modules/aaa/mod_authn_dbd.c

/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "ap_provider.h"
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
#include "apr_lib.h"
#include "apr_dbd.h"
#include "mod_dbd.h"
#include "apr_strings.h"
#include "mod_auth.h"
#include "apr_md5.h"
#include "apu_version.h"

module AP_MODULE_DECLARE_DATA authn_dbd_module;

typedef struct {
    const char *user;
    const char *realm;
} authn_dbd_conf;
typedef struct {
    const char *label;
    const char *query;
} authn_dbd_rec;

/* optional function - look it up once in post_config */
static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL;
static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL;

static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy)
{
    authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
    return ret;
}
static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD)
{
    authn_dbd_conf *add = ADD;
    authn_dbd_conf *base = BASE;
    authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
    ret->user = (add->user == NULL) ? base->user : add->user;
    ret->realm = (add->realm == NULL) ? base->realm : add->realm;
    return ret;
}
static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query)
{
    static unsigned int label_num = 0;
    char *label;

    if (authn_dbd_prepare_fn == NULL) {
        authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
        if (authn_dbd_prepare_fn == NULL) {
            return "You must load mod_dbd to enable AuthDBD functions";
        }
        authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
    }
    label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);

    authn_dbd_prepare_fn(cmd->server, query, label);

    /* save the label here for our own use */
    return ap_set_string_slot(cmd, cfg, label);
}
static const command_rec authn_dbd_cmds[] =
{
    AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
                  (void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
                  "Query used to fetch password for user"),
    AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
                  (void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
                  "Query used to fetch password for user+realm"),
    {NULL}
};
static authn_status authn_dbd_password(request_rec *r, const char *user,
                                       const char *password)
{
    apr_status_t rv;
    const char *dbd_password = NULL;
    apr_dbd_prepared_t *statement;
    apr_dbd_results_t *res = NULL;
    apr_dbd_row_t *row = NULL;

    authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
                                                &authn_dbd_module);
    ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
    if (dbd == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Error looking up %s in database", user);
        return AUTH_GENERAL_ERROR;
    }

    if (conf->user == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified.");
        return AUTH_GENERAL_ERROR;
    }

    statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
    if (statement == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user);
        return AUTH_GENERAL_ERROR;
    }
    if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
                              0, user, NULL) != 0) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Error looking up %s in database", user);
        return AUTH_GENERAL_ERROR;
    }
    for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
         rv != -1;
         rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
        if (rv != 0) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                      "Error looking up %s in database", user);
            return AUTH_GENERAL_ERROR;
        }
        if (dbd_password == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
            /* add the rest of the columns to the environment */
            int i = 1;
            const char *name;
            for (name = apr_dbd_get_name(dbd->driver, res, i);
                 name != NULL;
                 name = apr_dbd_get_name(dbd->driver, res, i)) {

                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
                                        name,
                                        NULL);
                int j = 13;
                while (str[j]) {
                    if (!apr_isalnum(str[j])) {
                        str[j] = '_';
                    }
                    else {
                        str[j] = apr_toupper(str[j]);
                    }
                    j++;
                }
                apr_table_setn(r->subprocess_env, str,
                               apr_dbd_get_entry(dbd->driver, row, i));
                i++;
            }
#endif
            dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
        }
        /* we can't break out here or row won't get cleaned up */
    }

    if (!dbd_password) {
        return AUTH_USER_NOT_FOUND;
    }

    rv = apr_password_validate(password, dbd_password);

    if (rv != APR_SUCCESS) {
        return AUTH_DENIED;
    }

    return AUTH_GRANTED;
}
static authn_status authn_dbd_realm(request_rec *r, const char *user,
                                    const char *realm, char **rethash)
{
    apr_status_t rv;
    const char *dbd_hash = NULL;
    apr_dbd_prepared_t *statement;
    apr_dbd_results_t *res = NULL;
    apr_dbd_row_t *row = NULL;

    authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
                                                &authn_dbd_module);
    ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
    if (dbd == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Error looking up %s in database", user);
        return AUTH_GENERAL_ERROR;
    }
    if (conf->realm == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified.");
        return AUTH_GENERAL_ERROR;
    }
    statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
    if (statement == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm);
        return AUTH_GENERAL_ERROR;
    }
    if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
                              0, user, realm, NULL) != 0) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Error looking up %s:%s in database", user, realm);
        return AUTH_GENERAL_ERROR;
    }
    for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
         rv != -1;
         rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
        if (rv != 0) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                      "Error looking up %s in database", user);
            return AUTH_GENERAL_ERROR;
        }
        if (dbd_hash == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
            /* add the rest of the columns to the environment */
            int i = 1;
            const char *name;
            for (name = apr_dbd_get_name(dbd->driver, res, i);
                 name != NULL;
                 name = apr_dbd_get_name(dbd->driver, res, i)) {

                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
                                        name,
                                        NULL);
                int j = 13;
                while (str[j]) {
                    if (!apr_isalnum(str[j])) {
                        str[j] = '_';
                    }
                    else {
                        str[j] = apr_toupper(str[j]);
                    }
                    j++;
                }
                apr_table_setn(r->subprocess_env, str,
                               apr_dbd_get_entry(dbd->driver, row, i));
                i++;
            }
#endif
            dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
        }
        /* we can't break out here or row won't get cleaned up */
    }

    if (!dbd_hash) {
        return AUTH_USER_NOT_FOUND;
    }

    *rethash = apr_pstrdup(r->pool, dbd_hash);
    return AUTH_USER_FOUND;
}
static void authn_dbd_hooks(apr_pool_t *p)
{
    static const authn_provider authn_dbd_provider = {
        &authn_dbd_password,
        &authn_dbd_realm
    };

    ap_register_provider(p, AUTHN_PROVIDER_GROUP, "dbd", "0", &authn_dbd_provider);
}
module AP_MODULE_DECLARE_DATA authn_dbd_module =
{
    STANDARD20_MODULE_STUFF,
    authn_dbd_cr_conf,
    authn_dbd_merge_conf,
    NULL,
    NULL,
    authn_dbd_cmds,
    authn_dbd_hooks
};
1	/* Licensed to the Apache Software Foundation (ASF) under one or more
2	* contributor license agreements. See the NOTICE file distributed with
3	* this work for additional information regarding copyright ownership.
4	* The ASF licenses this file to You under the Apache License, Version 2.0
5	* (the "License"); you may not use this file except in compliance with
6	* the License. You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*/
16
17	#include "ap_provider.h"
18	#include "httpd.h"
19	#include "http_config.h"
20	#include "http_log.h"
21	#include "apr_lib.h"
22	#include "apr_dbd.h"
23	#include "mod_dbd.h"
24	#include "apr_strings.h"
25	#include "mod_auth.h"
26	#include "apr_md5.h"
27	#include "apu_version.h"
28
29	module AP_MODULE_DECLARE_DATA authn_dbd_module;
30
31	typedef struct {
32	const char *user;
33	const char *realm;
34	} authn_dbd_conf;
35	typedef struct {
36	const char *label;
37	const char *query;
38	} authn_dbd_rec;
39
40	/* optional function - look it up once in post_config */
41	static ap_dbd_t (authn_dbd_acquire_fn)(request_rec*) = NULL;
42	static void (authn_dbd_prepare_fn)(server_rec, const char, const char) = NULL;
43
44	static void authn_dbd_cr_conf(apr_pool_t pool, char *dummy)
45	{
46	authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
47	return ret;
48	}
49	static void authn_dbd_merge_conf(apr_pool_t pool, void BASE, void ADD)
50	{
51	authn_dbd_conf *add = ADD;
52	authn_dbd_conf *base = BASE;
53	authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
54	ret->user = (add->user == NULL) ? base->user : add->user;
55	ret->realm = (add->realm == NULL) ? base->realm : add->realm;
56	return ret;
57	}
58	static const char authn_dbd_prepare(cmd_parms cmd, void cfg, const char query)
59	{
60	static unsigned int label_num = 0;
61	char *label;
62
63	if (authn_dbd_prepare_fn == NULL) {
64	authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
65	if (authn_dbd_prepare_fn == NULL) {
66	return "You must load mod_dbd to enable AuthDBD functions";
67	}
68	authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
69	}
70	label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);
71
72	authn_dbd_prepare_fn(cmd->server, query, label);
73
74	/* save the label here for our own use */
75	return ap_set_string_slot(cmd, cfg, label);
76	}
77	static const command_rec authn_dbd_cmds[] =
78	{
79	AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
80	(void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
81	"Query used to fetch password for user"),
82	AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
83	(void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
84	"Query used to fetch password for user+realm"),
85	{NULL}
86	};
87	static authn_status authn_dbd_password(request_rec r, const char user,
88	const char *password)
89	{
90	apr_status_t rv;
91	const char *dbd_password = NULL;
92	apr_dbd_prepared_t *statement;
93	apr_dbd_results_t *res = NULL;
94	apr_dbd_row_t *row = NULL;
95
96	authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
97	&authn_dbd_module);
98	ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
99	if (dbd == NULL) {
100	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
101	"Error looking up %s in database", user);
102	return AUTH_GENERAL_ERROR;
103	}
104
105	if (conf->user == NULL) {
106	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified.");
107	return AUTH_GENERAL_ERROR;
108	}
109
110	statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
111	if (statement == NULL) {
112	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user);
113	return AUTH_GENERAL_ERROR;
114	}
115	if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
116	0, user, NULL) != 0) {
117	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
118	"Error looking up %s in database", user);
119	return AUTH_GENERAL_ERROR;
120	}
121	for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
122	rv != -1;
123	rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
124	if (rv != 0) {
125	ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
126	"Error looking up %s in database", user);
127	return AUTH_GENERAL_ERROR;
128	}
129	if (dbd_password == NULL) {
130	#if APU_MAJOR_VERSION > 1 \|\| (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
131	/* add the rest of the columns to the environment */
132	int i = 1;
133	const char *name;
134	for (name = apr_dbd_get_name(dbd->driver, res, i);
135	name != NULL;
136	name = apr_dbd_get_name(dbd->driver, res, i)) {
137
138	char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
139	name,
140	NULL);
141	int j = 13;
142	while (str[j]) {
143	if (!apr_isalnum(str[j])) {
144	str[j] = '_';
145	}
146	else {
147	str[j] = apr_toupper(str[j]);
148	}
149	j++;
150	}
151	apr_table_setn(r->subprocess_env, str,
152	apr_dbd_get_entry(dbd->driver, row, i));
153	i++;
154	}
155	#endif
156	dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
157	}
158	/* we can't break out here or row won't get cleaned up */
159	}
160
161	if (!dbd_password) {
162	return AUTH_USER_NOT_FOUND;
163	}
164
165	rv = apr_password_validate(password, dbd_password);
166
167	if (rv != APR_SUCCESS) {
168	return AUTH_DENIED;
169	}
170
171	return AUTH_GRANTED;
172	}
173	static authn_status authn_dbd_realm(request_rec r, const char user,
174	const char realm, char *rethash)
175	{
176	apr_status_t rv;
177	const char *dbd_hash = NULL;
178	apr_dbd_prepared_t *statement;
179	apr_dbd_results_t *res = NULL;
180	apr_dbd_row_t *row = NULL;
181
182	authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
183	&authn_dbd_module);
184	ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
185	if (dbd == NULL) {
186	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
187	"Error looking up %s in database", user);
188	return AUTH_GENERAL_ERROR;
189	}
190	if (conf->realm == NULL) {
191	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified.");
192	return AUTH_GENERAL_ERROR;
193	}
194	statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
195	if (statement == NULL) {
196	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm);
197	return AUTH_GENERAL_ERROR;
198	}
199	if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
200	0, user, realm, NULL) != 0) {
201	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
202	"Error looking up %s:%s in database", user, realm);
203	return AUTH_GENERAL_ERROR;
204	}
205	for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
206	rv != -1;
207	rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
208	if (rv != 0) {
209	ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
210	"Error looking up %s in database", user);
211	return AUTH_GENERAL_ERROR;
212	}
213	if (dbd_hash == NULL) {
214	#if APU_MAJOR_VERSION > 1 \|\| (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
215	/* add the rest of the columns to the environment */
216	int i = 1;
217	const char *name;
218	for (name = apr_dbd_get_name(dbd->driver, res, i);
219	name != NULL;
220	name = apr_dbd_get_name(dbd->driver, res, i)) {
221
222	char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
223	name,
224	NULL);
225	int j = 13;
226	while (str[j]) {
227	if (!apr_isalnum(str[j])) {
228	str[j] = '_';
229	}
230	else {
231	str[j] = apr_toupper(str[j]);
232	}
233	j++;
234	}
235	apr_table_setn(r->subprocess_env, str,
236	apr_dbd_get_entry(dbd->driver, row, i));
237	i++;
238	}
239	#endif
240	dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
241	}
242	/* we can't break out here or row won't get cleaned up */
243	}
244
245	if (!dbd_hash) {
246	return AUTH_USER_NOT_FOUND;
247	}
248
249	*rethash = apr_pstrdup(r->pool, dbd_hash);
250	return AUTH_USER_FOUND;
251	}
252	static void authn_dbd_hooks(apr_pool_t *p)
253	{
254	static const authn_provider authn_dbd_provider = {
255	&authn_dbd_password,
256	&authn_dbd_realm
257	};
258
259	ap_register_provider(p, AUTHN_PROVIDER_GROUP, "dbd", "0", &authn_dbd_provider);
260	}
261	module AP_MODULE_DECLARE_DATA authn_dbd_module =
262	{
263	STANDARD20_MODULE_STUFF,
264	authn_dbd_cr_conf,
265	authn_dbd_merge_conf,
266	NULL,
267	NULL,
268	authn_dbd_cmds,
269	authn_dbd_hooks
270	};