From: jan@unixpapa.com Date: Thu, 29 Oct 2009 15:36:50 +0000 (+0000) Subject: For checkpassword authenticators, we now write to stderr, not stdin, as X-Git-Tag: mod_authz_unixgroup-1.0.3~4 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=96789ca42c7219786f550f076033b3e26a8e4f72;p=apache-authnz-external For checkpassword authenticators, we now write to stderr, not stdin, as the checkpassword standard requires and as 3.1.x versions of mod_authz_external did. Updated version number to 3.2.5 --- diff --git a/mod_authnz_external/CHANGES b/mod_authnz_external/CHANGES index a882d8b..b48d0c2 100644 --- a/mod_authnz_external/CHANGES +++ b/mod_authnz_external/CHANGES @@ -1,3 +1,8 @@ +v3.2.5 (Jan Wolter - Oct 29, 2009) +----------------------------------------------- + * Fixed a bug introduced in 3.2.0 in which data for checkpassword-type + authenticators is written to the authenticator's stdin instead of stderr. + v3.2.4 (Jan Wolter - May 20, 2009) ----------------------------------------------- * Dropped the radius code from the distribution, because of possible problems diff --git a/mod_authnz_external/README b/mod_authnz_external/README index 63f28e9..61f1133 100644 --- a/mod_authnz_external/README +++ b/mod_authnz_external/README @@ -1,4 +1,4 @@ - Mod_Authnz_External version 3.2.4 + Mod_Authnz_External version 3.2.5 Original Coder: Nathan Neulinger Previous Maintainer: Tyler Allison diff --git a/mod_authnz_external/mod_authnz_external.c b/mod_authnz_external/mod_authnz_external.c index e7338f1..d90ff84 100644 --- a/mod_authnz_external/mod_authnz_external.c +++ b/mod_authnz_external/mod_authnz_external.c @@ -514,9 +514,10 @@ static int exec_external(const char *extpath, const char *extmethod, /* should we create pipes to stdin, stdout and stderr? */ ((rc= apr_procattr_io_set(procattr, - usepipein ? APR_FULL_BLOCK : APR_NO_PIPE, + (usepipein && !usecheck) ? APR_FULL_BLOCK : APR_NO_PIPE, usepipeout ? APR_FULL_BLOCK : APR_NO_PIPE, - APR_NO_PIPE)) != APR_SUCCESS) || + (usepipein && usecheck) ? APR_FULL_BLOCK : APR_NO_PIPE)) + != APR_SUCCESS ) || /* will give full path of program and make a new environment */ ((rc= apr_procattr_cmdtype_set(procattr, @@ -557,19 +558,22 @@ static int exec_external(const char *extpath, const char *extmethod, if (usepipein) { + /* Select appropriate pipe to write to */ + apr_file_t *pipe= (usecheck ? proc.err : proc.in); + /* Send the user */ - apr_file_write_full(proc.in, r->user, strlen(r->user), NULL); - apr_file_putc(usecheck ? '\0' : '\n', proc.in); + apr_file_write_full(pipe, r->user, strlen(r->user), NULL); + apr_file_putc(usecheck ? '\0' : '\n', pipe); /* Send the password */ - apr_file_write_full(proc.in, data, strlen(data), NULL); - apr_file_putc(usecheck ? '\0' : '\n', proc.in); + apr_file_write_full(pipe, data, strlen(data), NULL); + apr_file_putc(usecheck ? '\0' : '\n', pipe); /* Send dummy timestamp for checkpassword */ - if (usecheck) apr_file_write_full(proc.in, "0", 2, NULL); + if (usecheck) apr_file_write_full(pipe, "0", 2, NULL); /* Close the file */ - apr_file_close(proc.in); + apr_file_close(pipe); } /* Wait for the child process to terminate, and get status */