|
Lines 87-93
Link Here
|
| 87 |
*/ |
87 |
*/ |
| 88 |
|
88 |
|
| 89 |
/* |
89 |
/* |
| 90 |
* $Id: mod_auth_mysql.c,v 1.13 2016/02/22 11:01:34 ueli Exp $ |
90 |
* $Id: mod_auth_mysql.c,v 1.2 2020/04/21 18:16:39 rb Exp $ |
| 91 |
*/ |
91 |
*/ |
| 92 |
|
92 |
|
| 93 |
#define MODULE_RELEASE "1.13" |
93 |
#define MODULE_RELEASE "1.13" |
|
Lines 101-106
Link Here
|
| 101 |
#include "apr_dbm.h" |
101 |
#include "apr_dbm.h" |
| 102 |
#include "apr_md5.h" |
102 |
#include "apr_md5.h" |
| 103 |
|
103 |
|
|
|
104 |
#ifdef APACHE24 |
| 105 |
#include "ap_config.h" |
| 106 |
#include "ap_provider.h" |
| 107 |
#include "mod_auth.h" |
| 108 |
#endif |
| 104 |
#include "httpd.h" |
109 |
#include "httpd.h" |
| 105 |
#include "http_config.h" |
110 |
#include "http_config.h" |
| 106 |
#include "http_core.h" |
111 |
#include "http_core.h" |
|
Lines 121-127
Link Here
|
| 121 |
|
126 |
|
| 122 |
#include <mysql/mysql.h> |
127 |
#include <mysql/mysql.h> |
| 123 |
|
128 |
|
| 124 |
static char *version = "$Id: mod_auth_mysql.c,v 1.13 2016/02/22 11:01:34 ueli Exp $ 2013 ueli heuer"; |
129 |
static char *version = "$Id: mod_auth_mysql.c,v 1.2 2020/04/21 18:16:39 rb Exp $ 2013 ueli heuer"; |
| 125 |
|
130 |
|
| 126 |
typedef struct { |
131 |
typedef struct { |
| 127 |
char *db_host; /* host name of db server */ |
132 |
char *db_host; /* host name of db server */ |
|
Lines 152-158
Link Here
|
| 152 |
int auth_dbauthoritative; /* are we authoritative? */ |
157 |
int auth_dbauthoritative; /* are we authoritative? */ |
| 153 |
int auth_enable; /* module enabled? */ |
158 |
int auth_enable; /* module enabled? */ |
| 154 |
int auth_virtualhost; /* use VirtualHostHostname in the queris */ |
159 |
int auth_virtualhost; /* use VirtualHostHostname in the queris */ |
| 155 |
/* MYSQL *mysql_handle; /* the mysql-handle */ |
160 |
// MYSQL *mysql_handle; /* the mysql-handle */ |
| 156 |
|
161 |
|
| 157 |
#ifdef MYSQL_USE_SSL |
162 |
#ifdef MYSQL_USE_SSL |
| 158 |
int db_client_use_ssl; /* MySQL Client SSL flag */ |
163 |
int db_client_use_ssl; /* MySQL Client SSL flag */ |
|
Lines 450-455
Link Here
|
| 450 |
} |
455 |
} |
| 451 |
} |
456 |
} |
| 452 |
#endif |
457 |
#endif |
|
|
458 |
|
| 453 |
mysql_handle=mysql_real_connect(&mysql_conn,db_host, |
459 |
mysql_handle=mysql_real_connect(&mysql_conn,db_host, |
| 454 |
conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0); |
460 |
conf->db_username,conf->db_password,conf->db_name,db_port,NULL,0); |
| 455 |
|
461 |
|
|
Lines 491-497
Link Here
|
| 491 |
if(open_db_handle(r,conf)) { |
497 |
if(open_db_handle(r,conf)) { |
| 492 |
return NULL; /* failure reason already logged */ |
498 |
return NULL; /* failure reason already logged */ |
| 493 |
} |
499 |
} |
| 494 |
|
|
|
| 495 |
if (mysql_select_db(mysql_handle,conf->db_name) != 0) { |
500 |
if (mysql_select_db(mysql_handle,conf->db_name) != 0) { |
| 496 |
ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, |
501 |
ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, |
| 497 |
"MOD_AUTH_MYSQL: MYSQL ERROR %s: '%s'", mysql_error(mysql_handle), |
502 |
"MOD_AUTH_MYSQL: MYSQL ERROR %s: '%s'", mysql_error(mysql_handle), |
|
Lines 634-639
Link Here
|
| 634 |
return NULL; |
639 |
return NULL; |
| 635 |
} |
640 |
} |
| 636 |
|
641 |
|
|
|
642 |
|
| 637 |
if(open_db_handle(r,conf)) { |
643 |
if(open_db_handle(r,conf)) { |
| 638 |
return NULL; /* failure reason already logged */ |
644 |
return NULL; /* failure reason already logged */ |
| 639 |
} |
645 |
} |
|
Lines 752-757
Link Here
|
| 752 |
return OK; |
758 |
return OK; |
| 753 |
} // }}} |
759 |
} // }}} |
| 754 |
|
760 |
|
|
|
761 |
#ifdef APACHE24 |
| 762 |
static const char *groupfile_parse_config(cmd_parms *cmd, const char *require_line, |
| 763 |
const void **parsed_require_line) |
| 764 |
{ |
| 765 |
const char *expr_err = NULL; |
| 766 |
ap_expr_info_t *expr; |
| 767 |
|
| 768 |
expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, |
| 769 |
&expr_err, NULL); |
| 770 |
|
| 771 |
if (expr_err) |
| 772 |
return apr_pstrcat(cmd->temp_pool, |
| 773 |
"Cannot parse expression in require line: ", |
| 774 |
expr_err, NULL); |
| 775 |
|
| 776 |
*parsed_require_line = expr; |
| 777 |
|
| 778 |
return NULL; |
| 779 |
} |
| 780 |
|
| 781 |
static authz_status group_check_authorization(request_rec *r, |
| 782 |
const char *require_args, |
| 783 |
const void *parsed_require_args) |
| 784 |
{ |
| 785 |
char *user = r->user; |
| 786 |
|
| 787 |
const char *err = NULL; |
| 788 |
const ap_expr_info_t *expr = parsed_require_args; |
| 789 |
const char *require; |
| 790 |
|
| 791 |
const char *t, *w; |
| 792 |
char ** groups; |
| 793 |
auth_mysql_config_rec *conf = ap_get_module_config(r->per_dir_config, |
| 794 |
&auth_mysql_module); |
| 795 |
|
| 796 |
if (!user) { |
| 797 |
return AUTHZ_DENIED_NO_USER; |
| 798 |
} |
| 799 |
|
| 800 |
require = ap_expr_str_exec(r, expr, &err); |
| 801 |
if (err) { |
| 802 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02592) |
| 803 |
"mod_auth_mysql authorize: require group: Can't " |
| 804 |
"evaluate require expression: %s", err); |
| 805 |
return AUTHZ_DENIED; |
| 806 |
} |
| 807 |
|
| 808 |
if (!(groups = get_db_grp(r, user, conf))) { |
| 809 |
if (!(conf->auth_dbauthoritative)) { |
| 810 |
return DECLINED; |
| 811 |
} |
| 812 |
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, |
| 813 |
"user not in any group :: http://%s@%s%s", |
| 814 |
user, r->hostname, r->filename); |
| 815 |
ap_note_basic_auth_failure(r); |
| 816 |
return HTTP_UNAUTHORIZED; |
| 817 |
} |
| 818 |
t = require; |
| 819 |
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { |
| 820 |
int i = 0; |
| 821 |
while (groups[i]) { |
| 822 |
if (!strcmp(groups[i], w)) { |
| 823 |
return AUTHZ_GRANTED; |
| 824 |
} |
| 825 |
i++; |
| 826 |
} |
| 827 |
} |
| 828 |
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, |
| 829 |
"user not in right group: http://%s@%s%s", |
| 830 |
user, r->hostname,r->uri); |
| 831 |
ap_note_basic_auth_failure(r); |
| 832 |
|
| 833 |
return AUTHZ_DENIED; |
| 834 |
} |
| 835 |
|
| 836 |
static const authz_provider authz_group_provider = |
| 837 |
{ |
| 838 |
&group_check_authorization, |
| 839 |
&groupfile_parse_config, |
| 840 |
}; |
| 841 |
|
| 842 |
#else |
| 755 |
/* {{{ static int db_check_auth() |
843 |
/* {{{ static int db_check_auth() |
| 756 |
* Checking ID |
844 |
* Checking ID |
| 757 |
*/ |
845 |
*/ |
|
Lines 762-772
Link Here
|
| 762 |
char *user = r->user; |
850 |
char *user = r->user; |
| 763 |
int m = r->method_number; |
851 |
int m = r->method_number; |
| 764 |
|
852 |
|
| 765 |
#ifdef APACHE24 |
|
|
| 766 |
const apr_array_header_t *reqs_arr = NULL; |
| 767 |
#else |
| 768 |
const apr_array_header_t *reqs_arr = ap_requires(r); |
853 |
const apr_array_header_t *reqs_arr = ap_requires(r); |
| 769 |
#endif |
|
|
| 770 |
require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; |
854 |
require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; |
| 771 |
|
855 |
|
| 772 |
register int x; |
856 |
register int x; |
|
Lines 826-831
Link Here
|
| 826 |
|
910 |
|
| 827 |
return DECLINED; |
911 |
return DECLINED; |
| 828 |
} // }}} |
912 |
} // }}} |
|
|
913 |
#endif // not APACHE24 |
| 914 |
|
| 829 |
|
915 |
|
| 830 |
/* |
916 |
/* |
| 831 |
* Initialize the module |
917 |
* Initialize the module |
|
Lines 845-851
Link Here
|
| 845 |
{ |
931 |
{ |
| 846 |
ap_hook_post_config(auth_mysql_init, NULL, NULL, APR_HOOK_MIDDLE); |
932 |
ap_hook_post_config(auth_mysql_init, NULL, NULL, APR_HOOK_MIDDLE); |
| 847 |
ap_hook_check_user_id(db_authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE); |
933 |
ap_hook_check_user_id(db_authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE); |
|
|
934 |
#ifdef APACHE24 |
| 935 |
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "group", |
| 936 |
AUTHZ_PROVIDER_VERSION, |
| 937 |
&authz_group_provider, |
| 938 |
AP_AUTH_INTERNAL_PER_CONF); |
| 939 |
#else |
| 848 |
ap_hook_auth_checker(db_check_auth, NULL, NULL, APR_HOOK_MIDDLE); |
940 |
ap_hook_auth_checker(db_check_auth, NULL, NULL, APR_HOOK_MIDDLE); |
|
|
941 |
#endif |
| 849 |
} |
942 |
} |
| 850 |
|
943 |
|
| 851 |
/* |
944 |
/* |