--- mod-auth-mysql-4.3.9.orig/debian/copyright +++ mod-auth-mysql-4.3.9/debian/copyright @@ -0,0 +1,100 @@ +This is the Debian GNU/Linux prepackaged version of mod_auth_mysql for +Apache 2.x. It comprises many code patches from the Debian community +and the current Debian maintainer for the package. + +/* + * Copyright (c) 2001 by J. R. Westmoreland + * Portions Copyright (c) 2002-2004 by Matthew Palmer + * + * Original module/version: mod_auth_mysql v2.20 + * Originally written and maintained by Zeev Suraski + * A couple of fixes by Marschall Peter + * and Brent Metz + * MySQL/PHP style MD5 hashes, and an integration with the mod-auth-mysql + * maintained by Bill Joned by Matthew Palmer + * + * This version maintained by Matthew Palmer + * + * Please read the INSTALL and USAGE files for further information. + * + * 2004-02-01 MURAKAMI, takeshi + * add port, socket + * 2004-02-07 MURAKAMI, takeshi + * apache2 + * 2004-09-20 Joseph Walton + * SHA1 hash support + */ + +The source code has been distributed under the the terms of the +`Apache Software License'. This is as follows: + +/* ==================================================================== + * The Apache Software License, Version 1.1 + * + * Copyright (c) 2000 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + * Portions of this software are based upon public domain software + * originally written at the National Center for Supercomputing Applications, + * University of Illinois, Urbana-Champaign. + */ + + +An older version of this package was packaged for Debian GNU/Linux by +Matthew Wilcox , based on code from the Sourceforge +project mod-auth-mysql . + +Maintenance was taken over by Matthew Palmer in +September 2002 based on two separate forks of mod_auth_mysql that were +derived from code directly included in the Apache source distribution. + +The source of the Debian package is managed through CVS. It is publicly +available at or +as <:pserver:anonymous@cvs.infodrom.org/var/cvs/debian/mod-auth-mysql/>. --- mod-auth-mysql-4.3.9.orig/debian/libapache2-mod-auth-mysql.dirs +++ mod-auth-mysql-4.3.9/debian/libapache2-mod-auth-mysql.dirs @@ -0,0 +1,2 @@ +usr/lib/apache2/modules +etc/apache2/mods-available --- mod-auth-mysql-4.3.9.orig/debian/conffiles +++ mod-auth-mysql-4.3.9/debian/conffiles @@ -0,0 +1 @@ +/etc/apache2/mods-available/auth_mysql.load --- mod-auth-mysql-4.3.9.orig/debian/changelog +++ mod-auth-mysql-4.3.9/debian/changelog @@ -0,0 +1,435 @@ +mod-auth-mysql (4.3.9-13ubuntu3) precise; urgency=low + + * pass mysql libs dir directly to fix for multi-arch libmysqlcient + + -- Clint Byrum Thu, 24 Nov 2011 16:13:54 -0800 + +mod-auth-mysql (4.3.9-13ubuntu2) precise; urgency=low + + * Rebuild for libmysqlclient transition + + -- Clint Byrum Wed, 23 Nov 2011 23:55:21 -0800 + +mod-auth-mysql (4.3.9-13ubuntu1) maverick; urgency=low + + * Merge from debian testing. Remaining changes: + - debian/control: Change build dependencies to MySQL 5.1. + - bumped standards version. + + -- Chuck Short Sun, 14 Mar 2010 02:21:55 +0000 + +mod-auth-mysql (4.3.9-13) unstable; urgency=low + + * Change section from web to httpd to accomplish an override disparity + * Add a note about MySQL connection timeout to DIRECTIVES, thanks to + Imran Chaudhry + [017-doc_persistent_conn.dpatch] + + -- Joey Schulze Mon, 01 Mar 2010 16:45:18 +0100 + +mod-auth-mysql (4.3.9-12ubuntu1) lucid; urgency=low + + * Merged new debian version (fixes LP: #364581). Remaining changes: + - debian/control: Change build dependencies to MySQL 5.1. + - bumped standards version. + + -- Jan Brinkmann Thu, 28 Jan 2010 14:27:45 +0100 + +mod-auth-mysql (4.3.9-12) unstable; urgency=low + + * Reset execution flag of patches in clean target, mitigate bug in + dpatch + * Fix default password field name [014-default-password.dpatch] (closes: + Bug#531313) + * Add patch by David PrĂ©vot to fix + Auth_MySQL_Empty_Passwords behaviour [015-empty-passwords.dpatch] + (closes: Bug#385679) + * Add prototype declaration for apr_pstrcat() to fix segementation + faults, thanks to Peter Christensen + [016-apr_pstrcat.dpatch] (closes: Bug#542007) + * Add /etc/apache2/mods-available/auth_mysql.load as conffile (closes: + Bug#260762) + + -- Joey Schulze Sat, 23 Jan 2010 18:25:18 +0100 + +mod-auth-mysql (4.3.9-11) unstable; urgency=medium + + * Change section web to net + * Bumped standards version + * Fix CVE-2008-2384: Encode strings securely via + mysql_real_escape_string [013-CVE-2008-2384_charset.dpatch] + + -- Joey Schulze Wed, 21 Jan 2009 18:58:04 +0100 + +mod-auth-mysql (4.3.9-10) unstable; urgency=low + + * Document disabling BasicAuth and basic group file in USAGE + [011-auth_basic.dpatch] (closes: Bug#502895, Bug#382242) + * Add support for specifying the connection character set via + Auth_MySQL_CharacterSet [012-charset.dpatch] (closes: Bug#356530) + + -- Joey Schulze Fri, 21 Nov 2008 17:07:25 +0100 + +mod-auth-mysql (4.3.9-9) unstable; urgency=low + + * Insert the copyright notice with names and note patches coming from + the Debian community + + -- Joey Schulze Wed, 21 May 2008 07:55:27 +0200 + +mod-auth-mysql (4.3.9-8) unstable; urgency=low + + * New maintainer (closes: Bug#407360) + * New source package name + * Clarified history and license + * Improve documentation wrt. Auth_MySQL_Group_Field [005-directives.dpatch] + * Properly set unsigned char (i.e. 1-byte int) config variables, patch + by Adrian Bridgett [006-options.dpatch] + (closes: Bug#287160, Bug#385679, Bug#393769) + * Stop altering the AUTH_MYSQL_VERSION with an old Debian revision + [002-mysql_define] + * Unify AuthMySQL_ and Auth_MySQL_ namespace [007-unify_namespace.dpatch] + * Adjust the buffer size used by make_scrambled_password() + [008-make_scrambled_password.dpatch] (closes: Bug#356064, Bug#346192, + Bug#346194) + * Adjust config parser data type for _Port to int, thanks to Lehel + Bernadt [009-port-int.dpatch] (closes: Bug#356147) + * Provide an Apache authentication method, thanks to Andreas Barth + [010-enctype-apache.dpatch] (closes: Bug#287547) + + -- Joey Schulze Thu, 15 May 2008 14:50:06 +0200 + +libapache-mod-auth-mysql (4.3.9-7) unstable; urgency=low + + * QA upload. + * And actually add 004-reconnect.dpatch to debian/patches/00list... + Thanks to Martin Schulze. + + -- Matej Vela Wed, 27 Feb 2008 16:05:31 +0100 + +libapache-mod-auth-mysql (4.3.9-6) unstable; urgency=low + + * QA upload. + * debian/rules: Gah, don't break if the Makefile isn't there. + Closes: #465630. + + -- Matej Vela Wed, 13 Feb 2008 19:25:22 +0100 + +libapache-mod-auth-mysql (4.3.9-5) unstable; urgency=low + + * QA upload. + * debian/patches/004-reconnect.dpatch: Automatically re-establish + connections with MySQL 5.0.3+. Thanks to Johann Glaser for the patch. + Closes: #420010. + * debian/rules: Let dh_strip handle DEB_BUILD_OPTIONS=nostrip. + Closes: #437310. + * debian/rules: Remove support for DEB_BUILD_OPTIONS=debug. + * debian/rules: Don't ignore errors from `make distclean'. + * Conforms to Standards version 3.7.3. + + -- Matej Vela Tue, 12 Feb 2008 15:55:39 +0100 + +libapache-mod-auth-mysql (4.3.9-4) unstable; urgency=low + + * QA upload. + * Stop building libapache-mod-auth-mysql (Closes: #429104) + * Remove B-D on apache-dev + * Lets set DH_COMPAT in debian/compat, not debian/rules + * Update debian/rules not to build the apache13 module anymore. + * Conforms with latest Standards Version 3.7.2 + + -- Michael Ablassmeier Tue, 19 Jun 2007 11:09:00 +0200 + +libapache-mod-auth-mysql (4.3.9-3) unstable; urgency=medium + + * QA Upload + * Set maintainer to Debian QA Group . + * apache2 module depends now on apache2.2-common. + * Removed the ,,changes* directories from the diff.gz. + * Use now make distclean instead of make clean in debian/rules. + * Build-depend now on dpatch. + * Build-depend now on debhelper 5 instead of 4. + * Converted the patches to dpatch. + * Applied a patch to fix FTBFS against apache2.2 (Closes: #389579). + Thanks to Julian Calaby for the patch. + + -- Mario Iseli Sun, 11 Feb 2007 14:04:10 +0100 + +libapache-mod-auth-mysql (4.3.9-2.1) unstable; urgency=medium + + * Non-maintainer upload. + Rebuild against libmysqlclient15. Closes: #343771 + + -- Christian Hammers Tue, 21 Feb 2006 21:43:01 +0100 + +libapache-mod-auth-mysql (4.3.9-2) unstable; urgency=low + + * Rebuild for libmysqlclient12. Closes: #298671. + * Clarify USAGE for md5 passwords. Closes: #298071. + + -- Matthew Palmer Thu, 10 Mar 2005 08:48:03 +1100 + +libapache-mod-auth-mysql (4.3.9-1) unstable; urgency=low + + * New upstream release, which codifies the way that multiple require + statements are meant to work. + + -- Matthew Palmer Fri, 24 Dec 2004 00:30:40 +1100 + +libapache-mod-auth-mysql (4.3.8-1) unstable; urgency=low + + * Now converted to a non-native package, as I've got a user who is not a + Debianite. + * Fixed the configure script to properly detect whether libcrypt needs to + be a separate library. + * Guarded all instances of CRYPT_DES_ENCRYPTION_FLAG, so you can build the + module without crypt() being present. + + -- Matthew Palmer Fri, 5 Nov 2004 22:07:14 +1100 + +libapache-mod-auth-mysql (4.3.7) unstable; urgency=low + + * Added a new encryption type, SHA1Sum, using a patch kindly prepared by + Joseph Walton. Closes: #271730. + + -- Matthew Palmer Mon, 20 Sep 2004 10:26:41 +1000 + +libapache-mod-auth-mysql (4.3.6) unstable; urgency=high + + * Fixed a security bug where an error in the execution of + mysql_check_group() causes the group check to succeed. Closes: #271721. + Thanks to Joseph Walton for finding the problem and providing a patch. + + -- Matthew Palmer Wed, 15 Sep 2004 10:59:26 +1000 + +libapache-mod-auth-mysql (4.3.5) unstable; urgency=high + + * High urgency on the request of Adam Conrad to try and get Apache2 + through for Sarge. + * Rebuild to back out the ill-fated apache2 LFS transition (so much for + comprehensive testing...) Closes: #267354. + * Bumped the apache2-*-dev build-dep and apache2 dep to >= 2.0.50-10. + + -- Matthew Palmer Sun, 22 Aug 2004 21:08:58 +1000 + +libapache-mod-auth-mysql (4.3.4) unstable; urgency=medium + + * Rebuild to support new Apache2 ABI. Closes: #266177. + + -- Matthew Palmer Tue, 17 Aug 2004 10:01:34 +1000 + +libapache-mod-auth-mysql (4.3.3) unstable; urgency=low + + * Really fixed the multi-group checking. Seems I put the "you're not + invited" return at the wrong scope. Where's my dwim() function, dammit. + Closes: #257879 (I promise). + + -- Matthew Palmer Fri, 13 Aug 2004 00:23:02 +1000 + +libapache-mod-auth-mysql (4.3.2) unstable; urgency=low + + * Fixed multi-group checking; if multiple groups are listed in the + 'require group' directive, the code only checked for the first one. + Thanks to Karsten Richter for finding the bug and fixing it. + Closes: #257879. + * Cleaned up a define and associated bits to allow compilation under + gcc-2.95. And we didn't even need a versioned build-depends. + Closes: #258030. + + -- Matthew Palmer Fri, 6 Aug 2004 20:19:43 +1000 + +libapache-mod-auth-mysql (4.3.1) unstable; urgency=low + + * Determined that safe_mysql_query() wasn't retrying on some retryable + errors, and fixed it up so that it retries once if the server wandered + off before we started. Closes: #255985. + + -- Matthew Palmer Sun, 27 Jun 2004 21:34:59 +1000 + +libapache-mod-auth-mysql (4.3.0) unstable; urgency=low + + * Two new directives, Auth_MySQL_DefaultPort and Auth_MySQL_DefaultSocket. + * Related to the above, the specification of port or socket as part of the + hostname is no longer permitted. Hopefully nobody got too attached to + that, as it wasn't documented as such anyway. + * Straightened out various bits of twisty code. + * Removed the crazy host/port/socket parsing code which (I believe) was + causing all the screwed up hostname grief. Closes: #251704. + + -- Matthew Palmer Wed, 16 Jun 2004 17:39:10 +1000 + +libapache-mod-auth-mysql (4.2.1) unstable; urgency=low + + * Added some directives to the Apache2 config handler which were somehow + missed in the initial conversion. Closes: #252455. + * Fixed a string termination issue in the connection code. + Closes: #251704. + + -- Matthew Palmer Fri, 4 Jun 2004 10:28:21 +1000 + +libapache-mod-auth-mysql (4.2.0) unstable; urgency=low + + * Applied a patch from Takeshi Murakami to add Apache 2 support and the + ability to specify a port number or socket file (for those times you + just gotta do it). Closes: #231667. Many thanks to Takeshi for taking + the time to do the Apache2 conversion (which appears to have been a fair + bit of work). + - Updated DIRECTIVES for the new port/socket specifiers. + - Added new --with-apache and --with-apache2 ./configure options to + enable/disable build support for both modules. + - New binary package, libapache2-mod-auth-mysql, to provide the + apache2-compiled version of m-a-m. Closes: #248415. Also updated + build-deps and all that sort of thing. Small parts shamelessly + stolen from libapache2-mod-auth-pgsql. + * Bumped standards version; no changes needed. + * Reversed the sense of the persistent check on connection close; the + program now behaves like it's documentation. Closes: #243995. + + -- Matthew Palmer Tue, 11 May 2004 15:09:07 +1000 + +libapache-mod-auth-mysql (4.1.8) unstable; urgency=low + + * Added conditionals and more calls to modules-config so that the module + will install nicely into all apache flavours. Closes: #226425. + * Applied a functionality improvement from Jakub Stachowski to add some + arbitrary SQL to the end of a query, to improve matching. + Closes: #221923. + + -- Matthew Palmer Fri, 16 Jan 2004 12:47:46 +1030 + +libapache-mod-auth-mysql (4.1.7) unstable; urgency=low + + * Added a postinst and postrm which should add and remove the module from + Apache's module list. Closes: #220239 + * Thwap! Forgot that sec->user_field might be NULL, so we shouldn't set + auth_user_field to it if it's empty. + * Added more ways to set user_group_field in the group checking query. + Also added a default, so it'll never be NULL. + * Some punctuation changes in the group check query string. + * Tracked down a particularly vicious segfault (and fixed another bug in + the process). + * Finally tracked down the cause of require groups not working. + Closes: #216859. Many thanks to Stephen Leclerc for putting up with my + many fruitless debugging attempts, since I couldn't reproduce the + problem on my systems, but it was consistent for him. + + -- Matthew Palmer Wed, 19 Nov 2003 00:02:10 +1100 + +libapache-mod-auth-mysql (4.1.6) unstable; urgency=low + + * Escaped $ signs in MD5 configure test, so it works properly. Thanks to + Emmanuel Lacour for working this one out. (Closes: #212179) + + -- Matthew Palmer Wed, 24 Sep 2003 09:39:06 +1000 + +libapache-mod-auth-mysql (4.1.5) unstable; urgency=low + + * Applied patch supplied by Martin Kos to allow groups of a user to be + specified as a MySQL SET. (Closes: #200535) + + -- Matthew Palmer Sun, 13 Jul 2003 19:00:17 +1000 + +libapache-mod-auth-mysql (4.1.4.1) unstable; urgency=low + + * Yet more #ifdef'd debugging, since I suspect a need for more sacrificial + lambs. + + -- Matthew Palmer Fri, 16 May 2003 17:37:15 +1000 + +libapache-mod-auth-mysql (4.1.4) unstable; urgency=low + + * Now with a log message indicating "auth failed". + * More logging around query generation, to solve a mysterious bug. + * USAGE a little more detailed on the subject of encryption types. + (Closes: #192098) + + -- Matthew Palmer Wed, 7 May 2003 17:18:17 +1000 + +libapache-mod-auth-mysql (4.1.3) unstable; urgency=low + + * Updated the Build-Deps to point to the LGPL'd libmysqlclient10-dev, + rather than the GPL'd libmysqlclient-dev (which is actually lmc12-dev + now). Pesky licenses. Closes: #189212. + + -- Matthew Palmer Wed, 16 Apr 2003 17:05:22 +1000 + +libapache-mod-auth-mysql (4.1.2) unstable; urgency=low + + * FFS... Automade makefiles suck. Duplicated the cleaning action of make + distclean in debian/rules. Closes: #189107. + + -- Matthew Palmer Wed, 16 Apr 2003 09:09:58 +1000 + +libapache-mod-auth-mysql (4.1.1) unstable; urgency=low + + * New version numbering scheme. Screw this upstream-debian thing, I *am* + the damn upstream (oooh, I love the power). + * Fixed the blasted zombie connection problem. Simple really - as long as + Apache played ball (which it didn't). Closes: #184443. Yippee! Much + thanks *must* go to john@pensol.com who did the hard work of identifying + the exact circumstances under which this bug occured, and provided a + fair bit of the logic required to fix it. + * Added analogous Auth_MySQL_Group_User_Field command, fixed code to align + with documentation (group_user is the same as the username field, by + default). All together, Closes: #187678. + + -- Matthew Palmer Mon, 14 Apr 2003 23:27:08 +1000 + +libapache-mod-auth-mysql (4.1.0-2) unstable; urgency=low + + * Added not null qualifier in USAGE so that it's valid MySQL. + (Closes: #178191) + * Added the DIRECTIVES file to the documentation. (Closes: #181692) + + -- Matthew Palmer Thu, 20 Feb 2003 13:06:21 +1100 + +libapache-mod-auth-mysql (4.1.0-1) unstable; urgency=low + + * New upstream version. + * Modified rules to accomodate new configure script. + + -- Matthew Palmer Wed, 13 Nov 2002 01:25:13 +1100 + +libapache-mod-auth-mysql (4.0.0-3) unstable; urgency=low + + * Removed the custom APLOG_MARK I defined - it really isn't necessary, and + just makes the logfile uglier. + * Uncommented the check to see if the module has been disabled in config. + Another one of those "WTF?" moments. (Closes: #166458) + * Hunted down all error messages which don't involve errno and explicitly + set errno to 0 (to avoid weird errors in logging messages). + + -- Matthew Palmer Sun, 10 Nov 2002 15:24:27 +1100 + +libapache-mod-auth-mysql (4.0.0-2) unstable; urgency=low + + * Uncomment the Auth_MySQL directives from the directives list. Why it + ever got commented in the first place is completely beyond me. + (Closes: #164321) + + -- Matthew Palmer Thu, 17 Oct 2002 09:30:54 +1000 + +libapache-mod-auth-mysql (4.0.0-1) unstable; urgency=low + + * New upstream release. Mostly just a merge of two differing versions of + the upstream software, as well as some minor fiddling. + + -- Matthew Palmer Sat, 28 Sep 2002 12:43:46 +1000 + +libapache-mod-auth-mysql (3.2-2) unstable; urgency=low + + * Added support for PHP-style MD5 hashes. (Closes: #158287) + * New maintainer, at the consent of the previous maintainer. Thanks to + Matthew Wilcox for his work on the package to date. + * Bumped standards-version to 3.5.7. + * Integrated debhelper a bit more, DH_COMPAT=4. + * New version. (Closes: #100692) + + -- Matthew Palmer Mon, 23 Sep 2002 11:08:57 +1000 + +libapache-mod-auth-mysql (3.2-1) unstable; urgency=low + + * Split from apache 1.3.22-5 package to reduce apache dependencies. + + -- Matthew Wilcox Wed, 9 Jan 2002 15:15:23 -0700 + --- mod-auth-mysql-4.3.9.orig/debian/control +++ mod-auth-mysql-4.3.9/debian/control @@ -0,0 +1,14 @@ +Source: mod-auth-mysql +Section: httpd +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Joey Schulze +Standards-Version: 3.8.3 +Build-Depends: debhelper (>= 5.0.0), dpatch, libmysqlclient-dev, apache2-threaded-dev (>= 2.0.50-10) + +Package: libapache2-mod-auth-mysql +Architecture: any +Depends: ${shlibs:Depends}, apache2.2-common (>= 2.2.3-3) +Description: Apache 2 module for MySQL authentication + A module for the Apache 2 web server which enables HTTP authentication + against information stored in a MySQL database. --- mod-auth-mysql-4.3.9.orig/debian/rules +++ mod-auth-mysql-4.3.9/debian/rules @@ -0,0 +1,70 @@ +#!/usr/bin/make -f + +# Copyright 2002-2005 Matthew Palmer +# Copyright 2008 Joey Schulze +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 dated June, 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA + + +APACHE2=$(CURDIR)/debian/tmp + +include /usr/share/dpatch/dpatch.make + +configure: patch configure-stamp +configure-stamp: + dh_testdir + ./configure --disable-apache13 --enable-apache2 --with-mysql-libs=`mysql_config --variable=pkglibdir` + touch configure-stamp + +clean: unpatch + dh_testdir + dh_testroot + dh_clean -A + test ! -f Makefile || $(MAKE) distclean + chmod a-x debian/patches/*.dpatch + rm -f config.status config.log config.h + rm -f configure-stamp build-stamp + +build-indep: build +build-arch: build +build: build-stamp +build-stamp: configure + dh_testdir + $(MAKE) + touch build-stamp + +install: build + dh_testdir + dh_testroot + dh_installdirs -A + + install -m 644 apache2_mod_auth_mysql.so $(APACHE2)/usr/lib/apache2/modules/mod_auth_mysql.so + install -m 644 auth_mysql.load $(APACHE2)/etc/apache2/mods-available + +binary: binary-arch binary-indep +binary-indep: install +binary-arch: install + dh_testdir + dh_testroot + dh_installdocs -A + dh_installchangelogs -A + dh_strip -A + dh_compress -A + dh_installdeb -A + dh_shlibdeps -A + dh_gencontrol -A + dh_md5sums -A + dh_builddeb -A + +.PHONY: build build-arch build-indep clean binary-indep binary-arch binary install --- mod-auth-mysql-4.3.9.orig/debian/libapache2-mod-auth-mysql.prerm +++ mod-auth-mysql-4.3.9/debian/libapache2-mod-auth-mysql.prerm @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +if [ "$1" = "remove" -o "$1" = "purge" ]; then + if [ -e /etc/apache2/apache2.conf -a -x /usr/sbin/a2dismod ]; then + /usr/sbin/a2dismod auth_mysql || true + fi +fi + +#DEBHELPER# + +exit 0 --- mod-auth-mysql-4.3.9.orig/debian/libapache2-mod-auth-mysql.docs +++ mod-auth-mysql-4.3.9/debian/libapache2-mod-auth-mysql.docs @@ -0,0 +1,2 @@ +USAGE +DIRECTIVES --- mod-auth-mysql-4.3.9.orig/debian/NMU-Disclaimer +++ mod-auth-mysql-4.3.9/debian/NMU-Disclaimer @@ -0,0 +1,45 @@ +Non Maintainer Upload of this Package +------------------------------------- + +If you plan to work on an NMU for this package, read the following +closely. It can save you and me some grief. + + 1. At first, contact the maintainer (i.e. send a mail to + joey@debian.org, do not cc or bounce a mail, send a plain mail, + not copied to any mailing list or the BTS) and ask about the + status of the bug you are considering to work on. + + 2. In this mail include all information relevant for this problem, + i.e. include a description of the bug and not only its bug + number. + + 3. If the maintainer is not able or willing to fix the problem or + does not respond within four days, continue with step 4. + + 4. Work on the bug and prepare a patch. Do not upload into the + Debian archive. + + 5. Send the entire patch, together with enough explanations, to the + maintainer for reviewing and ask him for permission of an NMU + using this patch. + + 6. IF AND ONLY IF the maintainer approves the patch (or doesn't + respond within four days), upload the NMU to the incoming + directory and send the patch to the BTS. If the NMU is not + approved, go back to 4. or add the NMU to your homepage, but do + not upload it to the Debian archive. + + 7. Properly sized and well-written patches sent to the BTS are always + appreciated, even if they are rejected later. They demonstrate a + potential solution which could probably improved into a real + solution. + + 8. NEVER change the way a package is maintained in an NMU, i.e. don't + remove dh_* stuff or switch to dh_* respectively. This rule + applies to all NMU's, not only to an NMU for this package. + +These rules always apply. They even apply if somebody declares NMUs +as ok and reduces regular NMU rules to a delay of zero days. Unless +I'm on vacation or on a show I am reachable via mail, so there is +hardly a reason not to contact me. + --- mod-auth-mysql-4.3.9.orig/debian/patches/010-enctype-apache.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/010-enctype-apache.dpatch @@ -0,0 +1,57 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 010-enctype-apache.dpatch by Andreas Barth +## Joey Schulze +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Provide an Apache authentication method + +@DPATCH@ +diff -urNad mod-auth-mysql~/DIRECTIVES mod-auth-mysql/DIRECTIVES +--- mod-auth-mysql~/DIRECTIVES 2008-05-15 12:55:28.000000000 +0200 ++++ mod-auth-mysql/DIRECTIVES 2008-05-15 12:55:29.000000000 +0200 +@@ -194,6 +194,10 @@ + + MySQL + The hashing scheme used by the MySQL PASSWORD() function. ++ ++ Apache ++ The hashing scheme used by htpasswd utility. Compatible to ++ authuserfile. + + Auth_MySQL_Encrypted_Passwords (DEPRECATED) + Equivalent to: Auth_MySQL_Encryption_Types Crypt_DES +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2008-05-15 12:55:28.000000000 +0200 ++++ mod-auth-mysql/mod_auth_mysql.c 2008-05-15 12:56:28.000000000 +0200 +@@ -103,6 +103,7 @@ + #define CRYPT_ENCRYPTION_FLAG 1<<5 + #endif + #define SHA1SUM_ENCRYPTION_FLAG 1<<6 ++#define APACHE_ENCRYPTION_FLAG 1<<7 + + /* from include/sha1.h from the mysql-server source distribution */ + #define SHA1_HASH_SIZE 20 /* Hash size in bytes */ +@@ -239,6 +240,15 @@ + return (!strcmp(scrambled_passwd, enc_passwd)); + } + ++static int check_apache_encryption(const char *passwd, char *enc_passwd) ++{ ++#ifdef APACHE2 ++ return (!apr_password_validate(passwd, enc_passwd)); ++#else ++ return (!ap_validate_password(passwd, enc_passwd)); ++#endif ++} ++ + typedef struct { + char *name; + int (*check_function)(const char *passwd, char *enc_passwd); +@@ -257,6 +267,7 @@ + { "Crypt", check_crypt_encryption, CRYPT_ENCRYPTION_FLAG }, + { "PHP_MD5", check_PHP_MD5_encryption, PHP_MD5_ENCRYPTION_FLAG }, + { "SHA1Sum", check_SHA1Sum_encryption, SHA1SUM_ENCRYPTION_FLAG}, ++ { "Apache", check_apache_encryption, APACHE_ENCRYPTION_FLAG }, + /* add additional encryption types below */ + { NULL, NULL, 0 } + }; --- mod-auth-mysql-4.3.9.orig/debian/patches/006-options.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/006-options.dpatch @@ -0,0 +1,93 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 006-options.dpatch by Adrian Bridgett +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Properly set 1-byte int config variables + +@DPATCH@ +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2008-05-14 19:35:05.000000000 +0200 ++++ mod-auth-mysql/mod_auth_mysql.c 2008-05-14 20:05:44.000000000 +0200 +@@ -645,6 +645,24 @@ + return NULL; + } + ++static const char *set_empty_passwords(cmd_parms *cmd, void *sconf, int arg) ++{ ++ mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf; ++ ++ sec->allow_empty_passwords = arg; ++ APACHELOG(APLOG_DEBUG, cmd, "set_empty_passwords: Setting allow_empty_passwords in %s to %i", sec->dir, sec->allow_empty_passwords); ++ return NULL; ++} ++ ++static const char *set_authoritative(cmd_parms *cmd, void *sconf, int arg) ++{ ++ mysql_auth_config_rec *sec = (mysql_auth_config_rec *) sconf; ++ ++ sec->authoritative = arg; ++ APACHELOG(APLOG_DEBUG, cmd, "set_authoritative: Setting authoritative in %s to %i", sec->dir, sec->authoritative); ++ return NULL; ++} ++ + /* The command list. What it's called, when it's legal to use it, and + * what to do when we find it. Pretty cool, IMHO. + */ +@@ -788,20 +806,20 @@ + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field), + OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ), + +- AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", ap_set_flag_slot, +- (void*)APR_OFFSETOF(mysql_auth_config_rec, allow_empty_passwords), ++ AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", set_empty_passwords, ++ NULL, + OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), + +- AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", ap_set_flag_slot, +- (void*)APR_OFFSETOF(mysql_auth_config_rec, allow_empty_passwords), ++ AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", set_empty_passwords, ++ NULL, + OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), + +- AP_INIT_FLAG( "Auth_MySQL_Authoritative", ap_set_flag_slot, +- (void*)APR_OFFSETOF(mysql_auth_config_rec, authoritative), ++ AP_INIT_FLAG( "Auth_MySQL_Authoritative", set_authoritative, ++ NULL, + OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), + +- AP_INIT_FLAG( "AuthMySQL_Authoritative", ap_set_flag_slot, +- (void*)APR_OFFSETOF(mysql_auth_config_rec, authoritative), ++ AP_INIT_FLAG( "AuthMySQL_Authoritative", set_authoritative, ++ NULL, + OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), + + AP_INIT_FLAG( "AuthMySQL_AllowOverride", set_auth_mysql_override, +@@ -984,20 +1002,20 @@ + (void *) XtOffsetOf(mysql_auth_config_rec, group_user_field), + OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." }, + +- { "Auth_MySQL_Empty_Passwords", ap_set_flag_slot, +- (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), ++ { "Auth_MySQL_Empty_Passwords", set_empty_passwords, ++ NULL, + OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." }, + +- { "AuthMySQL_Empty_Passwords", ap_set_flag_slot, +- (void *) XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), ++ { "AuthMySQL_Empty_Passwords", set_empty_passwords, ++ NULL, + OR_AUTHCFG, FLAG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." }, + +- { "Auth_MySQL_Authoritative", ap_set_flag_slot, +- (void *) XtOffsetOf(mysql_auth_config_rec, authoritative), ++ { "Auth_MySQL_Authoritative", set_authoritative, ++ NULL, + OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, + +- { "AuthMySQL_Authoritative", ap_set_flag_slot, +- (void *) XtOffsetOf(mysql_auth_config_rec, authoritative), ++ { "AuthMySQL_Authoritative", set_authoritative, ++ NULL, + OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, + + { "AuthMySQL_AllowOverride", set_auth_mysql_override, --- mod-auth-mysql-4.3.9.orig/debian/patches/001-usage.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/001-usage.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 001-usage.dpatch by Matthew Palmer +## +## DP: Explain the md5 and sha1 cryptographic methods better + +@DPATCH@ + +--- orig/USAGE ++++ mod/USAGE +@@ -18,7 +18,10 @@ + primary key (username) + ); + +-This would work quite well. ++This would work quite well. Remember that the passwd field needs to be long ++enough to store the entire password string -- for example, if you are using ++MD5 passwords, passwd needs to be 32 characters long, and if you are using ++SHA1 it must be 40 characters long. + + NOTE 1: You don't have to use a new table for the purpose of storing + usernames and passwords; I quite happily use a 'members' table (with all --- mod-auth-mysql-4.3.9.orig/debian/patches/00list +++ mod-auth-mysql-4.3.9/debian/patches/00list @@ -0,0 +1,16 @@ +001-usage +003-ftbfs_apache2.2 +004-reconnect +005-directives +006-options +007-unify_namespace +008-make_scrambled_password +009-port-int +010-enctype-apache +011-auth_basic +012-charset +013-CVE-2008-2384_charset +014-default-password.dpatch +015-empty-passwords.dpatch +016-apr_pstrcat.dpatch +017-doc_persistent_conn.dpatch --- mod-auth-mysql-4.3.9.orig/debian/patches/008-make_scrambled_password.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/008-make_scrambled_password.dpatch @@ -0,0 +1,29 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 008-make_scrambled_password.dpatch by Joey Schulze +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Adjust the buffer size used by make_scrambled_password() + +@DPATCH@ +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2008-05-14 18:46:21.000000000 +0200 ++++ mod-auth-mysql/mod_auth_mysql.c 2008-05-14 22:15:44.000000000 +0200 +@@ -103,6 +103,9 @@ + #endif + #define SHA1SUM_ENCRYPTION_FLAG 1<<6 + ++/* from include/sha1.h from the mysql-server source distribution */ ++#define SHA1_HASH_SIZE 20 /* Hash size in bytes */ ++ + static int check_no_encryption(const char *passwd, char *enc_passwd) + { + return (!strcmp(passwd, enc_passwd)); +@@ -229,7 +232,7 @@ + + static int check_mysql_encryption(const char *passwd, char *enc_passwd) + { +- char scrambled_passwd[32]; ++ char scrambled_passwd[2*SHA1_HASH_SIZE + 2]; + + make_scrambled_password(scrambled_passwd, passwd); + return (!strcmp(scrambled_passwd, enc_passwd)); --- mod-auth-mysql-4.3.9.orig/debian/patches/013-CVE-2008-2384_charset.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/013-CVE-2008-2384_charset.dpatch @@ -0,0 +1,113 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 013-CVE-2008-2384_charset.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix CVE-2008-2384: Encode strings securely via mysql_real_escape_string() + +@DPATCH@ +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2009-01-07 21:47:20.000000000 +0100 ++++ mod-auth-mysql/mod_auth_mysql.c 2009-01-08 21:12:47.000000000 +0100 +@@ -340,6 +340,8 @@ typedef struct { + + module auth_mysql_module; + ++static int open_auth_dblink(request_rec *r, mysql_auth_config_rec *sec); ++ + #ifdef APACHE2 + static apr_status_t + #else +@@ -506,9 +508,9 @@ static const char *set_scrambled_passwor + * server when passed in as part of a query. + */ + #ifdef APACHE2 +-static char *mysql_escape(char *str, apr_pool_t *p) ++static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, apr_pool_t *p) + #else +-static char *mysql_escape(char *str, pool *p) ++static char *mysql_escape(mysql_auth_config_rec *sec, request_rec *r, char *str, pool *p) + #endif + { + char *dest; +@@ -522,7 +524,7 @@ static char *mysql_escape(char *str, poo + return str; + } + +- mysql_escape_string(dest, str, strlen(str)); ++ mysql_real_escape_string(sec->dbh, dest, str, strlen(str)); + + return dest; + } +@@ -1374,25 +1376,18 @@ static int open_auth_dblink(request_rec + } + + if (sec->db_charset) { ++ const char *check; ++ + APACHELOG(APLOG_DEBUG, r, + "Setting character set to %s", sec->db_charset); + +- query = (char *) PSTRCAT(r->pool, "SET CHARACTER SET ", sec->db_charset, NULL); +- if (!query) { +- APACHELOG(APLOG_ERR, r, +- "Failed to create query string - we're no good..."); +- return -1; +- } ++ mysql_set_character_set(sec->dbh, sec->db_charset); + +- if (mysql_query(sec->dbh, query)) { +- if (sec->dbh) +- { +- APACHELOG(APLOG_ERR, r, +- "Query call failed: %s (%i)", mysql_error(sec->dbh), +- mysql_errno(sec->dbh)); +- } ++ check = mysql_character_set_name(sec->dbh); + +- APACHELOG(APLOG_DEBUG, r, "Failed query was: [%s]", query); ++ if (!check || strcmp(sec->db_charset, check)) { ++ APACHELOG(APLOG_ERR, r, ++ "Failed to set character set to %s", sec->db_charset); + return -1; + } + } +@@ -1537,11 +1532,27 @@ static int mysql_check_user_password(req + char *auth_table = "mysql_auth", *auth_user_field = "username", + *auth_password_field = "passwd", *auth_password_clause = ""; + char *query; +- char *esc_user = mysql_escape(user, r->pool); ++ char *esc_user = NULL; + MYSQL_RES *result; + MYSQL_ROW sql_row; ++ int error = CR_UNKNOWN_ERROR; + int rv; + ++ if (!sec->dbh) { ++ APACHELOG(APLOG_DEBUG, r, ++ "No DB connection open - firing one up"); ++ if ((error = open_auth_dblink(r, sec))) { ++ APACHELOG(APLOG_DEBUG, r, ++ "open_auth_dblink returned %i", error); ++ return error; ++ } ++ ++ APACHELOG(APLOG_DEBUG, r, ++ "Correctly opened a new DB connection"); ++ } ++ ++ esc_user = mysql_escape(sec, r, user, r->pool); ++ + if (sec->user_table) { + auth_table = sec->user_table; + } +@@ -1627,8 +1638,8 @@ static int mysql_check_group(request_rec + { + char *auth_table = "mysql_auth", *auth_group_field="groups", *auth_group_clause=""; + char *query; +- char *esc_user = mysql_escape(user, r->pool); +- char *esc_group = mysql_escape(group, r->pool); ++ char *esc_user = mysql_escape(sec, r, user, r->pool); ++ char *esc_group = mysql_escape(sec, r, group, r->pool); + MYSQL_RES *result; + MYSQL_ROW row; + char *auth_user_field = "username"; --- mod-auth-mysql-4.3.9.orig/debian/patches/007-unify_namespace.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/007-unify_namespace.dpatch @@ -0,0 +1,603 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 007-auth_mysql_user.dpatch by Joey Schulze +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Unify AuthMySQL_ and Auth_MySQL_ namespace + +@DPATCH@ +diff -urNad mod-auth-mysql~/DIRECTIVES mod-auth-mysql/DIRECTIVES +--- mod-auth-mysql~/DIRECTIVES 2008-05-14 21:05:45.000000000 +0200 ++++ mod-auth-mysql/DIRECTIVES 2008-05-14 21:05:45.000000000 +0200 +@@ -1,23 +1,27 @@ + All the directives understood by this version of mod-auth-mysql are listed +-below. The huge number of synonym directives is due to the merging of two +-separate versions of the program, both of which had subtly different usage +-symantics. I'm sure there will be rationalisation in the near future. ++below. All directives exist in the two forms Auth_MySQL_* and AuthMySQL_* ++and share the same semantics. They are the result of merging two separate ++versions of the mod_auth_mysql in the first place, both of which had subtly ++different usage symantics. The directive names have since then unified. ++ ++Auth_MySQL ++ Enable/disable MySQL authentication + + Auth_MySQL_Info + Server-wide config option to specify the database host, username, + and password used to connect to the MySQL server. + + This option affects all directories which do not override it via +- AuthMySQL_Host, AuthMySQL_User, and/or AuthMySQL_Password. ++ Auth_MySQL_Host, Auth_MySQL_User, and/or Auth_MySQL_Password. + +-AuthMySQL_DefaultHost ++Auth_MySQL_DefaultHost + Specifies the MySQL server to use for authentication. + + This option affects all directories which do not override it via +- AuthMySQL_Host. ++ Auth_MySQL_Host. + +-AuthMySQL_Host +- Synonym for AuthMySQL_DefaultHost, to be used in .htaccess files and ++Auth_MySQL_Host ++ Synonym for Auth_MySQL_DefaultHost, to be used in .htaccess files and + directory-specific entries. + + Auth_MySQL_DefaultPort +@@ -28,35 +32,37 @@ + Auth_MySQL_Port. + + Auth_MySQL_Port +- Specifies a non-default port to use (other than 3306) when talking +- to the MySQL server on AuthMySQL_Host or AuthMySQL_DefaultHost. ++ Synonym for Auth_MySQL_DefaultPort, to be used in .htaccess files and ++ directory-specific entries. + + Auth_MySQL_DefaultSocket +- If using a local MySQL server, you can +- specify a non-default named pipe to use instead of the default pipe +- name compiled into your MySQL client library. ++ If using a local MySQL server, you can specify a non-default named ++ pipe to use instead of the default pipe name compiled into your MySQL ++ client library. + + This option affects all directories which do not override it via + Auth_MySQL_Socket. + + Auth_MySQL_Socket +- If using a local MySQL server, you can specify a non-default named +- pipe to use instead of the default one compiled into MySQL with this +- option. ++ Synonym for Auth_MySQL_DefaultSocket, to be used in .htaccess files and ++ directory-specific entries. + +-AuthMySQL_DefaultUser ++Auth_MySQL_DefaultUser + Specifies the username for connection to the MySQL server. + +-AuthMySQL_User +- Synonym for AuthMySQL_DefaultUser, to be used in .htaccess files and ++Auth_MySQL_User ++ Synonym for Auth_MySQL_DefaultUser, to be used in .htaccess files and + directory-specific entries. + +-AuthMySQL_DefaultPassword ++Auth_MySQL_Username ++ Synonym for Auth_MySQL_User. ++ ++Auth_MySQL_DefaultPassword + Specifies the password user together with the above user. + +-AuthMySQL_Password +- Synonym for AuthMySQL_Password, to be used in .htaccess files and +- directory-specific entries. ++Auth_MySQL_Password ++ Synonym for Auth_MySQL_DefaultPassword, to be used in .htaccess files ++ and directory-specific entries. + + Auth_MySQL_General_DB + Server-wide, specifies a default database name to use. +@@ -65,13 +71,9 @@ + Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and + directory-specific entries. + +-AuthMySQL_DefaultDB ++Auth_MySQL_DefaultDB + Synonym for Auth_MySQL_General_DB. + +-AuthMySQL_DB +- Synonym for Auth_MySQL_General_DB, to be used in .htaccess files and +- directory-specific entries. +- + AuthName "" + Describes the data you're guarding. + +@@ -96,27 +98,18 @@ + The name of the MySQL table in the specified database which stores + username:password pairs. By default, it is 'mysql_auth'. + +-AuthMySQL_Password_Table +- Synonym for Auth_MySQL_Password_Table. +- + Auth_MySQL_Group_Table + As per ...Password_Table above, stores username:group pairs. + Normally you'll store username:password:group triplets in the one + table, but we are nothing if not flexible. Defaults to + 'mysql_auth'. + +-AuthMySQL_Group_Table +- Synonym for Auth_MySQL_Group_Table. +- + Auth_MySQL_Username_Field + The name of the field which stores usernames. Defaults to + 'username'. The username/password combo specified in Auth_MySQL_Info + must have select privileges to this field in the Password and Group + tables. + +-AuthMySQL_Username_Field +- Synonym for Auth_MySQL_Username_Field. +- + Auth_MySQL_Password_Field + As per ...Username_Field above, but for passwords. Same MySQL + access privileges. Defaults to 'password'. +@@ -128,9 +121,6 @@ + As per ...Username_Field above. Defaults to 'groups'. The query + will use FIND_IN_SET(,). + +-AuthMySQL_Group_Field +- Synonym for Auth_MySQL_Group_Field. +- + Auth_MySQL_Group_User_Field + The name of the field in the groups table which stores the username. + Defaults to the field name specified for usernames in the passwords +@@ -147,6 +137,9 @@ + Adds arbitrary clause to username:group matching query, for example: + " AND Allowed=1". Clause has to start with space. Default is empty. + ++Auth_MySQL_Where_Clause ++ Synonym for Auth_MySQL_Password_Clause. ++ + Auth_MySQL_Empty_Passwords + Whether or not to allow empty passwords. If the password field is + empty (equals to '') and this option is 'on', users would be able to +@@ -154,9 +147,6 @@ + PASSWORD CHECKING. If this is 'off', they would be denied access. + Default: 'on'. + +-AuthMySQL_Empty_Passwords +- Synonym for Auth_MySQL_Empty_Passwords. +- + Auth_MySQL_Encryption_Types + + Select which types of encryption to check, and in which order to +@@ -205,9 +195,6 @@ + MySQL + The hashing scheme used by the MySQL PASSWORD() function. + +-AuthMySQL_Encryption_Types +- Synonym for Auth_MySQL_Encryption_Types. +- + Auth_MySQL_Encrypted_Passwords (DEPRECATED) + Equivalent to: Auth_MySQL_Encryption_Types Crypt_DES + Only used if ...Encryption_Types is not set. Defaults to 'on'. If +@@ -215,17 +202,11 @@ + ...Encryption_Types is not set, passwords are expected to be in + plaintext. + +-AuthMySQL_Encrypted_Passwords (DEPRECATED) +- Synonym for Auth_MySQL_Encrypted_Passwords. +- + Auth_MySQL_Scrambled_Passwords (DEPRECATED) + Equivalent to: Auth_MySQL_Encryption_Types MySQL + The same restrictions apply to this directive as to + ...Encrypted_Passwords. + +-AuthMySQL_Scrambled_Passwords (DEPRECATED) +- Synonym for Auth_MySQL_Scrambled_Passwords. +- + Auth_MySQL_Authoritative + Whether or not to use other authentication schemes if the user is + successfully authenticated. That is, if the user passes the MySQL +@@ -233,9 +214,6 @@ + option is set 'off'. The default is 'on' (i.e. if the user passes + the MySQL module, they're considered OK). + +-AuthMySQL_Authoritative +- Synonym for Auth_MySQL_Authoritative. +- + Auth_MySQL_Non_Persistent + If set to 'on', the link to the MySQL server is explicitly closed + after each authentication request. Note that I can't think of any +@@ -245,10 +223,10 @@ + increase the maximum number of simultaneous threads in MySQL and + keep this option off. Default: off, and for good reason. + +-AuthMySQL_Persistent ++Auth_MySQL_Persistent + An antonym for Auth_MySQL_Non_Persistent. + +-AuthMySQL_AllowOverride ++Auth_MySQL_AllowOverride + Whether or not .htaccess files are allowed to use their own + Host/User/Password/DB specifications. If set to 'off', then the + defaults specified in the httpd.conf cannot be overridden. +@@ -257,6 +235,3 @@ + Whether or not to enable MySQL authentication. If it's off, the + MySQL authentication will simply pass authentication off to other + modules defined. +- +-AuthMySQL +- Synonym for Auth_MYSQL. +diff -urNad mod-auth-mysql~/USAGE mod-auth-mysql/USAGE +--- mod-auth-mysql~/USAGE 2008-05-14 21:05:45.000000000 +0200 ++++ mod-auth-mysql/USAGE 2008-05-14 21:05:45.000000000 +0200 +@@ -44,9 +44,9 @@ + + or + +-AuthMySQL_DefaultHost +-AuthMySQL_DefaultUser +-AuthMySQL_DefaultPassword ++Auth_MySQL_DefaultHost ++Auth_MySQL_DefaultUser ++Auth_MySQL_DefaultPassword + + This should be placed globally. + +@@ -56,12 +56,12 @@ + Auth_MySQL_General_DB + + to set that. This setting can be overridden in .htaccess files if +-AuthMySQL_AllowOverride is set. ++Auth_MySQL_AllowOverride is set. + + On that topic, if you want .htaccess files to be restricted in what they're + able to connect to database-wise, you can + +-AuthMySQL_AllowOverride no ++Auth_MySQL_AllowOverride no + + and the host, user, password, and database name cannot be changed. + +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2008-05-14 21:05:45.000000000 +0200 ++++ mod-auth-mysql/mod_auth_mysql.c 2008-05-14 21:16:30.000000000 +0200 +@@ -674,14 +674,30 @@ + NULL, + RSRC_CONF, "host, user and password of the MySQL database" ), + ++ AP_INIT_TAKE3( "AuthMySQL_Info", set_auth_mysql_info, ++ NULL, ++ RSRC_CONF, "host, user and password of the MySQL database" ), ++ ++ AP_INIT_TAKE1( "Auth_MySQL_DefaultHost", set_auth_mysql_host, ++ NULL, ++ RSRC_CONF, "Default MySQL host" ), ++ + AP_INIT_TAKE1( "AuthMySQL_DefaultHost", set_auth_mysql_host, + NULL, + RSRC_CONF, "Default MySQL host" ), + ++ AP_INIT_TAKE1( "Auth_MySQL_DefaultUser", set_auth_mysql_user, ++ NULL, ++ RSRC_CONF, "Default MySQL user" ), ++ + AP_INIT_TAKE1( "AuthMySQL_DefaultUser", set_auth_mysql_user, + NULL, + RSRC_CONF, "Default MySQL user" ), + ++ AP_INIT_TAKE1( "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd, ++ NULL, ++ RSRC_CONF, "Default MySQL password" ), ++ + AP_INIT_TAKE1( "AuthMySQL_DefaultPassword", set_auth_mysql_pwd, + NULL, + RSRC_CONF, "Default MySQL password" ), +@@ -690,23 +706,39 @@ + NULL, + RSRC_CONF, "Default MySQL server port" ), + ++ AP_INIT_TAKE1( "AuthMySQL_DefaultPort", set_auth_mysql_port, ++ NULL, ++ RSRC_CONF, "Default MySQL server port" ), ++ + AP_INIT_TAKE1( "Auth_MySQL_DefaultSocket", set_auth_mysql_socket, + NULL, + RSRC_CONF, "Default MySQL server socket" ), + ++ AP_INIT_TAKE1( "AuthMySQL_DefaultSocket", set_auth_mysql_socket, ++ NULL, ++ RSRC_CONF, "Default MySQL server socket" ), ++ + AP_INIT_TAKE1( "Auth_MySQL_General_DB", set_auth_mysql_db, + NULL, + RSRC_CONF, "default database for MySQL authentication" ), + ++ AP_INIT_TAKE1( "AuthMySQL_General_DB", set_auth_mysql_db, ++ NULL, ++ RSRC_CONF, "default database for MySQL authentication" ), ++ ++ AP_INIT_TAKE1( "Auth_MySQL_DefaultDB", set_auth_mysql_db, ++ NULL, ++ RSRC_CONF, "default database for MySQL authentication" ), ++ + AP_INIT_TAKE1( "AuthMySQL_DefaultDB", set_auth_mysql_db, + NULL, + RSRC_CONF, "default database for MySQL authentication" ), + +- AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot, ++ AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), + OR_AUTHCFG, "database host" ), + +- AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot, ++ AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), + OR_AUTHCFG, "database host" ), + +@@ -730,12 +762,20 @@ + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + ++ AP_INIT_TAKE1( "AuthMySQL_Username", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), ++ OR_AUTHCFG, "database user" ), ++ ++ AP_INIT_TAKE1( "Auth_MySQL_User", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), ++ OR_AUTHCFG, "database user" ), ++ + AP_INIT_TAKE1( "AuthMySQL_User", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + + AP_INIT_TAKE1( "Auth_MySQL_Password", ap_set_string_slot, +- (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), + OR_AUTHCFG, "database password" ), + + AP_INIT_TAKE1( "AuthMySQL_Password", ap_set_string_slot, +@@ -762,13 +802,17 @@ + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), + OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), + ++ AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), ++ OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), ++ + AP_INIT_TAKE1( "Auth_MySQL_Group_Clause", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ), + +- AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot, +- (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), +- OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), ++ AP_INIT_TAKE1( "AuthMySQL_Group_Clause", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause), ++ OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ), + + AP_INIT_TAKE1( "Auth_MySQL_Password_Field", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field), +@@ -782,6 +826,10 @@ + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + ++ AP_INIT_TAKE1( "AuthMySQL_Password_Clause", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), ++ OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), ++ + AP_INIT_TAKE1( "Auth_MySQL_Username_Field", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field), + OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ), +@@ -822,6 +870,10 @@ + NULL, + OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), + ++ AP_INIT_FLAG( "Auth_MySQL_AllowOverride", set_auth_mysql_override, ++ NULL, ++ RSRC_CONF, "Allow directory overrides of configuration" ), ++ + AP_INIT_FLAG( "AuthMySQL_AllowOverride", set_auth_mysql_override, + NULL, + RSRC_CONF, "Allow directory overrides of configuration" ), +@@ -854,6 +906,14 @@ + NULL, + OR_AUTHCFG, "Use non-persistent MySQL links" ), + ++ AP_INIT_FLAG( "AuthMySQL_Non_Persistent", set_non_persistent, ++ NULL, ++ OR_AUTHCFG, "Use non-persistent MySQL links" ), ++ ++ AP_INIT_FLAG( "Auth_MySQL_Persistent", set_persistent, ++ NULL, ++ OR_AUTHCFG, "Use non-persistent MySQL links" ), ++ + AP_INIT_FLAG( "AuthMySQL_Persistent", set_persistent, + NULL, + OR_AUTHCFG, "Use non-persistent MySQL links" ), +@@ -870,6 +930,10 @@ + (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + ++ AP_INIT_TAKE1( "AuthMySQL_Where", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), ++ OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), ++ + { NULL } + }; + #else +@@ -878,14 +942,30 @@ + NULL, + RSRC_CONF, TAKE3, "host, user and password of the MySQL database" }, + ++ { "AuthMySQL_Info", set_auth_mysql_info, ++ NULL, ++ RSRC_CONF, TAKE3, "host, user and password of the MySQL database" }, ++ ++ { "Auth_MySQL_DefaultHost", set_auth_mysql_host, ++ NULL, ++ RSRC_CONF, TAKE1, "Default MySQL host" }, ++ + { "AuthMySQL_DefaultHost", set_auth_mysql_host, + NULL, + RSRC_CONF, TAKE1, "Default MySQL host" }, + ++ { "Auth_MySQL_DefaultUser", set_auth_mysql_user, ++ NULL, ++ RSRC_CONF, TAKE1, "Default MySQL user" }, ++ + { "AuthMySQL_DefaultUser", set_auth_mysql_user, + NULL, + RSRC_CONF, TAKE1, "Default MySQL user" }, + ++ { "Auth_MySQL_DefaultPassword", set_auth_mysql_pwd, ++ NULL, ++ RSRC_CONF, TAKE1, "Default MySQL password" }, ++ + { "AuthMySQL_DefaultPassword", set_auth_mysql_pwd, + NULL, + RSRC_CONF, TAKE1, "Default MySQL password" }, +@@ -894,23 +974,39 @@ + NULL, + RSRC_CONF, TAKE1, "Default MySQL server port" }, + ++ { "AuthMySQL_DefaultPort", set_auth_mysql_port, ++ NULL, ++ RSRC_CONF, TAKE1, "Default MySQL server port" }, ++ + { "Auth_MySQL_DefaultSocket", set_auth_mysql_socket, + NULL, + RSRC_CONF, TAKE1, "Default MySQL server socket" }, + ++ { "AuthMySQL_DefaultSocket", set_auth_mysql_socket, ++ NULL, ++ RSRC_CONF, TAKE1, "Default MySQL server socket" }, ++ + { "Auth_MySQL_General_DB", set_auth_mysql_db, + NULL, + RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + ++ { "AuthMySQL_General_DB", set_auth_mysql_db, ++ NULL, ++ RSRC_CONF, TAKE1, "default database for MySQL authentication" }, ++ ++ { "Auth_MySQL_DefaultDB", set_auth_mysql_db, ++ NULL, ++ RSRC_CONF, TAKE1, "default database for MySQL authentication" }, ++ + { "AuthMySQL_DefaultDB", set_auth_mysql_db, + NULL, + RSRC_CONF, TAKE1, "default database for MySQL authentication" }, + +- { "AuthMySQL_Host", ap_set_string_slot, ++ { "Auth_MySQL_Host", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_host), + OR_AUTHCFG, TAKE1, "database host" }, + +- { "Auth_MySQL_Host", ap_set_string_slot, ++ { "AuthMySQL_Host", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_host), + OR_AUTHCFG, TAKE1, "database host" }, + +@@ -918,14 +1014,30 @@ + (void *) XtOffsetOf(mysql_auth_config_rec, db_socket), + OR_AUTHCFG, TAKE1, "database host socket" }, + ++ { "AuthMySQL_Socket", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, db_socket), ++ OR_AUTHCFG, TAKE1, "database host socket" }, ++ + { "Auth_MySQL_Port", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_port), + OR_AUTHCFG, TAKE1, "database host socket" }, + ++ { "AuthMySQL_Port", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, db_port), ++ OR_AUTHCFG, TAKE1, "database host socket" }, ++ + { "Auth_MySQL_Username", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_user), + OR_AUTHCFG, TAKE1, "database user" }, + ++ { "AuthMySQL_Username", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, db_user), ++ OR_AUTHCFG, TAKE1, "database user" }, ++ ++ { "Auth_MySQL_User", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, db_user), ++ OR_AUTHCFG, TAKE1, "database user" }, ++ + { "AuthMySQL_User", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_user), + OR_AUTHCFG, TAKE1, "database user" }, +@@ -958,14 +1070,18 @@ + (void *) XtOffsetOf(mysql_auth_config_rec, group_table), + OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, + ++ { "AuthMySQL_Group_Table", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, group_table), ++ OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, ++ + { "Auth_MySQL_Group_Clause", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" }, + +- { "AuthMySQL_Group_Table", ap_set_string_slot, +- (void *) XtOffsetOf(mysql_auth_config_rec, group_table), +- OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." }, +- ++ { "AuthMySQL_Group_Clause", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, group_where_clause), ++ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group/user-name lookup" }, ++ + { "Auth_MySQL_Password_Field", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, password_field), + OR_AUTHCFG, TAKE1, "The name of the field in the MySQL password table" }, +@@ -978,6 +1094,10 @@ + (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + ++ { "AuthMySQL_Password_Clause", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), ++ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, ++ + { "Auth_MySQL_Username_Field", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, user_field), + OR_AUTHCFG, TAKE1, "The name of the user-name field in the MySQL password (and possibly group) table(s)." }, +@@ -1018,6 +1138,10 @@ + NULL, + OR_AUTHCFG, FLAG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." }, + ++ { "Auth_MySQL_AllowOverride", set_auth_mysql_override, ++ NULL, ++ RSRC_CONF, FLAG, "Allow directory overrides of configuration" }, ++ + { "AuthMySQL_AllowOverride", set_auth_mysql_override, + NULL, + RSRC_CONF, FLAG, "Allow directory overrides of configuration" }, +@@ -1050,6 +1174,14 @@ + NULL, + OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, + ++ { "AuthMySQL_Non_Persistent", set_non_persistent, ++ NULL, ++ OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, ++ ++ { "Auth_MySQL_Persistent", set_persistent, ++ NULL, ++ OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, ++ + { "AuthMySQL_Persistent", set_persistent, + NULL, + OR_AUTHCFG, FLAG, "Use non-persistent MySQL links" }, +@@ -1066,6 +1198,10 @@ + (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, + ++ { "AuthMySQL_Where", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, password_where_clause), ++ OR_AUTHCFG, TAKE1, "Additional WHERE clause for group password/user-name lookup" }, ++ + { NULL } + }; + --- mod-auth-mysql-4.3.9.orig/debian/patches/011-auth_basic.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/011-auth_basic.dpatch @@ -0,0 +1,32 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 011-auth_basic.dpatch by Joey Schulze +## +## DP: Document problems with other authentication modules + +@DPATCH@ +diff -urNad mod-auth-mysql~/USAGE mod-auth-mysql/USAGE +--- mod-auth-mysql~/USAGE 2008-11-21 16:16:37.000000000 +0100 ++++ mod-auth-mysql/USAGE 2008-11-21 16:24:41.000000000 +0100 +@@ -123,3 +123,22 @@ + + The full set of directives available are now listed in the file DIRECTIVES, + for ease of perusal. ++ ++Disable other Auth methods ++-------------------------- ++ ++For some reason Apache has problems handing over authority to this ++module if this is requested an another auth module is also loaded. ++ ++If you have another authentication module loaded, you'll have to ++disable it the hard way. ++ ++AuthBasicAuthoritative Off ++AuthUserFile /dev/null ++ ++The following option is not sufficient ++ ++Auth_MySQL_Authoritative On ++ ++If you experience similar problems with group membership, try ++repeating the same procedure with AuthGroupFile. --- mod-auth-mysql-4.3.9.orig/debian/patches/009-port-int.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/009-port-int.dpatch @@ -0,0 +1,38 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 009-port-int.dpatch by Lehel Bernadt +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Adjust port to int + +@DPATCH@ +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2008-05-15 08:44:54.000000000 +0200 ++++ mod-auth-mysql/mod_auth_mysql.c 2008-05-15 08:45:35.000000000 +0200 +@@ -753,11 +753,11 @@ + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket), + OR_AUTHCFG, "database host socket" ), + +- AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_string_slot, ++ AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_int_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), + OR_AUTHCFG, "database host port" ), + +- AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_string_slot, ++ AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_int_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), + OR_AUTHCFG, "database host port" ), + +@@ -1021,11 +1021,11 @@ + (void *) XtOffsetOf(mysql_auth_config_rec, db_socket), + OR_AUTHCFG, TAKE1, "database host socket" }, + +- { "Auth_MySQL_Port", ap_set_string_slot, ++ { "Auth_MySQL_Port", ap_set_int_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_port), + OR_AUTHCFG, TAKE1, "database host socket" }, + +- { "AuthMySQL_Port", ap_set_string_slot, ++ { "AuthMySQL_Port", ap_set_int_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, db_port), + OR_AUTHCFG, TAKE1, "database host socket" }, + --- mod-auth-mysql-4.3.9.orig/debian/patches/005-directives.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/005-directives.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 005-directives.dpatch by Joey Schulze +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Improve documentation for Auth_MySQL_Group_Field + +@DPATCH@ +diff -u -p -r1.1 -r1.2 +--- mod-auth-mysql/DIRECTIVES 14 May 2008 08:46:20 -0000 1.1 ++++ mod-auth-mysql/DIRECTIVES 14 May 2008 12:53:34 -0000 1.2 +@@ -125,7 +125,8 @@ AuthMySQL_Password_Field +- As per ...Username_Field above. Defaults to 'groups'. ++ As per ...Username_Field above. Defaults to 'groups'. The query ++ will use FIND_IN_SET(,). + + AuthMySQL_Group_Field + Synonym for Auth_MySQL_Group_Field. --- mod-auth-mysql-4.3.9.orig/debian/patches/016-apr_pstrcat.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/016-apr_pstrcat.dpatch @@ -0,0 +1,17 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 016-apr_pstrcat.dpatch by Peter Christensen +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add prototype for apr_pstrcat() + +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2010-01-23 18:05:56.000000000 +0100 ++++ mod-auth-mysql/mod_auth_mysql.c 2010-01-23 18:06:19.000000000 +0100 +@@ -51,6 +51,7 @@ + #include + #include + #include ++#include + #else + #include + #include --- mod-auth-mysql-4.3.9.orig/debian/patches/014-default-password.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/014-default-password.dpatch @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 014-default-password.dpatch by Joey Schulze +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix default password field name + +diff -urNad mod-auth-mysql~/DIRECTIVES mod-auth-mysql/DIRECTIVES +--- mod-auth-mysql~/DIRECTIVES 2010-01-23 17:41:45.000000000 +0100 ++++ mod-auth-mysql/DIRECTIVES 2010-01-23 17:47:02.000000000 +0100 +@@ -124,7 +124,7 @@ + + Auth_MySQL_Password_Field + As per ...Username_Field above, but for passwords. Same MySQL +- access privileges. Defaults to 'password'. ++ access privileges. Defaults to 'passwd'. + + AuthMySQL_Password_Field + Synonym for Auth_MySQL_Password_Field. --- mod-auth-mysql-4.3.9.orig/debian/patches/004-reconnect.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/004-reconnect.dpatch @@ -0,0 +1,34 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 004-reconnect.dpatch by Matej Vela +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Automatically re-establish connections with MySQL 5.0.3+. + +@DPATCH@ +diff -urNad libapache-mod-auth-mysql-4.3.9~/mod_auth_mysql.c libapache-mod-auth-mysql-4.3.9/mod_auth_mysql.c +--- libapache-mod-auth-mysql-4.3.9~/mod_auth_mysql.c 2008-02-12 15:33:56.000000000 +0100 ++++ libapache-mod-auth-mysql-4.3.9/mod_auth_mysql.c 2008-02-12 15:43:30.000000000 +0100 +@@ -1092,6 +1092,9 @@ + char *dbname = auth_db_name, *user = auth_db_user, *pwd = auth_db_pwd; + void (*sigpipe_handler)(); + unsigned long client_flag = 0; ++#if MYSQL_VERSION_ID >= 50013 ++ my_bool do_reconnect = 1; ++#endif + + APACHELOG(APLOG_DEBUG, r, "Opening DB connection for %s", sec->dir); + +@@ -1160,6 +1163,13 @@ + return errno; + } + ++#if MYSQL_VERSION_ID >= 50013 ++ /* The default is no longer to automatically reconnect on failure, ++ * (as of 5.0.3) so we have to set that option here. The option is ++ * available from 5.0.13. */ ++ mysql_options(sec->dbh, MYSQL_OPT_RECONNECT, &do_reconnect); ++#endif ++ + signal(SIGPIPE, sigpipe_handler); + + APACHELOG(APLOG_DEBUG, r, "Persistent in %s is %i", sec->dir, sec->persistent); --- mod-auth-mysql-4.3.9.orig/debian/patches/017-doc_persistent_conn.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/017-doc_persistent_conn.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 017-doc_persistent_conn.dpatch by Imran Chaudhry +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add information about MySQL connection timeout + +diff -urNad mod-auth-mysql~/DIRECTIVES mod-auth-mysql/DIRECTIVES +--- mod-auth-mysql~/DIRECTIVES 2010-01-27 16:12:27.000000000 +0100 ++++ mod-auth-mysql/DIRECTIVES 2010-01-27 17:04:45.000000000 +0100 +@@ -239,6 +239,11 @@ + increase the maximum number of simultaneous threads in MySQL and + keep this option off. Default: off, and for good reason. + ++ Please bear in mind that modern MySQL installations appear to have a ++ connection timeout of 28000 seconds (8 hours), one may want to lower ++ this to 30 (max_connections) if you have very busy site and are ++ observing spikes containing a large number of connection threads. ++ + Auth_MySQL_Persistent + An antonym for Auth_MySQL_Non_Persistent. + --- mod-auth-mysql-4.3.9.orig/debian/patches/012-charset.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/012-charset.dpatch @@ -0,0 +1,126 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 012-charset.dpatch by Joey Schulze +## +## DP: Add support for specifying the connection character set +## DP: via Auth_MySQL_CharacterSet. + +@DPATCH@ +diff -urNad mod-auth-mysql~/DIRECTIVES mod-auth-mysql/DIRECTIVES +--- mod-auth-mysql~/DIRECTIVES 2008-11-21 17:05:40.000000000 +0100 ++++ mod-auth-mysql/DIRECTIVES 2008-11-21 17:05:40.000000000 +0100 +@@ -74,6 +74,18 @@ + Auth_MySQL_DefaultDB + Synonym for Auth_MySQL_General_DB. + ++Auth_MySQL_CharacterSet ++ ++ Set the connection character set to the specified one. Otherwise no ++ particular character set is used when the connection is created. ++ This could cause problems with differently encoded strings and table ++ or column collations. The parameter must be a valid MySQL ++ character. It is mandatory if the character set used for tables/rows ++ differs from the default. ++ ++AuthMySQL_CharacterSet ++ Synonym for Auth_MySQL_CharacterSet. ++ + AuthName "" + Describes the data you're guarding. + +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2008-11-21 17:05:40.000000000 +0100 ++++ mod-auth-mysql/mod_auth_mysql.c 2008-11-21 17:05:50.000000000 +0100 +@@ -299,6 +299,7 @@ + char *db_user; + char *db_pwd; + char *db_name; ++ char *db_charset; + + MYSQL *dbh; + +@@ -344,6 +345,7 @@ + #else + static void + #endif ++ + auth_mysql_cleanup(void *ptr) + { + mysql_auth_config_rec *sec = ptr; +@@ -395,7 +397,7 @@ + sizeof(mysql_auth_config_rec)); + #endif + +- sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = NULL; ++ sec->db_name = sec->db_socket = sec->db_user = sec->db_pwd = sec->db_charset = NULL; + + sec->dbh = NULL; + /* When the memory for this connection record is cleaned, we must +@@ -804,6 +806,14 @@ + (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name), + OR_AUTHCFG, "database name" ), + ++ AP_INIT_TAKE1( "Auth_MySQL_CharacterSet", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset), ++ OR_AUTHCFG, "character set" ), ++ ++ AP_INIT_TAKE1( "AuthMySQL_CharacterSet", ap_set_string_slot, ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_charset), ++ OR_AUTHCFG, "character set" ), ++ + AP_INIT_TAKE1( "Auth_MySQL_Password_Table", ap_set_string_slot, + (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table), + OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ), +@@ -1072,6 +1082,14 @@ + (void *) XtOffsetOf(mysql_auth_config_rec, db_name), + OR_AUTHCFG, TAKE1, "database name" }, + ++ { "Auth_MySQL_CharacterSet", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, db_charset), ++ OR_AUTHCFG, TAKE1, "character set" }, ++ ++ { "AuthMySQL_CharacterSet", ap_set_string_slot, ++ (void *) XtOffsetOf(mysql_auth_config_rec, db_charset), ++ OR_AUTHCFG, TAKE1, "character set" }, ++ + { "Auth_MySQL_Password_Table", ap_set_string_slot, + (void *) XtOffsetOf(mysql_auth_config_rec, user_table), + OR_AUTHCFG, TAKE1, "Name of the MySQL table containing the password/user-name combination" }, +@@ -1264,6 +1282,7 @@ + #if MYSQL_VERSION_ID >= 50013 + my_bool do_reconnect = 1; + #endif ++ char *query; + + APACHELOG(APLOG_DEBUG, r, "Opening DB connection for %s", sec->dir); + +@@ -1354,6 +1373,30 @@ + #endif + } + ++ if (sec->db_charset) { ++ APACHELOG(APLOG_DEBUG, r, ++ "Setting character set to %s", sec->db_charset); ++ ++ query = (char *) PSTRCAT(r->pool, "SET CHARACTER SET ", sec->db_charset, NULL); ++ if (!query) { ++ APACHELOG(APLOG_ERR, r, ++ "Failed to create query string - we're no good..."); ++ return -1; ++ } ++ ++ if (mysql_query(sec->dbh, query)) { ++ if (sec->dbh) ++ { ++ APACHELOG(APLOG_ERR, r, ++ "Query call failed: %s (%i)", mysql_error(sec->dbh), ++ mysql_errno(sec->dbh)); ++ } ++ ++ APACHELOG(APLOG_DEBUG, r, "Failed query was: [%s]", query); ++ return -1; ++ } ++ } ++ + /* W00t! We made it! */ + return 0; + } --- mod-auth-mysql-4.3.9.orig/debian/patches/003-ftbfs_apache2.2.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/003-ftbfs_apache2.2.dpatch @@ -0,0 +1,180 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 003-ftbfs_apache2.2.dpatch by Julian Calaby +## +## DP: Fixes the FTBFS against apache2.2 (see #389579 for more information) + +@DPATCH@ + +--- libapache-mod-auth-mysql-4.3.9.old/mod_auth_mysql.c 2006-11-21 15:07:43.000000000 +1100 ++++ libapache-mod-auth-mysql-4.3.9/mod_auth_mysql.c 2006-11-21 16:42:29.000000000 +1100 +@@ -48,6 +48,7 @@ + #include + #ifdef APACHE2 + #include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ ++#include + #include + #include + #else +@@ -684,123 +685,123 @@ + RSRC_CONF, "default database for MySQL authentication" ), + + AP_INIT_TAKE1( "AuthMySQL_Host", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), + OR_AUTHCFG, "database host" ), + + AP_INIT_TAKE1( "Auth_MySQL_Host", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_host), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_host), + OR_AUTHCFG, "database host" ), + + AP_INIT_TAKE1( "Auth_MySQL_Socket", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket), + OR_AUTHCFG, "database host socket" ), + + AP_INIT_TAKE1( "AuthMySQL_Socket", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_socket), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_socket), + OR_AUTHCFG, "database host socket" ), + + AP_INIT_TAKE1( "Auth_MySQL_Port", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), + OR_AUTHCFG, "database host port" ), + + AP_INIT_TAKE1( "AuthMySQL_Port", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_port), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_port), + OR_AUTHCFG, "database host port" ), + + AP_INIT_TAKE1( "Auth_MySQL_Username", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + + AP_INIT_TAKE1( "AuthMySQL_User", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_user), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_user), + OR_AUTHCFG, "database user" ), + + AP_INIT_TAKE1( "Auth_MySQL_Password", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), + OR_AUTHCFG, "database password" ), + + AP_INIT_TAKE1( "AuthMySQL_Password", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_pwd), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_pwd), + OR_AUTHCFG, "database password" ), + + AP_INIT_TAKE1( "Auth_MySQL_DB", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name), + OR_AUTHCFG, "database name" ), + + AP_INIT_TAKE1( "AuthMySQL_DB", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, db_name), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, db_name), + OR_AUTHCFG, "database name" ), + + AP_INIT_TAKE1( "Auth_MySQL_Password_Table", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table), + OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ), + + AP_INIT_TAKE1( "AuthMySQL_Password_Table", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_table), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_table), + OR_AUTHCFG, "Name of the MySQL table containing the password/user-name combination" ), + + AP_INIT_TAKE1( "Auth_MySQL_Group_Table", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), + OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), + + AP_INIT_TAKE1( "Auth_MySQL_Group_Clause", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_where_clause), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group/user-name lookup" ), + + AP_INIT_TAKE1( "AuthMySQL_Group_Table", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_table), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_table), + OR_AUTHCFG, "Name of the MySQL table containing the group-name/user-name combination; can be the same as the password-table." ), + + AP_INIT_TAKE1( "Auth_MySQL_Password_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field), + OR_AUTHCFG, "The name of the field in the MySQL password table" ), + + AP_INIT_TAKE1( "AuthMySQL_Password_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_field), + OR_AUTHCFG, "The name of the field in the MySQL password table" ), + + AP_INIT_TAKE1( "Auth_MySQL_Password_Clause", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + + AP_INIT_TAKE1( "Auth_MySQL_Username_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field), + OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ), + + AP_INIT_TAKE1( "AuthMySQL_Username_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, user_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, user_field), + OR_AUTHCFG, "The name of the user-name field in the MySQL password (and possibly group) table(s)." ), + + AP_INIT_TAKE1( "Auth_MySQL_Group_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field), + OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ), + + AP_INIT_TAKE1( "AuthMySQL_Group_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_field), + OR_AUTHCFG, "The name of the group field in the MySQL group table; must be set if you want to use groups." ), + + AP_INIT_TAKE1( "Auth_MySQL_Group_User_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field), + OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ), + + AP_INIT_TAKE1( "AuthMySQL_Group_User_Field", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, group_user_field), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, group_user_field), + OR_AUTHCFG, "The name of the user-name field in the MySQL group table; defaults to the same as the username field for the password table." ), + + AP_INIT_FLAG( "Auth_MySQL_Empty_Passwords", ap_set_flag_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, allow_empty_passwords), + OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), + + AP_INIT_FLAG( "AuthMySQL_Empty_Passwords", ap_set_flag_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, allow_empty_passwords), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, allow_empty_passwords), + OR_AUTHCFG, "Enable (on) or disable (off) empty password strings; in which case any user password is accepted." ), + + AP_INIT_FLAG( "Auth_MySQL_Authoritative", ap_set_flag_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, authoritative), + OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), + + AP_INIT_FLAG( "AuthMySQL_Authoritative", ap_set_flag_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, authoritative), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, authoritative), + OR_AUTHCFG, "When 'on' the MySQL database is taken to be authoritative and access control is not passed along to other db or access modules." ), + + AP_INIT_FLAG( "AuthMySQL_AllowOverride", set_auth_mysql_override, +@@ -848,7 +849,7 @@ + OR_AUTHCFG, "Enable MySQL authentication" ), + + AP_INIT_TAKE1( "Auth_MySQL_Where", ap_set_string_slot, +- (void*)APR_XtOffsetOf(mysql_auth_config_rec, password_where_clause), ++ (void*)APR_OFFSETOF(mysql_auth_config_rec, password_where_clause), + OR_AUTHCFG, "Additional WHERE clause for group password/user-name lookup" ), + + { NULL } --- mod-auth-mysql-4.3.9.orig/debian/patches/015-empty-passwords.dpatch +++ mod-auth-mysql-4.3.9/debian/patches/015-empty-passwords.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 015-empty-passwords.dpatch by David Prévot +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Adjust behaviour of Auth_MySQL_Empty_Passwords + +diff -urNad mod-auth-mysql~/mod_auth_mysql.c mod-auth-mysql/mod_auth_mysql.c +--- mod-auth-mysql~/mod_auth_mysql.c 2010-01-23 17:54:17.000000000 +0100 ++++ mod-auth-mysql/mod_auth_mysql.c 2010-01-23 17:54:23.000000000 +0100 +@@ -1504,10 +1504,16 @@ + encryption_type_entry *ete; + + /* empty password support */ +- if (sec->allow_empty_passwords && !strlen(hashed)) { +- APACHELOG(APLOG_INFO, r, "User successful on empty password"); +- return 1; +- } ++ if (!strlen(hashed)) { ++ if (sec->allow_empty_passwords) { ++ APACHELOG(APLOG_INFO, r, "User successful on empty password"); ++ return 1; ++ } else { ++ APACHELOG(APLOG_INFO, r, "Rejecting login because of empty password field in DB"); ++ return 0; ++ } ++ } ++ + + for (ete=supported_encryption_types; ete->name; ete++) { + if (sec->encryption_types & ete->flag) {