Bug#680993: libaprutil1-dbd-mysql: AuthDBDUserPWQuery (Module mod_dbd.c) for MySQL doesn't allow SQL statement with a stored procedure
Package: libaprutil1-dbd-mysql
Version: 1.3.9+dfsg-5
Severity: important
<IfModule mod_gnutls.c>
<VirtualHost 192.168.1.52:xxxx>
ServerAdmin webmaster@cwexample.net
ServerName dav.example.net:xxxx
WSGIDaemonProcess radicale user=calendar group=www-data threads=1
WSGIScriptAlias / /home/www-data/calendar/radicale.wsgi
Alias /favicon.ico /home/www-data/calendar/favicon.ico
<Directory /home/www-data/calendar/>
WSGIProcessGroup radicale
WSGIApplicationGroup %{GLOBAL}
AuthType Basic
AuthName "DAV (CadDAV & CardDav) Authentication"
<IfModule !mod_dbd.c>
# with
AuthBasicProvider file
AuthUserFile /etc/radicale/radicale.passwd
</IfModule>
<IfModule mod_dbd.c>
# with mod_authn_dbd
AuthBasicProvider dbd
AuthDBDUserPWQuery SEE BELOW THE TWO SQL STATEMENT
</IfModule>
Require valid-user
AllowOverride None
</Directory>
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
ErrorLog /home/www-logs/error.log
CustomLog /home/www-logs/access-ssl-dav.log combined
#
# Https config
#
GnuTLSEnable on
# « Normal » permet à GnuTLS d’utiliser les algotithmes standard AES, 3DES, ARCFOUR et CAMELLIA
GnuTLSPriorities Normal
GnuTLSCacheTimeout 500
GnuTLSExportCertificates on
#GnuTLSClientVerify request
GnuTLSClientCAFile /path/to/example.crt
GnuTLSCertificateFile /path/to/dav.crt
GnuTLSKeyFile /path/to/example.pem
</VirtualHos
</IfModule>
with the following directive
AuthDBDUserRealmQuery "SELECT Password From Test Where User = %s"
the MySQL log show
120709 19:23:38 240 Connect mail-usr@localhost on Mail
241 Connect mail-usr@localhost on Mail
242 Connect mail-usr@localhost on Mail
240 Prepare SELECT Password From Test Where User = ?
241 Prepare SELECT Password From Test Where User = ?
242 Prepare SELECT Password From Test Where User = ?
243 Connect mail-usr@localhost on Mail
244 Connect mail-usr@localhost on Mail
243 Prepare SELECT Password From Test Where User = ?
244 Prepare SELECT Password From Test Where User = ?
245 Prepare SELECT Password From Test Where User = ?
120709 19:24:17 242 Execute SELECT Password From Test Where User = 'test.example'
247 Connect mail-usr@localhost on Mail
246 Connect mail-usr@localhost on Mail
246 Prepare SELECT Password From Test Where User = ?
247 Prepare SELECT Password From Test Where User = ?
and we get authorization.
with the following directive
AuthDBDUserPWQuery "call GetApacheAuth( %s )"
the MySQL log are
120709 20:32:56 337 Connect mail-usr@localhost on Mail
338 Connect mail-usr@localhost on Mail
339 Connect mail-usr@localhost on Mail
340 Connect mail-usr@localhost on Mail
337 Prepare call GetApacheAuth( ? )
338 Prepare call GetApacheAuth( ? )
339 Prepare call GetApacheAuth( ? )
340 Prepare call GetApacheAuth( ? )
341 Connect mail-usr@localhost on Mail
341 Prepare call GetApacheAuth( ? )
120709 20:33:04 342 Connect mail-usr@localhost on Mail
342 Prepare call GetApacheAuth( ? )
and we never get any "execute" command
The apache log
[Mon Jul 09 20:22:57 2012] [error] [client 192.168.2.241] Query execution error looking up 'test.example' in database
At the shell prompt
user@machine:/tmp$ mysql --user=mail-usr --password=xxxxxxxx --host=localhost Mail -e "CALL GetApacheAuth('test.example');"
+---------------+
| password |
+---------------+
| yyyyyyyyyyyyy |
+---------------+
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libaprutil1-dbd-mysql depends on:
ii libaprutil1 1.3.9+dfsg-5 The Apache Portable Runtime Utilit
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libmysqlclient16 5.1.63-0+squeeze1 MySQL database client library
libaprutil1-dbd-mysql recommends no packages.
libaprutil1-dbd-mysql suggests no packages.
-- no debconf information
Reply to: