static authn_status get_dbm_realm_hash(request_rec *r, const char *user,
const char *realm, char **rethash)
{
authn_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authn_dbm_module);
apr_status_t rv;
char *dbm_hash;
char *colon_hash;
rv = fetch_dbm_value(conf->dbmtype, conf->pwfile,
apr_pstrcat(r->pool, user, ":", realm, NULL),
&dbm_hash, r->pool);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01755)
"Could not open dbm (type %s) hash file: %s",
conf->dbmtype, conf->pwfile);
return AUTH_GENERAL_ERROR;
}
if (!dbm_hash) {
return AUTH_USER_NOT_FOUND;
}
colon_hash = ap_strchr(dbm_hash, ':');
if (colon_hash) {
*colon_hash = '\0';
}
*rethash = dbm_hash;
AUTHN_CACHE_STORE(r, user, realm, dbm_hash);
return AUTH_USER_FOUND;
}
static authn_status check_password(request_rec *r, const char *user,
const char *password)
{
authn_file_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authn_file_module);
ap_configfile_t *f;
char l[MAX_STRING_LEN];
apr_status_t status;
char *file_password = NULL;
if (!conf->pwfile) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01619)
"AuthUserFile not specified in the configuration");
return AUTH_GENERAL_ERROR;
}
status = ap_pcfg_openfile(&f, r->pool, conf->pwfile);
if (status != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01620)
"Could not open password file: %s", conf->pwfile);
return AUTH_GENERAL_ERROR;
}
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
const char *rpw, *w;
/* Skip # or blank lines. */
if ((l[0] == '#') || (!l[0])) {
continue;
}
rpw = l;
w = ap_getword(r->pool, &rpw, ':');
if (!strcmp(user, w)) {
file_password = ap_getword(r->pool, &rpw, ':');
break;
}
}
ap_cfg_closefile(f);
if (!file_password) {
return AUTH_USER_NOT_FOUND;
}
AUTHN_CACHE_STORE(r, user, NULL, file_password);
status = apr_password_validate(password, file_password);
if (status != APR_SUCCESS) {
return AUTH_DENIED;
}
return AUTH_GRANTED;
}
static authn_status get_realm_hash(request_rec *r, const char *user,
const char *realm, char **rethash)
{
authn_file_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authn_file_module);
ap_configfile_t *f;
char l[MAX_STRING_LEN];
apr_status_t status;
char *file_hash = NULL;
if (!conf->pwfile) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01621)
"AuthUserFile not specified in the configuration");
return AUTH_GENERAL_ERROR;
}
status = ap_pcfg_openfile(&f, r->pool, conf->pwfile);
if (status != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01622)
"Could not open password file: %s", conf->pwfile);
return AUTH_GENERAL_ERROR;
}
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
const char *rpw, *w, *x;
/* Skip # or blank lines. */
if ((l[0] == '#') || (!l[0])) {
continue;
}
rpw = l;
w = ap_getword(r->pool, &rpw, ':');
x = ap_getword(r->pool, &rpw, ':');
if (x && w && !strcmp(user, w) && !strcmp(realm, x)) {
/* Remember that this is a md5 hash of user:realm:password. */
file_hash = ap_getword(r->pool, &rpw, ':');
break;
}
}
ap_cfg_closefile(f);
if (!file_hash) {
return AUTH_USER_NOT_FOUND;
}
*rethash = file_hash;
AUTHN_CACHE_STORE(r, user, realm, file_hash);
return AUTH_USER_FOUND;
}
static authn_status check_dbm_pw(request_rec *r, const char *user,
const char *password)
{
authn_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authn_dbm_module);
apr_status_t rv;
char *dbm_password;
char *colon_pw;
rv = fetch_dbm_value(conf->dbmtype, conf->pwfile, user, &dbm_password,
r->pool);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01754)
"could not open dbm (type %s) auth file: %s",
conf->dbmtype, conf->pwfile);
return AUTH_GENERAL_ERROR;
}
if (!dbm_password) {
return AUTH_USER_NOT_FOUND;
}
colon_pw = ap_strchr(dbm_password, ':');
if (colon_pw) {
*colon_pw = '\0';
}
AUTHN_CACHE_STORE(r, user, NULL, dbm_password);
rv = apr_password_validate(password, dbm_password);
if (rv != APR_SUCCESS) {
return AUTH_DENIED;
}
return AUTH_GRANTED;
}
static authn_status authn_dbd_realm(request_rec *r, const char *user,
const char *realm, char **rethash)
{
apr_status_t rv;
const char *dbd_hash = NULL;
apr_dbd_prepared_t *statement;
apr_dbd_results_t *res = NULL;
apr_dbd_row_t *row = NULL;
int ret;
authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config,
&authn_dbd_module);
ap_dbd_t *dbd = authn_dbd_acquire_fn(r);
if (dbd == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01658)
"Failed to acquire database connection to look up "
"user '%s:%s'", user, realm);
return AUTH_GENERAL_ERROR;
}
if (conf->realm == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01659)
"No AuthDBDUserRealmQuery has been specified");
return AUTH_GENERAL_ERROR;
}
statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING);
if (statement == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01660)
"A prepared statement could not be found for "
"AuthDBDUserRealmQuery with the key '%s'", conf->realm);
return AUTH_GENERAL_ERROR;
}
if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
statement, 0, user, realm, NULL) != 0)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01661)
"Query execution error looking up '%s:%s' "
"in database [%s]",
user, realm,
apr_dbd_error(dbd->driver, dbd->handle, ret));
return AUTH_GENERAL_ERROR;
}
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
rv != -1;
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
if (rv != 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01662)
"Error retrieving results while looking up '%s:%s' "
"in database", user, realm);
return AUTH_GENERAL_ERROR;
}
if (dbd_hash == NULL) {
#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3)
/* add the rest of the columns to the environment */
int i = 1;
const char *name;
for (name = apr_dbd_get_name(dbd->driver, res, i);
name != NULL;
name = apr_dbd_get_name(dbd->driver, res, i)) {
char *str = apr_pstrcat(r->pool, AUTHN_PREFIX,
name,
NULL);
int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
while (str[j]) {
if (!apr_isalnum(str[j])) {
str[j] = '_';
}
else {
str[j] = apr_toupper(str[j]);
}
j++;
}
apr_table_set(r->subprocess_env, str,
apr_dbd_get_entry(dbd->driver, row, i));
i++;
}
#endif
dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0);
}
/* we can't break out here or row won't get cleaned up */
}
if (!dbd_hash) {
return AUTH_USER_NOT_FOUND;
}
AUTHN_CACHE_STORE(r, user, realm, dbd_hash);
*rethash = apr_pstrdup(r->pool, dbd_hash);
return AUTH_USER_FOUND;
}
