mod_authz_dbd.c revision 2e242dca7111f99d54dd144b7b8418d88d560032
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding/* Licensed to the Apache Software Foundation (ASF) under one or more
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * contributor license agreements. See the NOTICE file distributed with
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * this work for additional information regarding copyright ownership.
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * The ASF licenses this file to You under the Apache License, Version 2.0
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * (the "License"); you may not use this file except in compliance with
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * the License. You may obtain a copy of the License at
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * Unless required by applicable law or agreed to in writing, software
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * distributed under the License is distributed on an "AS IS" BASIS,
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * See the License for the specific language governing permissions and
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * limitations under the License.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding/* Export a hook for modules that manage clientside sessions
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * (e.g. mod_auth_cookie)
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * to deal with those when we successfully login/logout at the server
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * XXX: WHY would this be specific to dbd_authz? Why wouldn't we track
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * this across all authz user providers in a lower level mod, such as
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffieldingAPR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(authz_dbd, AUTHZ_DBD, int, client_login,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingtypedef struct {
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding const char *query;
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingstatic ap_dbd_t *(*dbd_handle)(request_rec*) = NULL;
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffieldingstatic void (*dbd_prepare)(server_rec*, const char*, const char*) = NULL;
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingstatic void *authz_dbd_cr_cfg(apr_pool_t *pool, char *dummy)
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding authz_dbd_cfg *ret = apr_pcalloc(pool, sizeof(authz_dbd_cfg));
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingstatic void *authz_dbd_merge_cfg(apr_pool_t *pool, void *BASE, void *ADD)
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding authz_dbd_cfg *ret = apr_palloc(pool, sizeof(authz_dbd_cfg));
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ret->query = (add->query == NULL) ? base->query : add->query;
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding ret->redirect = (add->redirect == -1) ? base->redirect : add->redirect;
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingstatic const char *authz_dbd_prepare(cmd_parms *cmd, void *cfg,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding const char *query)
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding static unsigned int label_num = 0;
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding dbd_prepare = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding return "You must load mod_dbd to enable AuthzDBD functions";
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding dbd_handle = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
ab5581cc78e9d865b0a6ab1404c53347b3276968rbb label = apr_psprintf(cmd->pool, "authz_dbd_%d", ++label_num);
2eaf6dbe7ea643b3a2b8e1973d9684fac6372c46trawick /* save the label here for our own use */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot,
10a4cdd68ef1ca0e54af296fe1d08ac00150c90bwrowe (void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF,
b8dd12594991e5c275d82fca865d13c5f9775f4efielding "Whether to redirect to referer on successful login"),
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding (void*)APR_OFFSETOF(authz_dbd_cfg, query), ACCESS_CONF,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding "SQL query for DBD Authz or login"),
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding AP_INIT_TAKE1("AuthzDBDRedirectQuery", authz_dbd_prepare,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding (void*)APR_OFFSETOF(authz_dbd_cfg, redir_query), ACCESS_CONF,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding "SQL query to get per-user redirect URL after login"),
333d217f9ee70eb89cb5d5a30bf08a0032f571fftrawickstatic int authz_dbd_login(request_rec *r, authz_dbd_cfg *cfg,
2eaf6dbe7ea643b3a2b8e1973d9684fac6372c46trawick const char *action)
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding const char *message;
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding rv = apr_dbd_pvquery(dbd->driver, r->pool, dbd->handle, &nrows,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding if (rv == 0) {
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding "authz_dbd: %s of user %s updated %d rows",
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding message = apr_dbd_error(dbd->driver, dbd->handle, rv);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding "authz_dbd: query for %s failed; user %s [%s]",
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding query = apr_hash_get(dbd->prepared, cfg->redir_query,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding "authz_dbd: no redirect query!");
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* OK, this is non-critical; we can just not-redirect */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding else if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding if (rv != 0) {
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding message = apr_dbd_error(dbd->driver, dbd->handle, rv);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding "authz_dbd in get_row; action=%s user=%s [%s]",
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* we can't break out here or row won't get cleaned up */
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm message = apr_dbd_error(dbd->driver, dbd->handle, rv);
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm "authz_dbd/redirect for %s of %s [%s]",
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding apr_table_set(r->err_headers_out, "Location", newuri);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fieldingstatic int authz_dbd_group_query(request_rec *r, authz_dbd_cfg *cfg,
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding /* SELECT group FROM authz WHERE user = %s */
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding const char *message;
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm const char **group;
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm "No query configured for dbd-group!");
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING);
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding "Error retrieving query for dbd-group!");
if (rv == 0) {
if (rv == 0) {
return HTTP_INTERNAL_SERVER_ERROR;
return HTTP_INTERNAL_SERVER_ERROR;
return OK;
const char *require_args)
int i, rv;
return AUTHZ_GENERAL_ERROR;
t = require_args;
return AUTHZ_GRANTED;
return AUTHZ_DENIED;
const char *require_args)
const char *require_args)
NULL,
NULL,