1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "ap_provider.h"
19 #include "http_config.h"
24 #include "apr_strings.h"
27 #include "apu_version.h"
29 module AP_MODULE_DECLARE_DATA authn_dbd_module;
40 /* optional function - look it up once in post_config */
41 static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL;
42 static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL;
44 static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy)
46 authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
49 static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD)
51 authn_dbd_conf *add = ADD;
52 authn_dbd_conf *base = BASE;
53 authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
54 ret->user = (add->user == NULL) ? base->user : add->user;
55 ret->realm = (add->realm == NULL) ? base->realm : add->realm;
58 static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query)
60 static unsigned int label_num = 0;
63 if (authn_dbd_prepare_fn == NULL) {
64 authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
65 if (authn_dbd_prepare_fn == NULL) {
66 return "You must load mod_dbd to enable AuthDBD functions";
68 authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
70 label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);
72 authn_dbd_prepare_fn(cmd->server, query, label);
74 /* save the label here for our own use */
75 return ap_set_string_slot(cmd, cfg, label);
77 static const command_rec authn_dbd_cmds[] =
79 AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
80 (void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
81 "Query used to fetch password for user"),
82 AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
83 (void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
84 "Query used to fetch password for user+realm"),
87 static authn_status authn_dbd_password(request_rec *r, const char *user,
91 const char *dbd_password = NULL;
92 apr_dbd_prepared_t *statement;
93 apr_dbd_results_t *res = NULL;
94 apr_dbd_row_t *row = NULL;
96 authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
98 ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
100 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
101 "Failed to acquire database connection to look up "
103 return AUTH_GENERAL_ERROR;
106 if (conf->user == NULL) {
107 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
108 "No AuthDBDUserPWQuery has been specified");
109 return AUTH_GENERAL_ERROR;
112 statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
113 if (statement == NULL) {
114 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
115 "A prepared statement could not be found for "
116 "AuthDBDUserPWQuery with the key '%s'", conf->user);
117 return AUTH_GENERAL_ERROR;
119 if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
120 0, user, NULL) != 0) {
121 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
122 "Query execution error looking up '%s' "
123 "in database", user);
124 return AUTH_GENERAL_ERROR;
126 for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
128 rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
130 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
131 "Error retrieving results while looking up '%s' "
132 "in database", user);
133 return AUTH_GENERAL_ERROR;
135 if (dbd_password == NULL) {
136 #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
137 /* add the rest of the columns to the environment */
140 for (name = apr_dbd_get_name(dbd->driver, res, i);
142 name = apr_dbd_get_name(dbd->driver, res, i)) {
144 char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
147 int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
149 if (!apr_isalnum(str[j])) {
153 str[j] = apr_toupper(str[j]);
157 apr_table_set(r->subprocess_env, str,
158 apr_dbd_get_entry(dbd->driver, row, i));
162 dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
164 /* we can't break out here or row won't get cleaned up */
168 return AUTH_USER_NOT_FOUND;
171 rv = apr_password_validate(password, dbd_password);
173 if (rv != APR_SUCCESS) {
179 static authn_status authn_dbd_realm(request_rec *r, const char *user,
180 const char *realm, char **rethash)
183 const char *dbd_hash = NULL;
184 apr_dbd_prepared_t *statement;
185 apr_dbd_results_t *res = NULL;
186 apr_dbd_row_t *row = NULL;
188 authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
190 ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
192 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
193 "Failed to acquire database connection to look up "
194 "user '%s:%s'", user, realm);
195 return AUTH_GENERAL_ERROR;
197 if (conf->realm == NULL) {
198 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
199 "No AuthDBDUserRealmQuery has been specified");
200 return AUTH_GENERAL_ERROR;
202 statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
203 if (statement == NULL) {
204 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
205 "A prepared statement could not be found for "
206 "AuthDBDUserRealmQuery with the key '%s'", conf->realm);
207 return AUTH_GENERAL_ERROR;
209 if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
210 0, user, realm, NULL) != 0) {
211 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
212 "Query execution error looking up '%s:%s' "
213 "in database", user, realm);
214 return AUTH_GENERAL_ERROR;
216 for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
218 rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
220 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
221 "Error retrieving results while looking up '%s:%s' "
222 "in database", user, realm);
223 return AUTH_GENERAL_ERROR;
225 if (dbd_hash == NULL) {
226 #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
227 /* add the rest of the columns to the environment */
230 for (name = apr_dbd_get_name(dbd->driver, res, i);
232 name = apr_dbd_get_name(dbd->driver, res, i)) {
234 char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
237 int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
239 if (!apr_isalnum(str[j])) {
243 str[j] = apr_toupper(str[j]);
247 apr_table_set(r->subprocess_env, str,
248 apr_dbd_get_entry(dbd->driver, row, i));
252 dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
254 /* we can't break out here or row won't get cleaned up */
258 return AUTH_USER_NOT_FOUND;
261 *rethash = apr_pstrdup(r->pool, dbd_hash);
262 return AUTH_USER_FOUND;
264 static void authn_dbd_hooks(apr_pool_t *p)
266 static const authn_provider authn_dbd_provider = {
271 ap_register_provider(p, AUTHN_PROVIDER_GROUP, "dbd", "0", &authn_dbd_provider);
273 module AP_MODULE_DECLARE_DATA authn_dbd_module =
275 STANDARD20_MODULE_STUFF,
277 authn_dbd_merge_conf,