1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "ap_provider.h"
19 #include "http_config.h"
21 #include "http_request.h"
25 #include "apr_strings.h"
28 #include "apu_version.h"
30 module AP_MODULE_DECLARE_DATA authn_dbd_module;
42 /* optional function - look it up once in post_config */
43 static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL;
44 static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL;
45 static APR_OPTIONAL_FN_TYPE(ap_authn_cache_store) *authn_cache_store = NULL;
46 #define AUTHN_CACHE_STORE(r,user,realm,data) \
47 if (authn_cache_store != NULL) \
48 authn_cache_store((r), "dbd", (user), (realm), (data))
50 static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy)
52 authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
56 static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD)
58 authn_dbd_conf *add = ADD;
59 authn_dbd_conf *base = BASE;
60 authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
61 ret->user = (add->user == NULL) ? base->user : add->user;
62 ret->realm = (add->realm == NULL) ? base->realm : add->realm;
66 static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query)
68 static unsigned int label_num = 0;
70 const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
74 if (authn_dbd_prepare_fn == NULL) {
75 authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
76 if (authn_dbd_prepare_fn == NULL) {
77 return "You must load mod_dbd to enable AuthDBD functions";
79 authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
81 label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);
83 authn_dbd_prepare_fn(cmd->server, query, label);
85 /* save the label here for our own use */
86 return ap_set_string_slot(cmd, cfg, label);
89 static const command_rec authn_dbd_cmds[] =
91 AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
92 (void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
93 "Query used to fetch password for user"),
94 AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
95 (void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
96 "Query used to fetch password for user+realm"),
100 static authn_status authn_dbd_password(request_rec *r, const char *user,
101 const char *password)
104 const char *dbd_password = NULL;
105 apr_dbd_prepared_t *statement;
106 apr_dbd_results_t *res = NULL;
107 apr_dbd_row_t *row = NULL;
110 authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
112 ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
114 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01653)
115 "Failed to acquire database connection to look up "
117 return AUTH_GENERAL_ERROR;
120 if (conf->user == NULL) {
121 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01654)
122 "No AuthDBDUserPWQuery has been specified");
123 return AUTH_GENERAL_ERROR;
126 statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
127 if (statement == NULL) {
128 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01655)
129 "A prepared statement could not be found for "
130 "AuthDBDUserPWQuery with the key '%s'", conf->user);
131 return AUTH_GENERAL_ERROR;
133 if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
134 statement, 0, user, NULL)) != 0) {
135 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01656)
136 "Query execution error looking up '%s' "
138 user, apr_dbd_error(dbd->driver, dbd->handle, ret));
139 return AUTH_GENERAL_ERROR;
141 for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
143 rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
145 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01657)
146 "Error retrieving results while looking up '%s' "
147 "in database", user);
148 return AUTH_GENERAL_ERROR;
150 if (dbd_password == NULL) {
151 #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
152 /* add the rest of the columns to the environment */
155 for (name = apr_dbd_get_name(dbd->driver, res, i);
157 name = apr_dbd_get_name(dbd->driver, res, i)) {
159 char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
162 int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
164 if (!apr_isalnum(str[j])) {
168 str[j] = apr_toupper(str[j]);
172 apr_table_set(r->subprocess_env, str,
173 apr_dbd_get_entry(dbd->driver, row, i));
177 dbd_password = apr_pstrdup(r->pool,
178 apr_dbd_get_entry(dbd->driver, row, 0));
180 /* we can't break out here or row won't get cleaned up */
184 return AUTH_USER_NOT_FOUND;
186 AUTHN_CACHE_STORE(r, user, NULL, dbd_password);
188 rv = ap_password_validate(r, user, password, dbd_password);
190 if (rv != APR_SUCCESS) {
197 static authn_status authn_dbd_realm(request_rec *r, const char *user,
198 const char *realm, char **rethash)
201 const char *dbd_hash = NULL;
202 apr_dbd_prepared_t *statement;
203 apr_dbd_results_t *res = NULL;
204 apr_dbd_row_t *row = NULL;
207 authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
209 ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
211 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01658)
212 "Failed to acquire database connection to look up "
213 "user '%s:%s'", user, realm);
214 return AUTH_GENERAL_ERROR;
216 if (conf->realm == NULL) {
217 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01659)
218 "No AuthDBDUserRealmQuery has been specified");
219 return AUTH_GENERAL_ERROR;
221 statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
222 if (statement == NULL) {
223 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01660)
224 "A prepared statement could not be found for "
225 "AuthDBDUserRealmQuery with the key '%s'", conf->realm);
226 return AUTH_GENERAL_ERROR;
228 if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
229 statement, 0, user, realm, NULL)) != 0) {
230 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01661)
231 "Query execution error looking up '%s:%s' "
234 apr_dbd_error(dbd->driver, dbd->handle, ret));
235 return AUTH_GENERAL_ERROR;
237 for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
239 rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
241 ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01662)
242 "Error retrieving results while looking up '%s:%s' "
243 "in database", user, realm);
244 return AUTH_GENERAL_ERROR;
246 if (dbd_hash == NULL) {
247 #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
248 /* add the rest of the columns to the environment */
251 for (name = apr_dbd_get_name(dbd->driver, res, i);
253 name = apr_dbd_get_name(dbd->driver, res, i)) {
255 char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
258 int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
260 if (!apr_isalnum(str[j])) {
264 str[j] = apr_toupper(str[j]);
268 apr_table_set(r->subprocess_env, str,
269 apr_dbd_get_entry(dbd->driver, row, i));
273 dbd_hash = apr_pstrdup(r->pool,
274 apr_dbd_get_entry(dbd->driver, row, 0));
276 /* we can't break out here or row won't get cleaned up */
280 return AUTH_USER_NOT_FOUND;
282 AUTHN_CACHE_STORE(r, user, realm, dbd_hash);
283 *rethash = apr_pstrdup(r->pool, dbd_hash);
284 return AUTH_USER_FOUND;
287 static void opt_retr(void)
289 authn_cache_store = APR_RETRIEVE_OPTIONAL_FN(ap_authn_cache_store);
292 static void authn_dbd_hooks(apr_pool_t *p)
294 static const authn_provider authn_dbd_provider = {
299 ap_register_auth_provider(p, AUTHN_PROVIDER_GROUP, "dbd",
300 AUTHN_PROVIDER_VERSION,
301 &authn_dbd_provider, AP_AUTH_INTERNAL_PER_CONF);
302 ap_hook_optional_fn_retrieve(opt_retr, NULL, NULL, APR_HOOK_MIDDLE);
305 AP_DECLARE_MODULE(authn_dbd) =
307 STANDARD20_MODULE_STUFF,
309 authn_dbd_merge_conf,