Drizzle

Merge lp:~fallenpegasus/drizzle/auth_http into lp:~drizzle-trunk/drizzle/development

  1. auth_http
  2. Merge into development
Proposed by Mark Atwood
Status: Merged
Merged at revision: not available
Proposed branch: lp:~fallenpegasus/drizzle/auth_http
Merge into: lp:~drizzle-trunk/drizzle/development
Diff against target: None lines
To merge this branch: bzr merge lp:~fallenpegasus/drizzle/auth_http
Reviewer Review Type Date Requested Status
Drizzle Developers Pending
Review via email: mp+5375@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Mark Atwood (fallenpegasus) wrote :

Authenticate against an HTTP server

Adds
--auth-http-enable=true
--auth-http-url=http://example.com/test/

Requires current rev of libdrizzle so that the password is not hashed

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory 'plugin/auth_http'
2=== added file 'plugin/auth_http/AUTHORS'
3--- plugin/auth_http/AUTHORS 1970-01-01 00:00:00 +0000
4+++ plugin/auth_http/AUTHORS 2009-04-08 01:22:11 +0000
5@@ -0,0 +1,2 @@
6+Brian Aker <brian@tangent.org>
7+Mark Atwood <me@mark.atwood.name>
8\ No newline at end of file
9
10=== added file 'plugin/auth_http/ChangeLog'
11--- plugin/auth_http/ChangeLog 1970-01-01 00:00:00 +0000
12+++ plugin/auth_http/ChangeLog 2009-04-08 01:22:11 +0000
13@@ -0,0 +1,2 @@
14+0.1
15+ - Added
16
17=== added file 'plugin/auth_http/Makefile.am'
18--- plugin/auth_http/Makefile.am 1970-01-01 00:00:00 +0000
19+++ plugin/auth_http/Makefile.am 2009-04-08 01:22:11 +0000
20@@ -0,0 +1,13 @@
21+if BUILD_AUTH_HTTP
22+
23+EXTRA_LTLIBRARIES = libauth_http.la
24+pkgplugin_LTLIBRARIES = @plugin_auth_http_shared_target@
25+libauth_http_la_LDFLAGS = -module -avoid-version -rpath $(pkgplugindir)
26+libauth_http_la_CPPFLAGS = $(AM_CPPFLAGS) -DDRIZZLE_DYNAMIC_PLUGIN
27+libauth_http_la_SOURCES = auth_http.cc
28+
29+EXTRA_LIBRARIES = libauth_http.a
30+noinst_LIBRARIES = @plugin_auth_http_static_target@
31+libauth_http_a_SOURCES = $(libauth_http_la_SOURCES)
32+
33+endif
34
35=== added file 'plugin/auth_http/auth_http.cc'
36--- plugin/auth_http/auth_http.cc 1970-01-01 00:00:00 +0000
37+++ plugin/auth_http/auth_http.cc 2009-04-08 01:22:11 +0000
38@@ -0,0 +1,146 @@
39+/*
40+ -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
41+ * vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
42+*/
43+
44+#include <drizzled/server_includes.h>
45+#include <drizzled/session.h>
46+#include <drizzled/plugin/authentication.h>
47+#include <drizzled/gettext.h>
48+
49+#include <curl/curl.h>
50+
51+CURL *curl_handle;
52+
53+static bool sysvar_auth_http_enable= false;
54+static char* sysvar_auth_http_url= NULL;
55+
56+size_t curl_cb_read(void *ptr, size_t size, size_t nmemb, void *stream)
57+{
58+ (void) ptr;
59+ (void) stream;
60+ return (size * nmemb);
61+}
62+
63+
64+class Auth_http : public Authentication
65+{
66+public:
67+ virtual bool authenticate(Session *session, const char *password)
68+ {
69+ CURLcode rv;
70+ long http_response_code;
71+
72+ if (sysvar_auth_http_enable == false)
73+ return true;
74+
75+ assert(session->security_ctx.user.c_str());
76+ assert(password);
77+
78+ // turn off curl stuff that might mess us up
79+ rv= curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1);
80+ rv= curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1);
81+ rv= curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 0);
82+
83+ // do a HEAD instead of a default GET
84+ rv= curl_easy_setopt(curl_handle, CURLOPT_NOBODY, 1);
85+
86+ // set the read callback. this shouldnt get called, because we are doing a HEAD
87+ rv= curl_easy_setopt(curl_handle, CURLOPT_READFUNCTION, curl_cb_read);
88+
89+ // set the parameters: url, username, password
90+ rv= curl_easy_setopt(curl_handle, CURLOPT_URL, sysvar_auth_http_url);
91+ rv= curl_easy_setopt(curl_handle, CURLOPT_USERNAME, session->security_ctx.user.c_str());
92+ rv= curl_easy_setopt(curl_handle, CURLOPT_PASSWORD, password);
93+
94+ // do it
95+ rv= curl_easy_perform(curl_handle);
96+
97+ // what did we get? goes into http_response_code
98+ rv= curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_response_code);
99+
100+ // so here is an interesting question.
101+ // return true if the response_code is 2XX, or return false if its 4XX
102+ // for now, return false for 401, true otherwise
103+ // this means that if the url breaks, then anyone can log in
104+ // this might be the wrong thing
105+
106+ if (http_response_code == 401)
107+ return false;
108+ return true;
109+ }
110+};
111+
112+static int initialize(void *p)
113+{
114+ Authentication **auth= static_cast<Authentication **>(p);
115+
116+ CURLcode rv;
117+
118+ *auth= new Auth_http();
119+
120+ // we are trusting that plugin initializers are called singlethreaded at startup
121+ // if something else also calls curl_global_init() in a threadrace while we are here,
122+ // we will crash the server.
123+ curl_handle= curl_easy_init();
124+
125+ rv= curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1);
126+ rv= curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1);
127+ rv= curl_easy_setopt(curl_handle, CURLOPT_NOBODY, 1);
128+
129+ return 0;
130+}
131+
132+static int finalize(void *p)
133+{
134+ Auth_http *auth= static_cast<Auth_http *>(p);
135+
136+ if (auth)
137+ delete auth;
138+
139+ curl_easy_cleanup(curl_handle);
140+
141+ return 0;
142+}
143+
144+static DRIZZLE_SYSVAR_BOOL(
145+ enable,
146+ sysvar_auth_http_enable,
147+ PLUGIN_VAR_NOCMDARG,
148+ N_("Enable HTTP Auth check"),
149+ NULL, /* check func */
150+ NULL, /* update func */
151+ false /* default */);
152+
153+
154+static DRIZZLE_SYSVAR_STR(
155+ url,
156+ sysvar_auth_http_url,
157+ PLUGIN_VAR_READONLY,
158+ N_("URL for HTTP Auth check"),
159+ NULL, /* check func */
160+ NULL, /* update func*/
161+ "http://localhost/" /* default */);
162+
163+static struct st_mysql_sys_var* auth_http_system_variables[]= {
164+ DRIZZLE_SYSVAR(enable),
165+ DRIZZLE_SYSVAR(url),
166+ NULL
167+};
168+
169+
170+drizzle_declare_plugin(auth_http)
171+{
172+ DRIZZLE_AUTH_PLUGIN,
173+ "auth_http",
174+ "0.1",
175+ "Mark Atwood",
176+ "PAM based authenication.",
177+ PLUGIN_LICENSE_GPL,
178+ initialize, /* Plugin Init */
179+ finalize, /* Plugin Deinit */
180+ NULL, /* status variables */
181+ auth_http_system_variables,
182+ NULL /* config options */
183+}
184+drizzle_declare_plugin_end;
185
186=== added file 'plugin/auth_http/configure.in'
187--- plugin/auth_http/configure.in 1970-01-01 00:00:00 +0000
188+++ plugin/auth_http/configure.in 2009-04-08 01:22:11 +0000
189@@ -0,0 +1,7 @@
190+AC_INIT(auth_http, 0.1)
191+AM_INIT_AUTOMAKE
192+AC_DISABLE_STATIC
193+AC_PROG_LIBTOOL
194+AC_CONFIG_FILES([Makefile])
195+AC_OUTPUT
196+
197
198=== added file 'plugin/auth_http/plug.in'
199--- plugin/auth_http/plug.in 1970-01-01 00:00:00 +0000
200+++ plugin/auth_http/plug.in 2009-04-08 01:22:11 +0000
201@@ -0,0 +1,18 @@
202+DRIZZLE_PLUGIN(auth_http,[HTTP Authentication Plugin],
203+ [HTTP based authentications])
204+DRIZZLE_PLUGIN_DYNAMIC(auth_http, [libauth_http.la])
205+DRIZZLE_PLUGIN_STATIC(auth_http, [libauth_http.a])
206+DRIZZLE_PLUGIN_MANDATORY(auth_http) dnl Default
207+
208+DRIZZLE_PLUGIN_ACTIONS(auth_http, [
209+ AC_LIB_HAVE_LINKFLAGS(curl,,
210+ [#include <curl/curl.h>],
211+ [
212+ CURL *handle;
213+ handle=curl_easy_init();
214+ ])
215+ AS_IF([test "x$ac_cv_libcurl" = "xno"],
216+ AC_MSG_WARN([libcurl not working: not building auth_http plugin]))
217+ DRIZZLED_PLUGIN_DEP_LIBS="${DRIZZLED_PLUGIN_DEP_LIBS} ${LIBCURL}"
218+ AM_CONDITIONAL(BUILD_AUTH_HTTP,[test "${ac_cv_libcurl}" = "yes"])
219+])
220
221=== modified file 'po/POTFILES.in'
222--- po/POTFILES.in 2009-04-01 01:00:08 +0000
223+++ po/POTFILES.in 2009-04-08 01:22:11 +0000
224@@ -37,6 +37,7 @@
225 mysys/errors.cc
226 mysys/my_error.cc
227 mysys/my_getopt.cc
228+plugin/auth_http/auth_http.cc
229 plugin/errmsg_stderr/errmsg_stderr.cc
230 plugin/logging_gearman/logging_gearman.cc
231 plugin/logging_query/logging_query.cc