From 2d79512131203db1e5fcb2a37ead16c80c77b577 Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Sun, 22 Oct 2006 19:11:51 +0000 Subject: [PATCH] mod_authn_dbd: Export any additional columns queried in the SQL select into the environment with the name AUTHENTICATE_. This brings mod_authn_dbd behaviour in line with mod_authnz_ldap. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@466865 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++ docs/manual/mod/mod_authn_dbd.xml | 9 ++++- modules/aaa/mod_auth.h | 2 + modules/aaa/mod_authn_dbd.c | 64 +++++++++++++++++++++++++++++-- modules/aaa/mod_authnz_ldap.c | 2 +- 5 files changed, 75 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index daf1b436f7..b49020bc83 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.3.0 [Remove entries to the current 2.0 and 2.2 section below, when backported] + *) mod_authn_dbd: Export any additional columns queried in the SQL select + into the environment with the name AUTHENTICATE_. This brings + mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett] + *) mod_dbd: Key the storage of prepared statements on the hex string value of server_rec, rather than the server name, as the server name may change (eg when the server name is set) at any time, causing diff --git a/docs/manual/mod/mod_authn_dbd.xml b/docs/manual/mod/mod_authn_dbd.xml index 57651b27df..aac4197624 100644 --- a/docs/manual/mod/mod_authn_dbd.xml +++ b/docs/manual/mod/mod_authn_dbd.xml @@ -111,7 +111,10 @@ DBDExptime 60 AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s" - +

If httpd was built against apr v1.3.0 or higher, any additional + columns specified in the select statement will be inserted into + the environment with the name AUTHENTICATE_<COLUMN>. +

@@ -133,6 +136,10 @@ DBDExptime 60 AuthDBDUserRealmQuery "SELECT password FROM authn WHERE username = %s AND realm = %s" +

If httpd was built against apr v1.3.0 or higher, any additional + columns specified in the select statement will be inserted into + the environment with the name AUTHENTICATE_<COLUMN>. +

diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h index 581548009a..05aabb8bec 100644 --- a/modules/aaa/mod_auth.h +++ b/modules/aaa/mod_auth.h @@ -44,6 +44,8 @@ extern "C" { #define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name" #define AUTHZ_ACCESS_PASSED_NOTE "authz_access_passed" +#define AUTHN_PREFIX "AUTHENTICATE_" + /** all of the requirements must be met */ #define SATISFY_ALL 0 /** any of the requirements must be met */ diff --git a/modules/aaa/mod_authn_dbd.c b/modules/aaa/mod_authn_dbd.c index 60dbb95498..d6bebc4130 100644 --- a/modules/aaa/mod_authn_dbd.c +++ b/modules/aaa/mod_authn_dbd.c @@ -18,11 +18,13 @@ #include "httpd.h" #include "http_config.h" #include "http_log.h" +#include "apr_lib.h" #include "apr_dbd.h" #include "mod_dbd.h" #include "apr_strings.h" #include "mod_auth.h" #include "apr_md5.h" +#include "apu_version.h" module AP_MODULE_DECLARE_DATA authn_dbd_module; @@ -101,13 +103,13 @@ static authn_status authn_dbd_password(request_rec *r, const char *user, } if (conf->user == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified."); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING); if (statement == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, @@ -126,6 +128,33 @@ static authn_status authn_dbd_password(request_rec *r, const char *user, } if (dbd_password == NULL) { dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); + +#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) + /* add the rest of the columns to the environment */ + int i = 1; + const char *name; + for (name = apr_dbd_get_name(dbd->driver, res, i); + name != NULL; + name = apr_dbd_get_name(dbd->driver, res, i)) { + + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, + name, + NULL); + int j = 13; + while (str[j]) { + if (!apr_isalnum(str[j])) { + str[j] = '_'; + } + else { + str[j] = apr_toupper(str[j]); + } + j++; + } + apr_table_setn(r->subprocess_env, str, + apr_dbd_get_entry(dbd->driver, row, i)); + i++; + } +#endif } /* we can't break out here or row won't get cleaned up */ } @@ -160,12 +189,12 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user, return AUTH_GENERAL_ERROR; } if (conf->realm == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified."); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING); if (statement == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, @@ -184,6 +213,33 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user, } if (dbd_hash == NULL) { dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0); + +#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) + /* add the rest of the columns to the environment */ + int i = 1; + const char *name; + for (name = apr_dbd_get_name(dbd->driver, res, i); + name != NULL; + name = apr_dbd_get_name(dbd->driver, res, i)) { + + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, + name, + NULL); + int j = 13; + while (str[j]) { + if (!apr_isalnum(str[j])) { + str[j] = '_'; + } + else { + str[j] = apr_toupper(str[j]); + } + j++; + } + apr_table_setn(r->subprocess_env, str, + apr_dbd_get_entry(dbd->driver, row, i)); + i++; + } +#endif } /* we can't break out here or row won't get cleaned up */ } diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index eb3a1e511c..38d83daff4 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -433,7 +433,7 @@ start_over: apr_table_t *e = r->subprocess_env; int i = 0; while (sec->attributes[i]) { - char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL); + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL); int j = 13; while (str[j]) { if (str[j] >= 'a' && str[j] <= 'z') { -- 2.50.0