From 8400fff107749c7676cf0ad2d864df6c59f7a327 Mon Sep 17 00:00:00 2001 From: misi3k Date: Fri, 9 May 2003 06:22:11 +0000 Subject: [PATCH] - outdated Changed files: mod_auth_any-1.2.2-fork.patch -> 1.2 --- mod_auth_any-1.2.2-fork.patch | 227 ---------------------------------- 1 file changed, 227 deletions(-) delete mode 100644 mod_auth_any-1.2.2-fork.patch diff --git a/mod_auth_any-1.2.2-fork.patch b/mod_auth_any-1.2.2-fork.patch deleted file mode 100644 index e482cc0..0000000 --- a/mod_auth_any-1.2.2-fork.patch +++ /dev/null @@ -1,227 +0,0 @@ ---- mod_auth_any-1.2.2/src/mod_auth_any.c.fork 2002-07-02 15:40:25.000000000 -0400 -+++ mod_auth_any-1.2.2/src/mod_auth_any.c 2003-03-19 12:47:44.000000000 -0500 -@@ -170,127 +170,98 @@ - - module MODULE_VAR_EXPORT auth_any_module; - --/* Escape special characters in the input string so that the bash -- shell will not interpolate them when the input string is withing -- single quotes. -- -- IN: null-terminated character array containing string to be interpolated -- OUT: newly allocate (using malloc) null-terminated character array -- containing the input string with the special characters properly -- escaped */ --char* bash_single_quote_escape_string(const char *s) { -- /* used to count the length of the string and the number of single quotes */ -- int str_len, sq_count; -- int s_pos, buf_pos; /* copy chars loop counter */ -- /* used to hold the final result string */ -- char *buf; -- -- /* Count the single quotes. -- LOOP INVARIANT: str_len < (number of chars in string 's') -- POSTCONDITION: sq_count == (number of single quotes in string 's') */ -- for (str_len = 0, sq_count = 0; s[str_len] != '\0'; str_len++) -- if (s[str_len] == '\'') -- sq_count++; -- -- /* Allocate the memory for the final string. -- Each ' (one char) will become '\'' (4 chars), so multiply by 4 -- and don't forget to add 1 for terminating null. */ -- buf = (char*) malloc(sizeof(char) * (str_len + 1 + sq_count * 4)); -- -- /* Copy the chars of 's' into 'buf', turning each ' into '\'' */ -- for (s_pos = 0, buf_pos = 0; s_pos < str_len; s_pos++) { -- /* If we see a single quote, then put '\'' into 'buf' and advance -- buf_pos 4 positions, else put the next char from 's' into 'buf' -- and advance buf_pos 1 position. */ -- if(s[s_pos] == '\'') { -- buf[buf_pos++] = '\''; -- buf[buf_pos++] = '\\'; -- buf[buf_pos++] = '\''; -- buf[buf_pos++] = '\''; -- } else { -- buf[buf_pos++] = s[s_pos]; -- } -- } -- /* don't forget the null terminator */ -- buf[buf_pos] = '\0'; -- -- return buf; --} -- - /* -- nb: -- -- The popen() call to the external validator program is made here. --*/ -+ * Call the external program auth_pwfile with user and password as its -+ * arguments. These should have been passed in over a pipe, but it's too -+ * late to change that now. The called program should print the name of the -+ * valid user to stdout, or print "Authentication Error" on failure. -+ */ - static char *get_pw(request_rec *r, char *user, const char* password, char *auth_pwfile) { -- configfile_t *f; -- char* execstr; -- char* l; -- const char *rpw, *w; -- FILE* ext_authprog; -- FILE* fp; -- char *escaped_password; -+ char result[256]; -+ int fd[2], i, length = 0; -+ pid_t pid; - #ifdef __sun - static char m_envstr[256]; /* sun's putenv() call is a bunch of bull malarkey */ - #endif -- -- l = (char*) malloc (MAX_STRING_LEN * sizeof(char)); -- execstr = (char*) malloc (MAX_STRING_LEN * sizeof(char)); - --#ifdef __sun -- snprintf (m_envstr, 256, "%s=%s\0", "REMOTE_ADDR", r -> connection -> remote_ip); -- putenv (m_envstr); --#else -- setenv ("REMOTE_ADDR", r -> connection -> remote_ip, 1); --#endif -- -- /* escape the password */ -- escaped_password = bash_single_quote_escape_string(password); -- -- /* open the program stream */ -- snprintf (execstr, MAX_STRING_LEN, "%s %s \'%s\'", auth_pwfile, user, escaped_password); -- -- /* free the escaped password before we forget */ -- free(escaped_password); -+ memset (result, '\0', sizeof(result)); - -- if (!(ext_authprog = popen (execstr, "r"))) { -+ /* sanity check the auth_pwfile */ -+ if ((auth_pwfile == NULL) || (auth_pwfile[0] != '/')) { -+ ap_log_rerror (APLOG_MARK, APLOG_ERR, r, "Invalid program: %s", -+ auth_pwfile); -+ return NULL; -+ } - -- ap_log_rerror (APLOG_MARK, APLOG_ERR, r, "Could not popen() on program: %s: %s", -- auth_pwfile, strerror(errno)); -- return NULL; -+ /* set up our communication pipe */ -+ if (pipe (fd) == -1) { -+ /* couldn't create pipe for some reason */ -+ ap_log_rerror (APLOG_MARK, APLOG_ERR, r, "Error creating pipe: %s", -+ strerror(errno)); -+ return NULL; - } -- /* whew, the popen() has seemingly succeeded, let's write the username passwd stuff*/ -- if (feof(ext_authprog) == 0) -- fgets (l, MAX_STRING_LEN, ext_authprog); -- pclose (ext_authprog); -- -- if (strncmp(l, "Authentication Error", 19) == 0) /* no authorized */ -- return NULL; -- /* otherwise, we got a winner :), return user's real name */ -- return l; - -- /* ignore the rest */ -- /* -- if (!(f = ap_pcfg_openfile(r->pool, auth_pwfile))) { -- ap_log_rerror(APLOG_MARK, APLOG_ERR, r, -- "Could not open password file: %s", auth_pwfile); -+ /* start our child */ -+ pid = fork (); -+ switch (pid) { -+ case -1: -+ /* fork failed -- clean up and return */ -+ close (fd[0]); -+ close (fd[1]); -+ ap_log_rerror (APLOG_MARK, APLOG_ERR, r, "Error fork()ing: %s", -+ strerror (errno)); - return NULL; -+ break; -+ case 0: -+#ifdef __sun -+ snprintf (m_envstr, sizeof(m_envstr), "%s=%s", "REMOTE_ADDR", -+ r -> connection -> remote_ip); -+ putenv (m_envstr); -+#else -+ setenv ("REMOTE_ADDR", r -> connection -> remote_ip, 1); -+#endif -+ /* close open fds */ -+ i = sysconf (_SC_OPEN_MAX); -+ while (i >= 0) { -+ if (i != fd[1]) { -+ fcntl (i, F_SETFD, FD_CLOEXEC); -+ } -+ i--; -+ } -+ /* make the write end of the pipe our stdout */ -+ if (fd[1] != STDOUT_FILENO) { -+ close (STDOUT_FILENO); -+ dup2 (fd[1], STDOUT_FILENO); -+ fcntl (STDOUT_FILENO, F_SETFD, 0); -+ fcntl (fd[1], F_SETFD, FD_CLOEXEC); -+ } -+ execl (auth_pwfile, auth_pwfile, user, password, NULL); -+ _exit (1); -+ break; -+ default: -+ /* parent: read what the child has to say, if anything */ -+ close (fd[1]); -+ do { -+ i = read (fd[0], result + length, sizeof(result) - length - 1); -+ if (i != -1) { -+ length += i; -+ } -+ } while ((i != -1) && (i != 0) && (length < (sizeof(result) - 1))); -+ close (fd[0]); -+ break; - } -- -- while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { -- if ((l[0] == '#') || (!l[0])) -- continue; -- rpw = l; -- w = ap_getword(r->pool, &rpw, ':'); - -- if (!strcmp(user, w)) { -- ap_cfg_closefile(f); -- return ap_getword(r->pool, &rpw, ':'); -- } -+ while ((length > 0) && -+ ((result[length - 1] == '\r') || (result[length - 1] == '\n'))) { -+ result[--length] = '\0'; - } -- ap_cfg_closefile(f); -- return NULL; -- */ -+ -+ if ((strlen(result) == 0) || -+ (strncmp(result, "Authentication Error", 19) == 0)) /* not authorized */ -+ return NULL; -+ -+ /* otherwise, we got a winner :), return user's real name */ -+ return strdup(result); - } - - static table *groups_for_user(pool *p, char *user, char *grpfile) -@@ -351,9 +322,7 @@ - conn_rec *c = r->connection; - const char *sent_pw; - char *real_pw; -- char *invalid_pw; - int res; -- FILE* fp; - - if ((res = ap_get_basic_auth_pw(r, &sent_pw))) - return res; -@@ -423,8 +392,6 @@ - table *grpstatus; - const array_header *reqs_arr = ap_requires(r); - require_line *reqs; -- FILE* fp; -- - - /* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive, - * then any user will do. -- 2.44.0