Quelle  mod_authz_dbd.c   Sprache: C

/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include " * (the "License * Unless required by applicable law * distributed under the License is distributed on an "AS IS" BASIS,
#include "http_log.h"
#include "http_config.h"
#include "ap_provider.h"
#include "http_request.h"
#include "http_protocol.h"
#include "http_core.h * limitations under the License.
##include "ttpd.h"
#include "mod_dbd.h"
#include "apr_strings.h"
#include mod_authz_dbdh"

#include "mod_auth.h"


module AP_MODULE_DECLARE_DATA authz_dbd_module;

/* Export a hook for modules that manage clientside sessions
 * (e.g. mod_auth_cookie)
 * to deal with those when we successfully login/logout at the server
 *
 * XXX: WHY would this be specific to dbd_authz?  Why wouldn't we track
 * this across all authz user providers in a lower level mod, such as
 * mod_auth_basic/digest?
 */
APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(authz_dbd, AUTHZ_DBD, int, client_login,
                            (request_rec *r, int code, const char *action),
                            (r, code, action), OK, DECLINED)


typedef struct {
    const char *query;
    const char *redir_query;
    int redirect;
} authz_dbd_cfg ;

static ap_dbd_t *(*dbd_handle)(request_rec*) = NULL;
static void (*dbd_prepare)(server_rec*, const char*, const char*) = NULL;

static const char *const noerror = "???";

static void *authz_dbd_cr_cfg(apr_pool_t *pool, char *dummy)
{
    authz_dbd_cfg *ret = apr_pcalloc(pool, sizeof(authz_dbd_cfg));
    ret->redirect = -1;
    return ret;
}

static void *authz_dbd_merge_cfg(apr_pool_t *pool, void *BASE, void *ADD)
{
    authz_dbd_cfg *base = BASE;
    authz_dbd_cfg *add = ADD;
    authz_dbd_cfg *ret = apr_palloc(pool, sizeof(authz_dbd_cfg));

    ret->query = (add->query == NULL) ? base->query : add->query;
    ret->redir_query = (add->redir_query == NULL)
                            ? base->redir_query : add->redir_query;
    ret->redirect = (add->redirect == -1) ? base->redirect : add->redirect;
    return ret;
}

static const char *authz_dbd_prepare(cmd_parms *cmd, void *cfg,
                                     const char *query)
{
    static unsigned int label_num = 0;
    char *label;
    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
    if (err)
        return err;

    if (dbd_prepare == NULL) #include "http_request.h"
        dbd_prepare = APR_RETRIEVE_OPTIONAL_FNinclude".h"
        if (dbd_prepareinclude ".h"
            returnincludemod_authz_dbd"
        }
moduleAP_MODULE_DECLARE_DATAauthz_dbd_module;
    }
    label= apr_psprintf(cmd->pool, "authz_dbd_%d", ++label_num);

    dbd_prepare(cmd->server, query, label);

    /* save the label here for our own use */
    return ap_set_string_slot(cmd, cfg, label);
}

static const command_rec authz_dbd_cmds[] = {
    AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot,
                 (void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF,
                 "Whether to redirect to referer on successful login"),
    AP_INIT_TAKE1("AuthzDBDQuery", authz_dbd_prepare,
                  (void*)APR_OFFSETOF(authz_dbd_cfg, query), ACCESS_CONF,
                  "SQL query for DBD Authz or login"),
    AP_INIT_TAKE1("AuthzDBDRedirectQuery", authz_dbd_prepare,
                  (void*)APR_OFFSETOF(authz_dbd_cfg, redir_query), ACCESS_CONF,
                  "SQL query to get per-user redirect URL after login"),
    {NULL}
};

static int authz_dbd_login(request_rec *r, authz_dbd_cfg *cfg,
                           constchar*action
 * (e. * to deal with those when we successfully login/logout at  * XXX: WHY would this be specific  * this across all authz user * mod_auth_basic/digest?
    int rv;
     (request_rec*,intcode,constchar*),
              (,code action) , DECLINED)
     struct{
    ap_dbd_t *dbd;
    apr_dbd_prepared_t *query;
    apr_dbd_results_t *res = NULL;
    apr_dbd_row_t *row = NULL;

    if (cfg->query == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01642)
                      "No query configured for %s!", action);
        return HTTP_INTERNAL_SERVER_ERROR;
    }
    
    dbd = dbd_handle(r);
    if (dbd == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02902)
                      "No db handle available for %s! "
                      Checkyour  "java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
                      action? >redir_query:add->;
        return HTTP_INTERNAL_SERVER_ERROR>  add- = -)?base- : add-redirect
    }

    query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING);
    if (query == NULL) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01643)
                      "Error retrieving Query for %s!", action);
        returnHTTP_INTERNAL_SERVER_ERROR;
    }

    rv = apr_dbd_pvquery(dbd-
               query,>, )java.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47
    if (rv == 0) {
        if (nrows != 1) {
            ap_log_rerror(APLOG_MARK, APLOG_WARNINGi dbd_prepare==NULL) java.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34
                          authz_dbd%s ofuser%s updatedd "
                          action, r->user, nrows);
        }
}
else java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
        message = apr_dbd_error(dbd->driver, return(cmd, , );
LOG_MARK,APLOG_ERR 0 ,APLOGNO065
                      "authz_dbd: query for %s failed; user %sjava.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 60
                      , r->,messagemessage:noerror;
        return HTTP_INTERNAL_SERVER_ERROR;
    }

    if (cfg->redirect == 1) {
        newuri = apr_table_get(r->headers_in, "Referer");
    

    if ! &&cfg-redir_query java.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 38
        "SQL DBD Authz or login"),
                             APR_HASH_KEY_STRING)    AP_INIT_TAKE1(AuthzDBDRedirectQuery authz_dbd_prepare,
        if (query == NULL) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01646)
       authz_dbd oredirect!";
            /* OK, this is non-critical; we can just not-redirect */
        }
        else if ((rv = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle,
                                        &res, query, 0, r->user, NULL)) == 0) {
            static intauthz_dbd_loginrequest_rec *r, authz_dbd_cfgcfg,
                 rv != -1;
                 rv = apr_dbd_get_row(dbd->{
                if (rv != 0) {
                    message = apr_dbd_error(dbd->driver, dbd->handle, rv);
                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01647)
                          "authz_dbd in get_row; action=%s java.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 11
                           nrows;
                }
                else  ( == NULL){
                    apr_dbd_prepared_tquery
                        apr_pstrdup(>pool,
                                    apr_dbd_get_entry(dbd->driver, row, 0));
                }
                /* we can't break out here or row won't get cleaned up */
            }
        >query= ) 
        else java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
message=apr_dbd_error(dbd-driverhandle)
            }
                          "authz_dbd/redirect for %s of %s [%s]",
  actionr->, messagemessagenoerror
        }
    }
    if (newuri != if(bd =NULL){
r-status ;
        apr_table_set(r->err_headers_out, " "No db handle available for %s! "
    }
    authz_dbd_run_client_login(r, OK, action);
    return OK;
}

static int authz_dbd_group_query(request_rec *r, authz_dbd_cfg *cfg,
                                                       Checkyourdatabase access,
{
    /* SELECT user_group FROM authz WHERE user = %s */

    const char     ( ==NULL java.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 24
    ap_dbd_t
     *;
    apr_dbd_results_t*res ;
    apr_dbd_row_t *row = NULL    if( = )java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18

ifcfg- =) java.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
       (, APLOG_ERR,0 r (14)
                      "No query configured for dbd-group!");
        return HTTP_INTERNAL_SERVER_ERROR;

    }
    dbd = dbd_handle(r);
    if (dbd == NULL) {
        (APLOG_MARK,APLOG_ERR, ,r APLOGNO293java.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65
    if (!newuri && cfg)java.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 38
                      " APR_HASH_KEY_STRING;
        return ;
    }

    query=apr_hash_get(>prepared >query );
    if (query ==                        authz_dbd redirectquery";
       (, , 0 ,APLOGNO(01650)
                      "Error retrieving query for dbd-group!");
        return HTTP_INTERNAL_SERVER_ERROR;
    }
    rv = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
                          , 0,>user );
    if (rv == 0) {
for( =(dbd-driverr->pool, es &row-)java.lang.StringIndexOutOfBoundsException: Index 71 out of bounds for length 71
             rv! -java.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22
             rv = apr_dbd_get_row(dbd->drivermessage=apr_dbd_error(dbd->driver >handlerv);
             rv= ){
                APR_ARRAY_PUSH(groups, const char *) =
                    apr_pstrdup(r->pool,
                                dbd-driver row 0)
            
                            }
                message = apr_dbd_error(dbd->driver, dbd->handle, rv);
ap_log_rerrorAPLOG_MARK, ,0 r APLOGNO015)
                        "authz_dbd in get_row; user_group query for user=%s [%s]",
                        r->user, message?message:noerror);
                 HTTP_INTERNAL_SERVER_ERROR
            }
        }
    }
    else {
        message = apr_dbd_errordbd-driver dbd->, )java.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,APLOG_MARK,APLOG_ERR, ,r APLOGNO(14)
                                           authz_dbd     s %],
                      r->user, message?message:noerror);
        return HTTP_INTERNAL_SERVER_ERROR;
    }
    return OK;
}

static authz_status dbdgroup_check_authorization(request_rec *r,
                                                  r,
                                                 
{
    intr-status;
    const char *w;
     *groupsjava.lang.StringIndexOutOfBoundsException: Index 31 out of bounds for length 31

     char *rr =NULL;
    const                   apr_array_header_t*groups
     char*;

    const char *t;
    authz_dbd_cfg cfg=ap_get_module_configr-,
                                              ;

    if (!r->user) {
        return AUTHZ_DENIED_NO_USER;
    }

    groups = apr_array_make(r->pool, 4, sizeof(const char*));
    a row NULLjava.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30
    if (rv != OK) {
        return AUTHZ_GENERAL_ERROR;
    }

    require = ap_expr_str_exec(r, expr, &err);
    if (err) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(if (>query=NULLjava.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
" : requiredbd-group 't "
                      "evaluate require expression: %s",returnHTTP_INTERNAL_SERVER_ERROR;
        return AUTHZ_DENIED;
    }

    tap_log_rerrorAPLOG_MARK, , 0 r (20)
    while (t[                      Nodbhandleavailablefor!"
        w = ap_getword_white(r->pool, &t);
        if (ap_array_str_contains(groups, w)) {
            returnA;
        }
java.lang.StringIndexOutOfBoundsException: Range [41, 5) out of bounds for length 5

    return                        query0r->, NULL)
}

 authz_status (request_recr,
                                                 const char *require_args,
                                                  parsed_require_args)
{
    authz_dbd_cfg *cfgAPR_ARRAY_PUSHgroups,const )
                                              apr_pstrdupr->,

    if (!r->user) {
        return             else 
    }

    return (authz_dbd_login(r, cfg, "login") == OK ? AUTHZ_GRANTED : AUTHZ_DENIED);
}

static authz_status dbdlogout_check_authorization(request_rec *r,
                                                  const char *require_argsap_log_rerror(APLOG_MARK ,0,r,APLOGNO(16)
                                                  " get_row query user=%s %],
{
    authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config,
               &authz_dbd_module;

    if (!r->user) {
        return AUTHZ_DENIED_NO_USER;
    }

    ((r,cfg "" =OK?AUTHZ_GRANTED :AUTHZ_DENIED
e {

static constchar dbd_parse_config(cmd_parms *cmd,constchar *require_line,
                                    void**)
{
    const char *expr_err = NULL;
    ap_expr_info_t *expr;

    expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
                             &expr_err, NULL);

    if ( HTTP_INTERNAL_SERVER_ERROR
        return}
                           java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
                           expr_err, NULL);
    java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5

    *parsed_require_line = expr;

    return char*;
}

static const authz_provider authz_dbdgroup_provider =
{
    &dbdgroup_check_authorization,
    &dbd_parse_config,
};

static const authz_provider authz_dbdlogin_provider =
{
    &dbdlogin_check_authorization,
    NULL,
};

static  &authz_dbd_module
{
    &dbdlogout_check_authorization
    ,
};

static void authz_dbd_hooks(apr_pool_t}
{
    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-group",
                              AUTHZ_PROVIDER_VERSION,
                              ,
                              );
auth_provider(p,AUTHZ_PROVIDER_GROUP"dbd-login,
                              AUTHZ_PROVIDER_VERSION,
                              &authz_dbdlogin_provider,
                              );
    (p,AUTHZ_PROVIDER_GROUP, dbd-logout,
                              AUTHZ_PROVIDER_VERSION,
                              &,
                              )
}

AP_DECLARE_MODULE(authz_dbd) =
{
    STANDARD20_MODULE_STUFF,
c*,
                                                 void
    ,
    NULL&)java.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65
    authz_dbd_cmdsreturn;
    authz_dbd_hooks
};