From: Jim Jagielski Date: Tue, 13 Nov 2007 15:19:51 +0000 (+0000) Subject: fruit, low hanging, phase 2 X-Git-Tag: 2.2.7~246 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9594a7241b860c795868f14d0540150fcb2cdfc;p=thirdparty%2Fapache%2Fhttpd.git fruit, low hanging, phase 2 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@594562 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index dccc9894fb9..8e8f89bdb3d 100644 --- a/STATUS +++ b/STATUS @@ -79,24 +79,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_authn_dbd: Export any additional columns queried in the SQL select - into the environment with the name AUTHENTICATE_. This brings - mod_authn_dbd behaviour in line with mod_authnz_ldap. - This also includes an EBCDIC fix in mod_authnz_ldap.c. - Trunk: http://svn.apache.org/viewvc?view=rev&revision=466865 - http://svn.apache.org/viewvc?view=rev&revision=571798 - http://svn.apache.org/viewvc?view=rev&revision=571804 - http://svn.apache.org/viewvc?view=rev&revision=571838 - http://svn.apache.org/viewvc?view=rev&revision=586765 - 2.2.x: http://people.apache.org/~trawick/dbd-consolidated.txt - +1: trawick, covener, niq - Old commentary before 571838 and 586765 were added and conflicts - were resolved: - +1: minfrin - rpluem says: r466865 has a conflict in modules/aaa/mod_auth.h - r571804 has a conflict in docs/manual/mod/mod_authnz_ldap.xml - Without r571838 the documentation for mod_authn_dbd fails - to build. PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/docs/manual/mod/mod_authn_dbd.xml b/docs/manual/mod/mod_authn_dbd.xml index 57651b27dfa..32adc56d0ff 100644 --- a/docs/manual/mod/mod_authn_dbd.xml +++ b/docs/manual/mod/mod_authn_dbd.xml @@ -95,6 +95,22 @@ DBDExptime 60 +
+Exposing Login Information +

+Whenever a query is made to the database server, all columns returned by +the query are placed in the environment, using environment variables with +the prefix "AUTHENTICATE_". +

+

If a database query for example returned the username, full name +and telephone number of a user, a CGI program will have access to +this information without the need to make a second independent database +query to gather this additional information.

+

This has the potential to dramatically simplify the coding and +configuration required in some web applications. +

+
+ AuthDBDUserPWQuery SQL query to look up a password for a user @@ -111,7 +127,10 @@ DBDExptime 60 AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s" - +

If httpd was built against apr v1.3.0 or higher, any additional + columns specified in the select statement will be inserted into + the environment with the name AUTHENTICATE_<COLUMN>. +

@@ -133,6 +152,10 @@ DBDExptime 60 AuthDBDUserRealmQuery "SELECT password FROM authn WHERE username = %s AND realm = %s" +

If httpd was built against apr v1.3.0 or higher, any additional + columns specified in the select statement will be inserted into + the environment with the name AUTHENTICATE_<COLUMN>. +

diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml index d7ae3c9b59c..e631db68db0 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml +++ b/docs/manual/mod/mod_authnz_ldap.xml @@ -96,7 +96,7 @@ for HTTP Basic authentication.
  • Examples
  • Using TLS
  • Using SSL
    • - +
  • Exposing Login Information
  • Using Microsoft FrontPage with mod_authnz_ldap @@ -561,6 +561,22 @@ Require valid-user directive, instead of ldap://.

    +
    Exposing Login Information + +

    Whenever a query is made to the LDAP server, all LDAP attributes + returned by the query are placed in the environment, using environment + variables with the prefix "AUTHENTICATE_".

    + +

    If an LDAP query for example returned the username, common name + and telephone number of a user, a CGI program will have access to + this information without the need to make a second independent LDAP + query to gather this additional information.

    + +

    This has the potential to dramatically simplify the coding and + configuration required in some web applications.

    + +
    +
    Using Microsoft FrontPage with mod_authnz_ldap diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h index 34704365ee9..1feefb3f278 100644 --- a/modules/aaa/mod_auth.h +++ b/modules/aaa/mod_auth.h @@ -40,6 +40,8 @@ extern "C" { #define AUTHZ_GROUP_NOTE "authz_group_note" #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name" +#define AUTHN_PREFIX "AUTHENTICATE_" + typedef enum { AUTH_DENIED, AUTH_GRANTED, diff --git a/modules/aaa/mod_authn_dbd.c b/modules/aaa/mod_authn_dbd.c index 60dbb954987..3bcde864e84 100644 --- a/modules/aaa/mod_authn_dbd.c +++ b/modules/aaa/mod_authn_dbd.c @@ -18,11 +18,13 @@ #include "httpd.h" #include "http_config.h" #include "http_log.h" +#include "apr_lib.h" #include "apr_dbd.h" #include "mod_dbd.h" #include "apr_strings.h" #include "mod_auth.h" #include "apr_md5.h" +#include "apu_version.h" module AP_MODULE_DECLARE_DATA authn_dbd_module; @@ -101,13 +103,13 @@ static authn_status authn_dbd_password(request_rec *r, const char *user, } if (conf->user == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified."); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING); if (statement == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, @@ -126,6 +128,33 @@ static authn_status authn_dbd_password(request_rec *r, const char *user, } if (dbd_password == NULL) { dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); + +#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) + /* add the rest of the columns to the environment */ + int i = 1; + const char *name; + for (name = apr_dbd_get_name(dbd->driver, res, i); + name != NULL; + name = apr_dbd_get_name(dbd->driver, res, i)) { + + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, + name, + NULL); + int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ + while (str[j]) { + if (!apr_isalnum(str[j])) { + str[j] = '_'; + } + else { + str[j] = apr_toupper(str[j]); + } + j++; + } + apr_table_set(r->subprocess_env, str, + apr_dbd_get_entry(dbd->driver, row, i)); + i++; + } +#endif } /* we can't break out here or row won't get cleaned up */ } @@ -160,12 +189,12 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user, return AUTH_GENERAL_ERROR; } if (conf->realm == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified."); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING); if (statement == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, @@ -184,6 +213,33 @@ static authn_status authn_dbd_realm(request_rec *r, const char *user, } if (dbd_hash == NULL) { dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0); + +#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) + /* add the rest of the columns to the environment */ + int i = 1; + const char *name; + for (name = apr_dbd_get_name(dbd->driver, res, i); + name != NULL; + name = apr_dbd_get_name(dbd->driver, res, i)) { + + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, + name, + NULL); + int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ + while (str[j]) { + if (!apr_isalnum(str[j])) { + str[j] = '_'; + } + else { + str[j] = apr_toupper(str[j]); + } + j++; + } + apr_table_set(r->subprocess_env, str, + apr_dbd_get_entry(dbd->driver, row, i)); + i++; + } +#endif } /* we can't break out here or row won't get cleaned up */ } diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index f520b0ae54f..6f1de7b4b5f 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -29,6 +29,7 @@ #include "apr_xlate.h" #define APR_WANT_STRFUNC #include "apr_want.h" +#include "apr_lib.h" #if APR_HAVE_UNISTD_H /* for getpid() */ @@ -441,12 +442,10 @@ start_over: apr_table_t *e = r->subprocess_env; int i = 0; while (sec->attributes[i]) { - char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL); - int j = 13; + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL); + int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ while (str[j]) { - if (str[j] >= 'a' && str[j] <= 'z') { - str[j] = str[j] - ('a' - 'A'); - } + str[j] = apr_toupper(str[j]); j++; } apr_table_setn(e, str, vals[i]);