Bug#287160: Info received (was Bug#287160: Still can't reproduce the mod_auth_mysql bug)

[C.Y.M]

I have gone back to version 4.3.8-1 (which is the version that works for me) and 
have started back porting the changes from 4.3.9-2 until it breaks. The problem 
seems to be with the new check_mysql_auth_require and this function:

if ((rv = check_mysql_auth_require(user, t, r))
        != HTTP_UNAUTHORIZED)
{
        return rv;
}
If I apply the included patch to 4.3.8-1, everything seems to work fine.  All 
the changes after this are what breaks the "require group" function.  I hope 
that helps a little.  This patch should apply cleanly to 4.3.8-1 and includes 
all the changes added by 4.3.9-2 (except the "check_mysql_auth_require" change).

Best Regards,

--- libapache-mod-auth-mysql-4.3.8-orig/mod_auth_mysql.c        2005-03-11 
06:14:49.000000000 -0800
+++ libapache-mod-auth-mysql-4.3.8/mod_auth_mysql.c     2005-03-11 
06:09:53.000000000 -0800
@@ -21,7 +21,7 @@
  * SHA1 hash support
  */
 
-#define AUTH_MYSQL_VERSION "4.3.8-1"
+#define AUTH_MYSQL_VERSION "4.3.9-2"
 
 #include "config.h"
 
@@ -149,23 +149,21 @@
 
 static char *md5_hex_hash(const char *pass)
 {
-#ifdef APACHE2
-  apr_md5_ctx_t ct;
-#else
-       AP_MD5_CTX ct;
-#endif
        unsigned char hash[16];
        /* This makes this function *very* specialised.  Change this to
         * use dynamic memory if you want to reuse it somewhere else */
        static char real_hash[33];
        int i;
 #ifdef APACHE2
+       apr_md5_ctx_t ct;
+
        apr_md5_init(&ct);
        apr_md5_update(&ct, pass, strlen(pass));
        apr_md5_final(hash, &ct);
-#else          
+#else
+       AP_MD5_CTX ct;
+
        ap_MD5Init(&ct);
-       
        ap_MD5Update(&ct, pass, strlen(pass));
        ap_MD5Final(hash, &ct);
 #endif
@@ -190,29 +188,26 @@
 
 static char *sha1_hex_hash(const char *passwd)
 {
-#ifdef APACHE2
-  apr_sha1_ctx_t ct;
-  char hash[APR_SHA1_DIGESTSIZE];
-  static char real_hash[APR_SHA1_DIGESTSIZE * 2 + 1];
-#else
-  AP_SHA1_CTX ct;
-  char hash[SHA_DIGESTSIZE];
-  static char real_hash[SHA_DIGESTSIZE * 2 + 1];
-#endif
-
+       int i;
 
 #ifdef APACHE2
-  apr_sha1_init(&ct);
-  apr_sha1_update(&ct, passwd, strlen(passwd));
-  apr_sha1_final(hash, &ct);
-#else          
-  ap_SHA1Init(&ct);
-  ap_SHA1Update(&ct, passwd, strlen(passwd));
-  ap_SHA1Final(hash, &ct);
+       apr_sha1_ctx_t ct;
+       char hash[APR_SHA1_DIGESTSIZE];
+       static char real_hash[APR_SHA1_DIGESTSIZE * 2 + 1];
+
+       apr_sha1_init(&ct);
+       apr_sha1_update(&ct, passwd, strlen(passwd));
+       apr_sha1_final(hash, &ct);
+#else
+       AP_SHA1_CTX ct;
+       char hash[SHA_DIGESTSIZE];
+       static char real_hash[SHA_DIGESTSIZE * 2 + 1];
+
+       ap_SHA1Init(&ct);
+       ap_SHA1Update(&ct, passwd, strlen(passwd));
+       ap_SHA1Final(hash, &ct);
 #endif
 
-  int i;
-
        /* Now we convert the 20 octet hash to a 40 byte hex string */
        for (i = 0; i < sizeof(hash); i++) {
                real_hash[2*i+1] = hash[i] & 0xF;
@@ -1079,9 +1074,9 @@
 #endif
 {
 #ifdef APACHE2
-  apr_pool_cleanup_register(p, (void *) result, auth_mysql_result_cleanup, 
auth_mysql_result_cleanup);
+       apr_pool_cleanup_register(p, (void *) result, 
auth_mysql_result_cleanup, auth_mysql_result_cleanup);
 #else
-    ap_register_cleanup(p, (void *) result, auth_mysql_result_cleanup, 
auth_mysql_result_cleanup);
+       ap_register_cleanup(p, (void *) result, auth_mysql_result_cleanup, 
auth_mysql_result_cleanup);
 #endif
 
 }
@@ -1540,11 +1535,7 @@
 #endif
                case 0:
                        ap_note_basic_auth_failure(r);
-#ifdef APACHE2
                        return HTTP_UNAUTHORIZED;
-#else
-                       return AUTH_REQUIRED;
-#endif
                        break;
                case 1:
                        return OK;
@@ -1553,11 +1544,7 @@
                default:
                        APACHELOG(APLOG_DEBUG, r,
                                "mysql_check_user_password returned error");
-#ifdef APACHE2
                        return HTTP_INTERNAL_SERVER_ERROR;
-#else
-                       return SERVER_ERROR;
-#endif
                        break;
        }
 }
@@ -1573,7 +1560,7 @@
 {
        mysql_auth_config_rec *sec = (mysql_auth_config_rec *) 
ap_get_module_config(r->per_dir_config, &auth_mysql_module);
 #ifdef APACHE2
-  char *user = r->user;
+       char *user = r->user;
 #else
        char *user = r->connection->user;
 #endif
@@ -1583,7 +1570,7 @@
        register int x;
        const char *t, *w;
 #ifdef APACHE2
-  const apr_array_header_t *reqs_arr = ap_requires(r);
+       const apr_array_header_t *reqs_arr = ap_requires(r);
 #else
        const array_header *reqs_arr = ap_requires(r);
 #endif
@@ -1599,11 +1586,8 @@
         */
        if (!reqs_arr) {
                if (sec->authoritative) {
-#ifdef APACHE2
-       return HTTP_UNAUTHORIZED;
-#else
-                       return AUTH_REQUIRED;
-#endif
+                       APACHELOG(APLOG_ERR, r, "No requires line available");
+                       return HTTP_UNAUTHORIZED;
                } else {
                        return DECLINED;
                }
@@ -1658,11 +1642,7 @@
                                }
                                else if (rv == -1)
                                {
-#ifdef APACHE2
                                        return HTTP_INTERNAL_SERVER_ERROR;
-#else
-                                       return SERVER_ERROR;
-#endif
                                }
                        }
                }
@@ -1670,11 +1650,7 @@
                /* The user is not part of any listed groups or users, and
                 * the valid-user check wasn't used.
                 */
-#ifdef APACHE2
                return HTTP_UNAUTHORIZED;
-#else
-               return AUTH_REQUIRED;
-#endif
        }
 
        /* If there were no requires lines, we assume we're good to go */
@@ -1688,11 +1664,7 @@
        }
 
        ap_note_basic_auth_failure(r);
-#ifdef APACHE2
        return HTTP_UNAUTHORIZED;
-#else
-       return AUTH_REQUIRED;
-#endif
 }