httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Darroch <chr...@pearsoncmg.com>
Subject Re: User/Realm order in AuthDBDUserRealmQuery (mod_authn_dbd)
Date Fri, 15 May 2009 18:20:10 GMT
KaiGai Kohei wrote:

> But, I would like to set up the query as follows:
>   AuthDBDUserRealmQuery \
>       "SELECT md5(uname || ':' || %s || ':' || upass) FROM uaccount WHERE uname = %s"
>                                   ^^... to be realm                to be user ... ^^
> 
> It seems to me we have no way to put the replacement of the given
> realm prior to username. Am I missing anything?

   I don't think so ... unless there's some way to rewrite the query
so the username is the first parameter, I don't see any option with
the existing code.

> If we have no reasonable workaround, I would like to suggest a new
> directive: AuthDBDRealmUserQuery which specifies a query for digest
> authentication with realm and user parameters in this order?
> 
> What's your opinion?
> 
> # This is an aside. I would like to include a few additional conditions
> # in the query, such as remote address and so on.
> # For example, we can consider a web-user who can access via a certain
> # network address (like, 192.168.1.0/24), described as:
> #
> # SELECT md5(password) FROM uaccount \
> #     WHERE uname = %s AND unetwork >>= %s::inet;

   I wonder if we could keep the existing config directives but
allow them to access an optional additional parameter (or set of
parameters).  You could then write:

AuthDBDUserRealmQuery \
    "SELECT %s FROM uaccount WHERE uname = %s AND foo = %s" \
    R,u,a

where R,u,a meant realm, user, and remote IP address parameters
were to be passed in that order.  (We'd likely want to follow
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
as much as possible for the available parameters.)  Just an idea
at the moment ... alas, no matching implementation.  Sigh.  :-/

Chris.

-- 
GPG Key ID: 366A375B
GPG Key Fingerprint: 485E 5041 17E1 E2BB C263  E4DE C8E3 FA36 366A 375B


Mime
View raw message