| /* Copyright 2000-2005 The Apache Software Foundation or its licensors, as |
| * applicable. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "ap_provider.h" |
| #include "httpd.h" |
| #include "http_config.h" |
| #include "http_log.h" |
| #include "apr_dbd.h" |
| #include "mod_dbd.h" |
| #include "apr_strings.h" |
| #include "mod_auth.h" |
| #include "apr_md5.h" |
| |
| module AP_MODULE_DECLARE_DATA authn_dbd_module; |
| |
| typedef struct { |
| const char *user; |
| const char *realm; |
| } authn_dbd_conf; |
| typedef struct { |
| const char *label; |
| const char *query; |
| } authn_dbd_rec; |
| |
| /* optional function - look it up once in post_config */ |
| static ap_dbd_t *(*authn_dbd_acquire_fn)(request_rec*) = NULL; |
| static void (*authn_dbd_prepare_fn)(server_rec*, const char*, const char*) = NULL; |
| |
| static void *authn_dbd_cr_conf(apr_pool_t *pool, char *dummy) |
| { |
| authn_dbd_conf *ret = apr_pcalloc(pool, sizeof(authn_dbd_conf)); |
| return ret; |
| } |
| static void *authn_dbd_merge_conf(apr_pool_t *pool, void *BASE, void *ADD) |
| { |
| authn_dbd_conf *add = ADD; |
| authn_dbd_conf *base = BASE; |
| authn_dbd_conf *ret = apr_palloc(pool, sizeof(authn_dbd_conf)); |
| ret->user = (add->user == NULL) ? base->user : add->user; |
| ret->realm = (add->realm == NULL) ? base->realm : add->realm; |
| return ret; |
| } |
| static const char *authn_dbd_prepare(cmd_parms *cmd, void *cfg, const char *query) |
| { |
| static unsigned int label_num = 0; |
| char *label; |
| |
| if (authn_dbd_prepare_fn == NULL) { |
| authn_dbd_prepare_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare); |
| if (authn_dbd_prepare_fn == NULL) { |
| return "You must load mod_dbd to enable AuthDBD functions"; |
| } |
| authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire); |
| } |
| label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num); |
| |
| authn_dbd_prepare_fn(cmd->server, query, label); |
| |
| /* save the label here for our own use */ |
| return ap_set_string_slot(cmd, cfg, label); |
| } |
| static const command_rec authn_dbd_cmds[] = |
| { |
| AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare, |
| (void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF, |
| "Query used to fetch password for user"), |
| AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare, |
| (void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF, |
| "Query used to fetch password for user+realm"), |
| {NULL} |
| }; |
| static authn_status authn_dbd_password(request_rec *r, const char *user, |
| const char *password) |
| { |
| apr_status_t rv; |
| const char *dbd_password = NULL; |
| apr_dbd_prepared_t *statement; |
| apr_dbd_results_t *res = NULL; |
| apr_dbd_row_t *row = NULL; |
| |
| authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, |
| &authn_dbd_module); |
| ap_dbd_t *dbd = authn_dbd_acquire_fn(r); |
| if (dbd == NULL) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| "Error looking up %s in database", user); |
| return AUTH_GENERAL_ERROR; |
| } |
| |
| if (conf->user == NULL) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| return AUTH_GENERAL_ERROR; |
| } |
| |
| statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING); |
| if (statement == NULL) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| return AUTH_GENERAL_ERROR; |
| } |
| if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, |
| 0, user, NULL) != 0) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| "Error looking up %s in database", user); |
| return AUTH_GENERAL_ERROR; |
| } |
| for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); |
| rv != -1; |
| rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { |
| if (rv != 0) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
| "Error looking up %s in database", user); |
| return AUTH_GENERAL_ERROR; |
| } |
| if (dbd_password == NULL) { |
| dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); |
| } |
| /* we can't break out here or row won't get cleaned up */ |
| } |
| |
| if (!dbd_password) { |
| return AUTH_USER_NOT_FOUND; |
| } |
| |
| rv = apr_password_validate(password, dbd_password); |
| |
| if (rv != APR_SUCCESS) { |
| return AUTH_DENIED; |
| } |
| |
| return AUTH_GRANTED; |
| } |
| static authn_status authn_dbd_realm(request_rec *r, const char *user, |
| const char *realm, char **rethash) |
| { |
| apr_status_t rv; |
| const char *dbd_hash = NULL; |
| apr_dbd_prepared_t *statement; |
| apr_dbd_results_t *res = NULL; |
| apr_dbd_row_t *row = NULL; |
| |
| authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, |
| &authn_dbd_module); |
| ap_dbd_t *dbd = authn_dbd_acquire_fn(r); |
| if (dbd == NULL) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| "Error looking up %s in database", user); |
| return AUTH_GENERAL_ERROR; |
| } |
| if (conf->realm == NULL) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| return AUTH_GENERAL_ERROR; |
| } |
| statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING); |
| if (statement == NULL) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); |
| return AUTH_GENERAL_ERROR; |
| } |
| if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, |
| 0, user, realm, NULL) != 0) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
| "Error looking up %s:%s in database", user, realm); |
| return AUTH_GENERAL_ERROR; |
| } |
| for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); |
| rv != -1; |
| rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { |
| if (rv != 0) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, |
| "Error looking up %s in database", user); |
| return AUTH_GENERAL_ERROR; |
| } |
| if (dbd_hash == NULL) { |
| dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0); |
| } |
| /* we can't break out here or row won't get cleaned up */ |
| } |
| |
| if (!dbd_hash) { |
| return AUTH_USER_NOT_FOUND; |
| } |
| |
| *rethash = apr_pstrdup(r->pool, dbd_hash); |
| return AUTH_USER_FOUND; |
| } |
| static void authn_dbd_hooks(apr_pool_t *p) |
| { |
| static const authn_provider authn_dbd_provider = { |
| &authn_dbd_password, |
| &authn_dbd_realm |
| }; |
| |
| ap_register_provider(p, AUTHN_PROVIDER_GROUP, "dbd", "0", &authn_dbd_provider); |
| } |
| module AP_MODULE_DECLARE_DATA authn_dbd_module = |
| { |
| STANDARD20_MODULE_STUFF, |
| authn_dbd_cr_conf, |
| authn_dbd_merge_conf, |
| NULL, |
| NULL, |
| authn_dbd_cmds, |
| authn_dbd_hooks |
| }; |