static void test_shapass(abts_case *tc, void *data) { const char *pass = "******"; const char *pass2 = "hellojed2"; char hash[100]; apr_sha1_base64(pass, strlen(pass), hash); apr_assert_success(tc, "SHA1 password validated", apr_password_validate(pass, hash)); APR_ASSERT_FAILURE(tc, "wrong SHA1 password should not validate", apr_password_validate(pass2, hash)); }
static void test_md5pass(abts_case *tc, void *data) { const char *pass = "******", *salt = "sardine"; const char *pass2 = "hellojed2"; char hash[100]; apr_md5_encode(pass, salt, hash, sizeof hash); apr_assert_success(tc, "MD5 password validated", apr_password_validate(pass, hash)); APR_ASSERT_FAILURE(tc, "wrong MD5 password should not validate", apr_password_validate(pass2, hash)); }
ERL_NIF_TERM nif_validate_password(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) { htpasswd_st* st = (htpasswd_st*)enif_priv_data(env); ERL_NIF_TERM ret; apr_status_t rv; char passwd[MAXBUFLEN] = {0}; char hash[MAXBUFLEN] = {0}; if (argc != 2) { ret = enif_make_badarg(env); goto out; } if (enif_get_string(env, argv[0], passwd, MAXBUFLEN, ERL_NIF_LATIN1) < 1) { ret = enif_make_badarg(env); goto out; } if (enif_get_string(env, argv[1], hash, MAXBUFLEN, ERL_NIF_LATIN1) < 1) { ret = enif_make_badarg(env); goto out; } rv = apr_password_validate(passwd, hash); if (rv == APR_SUCCESS) ret = st->atom_true; else ret = st->atom_false; out: return ret; }
static void test_glibc_shapass(abts_case *tc, void *data) { int i = 0; while (glibc_sha_pws[i].password) { apr_assert_success(tc, "check for valid glibc crypt-sha password", apr_password_validate(glibc_sha_pws[i].password, glibc_sha_pws[i].hash)); i++; } }
static void test_shapass(abts_case *tc, void *data) { const char *pass = "******"; char hash[100]; apr_sha1_base64(pass, strlen(pass), hash); APR_ASSERT_SUCCESS(tc, "SHA1 password validated", apr_password_validate(pass, hash)); }
static void test_md5pass(abts_case *tc, void *data) { const char *pass = "******", *salt = "sardine"; char hash[100]; apr_md5_encode(pass, salt, hash, sizeof hash); APR_ASSERT_SUCCESS(tc, "MD5 password validated", apr_password_validate(pass, hash)); }
static void test_crypt(abts_case *tc, void *data) { int i; for (i = 0; i < num_passwords; i++) { APR_ASSERT_SUCCESS(tc, "check for valid password", apr_password_validate(passwords[i].password, passwords[i].hash)); } }
static void test_crypt(abts_case *tc, void *data) { int i; for (i = 0; i < num_passwords; i++) { apr_assert_success(tc, "check for valid password", apr_password_validate(passwords[i].password, passwords[i].hash)); } }
static void test_glibc_shapass(abts_case *tc, void *data) { int i = 0; while (glibc_sha_pws[i].password) { APR_ASSERT_SUCCESS(tc, "check for valid glibc crypt-sha password", apr_password_validate(glibc_sha_pws[i].password, glibc_sha_pws[i].hash)); i++; } }
static authn_status check_password(request_rec *r, const char *user, const char *password) { #ifndef APACHE2NGINX authn_file_config_rec *conf = ap_get_module_config(r->per_dir_config, &authn_file_module); ap_configfile_t *f; char l[MAX_STRING_LEN]; apr_status_t status; char *file_password = NULL; if (!conf->pwfile) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "AuthUserFile not specified in the configuration"); return AUTH_GENERAL_ERROR; } status = ap_pcfg_openfile(&f, r->pool, conf->pwfile); if (status != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, "Could not open password file: %s", conf->pwfile); return AUTH_GENERAL_ERROR; } while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { const char *rpw, *w; /* Skip # or blank lines. */ if ((l[0] == '#') || (!l[0])) { continue; } rpw = l; w = ap_getword(r->pool, &rpw, ':'); if (!strcmp(user, w)) { file_password = ap_getword(r->pool, &rpw, ':'); break; } } ap_cfg_closefile(f); if (!file_password) { return AUTH_USER_NOT_FOUND; } status = apr_password_validate(password, file_password); if (status != APR_SUCCESS) { return AUTH_DENIED; } #endif return AUTH_GRANTED; }
static void test_bcryptpass(abts_case *tc, void *data) { const char *pass = "******"; const char *pass2 = "hellojed2"; unsigned char salt[] = "sardine_sardine"; char hash[100]; const char *hash2 = "$2a$08$qipUJiI9fySUN38hcbz.lucXvAmtgowKOWYtB9y3CXyl6lTknruou"; const char *pass3 = "foobar"; apr_assert_success(tc, "bcrypt encode password", apr_bcrypt_encode(pass, 5, salt, sizeof(salt), hash, sizeof(hash))); apr_assert_success(tc, "bcrypt password validated", apr_password_validate(pass, hash)); APR_ASSERT_FAILURE(tc, "wrong bcrypt password should not validate", apr_password_validate(pass2, hash)); apr_assert_success(tc, "bcrypt password validated", apr_password_validate(pass3, hash2)); }
static apr_status_t htdbm_verify(htdbm_t *htdbm) { apr_datum_t key, val; char *pwd; char *rec, *cmnt; key.dptr = htdbm->username; key.dsize = strlen(htdbm->username); if (!apr_dbm_exists(htdbm->dbm, key)) return APR_ENOENT; if (apr_dbm_fetch(htdbm->dbm, key, &val) != APR_SUCCESS) return APR_ENOENT; rec = apr_pstrndup(htdbm->ctx.pool, val.dptr, val.dsize); cmnt = strchr(rec, ':'); if (cmnt) pwd = apr_pstrndup(htdbm->ctx.pool, rec, cmnt - rec); else pwd = apr_pstrdup(htdbm->ctx.pool, rec); return apr_password_validate(htdbm->ctx.passwd, pwd); }
static int dbm_authenticate_basic_user(request_rec *r) { dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &auth_dbm_module); const char *sent_pw; char *real_pw, *colon_pw; apr_status_t invalid_pw; int res; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) return res; if (!conf->auth_dbmpwfile) return DECLINED; if (!(real_pw = get_dbm_pw(r, r->user, conf->auth_dbmpwfile, conf->auth_dbmtype))) { if (!(conf->auth_dbmauthoritative)) return DECLINED; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "DBM user %s not found: %s", r->user, r->filename); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } /* Password is up to first : if exists */ colon_pw = strchr(real_pw, ':'); if (colon_pw) { *colon_pw = '\0'; } invalid_pw = apr_password_validate(sent_pw, real_pw); if (invalid_pw != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "DBM user %s: authentication failure for \"%s\": " "Password Mismatch", r->user, r->uri); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } return OK; }
bool IsPasswordValid(ISecUser& sec_user) { StringBuffer user; user.append(sec_user.getName()); if (0 == user.length()) throw MakeStringException(-1, "htpasswd User name is NULL"); CriticalBlock block(crit); if (!apr_initialized) initAPR(); loadPwds();//reload password file if modified StringBuffer *encPW = userMap.getValue(user.str()); if (encPW && encPW->length()) { apr_status_t rc = apr_password_validate(sec_user.credentials().getPassword(), encPW->str()); if (rc != APR_SUCCESS) DBGLOG("htpasswd authentication for user %s failed - APR RC %d", user.str(), rc ); return rc == APR_SUCCESS; } DBGLOG("User %s not in htpasswd file", user.str()); return false; }
static authn_status check_dbm_pw(request_rec *r, const char *user, const char *password) { authn_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config, &authn_dbm_module); apr_status_t rv; char *dbm_password; char *colon_pw; rv = fetch_dbm_value(conf->dbmtype, conf->pwfile, user, &dbm_password, r->pool); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01754) "could not open dbm (type %s) auth file: %s", conf->dbmtype, conf->pwfile); return AUTH_GENERAL_ERROR; } if (!dbm_password) { return AUTH_USER_NOT_FOUND; } colon_pw = ap_strchr(dbm_password, ':'); if (colon_pw) { *colon_pw = '\0'; } AUTHN_CACHE_STORE(r, user, NULL, dbm_password); rv = apr_password_validate(password, dbm_password); if (rv != APR_SUCCESS) { return AUTH_DENIED; } return AUTH_GRANTED; }
static int authenticate_basic_user(request_rec *r) { auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &auth_module); const char *sent_pw; char *real_pw; apr_status_t invalid_pw; int res; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) { return res; } if (!conf->auth_pwfile) { return DECLINED; } if (!(real_pw = get_pw(r, r->user, conf->auth_pwfile))) { if (!(conf->auth_authoritative)) { return DECLINED; } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "user %s not found: %s", r->user, r->uri); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } invalid_pw = apr_password_validate(sent_pw, real_pw); if (invalid_pw != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "user %s: authentication failure for \"%s\": " "Password Mismatch", r->user, r->uri); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } return OK; }
// --------------------------------------------------------------------------- // This is the wrapper for the function apr_password_validate(), included from // apr_md5.h. From within Python, this wrapper will be available as // // aprmd5.password_validate() // // Parameters of the Python function: // - password: a string object that contains the password in clear text to be // validated // - hash: a string object that contains the encrypted password against which // the password in clear text should be validated; the format must be // "$apr1$salt$encrypted-password", i.e. the same format as the output of the // md5_encode() function. // // Return value of the Python function: // - True: If the validation was successful, i.e. if hash is indeed the // encrypted form of password // - False: If the validation failed // --------------------------------------------------------------------------- PyObject* aprmd5_password_validate(PyObject* self, PyObject* args) { // Both the password and the hash must be str() objects, from which we can get // NULL-terminated char*. // Note: This is true for both Python 2.6 and Python 3 const char* password; const char* hash; if (! PyArg_ParseTuple(args, "ss", &password, &hash)) return NULL; // Validate the password against the given hash. A zero return status means // that the password is valid // Note: There are two pre-fabricated objects to represent the boolean values // True and False. Because of this, and because Py_BuildValue does not have a // special format string to refer to boolean values, we simply use the format // string "O" and pass in one of the pre-fabricated values. Py_BuildValue will // increase the refcount for us. apr_status_t status = apr_password_validate(password, hash); if (APR_SUCCESS != status) return Py_BuildValue("O", Py_False); else return Py_BuildValue("O", Py_True); }
static authn_status check_mongodb_pw(request_rec *r, const char *user, const char *password) { authn_mongodb_config_rec *conf = ap_get_module_config(r->per_dir_config, &authn_mongodb_module); apr_status_t rv; char *password_hash; char *colon_pw; rv = fetch_mongodb_value(conf->host, conf->port, conf->userfield, conf->passwdfield, conf->collection, user, &password_hash, r->pool); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "could not open mongoDB (host %s) port: %d", conf->host, conf->port); return AUTH_GENERAL_ERROR; } if (!password_hash) { return AUTH_USER_NOT_FOUND; } if ( conf->password_format != NULL) { if ( strcasecmp( conf->password_format,"django")==0) { char *token; char *alg; char *salt; char *hsh; char *saltpass; alg= apr_strtok( password_hash, "$",&token); salt = apr_strtok( NULL, "$",&token); hsh = apr_strtok( NULL, "$",&token); //ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,"password_hash=%s ALG=%s salt=%s hsh=%s", password_hash,alg,salt,hsh ); saltpass= apr_pstrcat(r->pool, salt, password, NULL); //char hash[APR_SHA1_DIGESTSIZE+APR_SHA1PW_IDLEN]; apr_byte_t hash[APR_SHA1_DIGESTSIZE+1]; apr_sha1_ctx_t context; apr_sha1_init(&context); apr_sha1_update(&context, saltpass, strlen(saltpass)); apr_sha1_final(hash, &context); hash[APR_SHA1_DIGESTSIZE]='\0'; int i=0; int j=0; for (i=0,j=0; i < APR_SHA1_DIGESTSIZE ;i+=1, j+=2 ) { if ( hash[i] != parse_hexpair(&(hsh[j]))) { return AUTH_DENIED; } } return AUTH_GRANTED; } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,"unrecognized password format %s", conf->password_format); return AUTH_DENIED; } } else { colon_pw = ap_strchr(password_hash, ':'); if (colon_pw) { *colon_pw = '\0'; } rv = apr_password_validate(password, password_hash); } if (rv != APR_SUCCESS) { return AUTH_DENIED; } return AUTH_GRANTED; }
static authn_status authn_dbd_password(request_rec *r, const char *user, const char *password) { apr_status_t rv; const char *dbd_password = NULL; apr_dbd_prepared_t *statement; apr_dbd_results_t *res = NULL; apr_dbd_row_t *row = NULL; authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, &authn_dbd_module); ap_dbd_t *dbd = authn_dbd_acquire_fn(r); char *digest_colon = NULL; if (dbd == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Failed to acquire database connection to look up " "user '%s'", user); return AUTH_GENERAL_ERROR; } if (conf->user == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified"); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING); if (statement == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for " "AuthDBDUserPWQuery with the key '%s'", conf->user); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, 0, user, NULL) != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Query execution error looking up '%s' " "in database", user); return AUTH_GENERAL_ERROR; } for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); rv != -1; rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { if (rv != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "Error retrieving results while looking up '%s' " "in database", user); return AUTH_GENERAL_ERROR; } if (dbd_password == NULL) { #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) /* add the rest of the columns to the environment */ int i = 1; const char *name; for (name = apr_dbd_get_name(dbd->driver, res, i); name != NULL; name = apr_dbd_get_name(dbd->driver, res, i)) { char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, name, NULL); int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ while (str[j]) { if (!apr_isalnum(str[j])) { str[j] = '_'; } else { str[j] = apr_toupper(str[j]); } j++; } apr_table_set(r->subprocess_env, str, apr_dbd_get_entry(dbd->driver, row, i)); i++; } #endif dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); } /* we can't break out here or row won't get cleaned up */ } if (!dbd_password) { return AUTH_USER_NOT_FOUND; } if ((digest_colon = ap_strchr(dbd_password, ':'))) { const char *realm = NULL, *exp_hash = NULL; const char *act_hash = NULL; realm = apr_pstrndup(r->pool, dbd_password, digest_colon - dbd_password); exp_hash = digest_colon + 1; act_hash = ap_md5(r->pool, (unsigned char*) apr_pstrcat(r->pool, user, ":", realm, ":", password, NULL)); if (strcmp(act_hash, exp_hash)) { return AUTH_DENIED; } else { return AUTH_GRANTED; } } rv = apr_password_validate(password, dbd_password); if (rv != APR_SUCCESS) { return AUTH_DENIED; } return AUTH_GRANTED; }
static int isUserValid(const char *user, const char *password, yubiauth_dir_cfg *cfg, request_rec *r) { ap_configfile_t *f; char l[MAX_STRING_LEN]; apr_status_t status; char *file_password = NULL; char *yubiKeyId = NULL; char *userPassword = NULL; apr_size_t passwordLength = 0; char *realName = NULL; int userWasFound = FALSE; /* This is TRUE when we store a combination of yubikeyId:username:password, * we then have a two factor authentication. */ int tokenHasPassword = FALSE; status = ap_pcfg_openfile(&f, r->pool, cfg->userAuthDbFilename); if (status != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, LOG_PREFIX "Could not open AuthYkUserFile file: %s", cfg->userAuthDbFilename); return FALSE; } /* Do length check of at least the password part, * to be a yubikey token, it has to have at least 44 * characters from where the first 12 are the ID of the user. */ if (strlen(password) < YUBIKEY_TOKEN_LENGTH) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, LOG_PREFIX "The entered password cannot be a yubikey generated token"); ap_cfg_closefile(f); return FALSE; } /* If the password is bigger then 44 characters, then we have an additional password * set into the field, since the produced token by the yubikey is 44 characters long */ passwordLength = (apr_size_t) strlen(password) - YUBIKEY_TOKEN_LENGTH; ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "The length of the entered password is: %d", passwordLength); /* We have to distinct between a 44 character string which is the * toke output only and a longer string, which would contain a * password at its beginning */ if (strlen(password) > YUBIKEY_TOKEN_LENGTH) { /* copy off the password part from the password string */ userPassword = apr_pstrndup(r->pool, password, passwordLength); ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "The entered password is: %s", userPassword); } /* Now move the password pointer forward the number of calculatd characters for the userPassword, * we move the pointer beyond the last read character (not -1), to start reading the real stuff */ yubiKeyId = apr_pstrndup(r->pool, &password[passwordLength], (apr_size_t) YUBIKEY_ID_LENGTH); ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "The calculated YubiKey ID is: %s", yubiKeyId); /* Find the TokenID/UN:PW solution in the file */ while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { const char *rpw, *w; char *unPw = NULL; /* Skip # or blank lines. */ if ((l[0] == '#') || (!l[0])) { continue; } rpw = l; w = ap_getword(r->pool, &rpw, ':'); /* The first 12 chars are the ID which must be available in this file * else the user might be a yubikey user, but possibly a user we don't * want. */ if (!strncmp(yubiKeyId, w, 12)) { /* This would fetch the real username, * after the ID could be located */ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "Could find the ID: %s", w); /* remember, since we are working with the passwd * utility, this realName is hashed */ realName = ap_getword(r->pool, &rpw, '\n'); apr_table_set(r->headers_in, HDR_YK_AUTH_TYPE, YK_AUTH_TYPE_OF); ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "The looked up realname is: %s", realName); ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "The looked up userPassword is: %s", userPassword); /* this results in username:password as it should be entered in the install dialog */ if (userPassword) { unPw = apr_pstrcat(r->pool, user, ":", userPassword, NULL); apr_table_set(r->headers_in, HDR_YK_AUTH_TYPE, YK_AUTH_TYPE_TF); ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "The built un:pw combo is: %s", unPw); } /* If there is a password set, use the username:password combo, * else just compare the username */ status = apr_password_validate(userPassword?unPw:user, realName); if (status == APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "Could map ID %s to User: %s", w, user); userWasFound = TRUE; break; } } } ap_cfg_closefile(f); return userWasFound; }
static authn_status authn_dbd_password(request_rec *r, const char *user, const char *password) { apr_status_t rv; const char *dbd_password = NULL; apr_dbd_prepared_t *statement; apr_dbd_results_t *res = NULL; apr_dbd_row_t *row = NULL; int ret; authn_dbd_conf *conf = ap_get_module_config(r->per_dir_config, &authn_dbd_module); ap_dbd_t *dbd = authn_dbd_acquire_fn(r); if (dbd == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01653) "Failed to acquire database connection to look up " "user '%s'", user); return AUTH_GENERAL_ERROR; } if (conf->user == NULL && conf->auth == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01654) "No AuthDBDUserPWQuery or AuthDBDFullAuthQuery has been specified"); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->user != NULL ? conf->user : conf->auth, APR_HASH_KEY_STRING); if (statement == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01655) "A prepared statement could not be found for " "AuthDBDUserPWQuery or AuthDBDFullAuthQuery with the key '%s'", conf->user); return AUTH_GENERAL_ERROR; } if ((ret = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, 0, user, NULL) != 0)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01656) "Query execution error looking up '%s' " "in database [%s]", user, apr_dbd_error(dbd->driver, dbd->handle, ret)); return AUTH_GENERAL_ERROR; } for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1); rv != -1; rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) { if (rv != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01657) "Error retrieving results while looking up '%s' " "in database", user); return AUTH_GENERAL_ERROR; } if (dbd_password == NULL) { #if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) /* add the rest of the columns to the environment */ int i = 1; const char *name; for (name = apr_dbd_get_name(dbd->driver, res, i); name != NULL; name = apr_dbd_get_name(dbd->driver, res, i)) { char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, name, NULL); int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ while (str[j]) { if (!apr_isalnum(str[j])) { str[j] = '_'; } else { str[j] = apr_toupper(str[j]); } j++; } apr_table_set(r->subprocess_env, str, apr_dbd_get_entry(dbd->driver, row, i)); i++; } #endif dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); } /* we can't break out here or row won't get cleaned up */ } if (!dbd_password) { return AUTH_USER_NOT_FOUND; } AUTHN_CACHE_STORE(r, user, NULL, dbd_password); rv = ap_password_validate(r, user, password, dbd_password); if (rv != APR_SUCCESS) { return AUTH_DENIED; } if (conf->user != NULL) { rv = apr_password_validate(password, dbd_password); if (rv != APR_SUCCESS) { return AUTH_DENIED; } } // else conf->auth and we get a db_password then we've passed return AUTH_GRANTED; }