mod_authn_dbd: Export any additional columns queried in the SQL select

into the environment with the name AUTHENTICATE_<COLUMN>. This brings
mod_authn_dbd behaviour in line with mod_authnz_ldap.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@466865 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index daf1b436f7a7ed6cee9fb7cd2eea3e759588306b..b49020bc838b725681d6c171eaff7c8141389e17 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
   [Remove entries to the current 2.0 and 2.2 section below, when backported]
 
+  *) mod_authn_dbd: Export any additional columns queried in the SQL select
+     into the environment with the name AUTHENTICATE_<COLUMN>. This brings
+     mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
+
   *) mod_dbd: Key the storage of prepared statements on the hex string
      value of server_rec, rather than the server name, as the server name
      may change (eg when the server name is set) at any time, causing

diff --git a/docs/manual/mod/mod_authn_dbd.xml b/docs/manual/mod/mod_authn_dbd.xml
index 57651b27dfa2420ddd25cf610057a4147c64a9c3..aac4197624a33dade4c388591e1702ddc69c6343 100644 (file)
--- a/docs/manual/mod/mod_authn_dbd.xml
+++ b/docs/manual/mod/mod_authn_dbd.xml
@@ -111,7 +111,10 @@ DBDExptime 60</code>
     <example>
     AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"
     </example>
-
+    <p>If httpd was built against apr v1.3.0 or higher, any additional
+    columns specified in the select statement will be inserted into
+    the environment with the name <code>AUTHENTICATE_&lt;COLUMN&gt;</code>.
+    </p>
 </usage>
 </directivesynopsis>
 
@@ -133,6 +136,10 @@ DBDExptime 60</code>
     AuthDBDUserRealmQuery "SELECT password FROM authn
                               WHERE username = %s AND realm = %s"
     </example>
+    <p>If httpd was built against apr v1.3.0 or higher, any additional
+    columns specified in the select statement will be inserted into
+    the environment with the name <code>AUTHENTICATE_&lt;COLUMN&gt;</code>.
+    </p>
 
 </usage>
 </directivesynopsis>

diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h
index 581548009aef11b79b464075174543f01f34f2ac..05aabb8bece36410a9a7b346de0996893c6563d2 100644 (file)
--- a/modules/aaa/mod_auth.h
+++ b/modules/aaa/mod_auth.h
@@ -44,6 +44,8 @@ extern "C" {
 #define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name"
 #define AUTHZ_ACCESS_PASSED_NOTE "authz_access_passed"
 
+#define AUTHN_PREFIX "AUTHENTICATE_"
+
 /** all of the requirements must be met */
 #define SATISFY_ALL 0
 /**  any of the requirements must be met */

diff --git a/modules/aaa/mod_authn_dbd.c b/modules/aaa/mod_authn_dbd.c
index 60dbb9549874fe685ccc3a99266b3fbad36ab8ac..d6bebc413091ea05d6c0fb1bf3303981854c8323 100644 (file)
--- a/modules/aaa/mod_authn_dbd.c
+++ b/modules/aaa/mod_authn_dbd.c
@@ -18,11 +18,13 @@
 #include "httpd.h"
 #include "http_config.h"
 #include "http_log.h"
+#include "apr_lib.h"
 #include "apr_dbd.h"
 #include "mod_dbd.h"
 #include "apr_strings.h"
 #include "mod_auth.h"
 #include "apr_md5.h"
+#include "apu_version.h"
 
 module AP_MODULE_DECLARE_DATA authn_dbd_module;
 
@@ -101,13 +103,13 @@ static authn_status authn_dbd_password(request_rec *r, const char *user,
     }
 
     if (conf->user == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified.");
         return AUTH_GENERAL_ERROR;
     }
 
     statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
     if (statement == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user);
         return AUTH_GENERAL_ERROR;
     }
     if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
@@ -126,6 +128,33 @@ static authn_status authn_dbd_password(request_rec *r, const char *user,
         }
         if (dbd_password == NULL) {
             dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+            /* add the rest of the columns to the environment */
+            int i = 1;
+            const char *name;
+            for (name = apr_dbd_get_name(dbd->driver, res, i);
+                 name != NULL;
+                 name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+                                        name,
+                                        NULL);
+                int j = 13;
+                while (str[j]) {
+                    if (!apr_isalnum(str[j])) {
+                        str[j] = '_';
+                    }
+                    else {
+                        str[j] = apr_toupper(str[j]);
+                    }
+                    j++;
+                }
+                apr_table_setn(r->subprocess_env, str,
+                               apr_dbd_get_entry(dbd->driver, row, i));
+                i++;
+            }
+#endif
         }
         /* we can't break out here or row won't get cleaned up */
     }
@@ -160,12 +189,12 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user,
         return AUTH_GENERAL_ERROR;
     }
     if (conf->realm == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified.");
         return AUTH_GENERAL_ERROR;
     }
     statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
     if (statement == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm);
         return AUTH_GENERAL_ERROR;
     }
     if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
@@ -184,6 +213,33 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user,
         }
         if (dbd_hash == NULL) {
             dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+            /* add the rest of the columns to the environment */
+            int i = 1;
+            const char *name;
+            for (name = apr_dbd_get_name(dbd->driver, res, i);
+                 name != NULL;
+                 name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+                char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+                                        name,
+                                        NULL);
+                int j = 13;
+                while (str[j]) {
+                    if (!apr_isalnum(str[j])) {
+                        str[j] = '_';
+                    }
+                    else {
+                        str[j] = apr_toupper(str[j]);
+                    }
+                    j++;
+                }
+                apr_table_setn(r->subprocess_env, str,
+                               apr_dbd_get_entry(dbd->driver, row, i));
+                i++;
+            }
+#endif
         }
         /* we can't break out here or row won't get cleaned up */
     }

diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index eb3a1e511c530806551ee0e24fc7b4ec0bbe6469..38d83daff4903da5beef472f9f2b238330757f8b 100644 (file)
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -433,7 +433,7 @@ start_over:
         apr_table_t *e = r->subprocess_env;
         int i = 0;
         while (sec->attributes[i]) {
-            char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL);
+            char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL);
             int j = 13;
             while (str[j]) {
                 if (str[j] >= 'a' && str[j] <= 'z') {