */ +- *target = '\0'; ++ PQescapeStringConn(pg_conn, to, from, length, &error); ++ ++ if (error) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot escape string"); ++ ap_note_basic_auth_failure(r); ++ return -1; ++ } + +- return target - to; ++ return 0; + } + + +@@ -518,7 +524,6 @@ static size_t pg_check_string(char *to, const char *from, size_t length) + char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) + { + PGresult *pg_result; +- PGconn *pg_conn; + char *val; + char *result = NULL; + +@@ -530,19 +535,10 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) + sec->auth_pg_database); + #endif /* DEBUG_AUTH_PGSQL */ + +- pg_conn = PQsetdbLogin(sec->auth_pg_host, sec->auth_pg_port, +- sec->auth_pg_options, NULL, sec->auth_pg_database, +- sec->auth_pg_user, sec->auth_pg_pwd); +- if (PQstatus(pg_conn) != CONNECTION_OK) { +- PQreset(pg_conn); +- apr_snprintf(pg_errstr, MAX_STRING_LEN, +- "mod_auth_pgsql database connection error resetting %s", +- PQerrorMessage(pg_conn)); +- if (PQstatus(pg_conn) != CONNECTION_OK) { +- apr_snprintf(pg_errstr, MAX_STRING_LEN, +- "mod_auth_pgsql database connection error reset failed %s", +- PQerrorMessage(pg_conn)); +- PQfinish(pg_conn); ++ if (!pg_conn) { ++ if (!(pg_conn = pg_connect(sec))) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); ++ ap_note_basic_auth_failure(r); + return NULL; + } + } +@@ -552,6 +548,21 @@ char *do_pg_query(request_rec * r, char *query, pg_auth_config_rec * sec) + query); + #endif /* DEBUG_AUTH_PGSQL */ + ++ if (sec->auth_pg_charset) { ++ const char *check; ++ ++ PQsetClientEncoding(pg_conn, sec->auth_pg_charset); ++ ++ check = pg_encoding_to_char(PQclientEncoding(pg_conn)); ++ ++ if (!check || strcmp(sec->auth_pg_charset, check)) { ++ apr_snprintf(pg_errstr, MAX_STRING_LEN, ++ "mod_auth_pgsql database character set encoding %s"); ++ PQfinish(pg_conn); ++ return NULL; ++ } ++ } ++ + pg_result = PQexec(pg_conn, query); + + if (pg_result == NULL) { +@@ -610,7 +621,7 @@ char *get_pg_pw(request_rec * r, char *user, pg_auth_config_rec * sec) + int n; + + safe_user = apr_palloc(r->pool, 1 + 2 * strlen(user)); +- pg_check_string(safe_user, user, strlen(user)); ++ pg_check_string(safe_user, user, strlen(user), r, sec); + + #ifdef DEBUG_AUTH_PGSQL + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, +@@ -685,8 +696,8 @@ static char *get_pg_grp(request_rec * r, char *group, char *user, + #endif /* DEBUG_AUTH_PGSQL */ + + query[0] = '\0'; +- pg_check_string(safe_user, user, strlen(user)); +- pg_check_string(safe_group, group, strlen(group)); ++ pg_check_string(safe_user, user, strlen(user), r, sec); ++ pg_check_string(safe_group, group, strlen(group), r, sec); + + if ((!sec->auth_pg_grp_table) || + (!sec->auth_pg_grp_group_field) || (!sec->auth_pg_grp_user_field)) +@@ -777,6 +788,14 @@ static int pg_authenticate_basic_user(request_rec * r) + } + pg_errstr[0] = '\0'; + ++ if (!pg_conn) { ++ if (!(pg_conn = pg_connect(sec))) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); ++ ap_note_basic_auth_failure(r); ++ return HTTP_UNAUTHORIZED; ++ } ++ } ++ + if (sec->auth_pg_cache_passwords + && (!apr_is_empty_table(sec->cache_pass_table))) { + val = (char *) apr_table_get(sec->cache_pass_table, user); +@@ -904,6 +923,13 @@ static int pg_check_auth(request_rec * r) + #endif /* DEBUG_AUTH_PGSQL */ + + ++ if (!pg_conn) { ++ if (!(pg_conn = pg_connect(sec))) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - cannot connect to database"); ++ ap_note_basic_auth_failure(r); ++ return HTTP_UNAUTHORIZED; ++ } ++ } + + /* if we cannot do it; leave it to some other guy + */ +@@ -1015,9 +1041,9 @@ pg_log_auth_user(request_rec * r, pg_auth_config_rec * sec, char *user, + } + + /* AUD: MAX_STRING_LEN probably isn't always correct */ +- pg_check_string(safe_user, user, strlen(user)); +- pg_check_string(safe_pw, sent_pw, strlen(sent_pw)); +- pg_check_string(safe_req, r->the_request, strlen(r->the_request)); ++ pg_check_string(safe_user, user, strlen(user), r, sec); ++ pg_check_string(safe_pw, sent_pw, strlen(sent_pw), r, sec); ++ pg_check_string(safe_req, r->the_request, strlen(r->the_request), r, sec); + + + if (sec->auth_pg_lowercaseuid) { +diff --git a/mod_auth_pgsql.html b/mod_auth_pgsql.html +index d35768b..5474314 100644 +--- a/mod_auth_pgsql.html ++++ b/mod_auth_pgsql.html +@@ -48,6 +48,7 @@ Notes | Changelog

    +
  • Auth_PG_host
    • +
  • Auth_PG_port
    • +
  • Auth_PG_options
    • ++
  • Auth_PG_charset
    • +
  • Auth_PG_database
    • +
  • Auth_PG_user
    • +
  • Auth_PG_pwd
    • +@@ -104,6 +105,14 @@ be found.

    +

    Specifies an option string to be passed to the postgreSQL backend + process. Refer to the PostgreSQL user manual for a description of the + available options.

    ++

    Auth_PG_charset

    ++Syntax: Auth_PG_options option string
    ++Context: directory, .htaccess
    ++Override: AuthConfig
    ++Status: Extension ++

    Specifies the name of an encoding to be set for the PostgreSQL ++backend process. Refer to the PostgreSQL user manual for a description ++of the available options.

    +

    Auth_PG_database

    + Syntax: Auth_PG_database database name
    + Context: directory, .htaccess
    diff --git a/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch new file mode 100644 index 000000000000..c7314771f37c --- /dev/null +++ b/www-apache/mod_auth_pgsql/files/mod_auth_pgsql-2.0.3-fixdoublefree.patch @@ -0,0 +1,87 @@ +Description: Avoid double free of connection pointers + . + libapache2-mod-auth-pgsql (2.0.3-6.1) unstable; urgency=medium + . + * Non-maintainer upload. + * Apply patch from Launchpad to set freed pointers to NULL before + subsequent checks against NULL. (Closes: #774313) +Author: Neil Williams +Bug-Debian: https://bugs.debian.org/774313 +Origin: ubuntu, https://launchpadlibrarian.net/177475074/doublefree.patch + +--- + +--- libapache2-mod-auth-pgsql-2.0.3.orig/mod_auth_pgsql.c ++++ libapache2-mod-auth-pgsql-2.0.3/mod_auth_pgsql.c +@@ -489,6 +489,7 @@ PGconn *pg_connect(pg_auth_config_rec *s + "mod_auth_pgsql database connection error reset failed %s", + PQerrorMessage(conn)); + PQfinish(conn); ++ conn = NULL; + return NULL; + } + } +@@ -562,6 +563,7 @@ char *do_pg_query(request_rec * r, char + "mod_auth_pgsql database character set encoding %s", + check); + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + } +@@ -573,12 +575,15 @@ char *do_pg_query(request_rec * r, char + "PGSQL 2: %s -- Query: %s ", + PQerrorMessage(pg_conn), query); + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + + if (PQresultStatus(pg_result) == PGRES_EMPTY_QUERY) { + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -586,7 +591,9 @@ char *do_pg_query(request_rec * r, char + apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 3: %s -- Query: %s", + PQerrorMessage(pg_conn), query); + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -596,7 +603,9 @@ char *do_pg_query(request_rec * r, char + apr_snprintf(pg_errstr, MAX_STRING_LEN, "PGSQL 4: %s", + PQerrorMessage(pg_conn)); + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -604,7 +613,9 @@ char *do_pg_query(request_rec * r, char + apr_snprintf(pg_errstr, MAX_STRING_LEN, + "Could not get memory for Postgres query."); + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return NULL; + } + +@@ -613,7 +624,9 @@ char *do_pg_query(request_rec * r, char + + /* ignore errors here ! */ + PQclear(pg_result); ++ pg_result = NULL; + PQfinish(pg_conn); ++ pg_conn = NULL; + return result; + } + diff --git a/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild b/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild new file mode 100644 index 000000000000..e38b62cdb948 --- /dev/null +++ b/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_auth_pgsql/mod_auth_pgsql-2.0.3-r2.ebuild,v 1.1 2015/05/09 07:43:14 pacho Exp $ + +EAPI=5 +inherit eutils apache-module multilib + +DESCRIPTION="This module allows user authentication against information stored in a PostgreSQL database" +HOMEPAGE="http://www.giuseppetanzilli.it/mod_auth_pgsql2/" +SRC_URI="http://www.giuseppetanzilli.it/mod_auth_pgsql2/dist/${P}.tar.gz" + +LICENSE="freedist" +SLOT="2" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="" + +DEPEND="dev-db/postgresql:*" +RDEPEND="${DEPEND}" + +APXS2_ARGS="-a -c -I/usr/include/postgresql -L/usr/$(get_libdir)/postgresql -lpq mod_auth_pgsql.c" + +APACHE2_MOD_CONF="80_mod_auth_pgsql" +APACHE2_MOD_DEFINE="AUTH_PGSQL" + +DOCFILES="INSTALL README mod_auth_pgsql.html" + +need_apache2_4 + +src_prepare() { + # Debian patches + epatch "${FILESDIR}"/${P}-documentation.patch + epatch "${FILESDIR}"/${P}-encoding.patch + epatch "${FILESDIR}"/${P}-apache-2.4.patch + epatch "${FILESDIR}"/${P}-fixdoublefree.patch +} + +src_install() { + apache-module_src_install + fperms 600 "${APACHE_MODULES_CONFDIR}"/${APACHE2_MOD_CONF}.conf +}