diff options
| author | Stef Walter <stef@memberwebs.com> | 2008-06-11 21:48:27 +0000 |
|---|---|---|
| committer | Stef Walter <stef@memberwebs.com> | 2008-06-11 21:48:27 +0000 |
| commit | 0cb3f6098d959479a96c26a92d91becc2110b30d (patch) | |
| tree | 22f1447d6c7ad77d802c476297cf9547f822f81a /daemon/mysql.c | |
| parent | 67d7a6cc4d3234ac93e521632701e8d42513e042 (diff) | |
Support getting groups from the server and limiting access based on LDAP groups. See #112
Diffstat (limited to 'daemon/mysql.c')
| -rw-r--r-- | daemon/mysql.c | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/daemon/mysql.c b/daemon/mysql.c index e926bb2..69a28ff 100644 --- a/daemon/mysql.c +++ b/daemon/mysql.c @@ -27,6 +27,9 @@ #include <sys/time.h> +#define __USE_XOPEN +#include <unistd.h> + /* Mysql library */ #include <mysql.h> #include <errmsg.h> @@ -48,14 +51,14 @@ typedef struct mysql_context /* Readonly Settings ------------------------------------------------- */ const char* host; /* The connection host or path */ - unsigned int port; /* The connection port */ + int port; /* The connection port */ const char* user; /* The pgsql user name */ const char* password; /* The pgsql password */ const char* database; /* The database name */ - const char* query; /* The query */ - const char* pw_column; /* The database query to retrieve a password */ + const char* user_query; /* The database query to get the user info */ + const char* pw_column; /* The database column with a password */ int pw_type; /* The type of password encoded in database */ - const char* ha1_column; /* The database query to retrieve a ha1 */ + const char* ha1_column; /* The database column with a ha1 */ int mysql_max; /* Number of open connections allowed */ int mysql_timeout; /* Maximum amount of time to dedicate to a query */ @@ -68,8 +71,8 @@ typedef struct mysql_context mysql_context_t; /* Forward declarations for callbacks */ -static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg); -static int validate_basic(ha_request_t* rq, const char* user, const char* password); +static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg, char ***groups); +static int validate_basic(ha_request_t* rq, const char* user, const char* password, char ***groups); static void escape_mysql(const ha_request_t* rq, ha_buffer_t* buf, const char* value); /* The defaults for the context */ @@ -82,7 +85,7 @@ static const mysql_context_t mysql_defaults = NULL, /* user */ NULL, /* password */ NULL, /* database */ - NULL, /* query */ + NULL, /* user_query */ NULL, /* pw_attr */ DB_PW_CLEAR, /* pw_type */ NULL, /* ha1_attr */ @@ -97,7 +100,7 @@ static const mysql_context_t mysql_defaults = static pthread_mutex_t g_mysql_mutex; static pthread_mutexattr_t g_mysql_mutexattr; - +extern int pthread_mutexattr_settype (pthread_mutexattr_t *attr, int kind); /* ------------------------------------------------------------------------------- * Internal Functions @@ -164,7 +167,6 @@ static int validate_ha1(ha_request_t* rq, mysql_context_t* ctx, const char* user { unsigned char dbha1[MD5_LEN]; unsigned char ha1[MD5_LEN]; - const char* p; int r = dec_mysql_binary(rq, dbpw, dbha1, MD5_LEN); @@ -344,7 +346,7 @@ static void discard_mysql_connection(const ha_request_t* rq, mysql_context_t* ct static void save_mysql_connection(const ha_request_t* rq, mysql_context_t* ctx, MYSQL* my) { - int i, e; + int i; ASSERT(ctx); @@ -424,10 +426,10 @@ static int retrieve_user_rows(ha_request_t* rq, mysql_context_t* ctx, if(!my) RETURN(HA_FAILED); - ASSERT(ctx->query); + ASSERT(ctx->user_query); /* The map can have %u and %r to denote user and realm */ - query = bd_substitute(rq, user, ctx->query); + query = bd_substitute(rq, user, ctx->user_query); if(!query) RETURN(HA_CRITERROR); @@ -472,7 +474,7 @@ finally: return ret; } -static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg) +static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* dg, char ***groups) { mysql_context_t* ctx = (mysql_context_t*)rq->context->ctx_data; MYSQL_RES* res = NULL; @@ -480,7 +482,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* int ret = HA_FALSE; int pw_column = -1; int ha1_column = -1; - int r, i, foundany = 0; + int foundany = 0; const char* v; ASSERT(rq && user && dg); @@ -511,7 +513,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* { foundany = 1; - digest_makeha1(dg->ha1, user, rq->context->realm, v); + digest_makeha1(dg->server_ha1, user, rq->context->realm, v); ha_messagex(rq, LOG_DEBUG, "testing clear text password for digest auth"); /* Run the actual check */ @@ -527,7 +529,7 @@ static int validate_digest(ha_request_t* rq, const char* user, digest_context_t* v = *(row + ha1_column); if(v != NULL) { - ret = dec_mysql_binary(rq, v, dg->ha1, MD5_LEN); + ret = dec_mysql_binary(rq, v, dg->server_ha1, MD5_LEN); if(ret < 0) RETURN(ret) else if(ret == HA_FALSE) @@ -554,7 +556,7 @@ finally: return ret; } -static int validate_basic(ha_request_t* rq, const char* user, const char* password) +static int validate_basic(ha_request_t* rq, const char* user, const char* password, char ***groups) { mysql_context_t* ctx = (mysql_context_t*)rq->context->ctx_data; MYSQL_RES* res = NULL; @@ -562,7 +564,7 @@ static int validate_basic(ha_request_t* rq, const char* user, const char* passwo int ret = HA_FALSE; int pw_column = -1; int ha1_column = -1; - int i, foundany = 0; + int foundany = 0; const char* v; ASSERT(rq && user && password); @@ -665,7 +667,7 @@ int mysql_config(ha_context_t* context, const char* name, const char* value) if(strcmp(name, "dbquery") == 0) { - ctx->query = value; + ctx->user_query = value; return HA_OK; } @@ -727,7 +729,7 @@ int mysql_initialize(ha_context_t* context) ASSERT(ctx); /* Check for mandatory configuration */ - if(!ctx->database || !ctx->query) + if(!ctx->database || !ctx->user_query) { ha_messagex(NULL, LOG_ERR, "mysql configuration incomplete. " "Must have DBDatabase and DBQuery."); |