Index: docs/manual/mod/mod_authnz_ldap.xml =================================================================== --- docs/manual/mod/mod_authnz_ldap.xml (revision 594095) +++ docs/manual/mod/mod_authnz_ldap.xml (working copy) @@ -96,7 +96,7 @@
  • Examples
  • Using TLS
  • Using SSL
    • - +
  • Exposing Login Information
  • Using Microsoft FrontPage with mod_authnz_ldap @@ -561,6 +561,22 @@ directive, instead of ldap://.

    +
    Exposing Login Information + +

    Whenever a query is made to the LDAP server, all LDAP attributes + returned by the query are placed in the environment, using environment + variables with the prefix "AUTHENTICATE_".

    + +

    If an LDAP query for example returned the username, common name + and telephone number of a user, a CGI program will have access to + this information without the need to make a second independent LDAP + query to gather this additional information.

    + +

    This has the potential to dramatically simplify the coding and + configuration required in some web applications.

    + +
    +
    Using Microsoft FrontPage with mod_authnz_ldap Index: docs/manual/mod/mod_authn_dbd.xml =================================================================== --- docs/manual/mod/mod_authn_dbd.xml (revision 594095) +++ docs/manual/mod/mod_authn_dbd.xml (working copy) @@ -95,6 +95,22 @@
    +
    +Exposing Login Information +

    +Whenever a query is made to the database server, all columns returned by +the query are placed in the environment, using environment variables with +the prefix "AUTHENTICATE_". +

    +

    If a database query for example returned the username, full name +and telephone number of a user, a CGI program will have access to +this information without the need to make a second independent database +query to gather this additional information.

    +

    This has the potential to dramatically simplify the coding and +configuration required in some web applications. +

    +
    + AuthDBDUserPWQuery SQL query to look up a password for a user @@ -111,7 +127,10 @@ AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s" - +

    If httpd was built against apr v1.3.0 or higher, any additional + columns specified in the select statement will be inserted into + the environment with the name AUTHENTICATE_<COLUMN>. +

    @@ -133,6 +152,10 @@ AuthDBDUserRealmQuery "SELECT password FROM authn WHERE username = %s AND realm = %s" +

    If httpd was built against apr v1.3.0 or higher, any additional + columns specified in the select statement will be inserted into + the environment with the name AUTHENTICATE_<COLUMN>. +

    Index: modules/aaa/mod_authnz_ldap.c =================================================================== --- modules/aaa/mod_authnz_ldap.c (revision 594095) +++ modules/aaa/mod_authnz_ldap.c (working copy) @@ -29,6 +29,7 @@ #include "apr_xlate.h" #define APR_WANT_STRFUNC #include "apr_want.h" +#include "apr_lib.h" #if APR_HAVE_UNISTD_H /* for getpid() */ @@ -441,12 +442,10 @@ apr_table_t *e = r->subprocess_env; int i = 0; while (sec->attributes[i]) { - char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL); - int j = 13; + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL); + int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ while (str[j]) { - if (str[j] >= 'a' && str[j] <= 'z') { - str[j] = str[j] - ('a' - 'A'); - } + str[j] = apr_toupper(str[j]); j++; } apr_table_setn(e, str, vals[i]); Index: modules/aaa/mod_authn_dbd.c =================================================================== --- modules/aaa/mod_authn_dbd.c (revision 594095) +++ modules/aaa/mod_authn_dbd.c (working copy) @@ -18,11 +18,13 @@ #include "httpd.h" #include "http_config.h" #include "http_log.h" +#include "apr_lib.h" #include "apr_dbd.h" #include "mod_dbd.h" #include "apr_strings.h" #include "mod_auth.h" #include "apr_md5.h" +#include "apu_version.h" module AP_MODULE_DECLARE_DATA authn_dbd_module; @@ -101,13 +103,13 @@ } if (conf->user == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserPWQuery has been specified."); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->user, APR_HASH_KEY_STRING); if (statement == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserPWQuery, key '%s'.", conf->user); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, @@ -126,6 +128,33 @@ } if (dbd_password == NULL) { dbd_password = apr_dbd_get_entry(dbd->driver, row, 0); + +#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) + /* add the rest of the columns to the environment */ + int i = 1; + const char *name; + for (name = apr_dbd_get_name(dbd->driver, res, i); + name != NULL; + name = apr_dbd_get_name(dbd->driver, res, i)) { + + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, + name, + NULL); + int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ + while (str[j]) { + if (!apr_isalnum(str[j])) { + str[j] = '_'; + } + else { + str[j] = apr_toupper(str[j]); + } + j++; + } + apr_table_set(r->subprocess_env, str, + apr_dbd_get_entry(dbd->driver, row, i)); + i++; + } +#endif } /* we can't break out here or row won't get cleaned up */ } @@ -160,12 +189,12 @@ return AUTH_GENERAL_ERROR; } if (conf->realm == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No AuthDBDUserRealmQuery has been specified."); return AUTH_GENERAL_ERROR; } statement = apr_hash_get(dbd->prepared, conf->realm, APR_HASH_KEY_STRING); if (statement == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No DBD Authn configured!"); + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "A prepared statement could not be found for AuthDBDUserRealmQuery, key '%s'.", conf->realm); return AUTH_GENERAL_ERROR; } if (apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res, statement, @@ -184,6 +213,33 @@ } if (dbd_hash == NULL) { dbd_hash = apr_dbd_get_entry(dbd->driver, row, 0); + +#if APU_MAJOR_VERSION > 1 || (APU_MAJOR_VERSION == 1 && APU_MINOR_VERSION >= 3) + /* add the rest of the columns to the environment */ + int i = 1; + const char *name; + for (name = apr_dbd_get_name(dbd->driver, res, i); + name != NULL; + name = apr_dbd_get_name(dbd->driver, res, i)) { + + char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, + name, + NULL); + int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ + while (str[j]) { + if (!apr_isalnum(str[j])) { + str[j] = '_'; + } + else { + str[j] = apr_toupper(str[j]); + } + j++; + } + apr_table_set(r->subprocess_env, str, + apr_dbd_get_entry(dbd->driver, row, i)); + i++; + } +#endif } /* we can't break out here or row won't get cleaned up */ } Index: modules/aaa/mod_auth.h =================================================================== --- modules/aaa/mod_auth.h (revision 594095) +++ modules/aaa/mod_auth.h (working copy) @@ -40,6 +40,8 @@ #define AUTHZ_GROUP_NOTE "authz_group_note" #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name" +#define AUTHN_PREFIX "AUTHENTICATE_" + typedef enum { AUTH_DENIED, AUTH_GRANTED,