~drizzle-trunk/drizzle/development : contents of plugin/auth_http/auth

~drizzle-trunk/drizzle/development : (revision 1498)

/* -*- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; -*-
 *  vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
 *
 *  Copyright (C) 2009 Sun Microsystems
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; version 2 of the License.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#include "config.h"

#include <curl/curl.h>

#include <string>
#include <cassert>

#include "drizzled/security_context.h"
#include "drizzled/plugin/authentication.h"
#include "drizzled/gettext.h"

using namespace drizzled;
using namespace std;

static bool sysvar_auth_http_enable= false;
static char* sysvar_auth_http_url= NULL;

static size_t curl_cb_read(void *ptr, size_t size, size_t nmemb, void *stream)
{
  (void) ptr;
  (void) stream;
  return (size * nmemb);
}


class Auth_http : public drizzled::plugin::Authentication
{
  CURLcode rv;
  CURL *curl_handle;
public:
  Auth_http(std::string name_arg)
    : drizzled::plugin::Authentication(name_arg)
  {
    // we are trusting that plugin initializers are called singlethreaded at startup
    // if something else also calls curl_global_init() in a threadrace while we are here,
    // we will crash the server. 
    curl_handle= curl_easy_init();

    // turn off curl stuff that might mess us up
    rv= curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 0);
    rv= curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1);
    rv= curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1);

    // do a HEAD instead of a default GET
    rv= curl_easy_setopt(curl_handle, CURLOPT_NOBODY, 1);

    // set the read callback.  this shouldnt get called, because we are doing a HEAD
    rv= curl_easy_setopt(curl_handle, CURLOPT_READFUNCTION, curl_cb_read);
  }

  ~Auth_http()
  {
    curl_easy_cleanup(curl_handle);
    curl_global_cleanup();
  }

  virtual bool authenticate(const SecurityContext &sctx, const string &password)
  {
    long http_response_code;

    if (sysvar_auth_http_enable == false)
      return true;

    assert(sctx.getUser().c_str());


    // set the parameters: url, username, password
    rv= curl_easy_setopt(curl_handle, CURLOPT_URL, sysvar_auth_http_url);
#if defined(HAVE_CURLOPT_USERNAME)

    rv= curl_easy_setopt(curl_handle, CURLOPT_USERNAME,
                         sctx.getUser().c_str());
    rv= curl_easy_setopt(curl_handle, CURLOPT_PASSWORD, password.c_str());

#else

    string userpwd(sctx.getUser());
    userpwd.append(":");
    userpwd.append(password);
    rv= curl_easy_setopt(curl_handle, CURLOPT_USERPWD, userpwd.c_str());

#endif /* defined(HAVE_CURLOPT_USERNAME) */

    // do it
    rv= curl_easy_perform(curl_handle);

    // what did we get? goes into http_response_code
    rv= curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_response_code);

    // so here is an interesting question.
    // return true if the response_code is 2XX, or return false if its 4XX
    // for now, return false for 401, true otherwise
    // this means that if the url breaks, then anyone can log in
    // this might be the wrong thing

    if (http_response_code == 401)
      return false;
    return true;
  }
};

Auth_http* auth= NULL;

static int initialize(drizzled::plugin::Context &context)
{
  /* 
   * Per libcurl manual, in multi-threaded applications, curl_global_init() should
   * be called *before* curl_easy_init()...which is called in Auto_http's 
   * constructor.
   */
  if (curl_global_init(CURL_GLOBAL_NOTHING) != 0)
    return 1;

  auth= new Auth_http("auth_http");
  context.add(auth);

  return 0;
}

static DRIZZLE_SYSVAR_BOOL(
  enable,
  sysvar_auth_http_enable,
  PLUGIN_VAR_NOCMDARG,
  N_("Enable HTTP Auth check"),
  NULL, /* check func */
  NULL, /* update func */
  false /* default */);


static DRIZZLE_SYSVAR_STR(
  url,
  sysvar_auth_http_url,
  PLUGIN_VAR_READONLY,
  N_("URL for HTTP Auth check"),
  NULL, /* check func */
  NULL, /* update func*/
  "http://localhost/" /* default */);

static drizzle_sys_var* auth_http_system_variables[]= {
  DRIZZLE_SYSVAR(enable),
  DRIZZLE_SYSVAR(url),
  NULL
};


DRIZZLE_DECLARE_PLUGIN
{
  DRIZZLE_VERSION_ID,
  "auth_http",
  "0.1",
  "Mark Atwood",
  "HTTP based authenication.",
  PLUGIN_LICENSE_GPL,
  initialize, /* Plugin Init */
  auth_http_system_variables,
  NULL    /* config options */
}
DRIZZLE_DECLARE_PLUGIN_END;

1122.2.2 by Monty Taylor Added missing copyright headers. Added drizzled/global.h to a few things that	1	/* -- mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; --
974.2.1 by Mark Atwood add auth_http plugin	2	* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
1122.2.2 by Monty Taylor Added missing copyright headers. Added drizzled/global.h to a few things that	3	*
	4	* Copyright (C) 2009 Sun Microsystems
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; version 2 of the License.
	9	*
	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License
	16	* along with this program; if not, write to the Free Software
	17	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	18	*/
974.2.1 by Mark Atwood add auth_http plugin	19
1241.9.36 by Monty Taylor ZOMG. I deleted drizzled/server_includes.h.	20	#include "config.h"
974.2.1 by Mark Atwood add auth_http plugin	21
	22	#include <curl/curl.h>
	23
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	24	#include <string>
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	25	#include <cassert>
	26
	27	#include "drizzled/security_context.h"
	28	#include "drizzled/plugin/authentication.h"
	29	#include "drizzled/gettext.h"
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	30
1280.1.10 by Monty Taylor Put everything in drizzled into drizzled namespace.	31	using namespace drizzled;
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	32	using namespace std;
974.2.1 by Mark Atwood add auth_http plugin	33
	34	static bool sysvar_auth_http_enable= false;
	35	static char* sysvar_auth_http_url= NULL;
	36
1085.1.2 by Monty Taylor Fixed -Wmissing-declarations	37	static size_t curl_cb_read(void ptr, size_t size, size_t nmemb, void stream)
974.2.1 by Mark Atwood add auth_http plugin	38	{
	39	(void) ptr;
	40	(void) stream;
	41	return (size * nmemb);
	42	}
	43
	44
1130.1.1 by Monty Taylor Merged in plugin-slot-reorg patches.	45	class Auth_http : public drizzled::plugin::Authentication
974.2.1 by Mark Atwood add auth_http plugin	46	{
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	47	CURLcode rv;
	48	CURL *curl_handle;
974.2.1 by Mark Atwood add auth_http plugin	49	public:
1130.2.16 by Monty Taylor Cleaned up the constructor initializer lists per Brian.	50	Auth_http(std::string name_arg)
	51	: drizzled::plugin::Authentication(name_arg)
974.2.1 by Mark Atwood add auth_http plugin	52	{
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	53	// we are trusting that plugin initializers are called singlethreaded at startup
	54	// if something else also calls curl_global_init() in a threadrace while we are here,
	55	// we will crash the server.
	56	curl_handle= curl_easy_init();
974.2.1 by Mark Atwood add auth_http plugin	57
974.2.1 by Mark Atwood add auth_http plugin	58	// turn off curl stuff that might mess us up
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	59	rv= curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 0);
974.2.1 by Mark Atwood add auth_http plugin	60	rv= curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1);
	61	rv= curl_easy_setopt(curl_handle, CURLOPT_NOSIGNAL, 1);
	62
	63	// do a HEAD instead of a default GET
	64	rv= curl_easy_setopt(curl_handle, CURLOPT_NOBODY, 1);
	65
	66	// set the read callback. this shouldnt get called, because we are doing a HEAD
	67	rv= curl_easy_setopt(curl_handle, CURLOPT_READFUNCTION, curl_cb_read);
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	68	}
	69
	70	~Auth_http()
	71	{
	72	curl_easy_cleanup(curl_handle);
1324.2.3 by Monty Taylor Remove plugin deinit.	73	curl_global_cleanup();
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	74	}
	75
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	76	virtual bool authenticate(const SecurityContext &sctx, const string &password)
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	77	{
	78	long http_response_code;
	79
	80	if (sysvar_auth_http_enable == false)
	81	return true;
	82
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	83	assert(sctx.getUser().c_str());
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	84
974.2.1 by Mark Atwood add auth_http plugin	85
	86	// set the parameters: url, username, password
	87	rv= curl_easy_setopt(curl_handle, CURLOPT_URL, sysvar_auth_http_url);
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	88	#if defined(HAVE_CURLOPT_USERNAME)
	89
	90	rv= curl_easy_setopt(curl_handle, CURLOPT_USERNAME,
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	91	sctx.getUser().c_str());
	92	rv= curl_easy_setopt(curl_handle, CURLOPT_PASSWORD, password.c_str());
974.2.1 by Mark Atwood add auth_http plugin	93
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	94	#else
	95
1317.1.3 by Monty Taylor Fixed Authentication plugin interface to use SecurityContext rather than the	96	string userpwd(sctx.getUser());
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	97	userpwd.append(":");
	98	userpwd.append(password);
	99	rv= curl_easy_setopt(curl_handle, CURLOPT_USERPWD, userpwd.c_str());
	100
	101	#endif /* defined(HAVE_CURLOPT_USERNAME) */
	102
974.2.1 by Mark Atwood add auth_http plugin	103	// do it
	104	rv= curl_easy_perform(curl_handle);
	105
	106	// what did we get? goes into http_response_code
	107	rv= curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &http_response_code);
	108
	109	// so here is an interesting question.
	110	// return true if the response_code is 2XX, or return false if its 4XX
	111	// for now, return false for 401, true otherwise
	112	// this means that if the url breaks, then anyone can log in
	113	// this might be the wrong thing
	114
	115	if (http_response_code == 401)
	116	return false;
	117	return true;
	118	}
	119	};
	120
971.1.72 by Monty Taylor Migrated Mark's new plugin to new plugin registration.	121	Auth_http* auth= NULL;
	122
1324.2.2 by Monty Taylor Use the plugin::Context everywhere.	123	static int initialize(drizzled::plugin::Context &context)
974.2.1 by Mark Atwood add auth_http plugin	124	{
1089.1.2 by Brian Aker Rename work (cheery pick from new-cleanup). Jay's fix for auth_http. Update	125	/*
	126	* Per libcurl manual, in multi-threaded applications, curl_global_init() should
	127	* be called before curl_easy_init()...which is called in Auto_http's
	128	* constructor.
	129	*/
	130	if (curl_global_init(CURL_GLOBAL_NOTHING) != 0)
	131	return 1;
	132
1130.2.6 by Monty Taylor Merged in latest plugin-slot-reorg.	133	auth= new Auth_http("auth_http");
1324.2.2 by Monty Taylor Use the plugin::Context everywhere.	134	context.add(auth);
974.2.1 by Mark Atwood add auth_http plugin	135
	136	return 0;
	137	}
	138
	139	static DRIZZLE_SYSVAR_BOOL(
	140	enable,
	141	sysvar_auth_http_enable,
	142	PLUGIN_VAR_NOCMDARG,
	143	N_("Enable HTTP Auth check"),
	144	NULL, /* check func */
	145	NULL, /* update func */
	146	false /* default */);
	147
	148
	149	static DRIZZLE_SYSVAR_STR(
	150	url,
	151	sysvar_auth_http_url,
	152	PLUGIN_VAR_READONLY,
	153	N_("URL for HTTP Auth check"),
	154	NULL, /* check func */
	155	NULL, /* update func*/
	156	"http://localhost/" /* default */);
	157
1228.1.5 by Monty Taylor Merged in some naming things.	158	static drizzle_sys_var* auth_http_system_variables[]= {
974.2.1 by Mark Atwood add auth_http plugin	159	DRIZZLE_SYSVAR(enable),
	160	DRIZZLE_SYSVAR(url),
	161	NULL
	162	};
	163
	164
1228.1.5 by Monty Taylor Merged in some naming things.	165	DRIZZLE_DECLARE_PLUGIN
974.2.1 by Mark Atwood add auth_http plugin	166	{
1241.10.2 by Monty Taylor Added support for embedding the drizzle version number in the plugin file.	167	DRIZZLE_VERSION_ID,
974.2.1 by Mark Atwood add auth_http plugin	168	"auth_http",
	169	"0.1",
	170	"Mark Atwood",
971.1.76 by Monty Taylor Fixed a comment string.	171	"HTTP based authenication.",
974.2.1 by Mark Atwood add auth_http plugin	172	PLUGIN_LICENSE_GPL,
	173	initialize, /* Plugin Init */
	174	auth_http_system_variables,
	175	NULL /* config options */
	176	}
1228.1.5 by Monty Taylor Merged in some naming things.	177	DRIZZLE_DECLARE_PLUGIN_END;