| 1 |
niq |
321247 |
/* Copyright 2000-2005 The Apache Software Foundation or its licensors, as |
| 2 |
|
|
* applicable. |
| 3 |
|
|
* |
| 4 |
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 |
|
|
* you may not use this file except in compliance with the License. |
| 6 |
|
|
* You may obtain a copy of the License at |
| 7 |
|
|
* |
| 8 |
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
| 9 |
|
|
* |
| 10 |
|
|
* Unless required by applicable law or agreed to in writing, software |
| 11 |
|
|
* distributed under the License is distributed on an "AS IS" BASIS, |
| 12 |
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 |
|
|
* See the License for the specific language governing permissions and |
| 14 |
|
|
* limitations under the License. |
| 15 |
|
|
*/ |
| 16 |
|
|
|
| 17 |
|
|
#include "ap_provider.h" |
| 18 |
|
|
#include "httpd.h" |
| 19 |
|
|
#include "http_config.h" |
| 20 |
|
|
#include "http_log.h" |
| 21 |
|
|
#include "apr_dbd.h" |
| 22 |
|
|
#include "mod_dbd.h" |
| 23 |
|
|
#include "apr_strings.h" |
| 24 |
|
|
#include "mod_auth.h" |
| 25 |
|
|
#include "apr_md5.h" |
| 26 |
|
|
|
| 27 |
|
|
module AP_MODULE_DECLARE_DATA authn_dbd_module; |
| 28 |
|
|
|
| 29 |
|
|
typedef struct { |
| 30 |
|
|
const char *user; |
| 31 |
|
|
const char *realm; |
| 32 |
|
|
} authn_dbd_conf; |
| 33 |
|
|
typedef struct { |
| 34 |
|
|
const char *label; |
| 35 |
|
|
const char *query; |
| 36 |
|
|
} authn_dbd_rec; |
| 37 |
|
|
|
| 38 |
|
|
/* optional function - look it up once in post_config */ |
| 39 |
|
|
static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL; |
| 40 |
|
|
static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL; |
| 41 |
|
|
|
| 42 |
|
|
static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy) |
| 43 |
|
|
{ |
| 44 |
|
|
authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf)); |
| 45 |
|
|
return ret; |
| 46 |
|
|
} |
| 47 |
|
|
static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD) |
| 48 |
|
|
{ |
| 49 |
|
|
authn_dbd_conf *add = ADD; |
| 50 |
|
|
authn_dbd_conf *base = BASE; |
| 51 |
|
|
authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf)); |
| 52 |
|
|
ret->user = (add->user == NULL) ? base->user : add->user; |
| 53 |
|
|
ret->realm = (add->realm == NULL) ? base->realm : add->realm; |
| 54 |
|
|
return ret; |
| 55 |
|
|
} |
| 56 |
|
|
static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query) |
| 57 |
|
|
{ |
| 58 |
|
|
static unsigned int label_num = 0; |
| 59 |
|
|
char *label; |
| 60 |
|
|
|
| 61 |
|
|
if (authn_dbd_prepare_fn == NULL) { |
| 62 |
|
|
authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare); |
| 63 |
|
|
if (authn_dbd_prepare_fn == NULL) { |
| 64 |
|
|
return "You must load mod_dbd to enable AuthDBD functions"; |
| 65 |
|
|
} |
| 66 |
|
|
authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire); |
| 67 |
|
|
} |
| 68 |
|
|
label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num); |
| 69 |
|
|
|
| 70 |
|
|
authn_dbd_prepare_fn(cmd->server, query, label); |
| 71 |
|
|
|
| 72 |
|
|
/* save the label here for our own use */ |
| 73 |
|
|
*(void**)cfg = label; |
| 74 |
|
|
return NULL; |
| 75 |
|
|
} |
| 76 |
|
|
static const command_rec authn_dbd_cmds[] = |
| 77 |
|
|
{ |
| 78 |
|
|
AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare, |
| 79 |
niq |
329497 |
(void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF, |
| 80 |
niq |
321247 |
"Query used to fetch password for user"), |
| 81 |
niq |
329497 |
AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare, |
| 82 |
|
|
(void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF, |
| 83 |
niq |
321247 |
"Query used to fetch password for user+realm"), |
| 84 |
|
|
{NULL} |
| 85 |
|
|
}; |
| 86 |
|
|
static authn_status authn_dbd_password(request_rec *r, const char *user, |
| 87 |
|
|
const char *password) |
| 88 |
|
|
{ |
| 89 |
|
|
apr_status_t rv; |
| 90 |
|
|
const char *dbd_password = NULL; |
| 91 |
|
|
apr_dbd_prepared_t *statement; |
| 92 |
|
|
apr_dbd_results_t *res = NULL; |
| 93 |
|
|
apr_dbd_row_t *row = NULL; |
| 94 |
|
|
|
| 95 |
|
|
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, |
| 96 |
|
|
&authn_dbd_module); |
| 97 |
|
|
ap_dbd_t *dbd = authn_dbd_acquire_fn(r); |
| 98 |
|
|
if (dbd == NULL) { |
| 99 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| 100 |
|
|
"Error looking up %s in database", user); |
| 101 |
|
|
return AUTH_GENERAL_ERROR; |
| 102 |
|
|
} |
| 103 |
|
|
|
| 104 |
|
|
if (conf->user == NULL) { |
| 105 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| 106 |
|
|
return AUTH_GENERAL_ERROR; |
| 107 |
|
|
} |
| 108 |
|
|
|
| 109 |
|
|
statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING); |
| 110 |
|
|
if (statement == NULL) { |
| 111 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| 112 |
|
|
return AUTH_GENERAL_ERROR; |
| 113 |
|
|
} |
| 114 |
|
|
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, |
| 115 |
|
|
0, user, NULL) != 0) { |
| 116 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| 117 |
|
|
"Error looking up %s in database", user); |
| 118 |
|
|
return AUTH_GENERAL_ERROR; |
| 119 |
|
|
} |
| 120 |
|
|
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); |
| 121 |
|
|
rv != -1; |
| 122 |
|
|
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { |
| 123 |
|
|
if (rv != 0) { |
| 124 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
| 125 |
|
|
"Error looking up %s in database", user); |
| 126 |
|
|
return AUTH_GENERAL_ERROR; |
| 127 |
|
|
} |
| 128 |
|
|
if (dbd_password == NULL) { |
| 129 |
|
|
dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); |
| 130 |
|
|
} |
| 131 |
niq |
329497 |
/* we can't break out here or row won't get cleaned up */ |
| 132 |
niq |
321247 |
} |
| 133 |
|
|
|
| 134 |
|
|
if (!dbd_password) { |
| 135 |
|
|
return AUTH_USER_NOT_FOUND; |
| 136 |
|
|
} |
| 137 |
|
|
|
| 138 |
|
|
rv = apr_password_validate(password, dbd_password); |
| 139 |
|
|
|
| 140 |
|
|
if (rv != APR_SUCCESS) { |
| 141 |
|
|
return AUTH_DENIED; |
| 142 |
|
|
} |
| 143 |
|
|
|
| 144 |
|
|
return AUTH_GRANTED; |
| 145 |
|
|
} |
| 146 |
|
|
static authn_status authn_dbd_realm(request_rec *r, const char *user, |
| 147 |
|
|
const char *realm, char **rethash) |
| 148 |
|
|
{ |
| 149 |
|
|
apr_status_t rv; |
| 150 |
|
|
const char *dbd_hash = NULL; |
| 151 |
|
|
apr_dbd_prepared_t *statement; |
| 152 |
|
|
apr_dbd_results_t *res = NULL; |
| 153 |
|
|
apr_dbd_row_t *row = NULL; |
| 154 |
|
|
|
| 155 |
|
|
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, |
| 156 |
|
|
&authn_dbd_module); |
| 157 |
|
|
ap_dbd_t *dbd = authn_dbd_acquire_fn(r); |
| 158 |
|
|
if (dbd == NULL) { |
| 159 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| 160 |
|
|
"Error looking up %s in database", user); |
| 161 |
|
|
return AUTH_GENERAL_ERROR; |
| 162 |
|
|
} |
| 163 |
|
|
if (conf->realm == NULL) { |
| 164 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| 165 |
|
|
return AUTH_GENERAL_ERROR; |
| 166 |
|
|
} |
| 167 |
|
|
statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING); |
| 168 |
|
|
if (statement == NULL) { |
| 169 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| 170 |
|
|
return AUTH_GENERAL_ERROR; |
| 171 |
|
|
} |
| 172 |
|
|
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, |
| 173 |
|
|
0, user, realm, NULL) != 0) { |
| 174 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| 175 |
|
|
"Error looking up %s:%s in database", user, realm); |
| 176 |
|
|
return AUTH_GENERAL_ERROR; |
| 177 |
|
|
} |
| 178 |
|
|
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); |
| 179 |
|
|
rv != -1; |
| 180 |
|
|
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { |
| 181 |
|
|
if (rv != 0) { |
| 182 |
|
|
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
| 183 |
|
|
"Error looking up %s in database", user); |
| 184 |
|
|
return AUTH_GENERAL_ERROR; |
| 185 |
|
|
} |
| 186 |
|
|
if (dbd_hash == NULL) { |
| 187 |
|
|
dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0); |
| 188 |
|
|
} |
| 189 |
niq |
329497 |
/* we can't break out here or row won't get cleaned up */ |
| 190 |
niq |
321247 |
} |
| 191 |
|
|
|
| 192 |
|
|
if (!dbd_hash) { |
| 193 |
|
|
return AUTH_USER_NOT_FOUND; |
| 194 |
|
|
} |
| 195 |
|
|
|
| 196 |
|
|
*rethash = apr_pstrdup(r->pool, dbd_hash); |
| 197 |
|
|
return AUTH_USER_FOUND; |
| 198 |
|
|
} |
| 199 |
|
|
static void authn_dbd_hooks(apr_pool_t *p) |
| 200 |
|
|
{ |
| 201 |
|
|
static const authn_provider authn_dbd_provider = { |
| 202 |
|
|
&authn_dbd_password, |
| 203 |
|
|
&authn_dbd_realm |
| 204 |
|
|
}; |
| 205 |
|
|
|
| 206 |
|
|
ap_register_provider(p, AUTHN_PROVIDER_GROUP, "dbd", "0", &authn_dbd_provider); |
| 207 |
|
|
} |
| 208 |
|
|
module AP_MODULE_DECLARE_DATA authn_dbd_module = |
| 209 |
|
|
{ |
| 210 |
|
|
STANDARD20_MODULE_STUFF, |
| 211 |
|
|
authn_dbd_cr_conf, |
| 212 |
|
|
authn_dbd_merge_conf, |
| 213 |
|
|
NULL, |
| 214 |
|
|
NULL, |
| 215 |
|
|
authn_dbd_cmds, |
| 216 |
|
|
authn_dbd_hooks |
| 217 |
|
|
}; |
Parent Directory
| 
Revision Log