modules/aaa/mod_authn_dbd.c

/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "ap_provider.h"
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
#include "http_request.h"
#include "apr_lib.h"
#include "apr_dbd.h"
#include "mod_dbd.h"
#include "apr_strings.h"
#include "mod_auth.h"
#include "apr_md5.h"
#include "apu_version.h"

module AP_MODULE_DECLARE_DATA authn_dbd_module;

typedef struct {
    const char *user;
    const char *realm;
} authn_dbd_conf;
typedef struct {
    const char *label;
    const char *query;
} authn_dbd_rec;

/* optional function - look it up once in post_config */
static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL;
static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL;

static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy)
{
    authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
    return ret;
}
static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD)
{
    authn_dbd_conf *add = ADD;
    authn_dbd_conf *base = BASE;
    authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
    ret->user = (add->user == NULL) ? base->user : add->user;
    ret->realm = (add->realm == NULL) ? base->realm : add->realm;
    return ret;
}
static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query)
{
    static unsigned int label_num = 0;
    char *label;

    if (authn_dbd_prepare_fn == NULL) {
        authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
        if (authn_dbd_prepare_fn == NULL) {
            return "You must load mod_dbd to enable AuthDBD functions";
        }
        authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
    }
    label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);

    authn_dbd_prepare_fn(cmd->server, query, label);

    /* save the label here for our own use */
    return ap_set_string_slot(cmd, cfg, label);
}
static const command_rec authn_dbd_cmds[] =
{
    AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
                  (void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
                  "Query used to fetch password for user"),
    AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
                  (void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
                  "Query used to fetch password for user+realm"),
    {NULL}
};
static authn_status authn_dbd_password(request_rec *r, const char *user,
                                       const char *password)
{
    apr_status_t rv;
    const char *dbd_password = NULL;
    apr_dbd_prepared_t *statement;
    apr_dbd_results_t *res = NULL;
    apr_dbd_row_t *row = NULL;

    authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
                                                &authn_dbd_module);
    ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
    if (dbd == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Failed to acquire database connection to look up "
                      "user '%s'", user);
        return AUTH_GENERAL_ERROR;
    }

    if (conf->user == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "No AuthDBDUserPWQuery has been specified");
        return AUTH_GENERAL_ERROR;
    }

    statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
    if (statement == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "A prepared statement could not be found for "
                      "AuthDBDUserPWQuery with the key '%s'", conf->user);
        return AUTH_GENERAL_ERROR;
    }
    if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
                              0, user, NULL) != 0) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Query execution error looking up '%s' "
                      "in database", user);
        return AUTH_GENERAL_ERROR;
    }
    for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
         rv != -1;
         rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
        if (rv != 0) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                          "Error retrieving results while looking up '%s' "
                          "in database", user);
            return AUTH_GENERAL_ERROR;
        }
        if (dbd_password == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
            /* add the rest of the columns to the environment */
            int i = 1;
            const char *name;
            for (name = apr_dbd_get_name(dbd->driver, res, i);
                 name != NULL;
                 name = apr_dbd_get_name(dbd->driver, res, i)) {

                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
                                        name,
                                        NULL);
                int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
                while (str[j]) {
                    if (!apr_isalnum(str[j])) {
                        str[j] = '_';
                    }
                    else {
                        str[j] = apr_toupper(str[j]);
                    }
                    j++;
                }
                apr_table_set(r->subprocess_env, str,
                              apr_dbd_get_entry(dbd->driver, row, i));
                i++;
            }
#endif
            dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
        }
        /* we can't break out here or row won't get cleaned up */
    }

    if (!dbd_password) {
        return AUTH_USER_NOT_FOUND;
    }

    rv = apr_password_validate(password, dbd_password);

    if (rv != APR_SUCCESS) {
        return AUTH_DENIED;
    }

    return AUTH_GRANTED;
}
static authn_status authn_dbd_realm(request_rec *r, const char *user,
                                    const char *realm, char **rethash)
{
    apr_status_t rv;
    const char *dbd_hash = NULL;
    apr_dbd_prepared_t *statement;
    apr_dbd_results_t *res = NULL;
    apr_dbd_row_t *row = NULL;

    authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
                                                &authn_dbd_module);
    ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
    if (dbd == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Failed to acquire database connection to look up "
                      "user '%s:%s'", user, realm);
        return AUTH_GENERAL_ERROR;
    }
    if (conf->realm == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "No AuthDBDUserRealmQuery has been specified");
        return AUTH_GENERAL_ERROR;
    }
    statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
    if (statement == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "A prepared statement could not be found for "
                      "AuthDBDUserRealmQuery with the key '%s'", conf->realm);
        return AUTH_GENERAL_ERROR;
    }
    if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
                              0, user, realm, NULL) != 0) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Query execution error looking up '%s:%s' "
                      "in database", user, realm);
        return AUTH_GENERAL_ERROR;
    }
    for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
         rv != -1;
         rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
        if (rv != 0) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                          "Error retrieving results while looking up '%s:%s' "
                          "in database", user, realm);
            return AUTH_GENERAL_ERROR;
        }
        if (dbd_hash == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
            /* add the rest of the columns to the environment */
            int i = 1;
            const char *name;
            for (name = apr_dbd_get_name(dbd->driver, res, i);
                 name != NULL;
                 name = apr_dbd_get_name(dbd->driver, res, i)) {

                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
                                        name,
                                        NULL);
                int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
                while (str[j]) {
                    if (!apr_isalnum(str[j])) {
                        str[j] = '_';
                    }
                    else {
                        str[j] = apr_toupper(str[j]);
                    }
                    j++;
                }
                apr_table_set(r->subprocess_env, str,
                              apr_dbd_get_entry(dbd->driver, row, i));
                i++;
            }
#endif
            dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
        }
        /* we can't break out here or row won't get cleaned up */
    }

    if (!dbd_hash) {
        return AUTH_USER_NOT_FOUND;
    }

    *rethash = apr_pstrdup(r->pool, dbd_hash);
    return AUTH_USER_FOUND;
}
static void authn_dbd_hooks(apr_pool_t *p)
{
    static const authn_provider authn_dbd_provider = {
        &authn_dbd_password,
        &authn_dbd_realm
    };

    ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "dbd",
                              AUTHN_PROVIDER_VERSION,
                              &authn_dbd_provider, AP_AUTH_INTERNAL_PER_CONF);
}
module AP_MODULE_DECLARE_DATA authn_dbd_module =
{
    STANDARD20_MODULE_STUFF,
    authn_dbd_cr_conf,
    authn_dbd_merge_conf,
    NULL,
    NULL,
    authn_dbd_cmds,
    authn_dbd_hooks
};
1	fielding	420983	/* Licensed to the Apache Software Foundation (ASF) under one or more
2			* contributor license agreements. See the NOTICE file distributed with
3			* this work for additional information regarding copyright ownership.
4			* The ASF licenses this file to You under the Apache License, Version 2.0
5			* (the "License"); you may not use this file except in compliance with
6			* the License. You may obtain a copy of the License at
7	niq	321247	*
8			* http://www.apache.org/licenses/LICENSE-2.0
9			*
10			* Unless required by applicable law or agreed to in writing, software
11			* distributed under the License is distributed on an "AS IS" BASIS,
12			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13			* See the License for the specific language governing permissions and
14			* limitations under the License.
15			*/
16
17			#include "ap_provider.h"
18			#include "httpd.h"
19			#include "http_config.h"
20			#include "http_log.h"
21	chrisd	644525	#include "http_request.h"
22	minfrin	466865	#include "apr_lib.h"
23	niq	321247	#include "apr_dbd.h"
24			#include "mod_dbd.h"
25			#include "apr_strings.h"
26			#include "mod_auth.h"
27			#include "apr_md5.h"
28	minfrin	466865	#include "apu_version.h"
29	niq	321247
30			module AP_MODULE_DECLARE_DATA authn_dbd_module;
31
32			typedef struct {
33			const char *user;
34			const char *realm;
35			} authn_dbd_conf;
36			typedef struct {
37			const char *label;
38			const char *query;
39			} authn_dbd_rec;
40
41			/* optional function - look it up once in post_config */
42			static ap_dbd_t (authn_dbd_acquire_fn)(request_rec*) = NULL;
43			static void (authn_dbd_prepare_fn)(server_rec, const char, const char) = NULL;
44
45			static void authn_dbd_cr_conf(apr_pool_t pool, char *dummy)
46			{
47			authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
48			return ret;
49			}
50			static void authn_dbd_merge_conf(apr_pool_t pool, void BASE, void ADD)
51			{
52			authn_dbd_conf *add = ADD;
53			authn_dbd_conf *base = BASE;
54			authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
55			ret->user = (add->user == NULL) ? base->user : add->user;
56			ret->realm = (add->realm == NULL) ? base->realm : add->realm;
57			return ret;
58			}
59			static const char authn_dbd_prepare(cmd_parms cmd, void cfg, const char query)
60			{
61			static unsigned int label_num = 0;
62			char *label;
63
64			if (authn_dbd_prepare_fn == NULL) {
65			authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
66			if (authn_dbd_prepare_fn == NULL) {
67			return "You must load mod_dbd to enable AuthDBD functions";
68			}
69			authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
70			}
71			label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);
72
73			authn_dbd_prepare_fn(cmd->server, query, label);
74
75			/* save the label here for our own use */
76	niq	344349	return ap_set_string_slot(cmd, cfg, label);
77	niq	321247	}
78			static const command_rec authn_dbd_cmds[] =
79			{
80			AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
81	niq	329497	(void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
82	niq	321247	"Query used to fetch password for user"),
83	niq	329497	AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
84			(void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
85	niq	321247	"Query used to fetch password for user+realm"),
86			{NULL}
87			};
88			static authn_status authn_dbd_password(request_rec r, const char user,
89			const char *password)
90			{
91			apr_status_t rv;
92			const char *dbd_password = NULL;
93			apr_dbd_prepared_t *statement;
94			apr_dbd_results_t *res = NULL;
95			apr_dbd_row_t *row = NULL;
96
97			authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
98			&authn_dbd_module);
99			ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
100			if (dbd == NULL) {
101			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
102	chrisd	639079	"Failed to acquire database connection to look up "
103			"user '%s'", user);
104	niq	321247	return AUTH_GENERAL_ERROR;
105			}
106
107			if (conf->user == NULL) {
108	chrisd	639079	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
109			"No AuthDBDUserPWQuery has been specified");
110	niq	321247	return AUTH_GENERAL_ERROR;
111			}
112
113			statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
114			if (statement == NULL) {
115	chrisd	639079	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
116			"A prepared statement could not be found for "
117			"AuthDBDUserPWQuery with the key '%s'", conf->user);
118	niq	321247	return AUTH_GENERAL_ERROR;
119			}
120			if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
121			0, user, NULL) != 0) {
122			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
123	chrisd	639079	"Query execution error looking up '%s' "
124			"in database", user);
125	niq	321247	return AUTH_GENERAL_ERROR;
126			}
127			for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
128			rv != -1;
129			rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
130			if (rv != 0) {
131			ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
132	chrisd	639079	"Error retrieving results while looking up '%s' "
133			"in database", user);
134	niq	321247	return AUTH_GENERAL_ERROR;
135			}
136			if (dbd_password == NULL) {
137	minfrin	466865	#if APU_MAJOR_VERSION > 1 \|\| (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
138			/* add the rest of the columns to the environment */
139			int i = 1;
140			const char *name;
141			for (name = apr_dbd_get_name(dbd->driver, res, i);
142			name != NULL;
143			name = apr_dbd_get_name(dbd->driver, res, i)) {
144
145			char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
146			name,
147			NULL);
148	minfrin	571798	int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
149	minfrin	466865	while (str[j]) {
150			if (!apr_isalnum(str[j])) {
151			str[j] = '_';
152			}
153			else {
154			str[j] = apr_toupper(str[j]);
155			}
156			j++;
157			}
158	niq	586765	apr_table_set(r->subprocess_env, str,
159			apr_dbd_get_entry(dbd->driver, row, i));
160	minfrin	466865	i++;
161			}
162			#endif
163	bnicholes	468042	dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
164	niq	321247	}
165	niq	329497	/* we can't break out here or row won't get cleaned up */
166	niq	321247	}
167
168			if (!dbd_password) {
169			return AUTH_USER_NOT_FOUND;
170			}
171
172			rv = apr_password_validate(password, dbd_password);
173
174			if (rv != APR_SUCCESS) {
175			return AUTH_DENIED;
176			}
177
178			return AUTH_GRANTED;
179			}
180			static authn_status authn_dbd_realm(request_rec r, const char user,
181			const char realm, char *rethash)
182			{
183			apr_status_t rv;
184			const char *dbd_hash = NULL;
185			apr_dbd_prepared_t *statement;
186			apr_dbd_results_t *res = NULL;
187			apr_dbd_row_t *row = NULL;
188
189			authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
190			&authn_dbd_module);
191			ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
192			if (dbd == NULL) {
193			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
194	chrisd	639079	"Failed to acquire database connection to look up "
195			"user '%s:%s'", user, realm);
196	niq	321247	return AUTH_GENERAL_ERROR;
197			}
198			if (conf->realm == NULL) {
199	chrisd	639079	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
200			"No AuthDBDUserRealmQuery has been specified");
201	niq	321247	return AUTH_GENERAL_ERROR;
202			}
203			statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
204			if (statement == NULL) {
205	chrisd	639079	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
206			"A prepared statement could not be found for "
207			"AuthDBDUserRealmQuery with the key '%s'", conf->realm);
208	niq	321247	return AUTH_GENERAL_ERROR;
209			}
210			if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
211			0, user, realm, NULL) != 0) {
212			ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
213	chrisd	639079	"Query execution error looking up '%s:%s' "
214			"in database", user, realm);
215	niq	321247	return AUTH_GENERAL_ERROR;
216			}
217			for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
218			rv != -1;
219			rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
220			if (rv != 0) {
221			ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
222	chrisd	639079	"Error retrieving results while looking up '%s:%s' "
223			"in database", user, realm);
224	niq	321247	return AUTH_GENERAL_ERROR;
225			}
226			if (dbd_hash == NULL) {
227	minfrin	466865	#if APU_MAJOR_VERSION > 1 \|\| (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
228			/* add the rest of the columns to the environment */
229			int i = 1;
230			const char *name;
231			for (name = apr_dbd_get_name(dbd->driver, res, i);
232			name != NULL;
233			name = apr_dbd_get_name(dbd->driver, res, i)) {
234
235			char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
236			name,
237			NULL);
238	minfrin	571798	int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
239	minfrin	466865	while (str[j]) {
240			if (!apr_isalnum(str[j])) {
241			str[j] = '_';
242			}
243			else {
244			str[j] = apr_toupper(str[j]);
245			}
246			j++;
247			}
248	niq	586765	apr_table_set(r->subprocess_env, str,
249			apr_dbd_get_entry(dbd->driver, row, i));
250	minfrin	466865	i++;
251			}
252			#endif
253	bnicholes	468042	dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
254	niq	321247	}
255	niq	329497	/* we can't break out here or row won't get cleaned up */
256	niq	321247	}
257
258			if (!dbd_hash) {
259			return AUTH_USER_NOT_FOUND;
260			}
261
262			*rethash = apr_pstrdup(r->pool, dbd_hash);
263			return AUTH_USER_FOUND;
264			}
265			static void authn_dbd_hooks(apr_pool_t *p)
266			{
267			static const authn_provider authn_dbd_provider = {
268			&authn_dbd_password,
269			&authn_dbd_realm
270			};
271	jim	332306
272	chrisd	658046	ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "dbd",
273			AUTHN_PROVIDER_VERSION,
274	chrisd	644525	&authn_dbd_provider, AP_AUTH_INTERNAL_PER_CONF);
275	niq	321247	}
276			module AP_MODULE_DECLARE_DATA authn_dbd_module =
277			{
278			STANDARD20_MODULE_STUFF,
279			authn_dbd_cr_conf,
280			authn_dbd_merge_conf,
281			NULL,
282			NULL,
283			authn_dbd_cmds,
284			authn_dbd_hooks
285			};