The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: 1 [2]   Go Down

Author Topic: security problem, auth_form and authn_dbd  (Read 25458 times)

casi91

  • Newbie
  • *
  • Offline Offline
  • Posts: 22
Re: security problem, auth_form and authn_dbd
« Reply #15 on: December 17, 2012, 05:13:38 PM »

So,
after a long day and a lot of apache configuration, i finally have the Basic-config i want :-)
There are my: login with mod_auth_digest and mod_auth_form and last but not least with mod_auth_dbd and a odbc connection to my database.

Also i've got the connection only over ssl

Today was a good day :-)

Again thanks for your help.
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 583
Re: security problem, auth_form and authn_dbd
« Reply #16 on: December 17, 2012, 05:50:42 PM »

it would be great, if you could post the working config
Logged

casi91

  • Newbie
  • *
  • Offline Offline
  • Posts: 22
Re: security problem, auth_form and authn_dbd
« Reply #17 on: December 18, 2012, 08:19:18 AM »

Oh, of course.
But at first I have to hurry up and finish my Project.
Because in a few days I'm going to get holidays  ;)

But when I have enough time this week, I'll post a small config with all necessary code
Logged

casi91

  • Newbie
  • *
  • Offline Offline
  • Posts: 22
Re: security problem, auth_form and authn_dbd
« Reply #18 on: December 18, 2012, 04:57:32 PM »

So,
i hope i didn't forget anything.
Here is the necessary config:
Code: [Select]
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_crypto_module modules/mod_session_crypto.so
LoadModule session_dbd_module modules/mod_session_dbd.so

DBDriver odbc
DBDParams "DATASOURCE=DSN, USER=usr, PASSWORD=pwd"

DBDMin  6
DBDKeep 7
DBDMax  10
DBDExptime 400


<Location /logout>
SetHandler form-logout-handler
Order allow,deny
allow from all
AuthFormLogoutLocation /logout.php

# core authentication and mod_auth_basic configuration
# for mod_authn_dbd

AuthType form
AuthName "AuthName"
AuthFormProvider dbd
Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/

AuthDBDUserPWQuery "SELECT pw FROM database.table WHERE user = %s

    # dbd-logout action executes a statement to log user out
    Require dbd-logout
    AuthzDBDQuery "UPDATE database.table SET login = 'false' WHERE user = %s"
</Location>

<Location /login>
SetHandler form-login-handler
AuthFormLoginRequiredLocation /loginfail.php
AuthFormLoginSuccessLocation /login.php

# core authentication and mod_auth_basic configuration
# for mod_authn_dbd
AuthFormProvider dbd
AuthType form
AuthName "AuthName"

Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/

  # don't require user to already be logged in!
    AuthDBDUserPWQuery "SELECT pw FROM database.table WHERE user = %s

    # dbd-login action executes a statement to log user in
    Require dbd-login
    AuthzDBDQuery "UPDATE database.table SET login = 'true' WHERE user = %s"

    # return user to referring page (if any) after
    # successful login
    AuthzDBDLoginToReferer On
</Location>

<Directory "myDirectory">
Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/

# core authentication and mod_auth_basic configuration
# for mod_authn_dbd
AuthType form
AuthName "AuthName"
AuthFormProvider dbd

# core authorization configuration
Require valid-user

# mod_authn_dbd SQL query to authenticate a user
AuthDBDUserPWQuery "SELECT pw FROM database.table WHERE user = %s and login = 'true'

ErrorDocument 401 /index.php

<Files login.php>
  # don't require user to already be logged in!
    AuthDBDUserPWQuery "SELECT pw FROM database.table WHERE user = %s

    # dbd-login action executes a statement to log user in
    Require dbd-login
    AuthzDBDQuery "UPDATE database.table SET login = 'true' WHERE user = %s"
</Files>
</Directory>
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: security problem, auth_form and authn_dbd
« Reply #19 on: December 19, 2012, 10:44:03 PM »

Thanks for coming back with that and Happy Holidays
Logged

NYOKUS

  • Newbie
  • *
  • Offline Offline
  • Posts: 1
Re: security problem, auth_form and authn_dbd
« Reply #20 on: January 16, 2013, 11:59:53 AM »

Hello,

I'd like to notice that I have also the same issue with the x64 binaries.
After having created the Apache Windows service, I'm not able to start it:

"
Faulting application name: httpd.exe, version: 2.4.3.0, time stamp: 0x502fde1c
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0xc0000005
Fault offset: 0x000000000001833e
Faulting process id: 0x1a48
Faulting application start time: 0x01cdf3c4b3f36e4a
Faulting application path: C:\E\Installed_programs\apache\httpd\bin\httpd.exe
Faulting module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Report Id: f4bfd3e3-5fb7-11e2-96dd-0050568b3be3



Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: httpd.exe
P2: 2.4.3.0
P3: 502fde1c
P4: MSVCR90.dll
P5: 9.0.30729.6161
P6: 4dace4e7
P7: c0000005
P8: 000000000001833e
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_httpd.exe_e69d22e5adfa4138ebec8d4537d688ce9572caf_10093561

Analysis symbol:
Rechecking for solution: 0
Report Id: f4bfd3e3-5fb7-11e2-96dd-0050568b3be3
Report Status: 4
"
Could someone help me to solve this issue?

thanks in advance

Regards

Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: security problem, auth_form and authn_dbd
« Reply #21 on: January 18, 2013, 07:36:42 PM »

Cannot reproduce but I'm not using dbd auth, just simple file.

Casi91 had to revert to x86 binaries to solve the problem.
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 847
Re: security problem, auth_form and authn_dbd
« Reply #22 on: January 23, 2013, 11:14:11 AM »

I'm wondering if both these are due to mod_session_dbd, at least the crash one and showing up mainly in x64.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53452

This bug should be fixed in 2.4.4
Logged
Pages: 1 [2]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13