Lines 87-93
Link Here
|
87 |
*/ |
87 |
*/ |
88 |
|
88 |
|
89 |
/* |
89 |
/* |
90 |
* $Id: mod_auth_mysql.c,v 1.13 2016/02/22 11:01:34 ueli Exp $ |
90 |
* $Id: mod_auth_mysql.c,v 1.2 2020/04/21 18:16:39 rb Exp $ |
91 |
*/ |
91 |
*/ |
92 |
|
92 |
|
93 |
#define MODULE_RELEASE "1.13" |
93 |
#define MODULE_RELEASE "1.13" |
Lines 101-106
Link Here
|
101 |
#include "apr_dbm.h" |
101 |
#include "apr_dbm.h" |
102 |
#include "apr_md5.h" |
102 |
#include "apr_md5.h" |
103 |
|
103 |
|
|
|
104 |
#ifdef APACHE24 |
105 |
#include "ap_config.h" |
106 |
#include "ap_provider.h" |
107 |
#include "mod_auth.h" |
108 |
#endif |
104 |
#include "httpd.h" |
109 |
#include "httpd.h" |
105 |
#include "http_config.h" |
110 |
#include "http_config.h" |
106 |
#include "http_core.h" |
111 |
#include "http_core.h" |
Lines 121-127
Link Here
|
121 |
|
126 |
|
122 |
#include <mysql/mysql.h> |
127 |
#include <mysql/mysql.h> |
123 |
|
128 |
|
124 |
static char *version = "$Id: mod_auth_mysql.c,v 1.13 2016/02/22 11:01:34 ueli Exp $ 2013 ueli heuer"; |
129 |
static char *version = "$Id: mod_auth_mysql.c,v 1.2 2020/04/21 18:16:39 rb Exp $ 2013 ueli heuer"; |
125 |
|
130 |
|
126 |
typedef struct { |
131 |
typedef struct { |
127 |
char *db_host; /* host name of db server */ |
132 |
char *db_host; /* host name of db server */ |
Lines 152-158
Link Here
|
152 |
int auth_dbauthoritative; /* are we authoritative? */ |
157 |
int auth_dbauthoritative; /* are we authoritative? */ |
153 |
int auth_enable; /* module enabled? */ |
158 |
int auth_enable; /* module enabled? */ |
154 |
int auth_virtualhost; /* use VirtualHostHostname in the queris */ |
159 |
int auth_virtualhost; /* use VirtualHostHostname in the queris */ |
155 |
/* MYSQL *mysql_handle; /* the mysql-handle */ |
160 |
// MYSQL *mysql_handle; /* the mysql-handle */ |
156 |
|
161 |
|
157 |
#ifdef MYSQL_USE_SSL |
162 |
#ifdef MYSQL_USE_SSL |
158 |
int db_client_use_ssl; /* MySQL Client SSL flag */ |
163 |
int db_client_use_ssl; /* MySQL Client SSL flag */ |
Lines 450-455
Link Here
|
450 |
} |
455 |
} |
451 |
} |
456 |
} |
452 |
#endif |
457 |
#endif |
|
|
458 |
|
453 |
mysql_handle=mysql_real_connect(&mysql_conn,db_host, |
459 |
mysql_handle=mysql_real_connect(&mysql_conn,db_host, |
454 |
conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0); |
460 |
conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0); |
455 |
|
461 |
|
Lines 491-497
Link Here
|
491 |
if(open_db_handle(r,conf)) { |
497 |
if(open_db_handle(r,conf)) { |
492 |
return NULL; /* failure reason already logged */ |
498 |
return NULL; /* failure reason already logged */ |
493 |
} |
499 |
} |
494 |
|
|
|
495 |
if (mysql_select_db(mysql_handle,conf->db_name) != 0) { |
500 |
if (mysql_select_db(mysql_handle,conf->db_name) != 0) { |
496 |
ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, |
501 |
ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, |
497 |
"MOD_AUTH_MYSQL: MYSQL ERROR %s: '%s'", mysql_error(mysql_handle), |
502 |
"MOD_AUTH_MYSQL: MYSQL ERROR %s: '%s'", mysql_error(mysql_handle), |
Lines 634-639
Link Here
|
634 |
return NULL; |
639 |
return NULL; |
635 |
} |
640 |
} |
636 |
|
641 |
|
|
|
642 |
|
637 |
if(open_db_handle(r,conf)) { |
643 |
if(open_db_handle(r,conf)) { |
638 |
return NULL; /* failure reason already logged */ |
644 |
return NULL; /* failure reason already logged */ |
639 |
} |
645 |
} |
Lines 752-757
Link Here
|
752 |
return OK; |
758 |
return OK; |
753 |
} // }}} |
759 |
} // }}} |
754 |
|
760 |
|
|
|
761 |
#ifdef APACHE24 |
762 |
static const char *groupfile_parse_config(cmd_parms *cmd, const char *require_line, |
763 |
const void **parsed_require_line) |
764 |
{ |
765 |
const char *expr_err = NULL; |
766 |
ap_expr_info_t *expr; |
767 |
|
768 |
expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, |
769 |
&expr_err, NULL); |
770 |
|
771 |
if (expr_err) |
772 |
return apr_pstrcat(cmd->temp_pool, |
773 |
"Cannot parse expression in require line: ", |
774 |
expr_err, NULL); |
775 |
|
776 |
*parsed_require_line = expr; |
777 |
|
778 |
return NULL; |
779 |
} |
780 |
|
781 |
static authz_status group_check_authorization(request_rec *r, |
782 |
const char *require_args, |
783 |
const void *parsed_require_args) |
784 |
{ |
785 |
char *user = r->user; |
786 |
|
787 |
const char *err = NULL; |
788 |
const ap_expr_info_t *expr = parsed_require_args; |
789 |
const char *require; |
790 |
|
791 |
const char *t, *w; |
792 |
char ** groups; |
793 |
auth_mysql_config_rec *conf = ap_get_module_config(r->per_dir_config, |
794 |
&auth_mysql_module); |
795 |
|
796 |
if (!user) { |
797 |
return AUTHZ_DENIED_NO_USER; |
798 |
} |
799 |
|
800 |
require = ap_expr_str_exec(r, expr, &err); |
801 |
if (err) { |
802 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02592) |
803 |
"mod_auth_mysql authorize: require group: Can't " |
804 |
"evaluate require expression: %s", err); |
805 |
return AUTHZ_DENIED; |
806 |
} |
807 |
|
808 |
if (!(groups = get_db_grp(r, user, conf))) { |
809 |
if (!(conf->auth_dbauthoritative)) { |
810 |
return DECLINED; |
811 |
} |
812 |
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, |
813 |
"user not in any group :: http://%s@%s%s", |
814 |
user, r->hostname, r->filename); |
815 |
ap_note_basic_auth_failure(r); |
816 |
return HTTP_UNAUTHORIZED; |
817 |
} |
818 |
t = require; |
819 |
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { |
820 |
int i = 0; |
821 |
while (groups[i]) { |
822 |
if (!strcmp(groups[i], w)) { |
823 |
return AUTHZ_GRANTED; |
824 |
} |
825 |
i++; |
826 |
} |
827 |
} |
828 |
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, |
829 |
"user not in right group: http://%s@%s%s", |
830 |
user, r->hostname,r->uri); |
831 |
ap_note_basic_auth_failure(r); |
832 |
|
833 |
return AUTHZ_DENIED; |
834 |
} |
835 |
|
836 |
static const authz_provider authz_group_provider = |
837 |
{ |
838 |
&group_check_authorization, |
839 |
&groupfile_parse_config, |
840 |
}; |
841 |
|
842 |
#else |
755 |
/* {{{ static int db_check_auth() |
843 |
/* {{{ static int db_check_auth() |
756 |
* Checking ID |
844 |
* Checking ID |
757 |
*/ |
845 |
*/ |
Lines 762-772
Link Here
|
762 |
char *user = r->user; |
850 |
char *user = r->user; |
763 |
int m = r->method_number; |
851 |
int m = r->method_number; |
764 |
|
852 |
|
765 |
#ifdef APACHE24 |
|
|
766 |
const apr_array_header_t *reqs_arr = NULL; |
767 |
#else |
768 |
const apr_array_header_t *reqs_arr = ap_requires(r); |
853 |
const apr_array_header_t *reqs_arr = ap_requires(r); |
769 |
#endif |
|
|
770 |
require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; |
854 |
require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; |
771 |
|
855 |
|
772 |
register int x; |
856 |
register int x; |
Lines 826-831
Link Here
|
826 |
|
910 |
|
827 |
return DECLINED; |
911 |
return DECLINED; |
828 |
} // }}} |
912 |
} // }}} |
|
|
913 |
#endif // not APACHE24 |
914 |
|
829 |
|
915 |
|
830 |
/* |
916 |
/* |
831 |
* Initialize the module |
917 |
* Initialize the module |
Lines 845-851
Link Here
|
845 |
{ |
931 |
{ |
846 |
ap_hook_post_config(auth_mysql_init, NULL, NULL, APR_HOOK_MIDDLE); |
932 |
ap_hook_post_config(auth_mysql_init, NULL, NULL, APR_HOOK_MIDDLE); |
847 |
ap_hook_check_user_id(db_authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE); |
933 |
ap_hook_check_user_id(db_authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE); |
|
|
934 |
#ifdef APACHE24 |
935 |
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "group", |
936 |
AUTHZ_PROVIDER_VERSION, |
937 |
&authz_group_provider, |
938 |
AP_AUTH_INTERNAL_PER_CONF); |
939 |
#else |
848 |
ap_hook_auth_checker(db_check_auth, NULL, NULL, APR_HOOK_MIDDLE); |
940 |
ap_hook_auth_checker(db_check_auth, NULL, NULL, APR_HOOK_MIDDLE); |
|
|
941 |
#endif |
849 |
} |
942 |
} |
850 |
|
943 |
|
851 |
/* |
944 |
/* |