--- mod_auth_pgsql.c.orig Fri Jan 11 16:46:50 2002 +++ mod_auth_pgsql.c Thu May 2 18:40:29 2002 @@ -106,14 +106,6 @@ #define MAX_STRING_LEN 3000 #endif -/* Cache table size */ -#ifndef MAX_TABLE_LEN -#define MAX_TABLE_LEN 50 -#endif - -#define AUTH_PG_HASH_TYPE_CRYPT 1 -#define AUTH_PG_HASH_TYPE_MD5 2 - typedef struct { @@ -123,31 +115,11 @@ char *auth_pg_options; char *auth_pg_user; char *auth_pg_pwd; - char *auth_pg_pwd_table; - char *auth_pg_grp_table; - char *auth_pg_uname_field; - char *auth_pg_pwd_field; - char *auth_pg_grp_field; - char *auth_pg_pwd_whereclause; - char *auth_pg_grp_whereclause; + char *auth_pg_function; + char *auth_pg_context; + char *auth_pg_finish; - int auth_pg_nopasswd; int auth_pg_authoritative; - int auth_pg_lowercaseuid; - int auth_pg_uppercaseuid; - int auth_pg_pwdignorecase; - int auth_pg_encrypted; - int auth_pg_hash_type; - int auth_pg_cache_passwords; - - char *auth_pg_log_table; - char *auth_pg_log_addrs_field; - char *auth_pg_log_uname_field; - char *auth_pg_log_pwd_field; - char *auth_pg_log_date_field; - char *auth_pg_log_uri_field; - - table *cache_pass_table; } pg_auth_config_rec; @@ -176,106 +148,22 @@ new_rec->auth_pg_options = NULL; new_rec->auth_pg_user = NULL; new_rec->auth_pg_pwd = NULL; - new_rec->auth_pg_pwd_table = NULL; - new_rec->auth_pg_grp_table = NULL; - new_rec->auth_pg_uname_field = NULL; - new_rec->auth_pg_pwd_field = NULL; - new_rec->auth_pg_grp_field = NULL; - new_rec->auth_pg_pwd_whereclause = NULL; - new_rec->auth_pg_grp_whereclause = NULL; + new_rec->auth_pg_function = NULL; + new_rec->auth_pg_context = NULL; + new_rec->auth_pg_finish = NULL; - new_rec->auth_pg_nopasswd = 0; new_rec->auth_pg_authoritative = 1; - new_rec->auth_pg_lowercaseuid = 0; - new_rec->auth_pg_uppercaseuid = 0; - new_rec->auth_pg_pwdignorecase = 0; - new_rec->auth_pg_encrypted = 1; - new_rec->auth_pg_hash_type = AUTH_PG_HASH_TYPE_CRYPT; - new_rec->auth_pg_cache_passwords = 0; - - new_rec->auth_pg_log_table = NULL; - new_rec->auth_pg_log_addrs_field = NULL; - new_rec->auth_pg_log_uname_field = NULL; - new_rec->auth_pg_log_pwd_field = NULL; - new_rec->auth_pg_log_date_field = NULL; - new_rec->auth_pg_log_uri_field = NULL; - - // make a per directory cache table - new_rec->cache_pass_table = - ap_make_table (auth_pgsql_pool, MAX_TABLE_LEN); - if (new_rec->cache_pass_table == NULL) - return NULL; return new_rec; } _const char * -pg_set_hash_type (cmd_parms * cmd, pg_auth_config_rec * sec, - const char *hash_type) -{ - if (!strcasecmp (hash_type, "MD5")) - sec->auth_pg_hash_type = AUTH_PG_HASH_TYPE_MD5; - else if (!strcasecmp (hash_type, "CRYPT")) - sec->auth_pg_hash_type = AUTH_PG_HASH_TYPE_CRYPT; - else - return ap_pstrcat (cmd->pool, - "Invalid hash type for Auth_PG_hash_type: ", - hash_type, NULL); - return NULL; -} - -_const char * -pg_set_cache_passwords_flag (cmd_parms * cmd, pg_auth_config_rec * sec, - int arg) -{ - sec->auth_pg_cache_passwords = arg; - return NULL; -} - -_const char * -pg_set_passwd_flag (cmd_parms * cmd, pg_auth_config_rec * sec, int arg) -{ - sec->auth_pg_nopasswd = arg; - return NULL; -} - -_const char * -pg_set_encrypted_flag (cmd_parms * cmd, pg_auth_config_rec * sec, int arg) -{ - sec->auth_pg_encrypted = arg; - return NULL; -} - -_const char * pg_set_authoritative_flag (cmd_parms * cmd, pg_auth_config_rec * sec, int arg) { sec->auth_pg_authoritative = arg; return NULL; } -_const -char* pg_set_lowercaseuid_flag (cmd_parms *cmd, pg_auth_config_rec *sec, int arg) -{ - sec->auth_pg_lowercaseuid=arg; - sec->auth_pg_uppercaseuid=0; - return NULL; -} - -_const -char* pg_set_uppercaseuid_flag (cmd_parms *cmd, pg_auth_config_rec *sec, int arg) -{ - sec->auth_pg_uppercaseuid=arg; - sec->auth_pg_lowercaseuid=0; - return NULL; -} - -_const -char* pg_set_pwdignorecase_flag (cmd_parms *cmd, pg_auth_config_rec *sec, int arg) -{ - sec->auth_pg_pwdignorecase=arg; - return NULL; -} - command_rec pg_auth_cmds[] = { {"Auth_PG_host", ap_set_string_slot, (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_host), @@ -301,95 +189,25 @@ {"Auth_PG_pwd", ap_set_string_slot, (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_pwd), - OR_AUTHCFG, TAKE1, "user name connect as"}, + OR_AUTHCFG, TAKE1, "user pass connect as"}, - {"Auth_PG_pwd_table", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_pwd_table), + {"Auth_PG_function", ap_set_string_slot, + (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_function), OR_AUTHCFG, TAKE1, - "the name of the table containing username/password tuples."}, + "the name of the function to handle username/password tuples."}, - {"Auth_PG_grp_table", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_grp_table), - OR_AUTHCFG, TAKE1, - "the name of the table containing username/group tuples."}, + {"Auth_PG_context", ap_set_string_slot, + (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_context), + OR_AUTHCFG, TAKE1, "the name of the context."}, - {"Auth_PG_pwd_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_pwd_field), - OR_AUTHCFG, TAKE1, "the name of the password field."}, - - {"Auth_PG_uid_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_uname_field), - OR_AUTHCFG, TAKE1, "the name of the user-id field."}, - - {"Auth_PG_gid_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_grp_field), - OR_AUTHCFG, TAKE1, - "the name of the group-name field."}, - - {"Auth_PG_nopasswd", pg_set_passwd_flag, NULL, OR_AUTHCFG, FLAG, - "'on' or 'off'"}, - - {"Auth_PG_encrypted", pg_set_encrypted_flag, NULL, OR_AUTHCFG, FLAG, - "'on' or 'off'"}, - - {"Auth_PG_hash_type", pg_set_hash_type, NULL, OR_AUTHCFG, TAKE1, - "password hash type (CRYPT|MD5)."}, - - {"Auth_PG_cache_passwords", pg_set_cache_passwords_flag, NULL, OR_AUTHCFG, FLAG, - "'on' or 'off'"}, + {"Auth_PG_finish", ap_set_string_slot, + (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_finish), + OR_AUTHCFG, TAKE1, "request at end of page to drop PostgreSQL connect."}, {"Auth_PG_authoritative", pg_set_authoritative_flag, NULL, OR_AUTHCFG, FLAG, "'on' or 'off'"}, - { "Auth_PG_lowercase_uid", pg_set_lowercaseuid_flag, NULL, OR_AUTHCFG, FLAG, - "'on' or 'off'" }, - - { "Auth_PG_uppercase_uid", pg_set_uppercaseuid_flag, NULL, OR_AUTHCFG, FLAG, - "'on' or 'off'" }, - - { "Auth_PG_pwd_ignore_case", pg_set_pwdignorecase_flag, NULL, OR_AUTHCFG, FLAG, - "'on' or 'off'" }, - - {"Auth_PG_grp_whereclause", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_grp_whereclause), - OR_AUTHCFG, TAKE1, - "an SQL fragement that can be attached to the end of a where clause."}, - - {"Auth_PG_pwd_whereclause", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_pwd_whereclause), - OR_AUTHCFG, TAKE1, - "an SQL fragement that can be attached to the end of a where clause."}, - - {"Auth_PG_log_table", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_log_table), - OR_AUTHCFG, TAKE1, "the name of the table containing log tuples."}, - - {"Auth_PG_log_addrs_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_log_addrs_field), - OR_AUTHCFG, TAKE1, - "the name of the field containing addrs in the log table (type char)."}, - - {"Auth_PG_log_uname_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_log_uname_field), - OR_AUTHCFG, TAKE1, - "the name of the field containing username in the log table (type char)."}, - - {"Auth_PG_log_pwd_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_log_pwd_field), - OR_AUTHCFG, TAKE1, - "the name of the field containing password in the log table (type char)."}, - - {"Auth_PG_log_date_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_log_date_field), - OR_AUTHCFG, TAKE1, - "the name of the field containing date in the log table (type char)."}, - - {"Auth_PG_log_uri_field", ap_set_string_slot, - (void *) XtOffsetOf (pg_auth_config_rec, auth_pg_log_uri_field), - OR_AUTHCFG, TAKE1, - "the name of the field containing uri (Object fetched) in the log table (type char)."}, - {NULL} }; @@ -399,25 +217,7 @@ /* global errno to be able to handle config/sql * failures separately */ - -char * -auth_pg_md5 (char *pw) -{ - AP_MD5_CTX ctx; - unsigned char digest[16]; - static char md5hash[33]; - int i; - - ap_MD5Init (&ctx); - ap_MD5Update (&ctx, pw, strlen (pw)); - ap_MD5Final (digest, &ctx); - - for (i = 0; i < 16; i++) - sprintf (&md5hash[i + i], "%02x", digest[i]); - - md5hash[32] = '\0'; - return md5hash; -} +PGconn *pg_conn = NULL; /* Got from POstgreSQL 7.2 */ /* --------------- @@ -431,13 +231,17 @@ */ size_t -pg_check_string (char *to, const char *from, size_t length) +pg_check_string (char *to, const char *from) { const char *source = from; char *target = to; - unsigned int remaining = length; - while (remaining > 0) + if (!from) + { strcpy(to, "NULL"); + return(strlen(to)); + } + *target++ = '\''; + while (*source) { switch (*source) { @@ -461,9 +265,9 @@ } source++; target++; - remaining--; } + *target++ = '\''; /* Write the terminating NUL character. */ *target = '\0'; @@ -475,10 +279,9 @@ * a select. */ char * -do_pg_query (request_rec * r, char *query, pg_auth_config_rec * sec) +do_pg_query (request_rec * r, char *query, pg_auth_config_rec * sec, int finish) { - PGconn *pg_conn; PGresult *pg_result; char *val; @@ -486,41 +289,42 @@ pg_errstr[0] = '\0'; - pg_conn = - PQsetdbLogin (sec->auth_pg_host, sec->auth_pg_port, + if (!pg_conn || PQstatus (pg_conn) != CONNECTION_OK) + { pg_conn = + PQsetdbLogin (sec->auth_pg_host, sec->auth_pg_port, sec->auth_pg_options, NULL, sec->auth_pg_database, sec->auth_pg_user, sec->auth_pg_pwd); - if (PQstatus (pg_conn) != CONNECTION_OK) - { - snprintf (pg_errstr, MAX_STRING_LEN, "PGSQL 1: %s", + if (PQstatus (pg_conn) != CONNECTION_OK) + { + snprintf (pg_errstr, MAX_STRING_LEN, "PGSQL 1: %s", PQerrorMessage (pg_conn)); - return NULL; - } + return NULL; + } } pg_result = PQexec (pg_conn, query); if (pg_result == NULL) { - snprintf (pg_errstr, MAX_STRING_LEN, "PGSQL 2: %s -- Query: %s ", - PQerrorMessage (pg_conn), query); - PQfinish (pg_conn); + snprintf (pg_errstr, MAX_STRING_LEN, "PGSQL 2: %s\n", + PQerrorMessage (pg_conn)); + if (pg_conn && finish) PQfinish (pg_conn); return NULL; } if (PQresultStatus (pg_result) == PGRES_EMPTY_QUERY) { PQclear (pg_result); - PQfinish (pg_conn); + if (pg_conn && finish) PQfinish (pg_conn); return NULL; } if (PQresultStatus (pg_result) != PGRES_TUPLES_OK) { - snprintf (pg_errstr, MAX_STRING_LEN, "PGSQL 3: %s -- Query: %s", - PQerrorMessage (pg_conn), query); + snprintf (pg_errstr, MAX_STRING_LEN, "PGSQL 3: %s\n", + PQerrorMessage (pg_conn)); PQclear (pg_result); - PQfinish (pg_conn); + if (pg_conn && finish) PQfinish (pg_conn); return NULL; } @@ -532,7 +336,7 @@ snprintf (pg_errstr, MAX_STRING_LEN, "PGSQL 4: %s", PQerrorMessage (pg_conn)); PQclear (pg_result); - PQfinish (pg_conn); + if (pg_conn && finish) PQfinish (pg_conn); return NULL; } @@ -541,7 +345,7 @@ snprintf (pg_errstr, MAX_STRING_LEN, "Could not get memory for Postgres query."); PQclear (pg_result); - PQfinish (pg_conn); + if (pg_conn && finish) PQfinish (pg_conn); return NULL; } @@ -550,109 +354,52 @@ /* ignore errors here ! */ PQclear (pg_result); - PQfinish (pg_conn); + if (pg_conn && finish) PQfinish(pg_conn); return result; } char * -get_pg_pw (request_rec * r, char *user, pg_auth_config_rec * sec) +get_pg_pw (request_rec * r, char *user, pg_auth_config_rec * sec, char *sent_pw) { - char query[MAX_STRING_LEN]; - char safe_user[1 + 2 * strlen (user)]; +#define MAX_QUERY_LEN 32768 + char query[MAX_QUERY_LEN]; + char safe_user[3 + 2 * strlen (user)]; + char safe_pw[3 + 2 * strlen (sent_pw)]; + char safe_uri[3 + 2 * strlen (r->uri)]; + char safe_args[3 + 2 * (r->args ? strlen (r->args) : 0)]; + char safe_protocol[3 + 2 * (r->protocol ? strlen (r->protocol) : 0)]; int n; - pg_check_string (safe_user, user, strlen (user)); + pg_check_string (safe_user, user); + pg_check_string (safe_pw, sent_pw); + pg_check_string (safe_uri, r->uri); + pg_check_string (safe_args, r->args); + pg_check_string (safe_protocol, r->protocol); - if ((!sec->auth_pg_pwd_table) || - (!sec->auth_pg_pwd_field) || (!sec->auth_pg_uname_field)) + if ((!sec->auth_pg_function)) { - snprintf (pg_errstr, MAX_STRING_LEN, - "PG: Missing parameters for password lookup: %s%s%s", - (sec->auth_pg_pwd_table ? "" : "Password table "), - (sec->auth_pg_pwd_field ? "" : "Password field name "), - (sec->auth_pg_uname_field ? "" : "UserID field name ")); + snprintf (pg_errstr, MAX_QUERY_LEN, + "PG: Missing parameters for password lookup: Test function "); return NULL; }; - - if (sec->auth_pg_lowercaseuid) { - /* and force it to lowercase */ - n=0; - while(safe_user[n] && n < (MAX_STRING_LEN-1)) { - if (isupper(safe_user[n])) { - safe_user[n] = tolower(safe_user[n]); - } - n++; - } - } - - if (sec->auth_pg_uppercaseuid) { - /* and force it to uppercase */ - n=0; - while(safe_user[n] && n < (MAX_STRING_LEN-1)) { - if (islower(safe_user[n])) { - safe_user[n] = toupper(safe_user[n]); - } - n++; - } - } - - n = snprintf (query, MAX_STRING_LEN, "select %s from %s where %s='%s' %s", - sec->auth_pg_pwd_field, - sec->auth_pg_pwd_table, - sec->auth_pg_uname_field, + n = snprintf (query, MAX_STRING_LEN, "SELECT \"%s\"(%s%s%s%s, %s, '%s', %s, %s, %s);", + sec->auth_pg_function, + sec->auth_pg_context ? "'" : "", + sec->auth_pg_context ? sec->auth_pg_context : "", + sec->auth_pg_context ? "', " : "", safe_user, - sec->auth_pg_pwd_whereclause ? sec-> - auth_pg_pwd_whereclause : ""); - - if (n < 0 || n > MAX_STRING_LEN) - { - snprintf (pg_errstr, MAX_STRING_LEN, - "PG: Detected SQL-truncation attack. Auth aborted."); - return NULL; - } - return do_pg_query (r, query, sec); -} - -char * -get_pg_grp (request_rec * r, char *group, char *user, - pg_auth_config_rec * sec) -{ - char query[MAX_STRING_LEN]; - char safe_user[1 + 2 * strlen (user)]; - char safe_group[1 + 2 * strlen (group)]; - int n; - - query[0] = '\0'; - pg_check_string (safe_user, user, strlen (user)); - pg_check_string (safe_group, group, strlen (group)); - - if ((!sec->auth_pg_grp_table) || - (!sec->auth_pg_grp_field) || (!sec->auth_pg_uname_field)) - { - snprintf (pg_errstr, MAX_STRING_LEN, - "PG: Missing parameters for password lookup: %s%s%s", - (sec->auth_pg_grp_table ? "" : "Group table "), - (sec->auth_pg_grp_field ? "" : "GroupID field name "), - (sec->auth_pg_uname_field ? "" : "UserID field name ")); - return NULL; - }; - - n = snprintf (query, MAX_STRING_LEN, - "select %s from %s where %s='%s' and %s='%s' %s", - sec->auth_pg_grp_field, sec->auth_pg_grp_table, - sec->auth_pg_uname_field, safe_user, sec->auth_pg_grp_field, - safe_group, - sec->auth_pg_grp_whereclause ? sec-> - auth_pg_grp_whereclause : ""); - - if (n < 0 || n > MAX_STRING_LEN) + safe_pw, + r->connection->remote_ip, + safe_uri, + safe_args, + safe_protocol); + if (n < 0 || n > MAX_QUERY_LEN) { snprintf (pg_errstr, MAX_STRING_LEN, "PG: Detected SQL-truncation attack. Auth aborted."); return NULL; } - - return do_pg_query (r, query, sec); + return do_pg_query (r, query, sec, !r->uri || !sec->auth_pg_finish || !strcmp(r->uri, sec->auth_pg_finish)); } /* Process authentication request from Apache*/ @@ -676,25 +423,13 @@ * perfectly possible to only do group control and leave * user control to the next guy in line. */ - if ((!sec->auth_pg_pwd_table) && (!sec->auth_pg_pwd_field)) + if (!sec->auth_pg_function) return DECLINED; pg_errstr[0] = '\0'; + real_pw = get_pg_pw (r, c->user, sec, sent_pw); - if (sec->auth_pg_cache_passwords - && (!ap_is_empty_table (sec->cache_pass_table))) - { - val = (char *) ap_table_get (sec->cache_pass_table, c->user); - - if (val) - real_pw = val; - else - real_pw = get_pg_pw (r, c->user, sec); - } - else - real_pw = get_pg_pw (r, c->user, sec); - - if (!real_pw) + if (!real_pw || !real_pw[0]) { if (pg_errstr[0]) { @@ -706,7 +441,7 @@ { /* force error and access denied */ snprintf (pg_errstr, MAX_STRING_LEN, - "mod_auth_pgsql: Password for user %s not found (PG-Authoritative)", + "mod_auth_pgsql: Password mismatch for user %s", c->user); ap_note_basic_auth_failure (r); res = AUTH_REQUIRED; @@ -721,54 +456,8 @@ return res; } - /* allow no password, if the flag is set and the password - * is empty. But be sure to log this. - */ - if ((sec->auth_pg_nopasswd) && (!strlen (real_pw))) - { - snprintf (pg_errstr, MAX_STRING_LEN, - "PG: user %s: Empty password accepted", c->user); - ap_log_reason (pg_errstr, r->uri, r); - pg_log_auth_user (r, sec, c->user, sent_pw); - return OK; - }; - - /* if the flag is off however, keep that kind of stuff at - * an arms length. - */ - if ((!strlen (real_pw)) || (!strlen (sent_pw))) - { - snprintf (pg_errstr, MAX_STRING_LEN, - "PG: user %s: Empty Password(s) Rejected", c->user); - ap_log_reason (pg_errstr, r->uri, r); - ap_note_basic_auth_failure (r); - return AUTH_REQUIRED; - }; - - if (sec->auth_pg_encrypted) - sent_pw = (sec->auth_pg_hash_type == AUTH_PG_HASH_TYPE_MD5) ? - auth_pg_md5 (sent_pw) : (char *) crypt (sent_pw, real_pw); - - if ((sec->auth_pg_hash_type == AUTH_PG_HASH_TYPE_MD5 || sec->auth_pg_pwdignorecase != 0) - ? strcasecmp (real_pw, sent_pw) : strcmp (real_pw, sent_pw)) - { - snprintf (pg_errstr, MAX_STRING_LEN, - "PG user %s: password mismatch", c->user); - ap_log_reason (pg_errstr, r->uri, r); - ap_note_basic_auth_failure (r); - return AUTH_REQUIRED; - } + ap_table_setn(r->subprocess_env, "CREDENTIALS", real_pw); - if (sec->auth_pg_cache_passwords && !val && sec->cache_pass_table) - { - if ((ap_table_elts (sec->cache_pass_table))->nelts >= MAX_TABLE_LEN) - { - ap_clear_table (sec->cache_pass_table); - } - ap_table_set (sec->cache_pass_table, c->user, real_pw); - } - - pg_log_auth_user (r, sec, c->user, sent_pw); return OK; } @@ -795,8 +484,6 @@ /* if we cannot do it; leave it to some other guy */ - if ((!sec->auth_pg_grp_table) && (!sec->auth_pg_grp_field)) - return DECLINED; if (!reqs_arr) { @@ -848,118 +535,11 @@ } } - else if (!strcmp (w, "group")) - { - /* look up the membership for each of the groups in the table */ - pg_errstr[0] = '\0'; - - while (t[0]) - { - if (get_pg_grp - (r, ap_getword (r->pool, &t, ' '), user, sec)) - { - group_result = OK; - }; - }; - - if (pg_errstr[0]) - { - ap_log_reason (pg_errstr, r->filename, r); - return SERVER_ERROR; - } - - if (group_result == OK) - return OK; - - if (sec->auth_pg_authoritative) - { - snprintf (pg_errstr, MAX_STRING_LEN, - "user %s not in right groups (PG-Authoritative)", - user); - ap_log_reason (pg_errstr, r->uri, r); - ap_note_basic_auth_failure (r); - return AUTH_REQUIRED; - }; - } } return DECLINED; } - -/* Send the authentication to the log table */ -int -pg_log_auth_user (request_rec * r, pg_auth_config_rec * sec, char *user, - char *sent_pw) -{ - char sql[MAX_STRING_LEN]; - char *s; - char fields[MAX_STRING_LEN]; - char values[MAX_STRING_LEN]; - char safe_user[1 + 2 * strlen (user)]; - char safe_pw[1 + 2 * strlen (sent_pw)]; - char safe_req[1 + 2 * strlen (r->the_request)]; - - char ts[MAX_STRING_LEN]; /* time in string format */ - struct tm *t; /* time of request start */ - - /* we do not want to process internal redirect */ - if (!ap_is_initial_req (r)) - return DECLINED; - if ((!sec->auth_pg_log_table) || - (!sec->auth_pg_log_uname_field) || (!sec->auth_pg_log_date_field)) - { // At least table name, username and date field are specified - // send error message and exit - return DECLINED; - } - - /* AUD: MAX_STRING_LEN probably isn't always correct */ - pg_check_string (safe_user, user, strlen (user)); - pg_check_string (safe_pw, sent_pw, strlen (sent_pw)); - pg_check_string (safe_req, r->the_request, strlen (r->the_request)); - - /* time field format */ - t = localtime (&r->request_time); - snprintf (ts, 100, "%04d-%02d-%02d %02d:%02d:%02d", t->tm_year + 1900, - t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); - - /* SQL Statement, required fields: Username, Date */ - snprintf (fields, MAX_STRING_LEN, "%s,%s", - sec->auth_pg_log_uname_field, sec->auth_pg_log_date_field); - snprintf (values, MAX_STRING_LEN, "'%s','%s'", safe_user, ts); - - /* Optional parameters */ - if (sec->auth_pg_log_addrs_field) - { /* IP Address field */ - snprintf (sql, MAX_STRING_LEN, ", %s", - sec->auth_pg_log_addrs_field); - strncat (fields, sql, MAX_STRING_LEN - strlen (fields) - 1); - snprintf (sql, MAX_STRING_LEN, ", '%s'", r->connection->remote_ip); - strncat (values, sql, MAX_STRING_LEN - strlen (values) - 1); - } - if (sec->auth_pg_log_pwd_field) - { /* Password field , clear WARNING */ - snprintf (sql, MAX_STRING_LEN, ", %s", sec->auth_pg_log_pwd_field); - strncat (fields, sql, MAX_STRING_LEN - strlen (fields) - 1); - snprintf (sql, MAX_STRING_LEN, ", '%s'", safe_pw); - strncat (values, sql, MAX_STRING_LEN - strlen (values) - 1); - } - if (sec->auth_pg_log_uri_field) - { /* request string */ - snprintf (sql, MAX_STRING_LEN, ", %s", sec->auth_pg_log_uri_field); - strncat (fields, sql, MAX_STRING_LEN - strlen (fields) - 1); - snprintf (sql, MAX_STRING_LEN, ", '%s'", safe_req); - strncat (values, sql, MAX_STRING_LEN - strlen (values) - 1); - } - - snprintf (sql, MAX_STRING_LEN, "insert into %s (%s) values(%s) ; ", - sec->auth_pg_log_table, fields, values); - - s = do_pg_query (r, sql, sec); - return (0); -} - - void pg_auth_init_handler (server_rec * s, pool * p) { @@ -969,7 +549,6 @@ void * pg_auth_server_init (pool * p, server_rec * s) { - // Init the module private memory pool, user for the per directory cache tables if (auth_pgsql_pool == NULL) auth_pgsql_pool = ap_make_sub_pool (NULL);