|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "ap_provider.h"
|
|
Packit |
90a5c9 |
#include "httpd.h"
|
|
Packit |
90a5c9 |
#include "http_config.h"
|
|
Packit |
90a5c9 |
#include "http_log.h"
|
|
Packit |
90a5c9 |
#include "http_request.h"
|
|
Packit |
90a5c9 |
#include "apr_lib.h"
|
|
Packit |
90a5c9 |
#include "apr_dbd.h"
|
|
Packit |
90a5c9 |
#include "mod_dbd.h"
|
|
Packit |
90a5c9 |
#include "apr_strings.h"
|
|
Packit |
90a5c9 |
#include "mod_auth.h"
|
|
Packit |
90a5c9 |
#include "apr_md5.h"
|
|
Packit |
90a5c9 |
#include "apu_version.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
module AP_MODULE_DECLARE_DATA authn_dbd_module;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
typedef struct {
|
|
Packit |
90a5c9 |
const char *user;
|
|
Packit |
90a5c9 |
const char *realm;
|
|
Packit |
90a5c9 |
} authn_dbd_conf;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* optional function - look it up once in post_config */
|
|
Packit |
90a5c9 |
static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL;
|
|
Packit |
90a5c9 |
static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL;
|
|
Packit |
90a5c9 |
static APR_OPTIONAL_FN_TYPE(ap_authn_cache_store) *authn_cache_store = NULL;
|
|
Packit |
90a5c9 |
#define AUTHN_CACHE_STORE(r,user,realm,data) \
|
|
Packit |
90a5c9 |
if (authn_cache_store != NULL) \
|
|
Packit |
90a5c9 |
authn_cache_store((r), "dbd", (user), (realm), (data))
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
|
|
Packit |
90a5c9 |
return ret;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authn_dbd_conf *add = ADD;
|
|
Packit |
90a5c9 |
authn_dbd_conf *base = BASE;
|
|
Packit |
90a5c9 |
authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
|
|
Packit |
90a5c9 |
ret->user = (add->user == NULL) ? base->user : add->user;
|
|
Packit |
90a5c9 |
ret->realm = (add->realm == NULL) ? base->realm : add->realm;
|
|
Packit |
90a5c9 |
return ret;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
static unsigned int label_num = 0;
|
|
Packit |
90a5c9 |
char *label;
|
|
Packit |
90a5c9 |
const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
|
|
Packit |
90a5c9 |
if (err)
|
|
Packit |
90a5c9 |
return err;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (authn_dbd_prepare_fn == NULL) {
|
|
Packit |
90a5c9 |
authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
|
|
Packit |
90a5c9 |
if (authn_dbd_prepare_fn == NULL) {
|
|
Packit |
90a5c9 |
return "You must load mod_dbd to enable AuthDBD functions";
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
authn_dbd_prepare_fn(cmd->server, query, label);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* save the label here for our own use */
|
|
Packit |
90a5c9 |
return ap_set_string_slot(cmd, cfg, label);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const command_rec authn_dbd_cmds[] =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
|
|
Packit |
90a5c9 |
(void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
|
|
Packit |
90a5c9 |
"Query used to fetch password for user"),
|
|
Packit |
90a5c9 |
AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
|
|
Packit |
90a5c9 |
(void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
|
|
Packit |
90a5c9 |
"Query used to fetch password for user+realm"),
|
|
Packit |
90a5c9 |
{NULL}
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authn_status authn_dbd_password(request_rec *r, const char *user,
|
|
Packit |
90a5c9 |
const char *password)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
apr_status_t rv;
|
|
Packit |
90a5c9 |
const char *dbd_password = NULL;
|
|
Packit |
90a5c9 |
apr_dbd_prepared_t *statement;
|
|
Packit |
90a5c9 |
apr_dbd_results_t *res = NULL;
|
|
Packit |
90a5c9 |
apr_dbd_row_t *row = NULL;
|
|
Packit |
90a5c9 |
int ret;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
|
|
Packit |
90a5c9 |
&authn_dbd_module);
|
|
Packit |
90a5c9 |
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
|
|
Packit |
90a5c9 |
if (dbd == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01653)
|
|
Packit |
90a5c9 |
"Failed to acquire database connection to look up "
|
|
Packit |
90a5c9 |
"user '%s'", user);
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (conf->user == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01654)
|
|
Packit |
90a5c9 |
"No AuthDBDUserPWQuery has been specified");
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
|
|
Packit |
90a5c9 |
if (statement == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01655)
|
|
Packit |
90a5c9 |
"A prepared statement could not be found for "
|
|
Packit |
90a5c9 |
"AuthDBDUserPWQuery with the key '%s'", conf->user);
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
|
|
Packit |
90a5c9 |
statement, 0, user, NULL)) != 0) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01656)
|
|
Packit |
90a5c9 |
"Query execution error looking up '%s' "
|
|
Packit |
90a5c9 |
"in database [%s]",
|
|
Packit |
90a5c9 |
user, apr_dbd_error(dbd->driver, dbd->handle, ret));
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
|
|
Packit |
90a5c9 |
rv != -1;
|
|
Packit |
90a5c9 |
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
|
|
Packit |
90a5c9 |
if (rv != 0) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01657)
|
|
Packit |
90a5c9 |
"Error retrieving results while looking up '%s' "
|
|
Packit |
90a5c9 |
"in database", user);
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (dbd_password == NULL) {
|
|
Packit |
90a5c9 |
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
|
|
Packit |
90a5c9 |
/* add the rest of the columns to the environment */
|
|
Packit |
90a5c9 |
int i = 1;
|
|
Packit |
90a5c9 |
const char *name;
|
|
Packit |
90a5c9 |
for (name = apr_dbd_get_name(dbd->driver, res, i);
|
|
Packit |
90a5c9 |
name != NULL;
|
|
Packit |
90a5c9 |
name = apr_dbd_get_name(dbd->driver, res, i)) {
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
|
|
Packit |
90a5c9 |
name,
|
|
Packit |
90a5c9 |
NULL);
|
|
Packit |
90a5c9 |
int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
|
|
Packit |
90a5c9 |
while (str[j]) {
|
|
Packit |
90a5c9 |
if (!apr_isalnum(str[j])) {
|
|
Packit |
90a5c9 |
str[j] = '_';
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
str[j] = apr_toupper(str[j]);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
j++;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
apr_table_set(r->subprocess_env, str,
|
|
Packit |
90a5c9 |
apr_dbd_get_entry(dbd->driver, row, i));
|
|
Packit |
90a5c9 |
i++;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
dbd_password = apr_pstrdup(r->pool,
|
|
Packit |
90a5c9 |
apr_dbd_get_entry(dbd->driver, row, 0));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* we can't break out here or row won't get cleaned up */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!dbd_password) {
|
|
Packit |
90a5c9 |
return AUTH_USER_NOT_FOUND;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
AUTHN_CACHE_STORE(r, user, NULL, dbd_password);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
rv = apr_password_validate(password, dbd_password);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (rv != APR_SUCCESS) {
|
|
Packit |
90a5c9 |
return AUTH_DENIED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return AUTH_GRANTED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authn_status authn_dbd_realm(request_rec *r, const char *user,
|
|
Packit |
90a5c9 |
const char *realm, char **rethash)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
apr_status_t rv;
|
|
Packit |
90a5c9 |
const char *dbd_hash = NULL;
|
|
Packit |
90a5c9 |
apr_dbd_prepared_t *statement;
|
|
Packit |
90a5c9 |
apr_dbd_results_t *res = NULL;
|
|
Packit |
90a5c9 |
apr_dbd_row_t *row = NULL;
|
|
Packit |
90a5c9 |
int ret;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
|
|
Packit |
90a5c9 |
&authn_dbd_module);
|
|
Packit |
90a5c9 |
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
|
|
Packit |
90a5c9 |
if (dbd == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01658)
|
|
Packit |
90a5c9 |
"Failed to acquire database connection to look up "
|
|
Packit |
90a5c9 |
"user '%s:%s'", user, realm);
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (conf->realm == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01659)
|
|
Packit |
90a5c9 |
"No AuthDBDUserRealmQuery has been specified");
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
|
|
Packit |
90a5c9 |
if (statement == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01660)
|
|
Packit |
90a5c9 |
"A prepared statement could not be found for "
|
|
Packit |
90a5c9 |
"AuthDBDUserRealmQuery with the key '%s'", conf->realm);
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
|
|
Packit |
90a5c9 |
statement, 0, user, realm, NULL)) != 0) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01661)
|
|
Packit |
90a5c9 |
"Query execution error looking up '%s:%s' "
|
|
Packit |
90a5c9 |
"in database [%s]",
|
|
Packit |
90a5c9 |
user, realm,
|
|
Packit |
90a5c9 |
apr_dbd_error(dbd->driver, dbd->handle, ret));
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
|
|
Packit |
90a5c9 |
rv != -1;
|
|
Packit |
90a5c9 |
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
|
|
Packit |
90a5c9 |
if (rv != 0) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01662)
|
|
Packit |
90a5c9 |
"Error retrieving results while looking up '%s:%s' "
|
|
Packit |
90a5c9 |
"in database", user, realm);
|
|
Packit |
90a5c9 |
return AUTH_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (dbd_hash == NULL) {
|
|
Packit |
90a5c9 |
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
|
|
Packit |
90a5c9 |
/* add the rest of the columns to the environment */
|
|
Packit |
90a5c9 |
int i = 1;
|
|
Packit |
90a5c9 |
const char *name;
|
|
Packit |
90a5c9 |
for (name = apr_dbd_get_name(dbd->driver, res, i);
|
|
Packit |
90a5c9 |
name != NULL;
|
|
Packit |
90a5c9 |
name = apr_dbd_get_name(dbd->driver, res, i)) {
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
|
|
Packit |
90a5c9 |
name,
|
|
Packit |
90a5c9 |
NULL);
|
|
Packit |
90a5c9 |
int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
|
|
Packit |
90a5c9 |
while (str[j]) {
|
|
Packit |
90a5c9 |
if (!apr_isalnum(str[j])) {
|
|
Packit |
90a5c9 |
str[j] = '_';
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
str[j] = apr_toupper(str[j]);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
j++;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
apr_table_set(r->subprocess_env, str,
|
|
Packit |
90a5c9 |
apr_dbd_get_entry(dbd->driver, row, i));
|
|
Packit |
90a5c9 |
i++;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
dbd_hash = apr_pstrdup(r->pool,
|
|
Packit |
90a5c9 |
apr_dbd_get_entry(dbd->driver, row, 0));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* we can't break out here or row won't get cleaned up */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!dbd_hash) {
|
|
Packit |
90a5c9 |
return AUTH_USER_NOT_FOUND;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
AUTHN_CACHE_STORE(r, user, realm, dbd_hash);
|
|
Packit |
90a5c9 |
*rethash = apr_pstrdup(r->pool, dbd_hash);
|
|
Packit |
90a5c9 |
return AUTH_USER_FOUND;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void opt_retr(void)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authn_cache_store = APR_RETRIEVE_OPTIONAL_FN(ap_authn_cache_store);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void authn_dbd_hooks(apr_pool_t *p)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
static const authn_provider authn_dbd_provider = {
|
|
Packit |
90a5c9 |
&authn_dbd_password,
|
|
Packit |
90a5c9 |
&authn_dbd_realm
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "dbd",
|
|
Packit |
90a5c9 |
AUTHN_PROVIDER_VERSION,
|
|
Packit |
90a5c9 |
&authn_dbd_provider, AP_AUTH_INTERNAL_PER_CONF);
|
|
Packit |
90a5c9 |
ap_hook_optional_fn_retrieve(opt_retr, NULL, NULL, APR_HOOK_MIDDLE);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AP_DECLARE_MODULE(authn_dbd) =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
STANDARD20_MODULE_STUFF,
|
|
Packit |
90a5c9 |
authn_dbd_cr_conf,
|
|
Packit |
90a5c9 |
authn_dbd_merge_conf,
|
|
Packit |
90a5c9 |
NULL,
|
|
Packit |
90a5c9 |
NULL,
|
|
Packit |
90a5c9 |
authn_dbd_cmds,
|
|
Packit |
90a5c9 |
authn_dbd_hooks
|
|
Packit |
90a5c9 |
};
|