Drizzle

Merge lp:~fallenpegasus/drizzle/auth_http into lp:~drizzle-trunk/drizzle/development

  1. auth_http
  2. Merge into development
Proposed by Mark Atwood
Status: Merged
Merged at revision: not available
Proposed branch: lp:~fallenpegasus/drizzle/auth_http
Merge into: lp:~drizzle-trunk/drizzle/development
Diff against target: None lines
To merge this branch: bzr merge lp:~fallenpegasus/drizzle/auth_http
Reviewer Review Type Date Requested Status
Drizzle Developers Pending
Review via email: mp+5375@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Mark Atwood (fallenpegasus) wrote :

Authenticate against an HTTP server

Adds
--auth-http-enable=true
--auth-http-url=http://example.com/test/

Requires current rev of libdrizzle so that the password is not hashed

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added directory 'plugin/auth_http'
=== added file 'plugin/auth_http/AUTHORS'
--- plugin/auth_http/AUTHORS 1970-01-01 00:00:00 +0000
+++ plugin/auth_http/AUTHORS 2009-04-08 01:22:11 +0000
@@ -0,0 +1,2 @@
1Brian Aker <brian@tangent.org>
2Mark Atwood <me@mark.atwood.name>
0\ No newline at end of file3\ No newline at end of file
14
=== added file 'plugin/auth_http/ChangeLog'
--- plugin/auth_http/ChangeLog 1970-01-01 00:00:00 +0000
+++ plugin/auth_http/ChangeLog 2009-04-08 01:22:11 +0000
@@ -0,0 +1,2 @@
10.1
2 - Added
03
=== added file 'plugin/auth_http/Makefile.am'
--- plugin/auth_http/Makefile.am 1970-01-01 00:00:00 +0000
+++ plugin/auth_http/Makefile.am 2009-04-08 01:22:11 +0000
@@ -0,0 +1,13 @@
1if BUILD_AUTH_HTTP
2
3EXTRA_LTLIBRARIES = libauth_http.la
4pkgplugin_LTLIBRARIES = @plugin_auth_http_shared_target@
5libauth_http_la_LDFLAGS = -module -avoid-version -rpath $(pkgplugindir)
6libauth_http_la_CPPFLAGS = $(AM_CPPFLAGS) -DDRIZZLE_DYNAMIC_PLUGIN
7libauth_http_la_SOURCES = auth_http.cc
8
9EXTRA_LIBRARIES = libauth_http.a
10noinst_LIBRARIES = @plugin_auth_http_static_target@
11libauth_http_a_SOURCES = $(libauth_http_la_SOURCES)
12
13endif
014
=== added file 'plugin/auth_http/auth_http.cc'
--- plugin/auth_http/auth_http.cc 1970-01-01 00:00:00 +0000
+++ plugin/auth_http/auth_http.cc 2009-04-08 01:22:11 +0000
@@ -0,0 +1,146 @@
1/*
2 -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
3 * vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
4*/
5
6#include <drizzled/server_includes.h>
7#include <drizzled/session.h>
8#include <drizzled/plugin/authentication.h>
9#include <drizzled/gettext.h>
10
11#include <curl/curl.h>
12
13CURL *curl_handle;
14
15static bool sysvar_auth_http_enable= false;
16static char* sysvar_auth_http_url= NULL;
17
18size_t curl_cb_read(void *ptr, size_t size, size_t nmemb, void *stream)
19{
20 (void) ptr;
21 (void) stream;
22 return (size * nmemb);
23}
24
25
26class Auth_http : public Authentication
27{
28public:
29 virtual bool authenticate(Session *session, const char *password)
30 {
31 CURLcode rv;
32 long http_response_code;
33
34 if (sysvar_auth_http_enable == false)
35 return true;
36
37 assert(session->security_ctx.user.c_str());
38 assert(password);
39
40 // turn off curl stuff that might mess us up
41 rv= curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1);
42 rv= curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1);
43 rv= curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 0);
44
45 // do a HEAD instead of a default GET
46 rv= curl_easy_setopt(curl_handle, CURLOPT_NOBODY, 1);
47
48 // set the read callback. this shouldnt get called, because we are doing a HEAD
49 rv= curl_easy_setopt(curl_handle, CURLOPT_READFUNCTION, curl_cb_read);
50
51 // set the parameters: url, username, password
52 rv= curl_easy_setopt(curl_handle, CURLOPT_URL, sysvar_auth_http_url);
53 rv= curl_easy_setopt(curl_handle, CURLOPT_USERNAME, session->security_ctx.user.c_str());
54 rv= curl_easy_setopt(curl_handle, CURLOPT_PASSWORD, password);
55
56 // do it
57 rv= curl_easy_perform(curl_handle);
58
59 // what did we get? goes into http_response_code
60 rv= curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_response_code);
61
62 // so here is an interesting question.
63 // return true if the response_code is 2XX, or return false if its 4XX
64 // for now, return false for 401, true otherwise
65 // this means that if the url breaks, then anyone can log in
66 // this might be the wrong thing
67
68 if (http_response_code == 401)
69 return false;
70 return true;
71 }
72};
73
74static int initialize(void *p)
75{
76 Authentication **auth= static_cast<Authentication **>(p);
77
78 CURLcode rv;
79
80 *auth= new Auth_http();
81
82 // we are trusting that plugin initializers are called singlethreaded at startup
83 // if something else also calls curl_global_init() in a threadrace while we are here,
84 // we will crash the server.
85 curl_handle= curl_easy_init();
86
87 rv= curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1);
88 rv= curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1);
89 rv= curl_easy_setopt(curl_handle, CURLOPT_NOBODY, 1);
90
91 return 0;
92}
93
94static int finalize(void *p)
95{
96 Auth_http *auth= static_cast<Auth_http *>(p);
97
98 if (auth)
99 delete auth;
100
101 curl_easy_cleanup(curl_handle);
102
103 return 0;
104}
105
106static DRIZZLE_SYSVAR_BOOL(
107 enable,
108 sysvar_auth_http_enable,
109 PLUGIN_VAR_NOCMDARG,
110 N_("Enable HTTP Auth check"),
111 NULL, /* check func */
112 NULL, /* update func */
113 false /* default */);
114
115
116static DRIZZLE_SYSVAR_STR(
117 url,
118 sysvar_auth_http_url,
119 PLUGIN_VAR_READONLY,
120 N_("URL for HTTP Auth check"),
121 NULL, /* check func */
122 NULL, /* update func*/
123 "http://localhost/" /* default */);
124
125static struct st_mysql_sys_var* auth_http_system_variables[]= {
126 DRIZZLE_SYSVAR(enable),
127 DRIZZLE_SYSVAR(url),
128 NULL
129};
130
131
132drizzle_declare_plugin(auth_http)
133{
134 DRIZZLE_AUTH_PLUGIN,
135 "auth_http",
136 "0.1",
137 "Mark Atwood",
138 "PAM based authenication.",
139 PLUGIN_LICENSE_GPL,
140 initialize, /* Plugin Init */
141 finalize, /* Plugin Deinit */
142 NULL, /* status variables */
143 auth_http_system_variables,
144 NULL /* config options */
145}
146drizzle_declare_plugin_end;
0147
=== added file 'plugin/auth_http/configure.in'
--- plugin/auth_http/configure.in 1970-01-01 00:00:00 +0000
+++ plugin/auth_http/configure.in 2009-04-08 01:22:11 +0000
@@ -0,0 +1,7 @@
1AC_INIT(auth_http, 0.1)
2AM_INIT_AUTOMAKE
3AC_DISABLE_STATIC
4AC_PROG_LIBTOOL
5AC_CONFIG_FILES([Makefile])
6AC_OUTPUT
7
08
=== added file 'plugin/auth_http/plug.in'
--- plugin/auth_http/plug.in 1970-01-01 00:00:00 +0000
+++ plugin/auth_http/plug.in 2009-04-08 01:22:11 +0000
@@ -0,0 +1,18 @@
1DRIZZLE_PLUGIN(auth_http,[HTTP Authentication Plugin],
2 [HTTP based authentications])
3DRIZZLE_PLUGIN_DYNAMIC(auth_http, [libauth_http.la])
4DRIZZLE_PLUGIN_STATIC(auth_http, [libauth_http.a])
5DRIZZLE_PLUGIN_MANDATORY(auth_http) dnl Default
6
7DRIZZLE_PLUGIN_ACTIONS(auth_http, [
8 AC_LIB_HAVE_LINKFLAGS(curl,,
9 [#include <curl/curl.h>],
10 [
11 CURL *handle;
12 handle=curl_easy_init();
13 ])
14 AS_IF([test "x$ac_cv_libcurl" = "xno"],
15 AC_MSG_WARN([libcurl not working: not building auth_http plugin]))
16 DRIZZLED_PLUGIN_DEP_LIBS="${DRIZZLED_PLUGIN_DEP_LIBS} ${LIBCURL}"
17 AM_CONDITIONAL(BUILD_AUTH_HTTP,[test "${ac_cv_libcurl}" = "yes"])
18])
019
=== modified file 'po/POTFILES.in'
--- po/POTFILES.in 2009-04-01 01:00:08 +0000
+++ po/POTFILES.in 2009-04-08 01:22:11 +0000
@@ -37,6 +37,7 @@
37mysys/errors.cc37mysys/errors.cc
38mysys/my_error.cc38mysys/my_error.cc
39mysys/my_getopt.cc39mysys/my_getopt.cc
40plugin/auth_http/auth_http.cc
40plugin/errmsg_stderr/errmsg_stderr.cc41plugin/errmsg_stderr/errmsg_stderr.cc
41plugin/logging_gearman/logging_gearman.cc42plugin/logging_gearman/logging_gearman.cc
42plugin/logging_query/logging_query.cc43plugin/logging_query/logging_query.cc