You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2007/11/13 16:19:52 UTC
svn commit: r594562 - in /httpd/httpd/branches/2.2.x: STATUS
docs/manual/mod/mod_authn_dbd.xml docs/manual/mod/mod_authnz_ldap.xml
modules/aaa/mod_auth.h modules/aaa/mod_authn_dbd.c
modules/aaa/mod_authnz_ldap.c
Author: jim
Date: Tue Nov 13 07:19:51 2007
New Revision: 594562
URL: http://svn.apache.org/viewvc?rev=594562&view=rev
Log:
fruit, low hanging, phase 2
Modified:
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authn_dbd.xml
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml
httpd/httpd/branches/2.2.x/modules/aaa/mod_auth.h
httpd/httpd/branches/2.2.x/modules/aaa/mod_authn_dbd.c
httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=594562&r1=594561&r2=594562&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Nov 13 07:19:51 2007
@@ -79,24 +79,6 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_authn_dbd: Export any additional columns queried in the SQL select
- into the environment with the name AUTHENTICATE_<COLUMN>. This brings
- mod_authn_dbd behaviour in line with mod_authnz_ldap.
- This also includes an EBCDIC fix in mod_authnz_ldap.c.
- Trunk: http://svn.apache.org/viewvc?view=rev&revision=466865
- http://svn.apache.org/viewvc?view=rev&revision=571798
- http://svn.apache.org/viewvc?view=rev&revision=571804
- http://svn.apache.org/viewvc?view=rev&revision=571838
- http://svn.apache.org/viewvc?view=rev&revision=586765
- 2.2.x: http://people.apache.org/~trawick/dbd-consolidated.txt
- +1: trawick, covener, niq
- Old commentary before 571838 and 586765 were added and conflicts
- were resolved:
- +1: minfrin
- rpluem says: r466865 has a conflict in modules/aaa/mod_auth.h
- r571804 has a conflict in docs/manual/mod/mod_authnz_ldap.xml
- Without r571838 the documentation for mod_authn_dbd fails
- to build.
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authn_dbd.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authn_dbd.xml?rev=594562&r1=594561&r2=594562&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authn_dbd.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authn_dbd.xml Tue Nov 13 07:19:51 2007
@@ -95,6 +95,22 @@
</example>
</section>
+<section id="exposed">
+<title>Exposing Login Information</title>
+<p>
+Whenever a query is made to the database server, all columns returned by
+the query are placed in the environment, using environment variables with
+the prefix "AUTHENTICATE_".
+</p>
+<p>If a database query for example returned the username, full name
+and telephone number of a user, a CGI program will have access to
+this information without the need to make a second independent database
+query to gather this additional information.</p>
+<p>This has the potential to dramatically simplify the coding and
+configuration required in some web applications.
+</p>
+</section>
+
<directivesynopsis>
<name>AuthDBDUserPWQuery</name>
<description>SQL query to look up a password for a user</description>
@@ -111,7 +127,10 @@
<example>
AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"
</example>
-
+ <p>If httpd was built against apr v1.3.0 or higher, any additional
+ columns specified in the select statement will be inserted into
+ the environment with the name <code>AUTHENTICATE_<COLUMN></code>.
+ </p>
</usage>
</directivesynopsis>
@@ -133,6 +152,10 @@
AuthDBDUserRealmQuery "SELECT password FROM authn
WHERE username = %s AND realm = %s"
</example>
+ <p>If httpd was built against apr v1.3.0 or higher, any additional
+ columns specified in the select statement will be inserted into
+ the environment with the name <code>AUTHENTICATE_<COLUMN></code>.
+ </p>
</usage>
</directivesynopsis>
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml?rev=594562&r1=594561&r2=594562&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml Tue Nov 13 07:19:51 2007
@@ -96,7 +96,7 @@
<li><a href="#examples">Examples</a></li>
<li><a href="#usingtls">Using TLS</a></li>
<li><a href="#usingssl">Using SSL</a></li>
-
+ <li><a href="#exposed">Exposing Login Information</a></li>
<li>
<a href="#frontpage">Using Microsoft FrontPage with
<module>mod_authnz_ldap</module></a>
@@ -559,6 +559,22 @@
<p>To specify a secure LDAP server, use <em>ldaps://</em> in the
<directive module="mod_authnz_ldap">AuthLDAPURL</directive>
directive, instead of <em>ldap://</em>.</p>
+</section>
+
+<section id="exposed"><title>Exposing Login Information</title>
+
+ <p>Whenever a query is made to the LDAP server, all LDAP attributes
+ returned by the query are placed in the environment, using environment
+ variables with the prefix "AUTHENTICATE_".</p>
+
+ <p>If an LDAP query for example returned the username, common name
+ and telephone number of a user, a CGI program will have access to
+ this information without the need to make a second independent LDAP
+ query to gather this additional information.</p>
+
+ <p>This has the potential to dramatically simplify the coding and
+ configuration required in some web applications.</p>
+
</section>
<section id="frontpage"><title>Using Microsoft
Modified: httpd/httpd/branches/2.2.x/modules/aaa/mod_auth.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/aaa/mod_auth.h?rev=594562&r1=594561&r2=594562&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/aaa/mod_auth.h (original)
+++ httpd/httpd/branches/2.2.x/modules/aaa/mod_auth.h Tue Nov 13 07:19:51 2007
@@ -40,6 +40,8 @@
#define AUTHZ_GROUP_NOTE "authz_group_note"
#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
+#define AUTHN_PREFIX "AUTHENTICATE_"
+
typedef enum {
AUTH_DENIED,
AUTH_GRANTED,
Modified: httpd/httpd/branches/2.2.x/modules/aaa/mod_authn_dbd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/aaa/mod_authn_dbd.c?rev=594562&r1=594561&r2=594562&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/aaa/mod_authn_dbd.c (original)
+++ httpd/httpd/branches/2.2.x/modules/aaa/mod_authn_dbd.c Tue Nov 13 07:19:51 2007
@@ -18,11 +18,13 @@
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
+#include "apr_lib.h"
#include "apr_dbd.h"
#include "mod_dbd.h"
#include "apr_strings.h"
#include "mod_auth.h"
#include "apr_md5.h"
+#include "apu_version.h"
module AP_MODULE_DECLARE_DATA authn_dbd_module;
@@ -101,13 +103,13 @@
}
if (conf->user == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified.");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING);
if (statement == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user);
return AUTH_GENERAL_ERROR;
}
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
@@ -126,6 +128,33 @@
}
if (dbd_password == NULL) {
dbd_password = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+ /* add the rest of the columns to the environment */
+ int i = 1;
+ const char *name;
+ for (name = apr_dbd_get_name(dbd->driver, res, i);
+ name != NULL;
+ name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+ char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+ name,
+ NULL);
+ int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+ while (str[j]) {
+ if (!apr_isalnum(str[j])) {
+ str[j] = '_';
+ }
+ else {
+ str[j] = apr_toupper(str[j]);
+ }
+ j++;
+ }
+ apr_table_set(r->subprocess_env, str,
+ apr_dbd_get_entry(dbd->driver, row, i));
+ i++;
+ }
+#endif
}
/* we can't break out here or row won't get cleaned up */
}
@@ -160,12 +189,12 @@
return AUTH_GENERAL_ERROR;
}
if (conf->realm == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified.");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
if (statement == NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm);
return AUTH_GENERAL_ERROR;
}
if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement,
@@ -184,6 +213,33 @@
}
if (dbd_hash == NULL) {
dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
+
+#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
+ /* add the rest of the columns to the environment */
+ int i = 1;
+ const char *name;
+ for (name = apr_dbd_get_name(dbd->driver, res, i);
+ name != NULL;
+ name = apr_dbd_get_name(dbd->driver, res, i)) {
+
+ char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
+ name,
+ NULL);
+ int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+ while (str[j]) {
+ if (!apr_isalnum(str[j])) {
+ str[j] = '_';
+ }
+ else {
+ str[j] = apr_toupper(str[j]);
+ }
+ j++;
+ }
+ apr_table_set(r->subprocess_env, str,
+ apr_dbd_get_entry(dbd->driver, row, i));
+ i++;
+ }
+#endif
}
/* we can't break out here or row won't get cleaned up */
}
Modified: httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c?rev=594562&r1=594561&r2=594562&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c Tue Nov 13 07:19:51 2007
@@ -29,6 +29,7 @@
#include "apr_xlate.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
+#include "apr_lib.h"
#if APR_HAVE_UNISTD_H
/* for getpid() */
@@ -441,12 +442,10 @@
apr_table_t *e = r->subprocess_env;
int i = 0;
while (sec->attributes[i]) {
- char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL);
- int j = 13;
+ char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL);
+ int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
while (str[j]) {
- if (str[j] >= 'a' && str[j] <= 'z') {
- str[j] = str[j] - ('a' - 'A');
- }
+ str[j] = apr_toupper(str[j]);
j++;
}
apr_table_setn(e, str, vals[i]);