Modify mod_auth_http to add a time parameter.

I have some code working now (mod_auth_mysql) and just want to add one tiny thing to it.

Something that should be super easy, but I've been messing with it for a couple of hours and can't figure it out as I'm not worth a flip in C++.

The code currently supports passing parameters to it like %a for IP address and other stuff...

I Just want to add a new parameter called %t to compare what I pass to the current UNIX time.

Here are what I think is the important parts of the code and the areas I believe it would be easy to insert what I want.

Somewhere in these areas I just need to get a time(NULL) to compare the %t I want to pass to it. I just don't know how to add it...

So below is how the original code is now. I just need to know how to add the new %t parameter and make it match again the current time(NULL).

Code:

*****SNIP*****

static char * format_remote_ip(request_rec * r, char ** parm);

*****SNIP*****

typedef struct {                /* User formatting patterns */
  char pattern;                 /* Pattern to match */
  char * (*func)(request_rec * r, char ** parm);
} format;

format formats[] = {{'h', format_remote_host},
                    {'a', format_remote_ip},

/* In this area I need to add the 't' to do the time thing! */

*****SNIP*****

static char * format_remote_ip(request_rec * r, char ** parm) {
  return r->connection->remote_ip;
}

*****SNIP*****

>> I Just want to add a new parameter called %t to compare what I pass to the current UNIX time.

Compare and...what?

I'm going to hazaard a guess here and imagine you meant that you wanted something like:

Code:

static char * format_remote_ip(request_rec * r, char ** parm) {
  return ctime(&r->request_time);
}

What the program does now is let you include some request via the config script to be able to compare and match stuff from Apache to stuff in the database, so if you used the included %a you could match the Remote IP Address address with one in the database and allow or deny based on that.

All the current parameters pull stuff from Apache itself. Unless Apache can reply back with the current system time with that request you mentioned I was just thinking of putting in something that would get the current time from the time(NULL) function.

I was just including all the other stuff around the areas the program currently uses to show how it is setting up stuff and using it now and was trying to figure out how to get it to be able to compare the current UNIX time to some data in the database.

So in the config file I want to have something like this:
AuthMySQLUserCondition "timerow > '%t'"

And it would then compare the value in "timerow" with the current time and if the "timerow" had a greater value it would come back as OK and give a good auth.

I will try your code as it should in theory produce pretty much the same result as using a live time(NULL)!! Thanks for the input!! I'll write back when I get to try it out!!

>> And it would then compare the value in "timerow" with the current time and if the "timerow" had a greater value it would come back as OK and give a good auth.

In that case, the code I posted probably wouldn't be what you're looking to do. The format_XXX functions appear to be *just* for string formatting, not for accessing external databases or anything else.

Well, just taking a brief look at the sql module it isn't apparent where you can hook into the configuration file. My guess is this isn't nearly as simple as you imagine. Of course, I know very little about the Apache codebase so I could be wrong.

Having said that, if you're needing to do this check on every database every time, you could probably modify the 'get_mysql_pw' function pretty easily, but then that would be sort of like using a sladgehammer to set a thumbtack, and not the best solution IMO.

Yeah, I just tried it and it compiles, but didn't work as expected.

It does seem attempt to do a match, but doesn't seem to be time related. If I set the config to this:
AuthMySQLUserCondition "timerow > '%t'"

Anything but a "0" in the "timerow" will match the above > match.

So I don't know what is being put in the %t from the code you mentioned. Could it be a case of comparing different types of data?

Or maybe it is the way I am using the code. Here is the code I put in based on the code you mentioned:

Code:

******* SNIP *******

static char * format_the_time(request_rec * r, char ** parm);

******* SNIP *******

typedef struct {                /* User formatting patterns */
  char pattern;                 /* Pattern to match */
  char * (*func)(request_rec * r, char ** parm);
} format;

format formats[] = {{'h', format_remote_host},
                    {'a', format_remote_ip},
                    {'t', format_the_time},

******* SNIP *******

static char * format_the_time(request_rec * r, char ** parm) {
  return ctime(&r->request_time);
}

******* SNIP *******

>> It does seem attempt to do a match, but doesn't seem to be time related. If I set the config to this: AuthMySQLUserCondition "timerow > '%t'"

Well I was returning a string in that example as I wasn't quite sure what you were wanting to do. You could try something like this:

Code:

static char * format_the_time(request_rec * r, char ** parm) {
  static char buffer[ 64 ];
  unsigned int now = (unsigned int)time(NULL);
  sprintf(buffer, "%u", now);	  
  return buffer;
}

But even if it does work keep in mind that:
1) Technically, time_t doesn't have to be convertible to an unsigned int. It usually is, but that's just something to keep in mind for portability.
2) The code isn't thread safe. That just means that theoretically the buffer could be written to simultaeneously by multiple threads, which could cause false-positives and false-rejects, of course. So ideally, the code should really be protected by some synchronization mechanism.

EDIT: One more thing, instead of using the result from the 'time' function, you could instead use r->request_time, of course. Not sure which would be more appropriate for you, though.

That new code works!!

I just tried it and it seems to work as expected.

What would have to be done to make it thread safe? Would it really matter that much? Shouldn't it be a few seconds here or there??

It should always be written with the current time... I would assume, so unless there might be a problem with writing to it while another process is reading it and breaking something?!?!? :-) Is that possible?

Back in 1998 I hacked something similar on the old mod_auth_mysql using about 3 lines of new code and the time(0) function and have been using it for the last 10 years without a problem, but working with the new Apache 2.0 and new mod_auth_mysql made my programming rustyness flake off!! :-)

Thanks for all the help!!! You ROCK!!

>> What would have to be done to make it thread safe?

It would basically require synchronization somewhere within the function that is *calling* that function. Having said that, now that I think about it I can't imagine Apache doesn't already take care of this since all of those types of functions are returning static variables. Not sure tho'.

>> Would it really matter that much? Shouldn't it be a few seconds here or there??

Depending on the internals of sprintf, it may or it may not. It's difficult to say, definitively, but I would guess there's a pretty good chance that you're right.

>> Back in 1998 I hacked something similar on the old mod_auth_mysql using about 3 lines of new code and the time(0) function and have been using it for the last 10 years without a problem, but working with the new Apache 2.0 and new mod_auth_mysql made my programming rustyness flake off!! :-)

Yes, it's always good to get a little excercise now and then.

Well thanks again!! It all seems great so far!!

Now on to the other 1000 things that need to be tweaked when migrating to a new server from a 6 year old model!!