PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_authn_dbd: Export any additional columns queried in the SQL select
- into the environment with the name AUTHENTICATE_<COLUMN>. This brings
- mod_authn_dbd behaviour in line with mod_authnz_ldap.
- This also includes an EBCDIC fix in mod_authnz_ldap.c.
- Trunk: http://svn.apache.org/viewvc?view=rev&revision=466865
- http://svn.apache.org/viewvc?view=rev&revision=571798
- http://svn.apache.org/viewvc?view=rev&revision=571804
- http://svn.apache.org/viewvc?view=rev&revision=571838
- http://svn.apache.org/viewvc?view=rev&revision=586765
- 2.2.x: http://people.apache.org/~trawick/dbd-consolidated.txt
- +1: trawick, covener, niq
- Old commentary before 571838 and 586765 were added and conflicts
- were resolved:
- +1: minfrin
- rpluem says: r466865 has a conflict in modules/aaa/mod_auth.h
- r571804 has a conflict in docs/manual/mod/mod_authnz_ldap.xml
- Without r571838 the documentation for mod_authn_dbd fails
- to build.
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
</example>
</section>
+<section id="exposed">
+<title>Exposing Login Information</title>
+<p>
+Whenever a query is made to the database server, all columns returned by
+the query are placed in the environment, using environment variables with
+the prefix "AUTHENTICATE_".
+</p>
+<p>If a database query for example returned the username, full name
+and telephone number of a user, a CGI program will have access to
+this information without the need to make a second independent database
+query to gather this additional information.</p>
+<p>This has the potential to dramatically simplify the coding and
+configuration required in some web applications.
+</p>
+</section>
+
<directivesynopsis>
<name>AuthDBDUserPWQuery</name>
<description>SQL query to look up a password for a user</description>
<example>
AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"
</example>
-
+ <p>If httpd was built against apr v1.3.0 or higher, any additional
+ columns specified in the select statement will be inserted into
+ the environment with the name <code>AUTHENTICATE_<COLUMN></code>.
+ </p>
</usage>
</directivesynopsis>
AuthDBDUserRealmQuery "SELECT password FROM authn
WHERE username = %s AND realm = %s"
</example>
+ <p>If httpd was built against apr v1.3.0 or higher, any additional
+ columns specified in the select statement will be inserted into
+ the environment with the name <code>AUTHENTICATE_<COLUMN></code>.
+ </p>
</usage>
</directivesynopsis>
<li><a href="#examples">Examples</a></li>
<li><a href="#usingtls">Using TLS</a></li>
<li><a href="#usingssl">Using SSL</a></li>
-
+ <li><a href="#exposed">Exposing Login Information</a></li>
<li>
<a href="#frontpage">Using Microsoft FrontPage with
<module>mod_authnz_ldap</module></a>
directive, instead of <em>ldap://</em>.</p>
</section>
+<section id="exposed"><title>Exposing Login Information</title>
+
+ <p>Whenever a query is made to the LDAP server, all LDAP attributes
+ returned by the query are placed in the environment, using environment
+ variables with the prefix "AUTHENTICATE_".</p>
+
+ <p>If an LDAP query for example returned the username, common name
+ and telephone number of a user, a CGI program will have access to
+ this information without the need to make a second independent LDAP
+ query to gather this additional information.</p>
+
+ <p>This has the potential to dramatically simplify the coding and
+ configuration required in some web applications.</p>
+
+</section>
+
<section id="frontpage"><title>Using Microsoft
FrontPage with mod_authnz_ldap</title>
#define AUTHZ_GROUP_NOTE "authz_group_note"
#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
+#define AUTHN_PREFIX "AUTHENTICATE_"
+
typedef enum {
AUTH_DENIED,
AUTH_GRANTED,
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
+#include "apr_lib.h"
#include "apr_dbd.h"
#include "mod_dbd.h"
#include "apr_strings.h"
#include "mod_auth.h"
#include "apr_md5.h"
+#include "apu_version.h"
module AP_MODULE_DECLARE_DATA authn_dbd_module;
}
if (conf->user == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified.");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
if (statement == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user);
return AUTH_GENERAL_ERROR;
}
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
}
if (dbd_password == NULL) {
dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+ /* add the rest of the columns to the environment */
+ int i = 1;
+ const char *name;
+ for (name = apr_dbd_get_name(dbd->driver, res, i);
+ name != NULL;
+ name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+ char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+ name,
+ NULL);
+ int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+ while (str[j]) {
+ if (!apr_isalnum(str[j])) {
+ str[j] = '_';
+ }
+ else {
+ str[j] = apr_toupper(str[j]);
+ }
+ j++;
+ }
+ apr_table_set(r->subprocess_env, str,
+ apr_dbd_get_entry(dbd->driver, row, i));
+ i++;
+ }
+#endif
}
/* we can't break out here or row won't get cleaned up */
}
return AUTH_GENERAL_ERROR;
}
if (conf->realm == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified.");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
if (statement == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm);
return AUTH_GENERAL_ERROR;
}
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
}
if (dbd_hash == NULL) {
dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+ /* add the rest of the columns to the environment */
+ int i = 1;
+ const char *name;
+ for (name = apr_dbd_get_name(dbd->driver, res, i);
+ name != NULL;
+ name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+ char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+ name,
+ NULL);
+ int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+ while (str[j]) {
+ if (!apr_isalnum(str[j])) {
+ str[j] = '_';
+ }
+ else {
+ str[j] = apr_toupper(str[j]);
+ }
+ j++;
+ }
+ apr_table_set(r->subprocess_env, str,
+ apr_dbd_get_entry(dbd->driver, row, i));
+ i++;
+ }
+#endif
}
/* we can't break out here or row won't get cleaned up */
}
#include "apr_xlate.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
+#include "apr_lib.h"
#if APR_HAVE_UNISTD_H
/* for getpid() */
apr_table_t *e = r->subprocess_env;
int i = 0;
while (sec->attributes[i]) {
- char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL);
- int j = 13;
+ char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL);
+ int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
while (str[j]) {
- if (str[j] >= 'a' && str[j] <= 'z') {
- str[j] = str[j] - ('a' - 'A');
- }
+ str[j] = apr_toupper(str[j]);
j++;
}
apr_table_setn(e, str, vals[i]);
projects / thirdparty / apache / httpd.git / commitdiff
