mod_session_dbd.c revision ca42f4cf489571eeb9c4ae3d83edebd2fb150fa8
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "mod_session.h"
#include "apr_lib.h"
#include "apr_strings.h"
#include "http_log.h"
#include "util_cookies.h"
#include "apr_dbd.h"
#include "mod_dbd.h"
#include "mpm_common.h"
#define MOD_SESSION_DBD "mod_session_dbd"
/**
* Structure to carry the per-dir session config.
*/
typedef struct {
const char *name;
int name_set;
const char *name_attrs;
const char *name2;
int name2_set;
const char *name2_attrs;
int peruser;
int peruser_set;
int remove;
int remove_set;
const char *selectlabel;
const char *insertlabel;
const char *updatelabel;
const char *deletelabel;
/* optional function - look it up once in post_config */
/**
* Initialise the database.
*
* If the mod_dbd module is missing, this method will return APR_EGENERAL.
*/
{
if (!session_dbd_prepare_fn || !session_dbd_acquire_fn) {
if (!session_dbd_prepare_fn || !session_dbd_acquire_fn) {
"You must load mod_dbd to enable AuthDBD functions");
return APR_EGENERAL;
}
}
dbd = session_dbd_acquire_fn(r);
if (!dbd) {
"failed to acquire database connection");
return APR_EGENERAL;
}
if (!statement) {
"failed to find the prepared statement called '%s'", query);
return APR_EGENERAL;
}
*statementp = statement;
return APR_SUCCESS;
}
/**
* Load the session by the key specified.
*/
{
"no SessionDBDselectlabel has been specified");
return APR_EGENERAL;
}
if (rv) {
return rv;
}
if (rv) {
"query execution error saving session '%s' "
return APR_EGENERAL;
}
rv != -1;
if (rv != 0) {
"error retrieving results while saving '%s' "
return APR_EGENERAL;
}
}
/* we can't break out here or row won't get cleaned up */
}
return APR_SUCCESS;
}
/**
* Load the session by firing off a dbd query.
*
* If the session is anonymous, the session key will be extracted from
* the cookie specified. Failing that, the session key will be extracted
* from the GET parameters.
*
* If the session is keyed by the username, the session will be extracted
* by that.
*
* If no session is found, an empty session will be created.
*
* On success, this returns OK.
*/
{
/* is our session in a cookie? */
}
}
}
else {
return DECLINED;
}
/* first look in the notes */
if (zz) {
*z = zz;
return OK;
}
/* load anonymous sessions */
/* load an RFC2109 or RFC2965 compliant cookie */
if (key) {
if (ret != APR_SUCCESS) {
return ret;
}
}
}
/* load named session */
if (r->user) {
if (ret != APR_SUCCESS) {
return ret;
}
}
}
/* otherwise not for us */
else {
return DECLINED;
}
/* create a new session and return it */
if (key) {
}
else {
}
*z = zz;
/* put the session in the notes so we don't have to parse it again */
return OK;
}
/**
* Save the session by the key specified.
*/
{
int rows = 0;
"no SessionDBDupdatelabel has been specified");
return APR_EGENERAL;
}
if (rv) {
return rv;
}
if (rv) {
"query execution error updating session '%s' "
return APR_EGENERAL;
}
/*
* if some rows were updated it means a session existed and was updated,
* so we are done.
*/
if (rows != 0) {
return APR_SUCCESS;
}
"no SessionDBDinsertlabel has been specified");
return APR_EGENERAL;
}
if (rv) {
return rv;
}
if (rv) {
"query execution error inserting session '%s' "
return APR_EGENERAL;
}
/*
* if some rows were inserted it means a session was inserted, so we are
* done.
*/
if (rows != 0) {
return APR_SUCCESS;
}
"the session insert query did not cause any rows to be added "
"to the database for session '%s', session not inserted", key);
return APR_EGENERAL;
}
/**
* Remove the session by the key specified.
*/
{
int rows = 0;
"failed to acquire database connection to remove "
"session with key '%s'", key);
return APR_EGENERAL;
}
"no SessionDBDdeletelabel has been specified");
return APR_EGENERAL;
}
"prepared statement could not be found for "
"SessionDBDdeletelabel with the label '%s'",
conf->deletelabel);
return APR_EGENERAL;
}
if (rv != APR_SUCCESS) {
"query execution error removing session '%s' "
"from database", key);
return rv;
}
return APR_SUCCESS;
}
/**
* Clean out expired sessions.
*
* TODO: We need to figure out a way to clean out expired sessions from the database.
* The monitor hook doesn't help us that much, as we have no handle into the
* server, and so we need to come up with a way to do this safely.
*/
{
return APR_ENOTIMPL;
}
/**
* Save the session by firing off a dbd query.
*
* If the session is anonymous, save the session and write a cookie
* containing the uuid.
*
* If the session is keyed to the username, save the session using
* the username as a key.
*
* On success, this method will return APR_SUCCESS.
*
* @param r The request pointer.
* @param z A pointer to where the session will be written.
*/
{
char *buffer;
/* support anonymous sessions */
/* don't cache pages with a session */
/* must we create a uuid? */
/* save the session with the uuid as key */
}
else {
}
if (ret != APR_SUCCESS) {
return ret;
}
/* create RFC2109 compliant cookie */
}
/* create RFC2965 compliant cookie */
}
return OK;
}
/* save named session */
/* don't cache pages with a session */
if (r->user) {
if (ret != APR_SUCCESS) {
return ret;
}
return OK;
}
else {
"peruser sessions can only be saved if a user is logged in, "
"session not saved: %s", r->uri);
}
}
return DECLINED;
}
/**
* This function performs housekeeping on the database, deleting expired
* sessions.
*/
{
/* TODO handle housekeeping */
dbd_clean(p, s);
return OK;
}
{
return (void *) new;
}
{
return new;
}
/**
* Sanity check a given string that it exists, is not empty,
* and does not contain special characters.
*/
{
" cannot be empty, or contain '=', ';' or '&'.",
NULL);
}
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
{
char *last;
while (apr_isspace(*last)) {
last++;
}
}
{
char *last;
while (apr_isspace(*last)) {
last++;
}
}
static const command_rec session_dbd_cmds[] =
{
"Query label used to select a new session"),
"Query label used to insert a new session"),
"Query label used to update an existing session"),
"Query label used to delete an existing session"),
"Save the session per user"),
"Remove the session cookie after session load. On by default."),
"The name of the RFC2109 cookie carrying the session key"),
"The name of the RFC2965 cookie carrying the session key"),
{NULL}
};
static void register_hooks(apr_pool_t * p)
{
}
{
create_session_dbd_dir_config, /* dir config creater */
merge_session_dbd_dir_config, /* dir merger --- default is to
* override */
NULL, /* server config */
NULL, /* merge server config */
session_dbd_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};