gutsy does not have a working apache+mysql authentication solution

See also #150651

I seem to be having very similar problems with this module in Feisty. I have not had the stack smash - I always seem to get the Could not open password file: (null)

Best I get is either a prompt for username and password which loops without authenticating, or this:

[Thu Oct 11 23:54:04 2007] [error] [client 127.0.0.1] user daveski not found: /test/test.html
[Thu Oct 11 23:54:39 2007] [error] Internal error: pcfg_openfile() called with NULL filename
[Thu Oct 11 23:54:39 2007] [error] [client 127.0.0.1] (9)Bad file descriptor: Could not open password file: (null)

Please look at my report, result 2. These errors occur when you don't use the AuthUserFile directive.

My mistake. I have taken a long hard look at my configuration and now I have it working in Feisty. Apologies for the incorrect information.

Am I able to delete the comments which muddy the water?

To get mysql authentication working in Gutsy, you have to manually compile mod_auth_mysql:

1. wget http://heanet.dl.sourceforge.net/sourceforge/modauthmysql/mod_auth_mysql-3.0.0.tar.gz
2. wget http://www.bleb.org/software/mod_auth_mysql-3.0.0-apache-2.2.3.patch
3. tar zxf mod_auth_mysql-3.0.0.tar.gz
4. apt-get install apache2-prefork-dev libmysqlclient15-dev; apt-get --purge remove libapache2-mod-auth-mysql
5. cd mod_auth_mysql-3.0.0
6. patch < ../mod_auth_mysql-3.0.0-apache-2.2.3.patch
7. sed -i 's|#include <mysql.h>|#include <mysql/mysql.h>|' mod_auth_mysql.c
8. apxs2 -c -lmysqlclient -lm -lz mod_auth_mysql.c
9. apxs2 -i mod_auth_mysql.la
10. echo 'LoadModule mysql_auth_module /usr/lib/apache2/modules/mod_auth_mysql.so' > /etc/apache2/mods-available/auth_mysql.load
11. a2enmod auth_mysql

Configure it as follows (adapt to your environment):

        <Location /mysqlauth>
            AuthName "test"
            AuthType Basic
            AuthUserFile /dev/null
            AuthBasicAuthoritative Off

            AuthMySQLEnable On
            AuthMySQLAuthoritative On
            AuthMySQLDB apache_auth_test
            AuthMySQLUser authtestuser
            AuthMySQLPassword something
            AuthMySQLUserTable auth
            AuthMySQLNameField username
            AuthMySQLPasswordField passwd
            require valid-user
        </Location>

Hope this helps someone.

I have encountered the same bug as described above.

However I have also accidently encountered that the stack smashing only seems to occur when
the option "AuthMySQL_Encryption_Types" contains the method "MySQL".

When using "Plaintext" or "PHP_MD5"
libapache2-mod-auth-mysql 4.3.9-4 from gutsy works fine here.

Here is a short overview of what currently works for me in an apache site-config file:

<Directory /some/dir/>
  AuthName "Auth-MySQL Test"
  AuthType Basic
  AuthUserFile /dev/null
  AuthBasicAuthoritative Off

  AuthMySQL On
  AuthMySQL_Authoritative On
  AuthMySQL_Host localhost
  AuthMySQL_User <db_user>
  AuthMySQL_Password <db_password>
  AuthMySQL_DB <mysql_db>
  AuthMySQL_Password_Table mysql_auth # I have used the defaults but explicitly mention them here in the config file
  AuthMySQL_Username_Field username
  AuthMySQL_Password_Field password
# AuthMySQL_Encryption_Types MySQL # this will crash apache with "*** stack smashing detected ***" in error.log
# AuthMySQL_EncryptionTypes Plaintext # works okay here
  AuthMySQL_Encryption_Types PHP_MD5 # works okay here
</Directory>

I have not done extensive testing on the issue and I have not tested other encryption types or combinations thereof.

Maybe this is of help to someone.

Thanks Someone, that worked for me when i got the Internal error with pcfg_openfile() in Hardy!

In my experience the problem with the auth_mysql module seems to be that the config variables keep changing with every new version.

Is this symptom still reproducible in 8.10 RC or later?

Yes, Hardy is affected too.

Here is is the part for our trac login :
  <Location /login>

     AuthMYSQL on
     AuthMySQL_Authoritative on

    # connect to db
     AuthMySQL_Host localhost
     AuthMySQL_User auth_fr
     AuthMySQL_Password protect_the_innocent
     Auth_MySQL_DB svn_fr_auth
     AuthName "Trac ubuntu-fr platform

     Auth_MySQL_Group_Table "usergroup, users"
     Auth_MySQL_Password_Table users
     Auth_MySQL_Username_Field login
     Auth_MySQL_Password_Field pass
     Auth_MySQL_Group_Clause " and users.uid = usergroup.uid"
     Auth_MySQL_Group_Field gid
     AuthMySQL_Empty_Passwords off
     AuthMySQL_Encryption_Types Crypt_DES Crypt_MD5 Crypt PHP_MD5 SHA1Sum MySQL
     require valid-user

    # http://www.infodrom.org/Debian/tips/auth_mysql.html --> (9)Bad file descriptor: Could not open password file: (null),
     AuthBasicAuthoritative Off
     AuthUserFile /dev/null
  </Location>

attached is the apache log message.

Let me know if you need more informations.

typo :
AuthName "Trac ubuntu-fr platform

The apache conf really says :

     AuthName "Trac ubuntu-fr platform"

I can reproduce this bug on Hardy

I can also reproduce this bug in Intrepid.

Are there any work-arounds? I have tried using DBD as an alternative - it works fine but does not support MD5 passwords and as it is a drupal database I am trying to authenticate off I am stuck with MD5.

Is this module really deprecated? Without DBD supporting MD5 mysql users are a bit stuck without it. My only alternative is to write my own custom one.

I've been struggling with this in a brand new 8.10 server myself that I just setup yesterday. Not sure how or why, but i got this magic incantation to work (do note however, I'm storing the passwords in plaintext in mySQL):

    <Directory /home/dae51d/public_html/examples/crimson>
      AuthName "CRiMson -- use: test/test1234"
      AuthType Basic
      require valid-user
      AuthUserFile /dev/null
      AuthBasicAuthoritative Off
# http://www.daevid.com/server-info#mod_auth_mysql.c
      Auth_MYSQL On
      Auth_MySQL_Host localhost
      Auth_MySQL_User crimson_user
      Auth_MySQL_Password crimson_password
      Auth_MySQL_DB crimson_database
      Auth_MySQL_Authoritative On

      Auth_MySQL_Password_Table rep_table
      Auth_MySQL_Encryption_Types Plaintext MySQL
      Auth_MySQL_Encrypted_Passwords Off
      Auth_MySQL_Empty_Passwords Off
      Auth_MySQL_Username_Field rep_login
      Auth_MySQL_Password_Field rep_password
    </Directory>

But what I don't understand is when I do this one:

    <Directory /home/reviewit/public_html/admin>
      Options All +Includes
      AllowOverride None

      AuthName "SYMCELL Administration"
      AuthType Basic
      require valid-user
      AuthUserFile /dev/null
      AuthBasicAuthoritative Off
# http://www.daevid.com/server-info#mod_auth_mysql.c
      Auth_MYSQL On
      Auth_MySQL_Host localhost
      Auth_MySQL_User reviewit_user
      Auth_MySQL_Password reviewit_pass
      Auth_MySQL_DB reviewit_db
      Auth_MySQL_Authoritative On

      Auth_MySQL_Password_Table users
      Auth_MySQL_Encryption_Types SHA1Sum
      Auth_MySQL_Encrypted_Passwords On
      Auth_MySQL_Empty_Passwords Off
      Auth_MySQL_Username_Field username
      Auth_MySQL_Password_Field password
# Auth_MySQL_Where " type = 'Admin' AND enabled = 1 "
      Auth_MySQL_Where " enabled = 1 "
    </Directory>

Everything works except for the Auth_MySQL_Where part which says:

[Tue Feb 10 18:26:34 2009] [error] Query call failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'type = "Admin" AND enabled = 1' at line 1 (1064)

But removing the " type = 'Admin'" then it works. I've tried reversing the quotes. without any " on the ends. \'Admin\' and I can't figure out the magic incantation.

Also, my mod_auth_mysql.c shows Auth_MySQL_Where as the directive, but this page (http://modauthmysql.sourceforge.net/CONFIGURE) shows AuthMySQLUserCondition and NO Auth_MySQL_Where...

Come on man! it's bad enough the directives keep changing slightly with underscores and such with each version but now you don't even...

SOLVED:

THIS IS STUPID!! The Where clause requires that YOU put an additional "AND" in there.

 Auth_MySQL_Where " AND type = 'Admin' AND enabled = 1 "

So the auth_mysql code must be making a "SELECT * FROM user WHERE username = 'foo' AND password = 'bar' WHERE 1" or some other completely retarded logic, when it should simply be putting a "WHERE " (with the intentional trailing space) and the string you gave it in the directive. UGH!

Tested on brand new install of Lucid Lynx, also affected.

@Adam Did you try Daevid's work around in comment 15[0]?

[0] https://bugs.edge.launchpad.net/ubuntu/+source/libapache-mod-auth-mysql/+bug/150649/comments/15

the solution to your problem :

add

AuthBasicAuthoritative Off
AuthUserFile /dev/null

to your

<Directory>

or your

.htaccess
-file.

Its a known bug - it is also mentioned in the platform-specific "USAGE"-file.

Hi Daniel,
As you might see, I told in my report that it doesn't work even with these options. Here you are: https://bugs.launchpad.net/ubuntu/+source/libapache-mod-auth-mysql/+bug/506540 . Even in this Bug there are those lines given multiple times.

While clarifying remaining work on (admittedly too old) bugs I found that
this isn't present (neither the bug nor the package) anymore nowadays.
Due to time that passed it would today be covered by mod_authn_dbd [1] in package apache2-bin.

Since it seems to work as of today [2] and the reported release being Gutsy is way too old to consider checking/fixing it there I'll mark this bug Won't Fix.

[1]: https://httpd.apache.org/docs/2.4/mod/mod_authn_dbd.html
[2]: https://www.rapid7.com/blog/post/2017/10/04/how-to-password-protect-apache-directories-with-mod_authn_dbd-and-mysql-on-ubuntu-linux/