1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
* contributor license agreements. See the NOTICE file distributed with
3
* this work for additional information regarding copyright ownership.
4
* The ASF licenses this file to You under the Apache License, Version 2.0
5
* (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
17
#include "ap_provider.h"
19
#include "http_config.h"
23
#include "apr_strings.h"
27
module AP_MODULE_DECLARE_DATA authn_dbd_module;
38
/* optional function - look it up once in post_config */
39
static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL;
40
static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL;
42
static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy)
44
authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf));
47
static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD)
49
authn_dbd_conf *add = ADD;
50
authn_dbd_conf *base = BASE;
51
authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf));
52
ret->user = (add->user == NULL) ? base->user : add->user;
53
ret->realm = (add->realm == NULL) ? base->realm : add->realm;
56
static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query)
58
static unsigned int label_num = 0;
61
if (authn_dbd_prepare_fn == NULL) {
62
authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
63
if (authn_dbd_prepare_fn == NULL) {
64
return "You must load mod_dbd to enable AuthDBD functions";
66
authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
68
label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);
70
authn_dbd_prepare_fn(cmd->server, query, label);
72
/* save the label here for our own use */
73
return ap_set_string_slot(cmd, cfg, label);
75
static const command_rec authn_dbd_cmds[] =
77
AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
78
(void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
79
"Query used to fetch password for user"),
80
AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
81
(void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
82
"Query used to fetch password for user+realm"),
85
static authn_status authn_dbd_password(request_rec *r, const char *user,
89
const char *dbd_password = NULL;
90
apr_dbd_prepared_t *statement;
91
apr_dbd_results_t *res = NULL;
92
apr_dbd_row_t *row = NULL;
94
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
96
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
98
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
99
"Error looking up %s in database", user);
100
return AUTH_GENERAL_ERROR;
103
if (conf->user == NULL) {
104
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
105
return AUTH_GENERAL_ERROR;
108
statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
109
if (statement == NULL) {
110
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
111
return AUTH_GENERAL_ERROR;
113
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
114
0, user, NULL) != 0) {
115
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
116
"Error looking up %s in database", user);
117
return AUTH_GENERAL_ERROR;
119
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
121
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
123
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
124
"Error looking up %s in database", user);
125
return AUTH_GENERAL_ERROR;
127
if (dbd_password == NULL) {
128
dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
130
/* we can't break out here or row won't get cleaned up */
134
return AUTH_USER_NOT_FOUND;
137
rv = apr_password_validate(password, dbd_password);
139
if (rv != APR_SUCCESS) {
145
static authn_status authn_dbd_realm(request_rec *r, const char *user,
146
const char *realm, char **rethash)
149
const char *dbd_hash = NULL;
150
apr_dbd_prepared_t *statement;
151
apr_dbd_results_t *res = NULL;
152
apr_dbd_row_t *row = NULL;
154
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
156
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
158
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
159
"Error looking up %s in database", user);
160
return AUTH_GENERAL_ERROR;
162
if (conf->realm == NULL) {
163
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
164
return AUTH_GENERAL_ERROR;
166
statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
167
if (statement == NULL) {
168
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
169
return AUTH_GENERAL_ERROR;
171
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
172
0, user, realm, NULL) != 0) {
173
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
174
"Error looking up %s:%s in database", user, realm);
175
return AUTH_GENERAL_ERROR;
177
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
179
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
181
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
182
"Error looking up %s in database", user);
183
return AUTH_GENERAL_ERROR;
185
if (dbd_hash == NULL) {
186
dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
188
/* we can't break out here or row won't get cleaned up */
192
return AUTH_USER_NOT_FOUND;
195
*rethash = apr_pstrdup(r->pool, dbd_hash);
196
return AUTH_USER_FOUND;
198
static void authn_dbd_hooks(apr_pool_t *p)
200
static const authn_provider authn_dbd_provider = {
205
ap_register_provider(p, AUTHN_PROVIDER_GROUP, "dbd", "0", &authn_dbd_provider);
207
module AP_MODULE_DECLARE_DATA authn_dbd_module =
209
STANDARD20_MODULE_STUFF,
211
authn_dbd_merge_conf,