httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47295] New: AuthDBDUserPWQueryFmt/AuthDBDUserRealmQueryFmt in mod_authn_dbd
Date Tue, 02 Jun 2009 06:21:04 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47295

           Summary: AuthDBDUserPWQueryFmt/AuthDBDUserRealmQueryFmt in
                    mod_authn_dbd
           Product: Apache httpd-2
           Version: 2.2.11
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: PatchAvailable
          Severity: normal
          Priority: P2
         Component: mod_dbd
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: kaigai@ak.jp.nec.com


Created an attachment (id=23739)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23739)
A patch to allow discretionary parameter order in mod_authn_dbd

This patch adds a two new directives (AuthDBDUserPWQueryFmt,
AuthDBDUserRealmQueryFmt) on mod_authn_dbd.

These options allow to deploy various kind of query parameters (not only
username, password and realm) in discretionary order.
Needless to say, you can use the existing directives, if here is no concerns.

This patch enables to apply mod_authn_dbd on the following cases also.

1. Hardwired parameter order is not suitable for the database.

SELECT md5(uname || ':' || %s || ':' upass) FROM uaccount WHERE uname = %s;

If we want to execute the query (the 1st %s should be realm, and the 2nd %s
should be username) for digest authentication, the hardwired parameter order
is not suitable for the current AuthDBDUserRealmQuery option.

The new AuthDBDUserRealmQueryFmt allows to specify the order as follows:

AuthDBDUserRealmQueryFmt \
    "SELECT md5(uname || ':' || $(realm) || ':' upass) \
         FROM uaccount WHERE uname = $(username)"

2. Additional conditions more than username/password.

When we want to restrict available users depending on remote address or
other factors, the current directive does not support it.

This patch allows to put $(remote_addr) other than username, password and
realm, as a proof of the concept. It can be used to implement a user who
is available only from local networks, for example.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message