Apache2 module: mod_auth_cookie_pgsql2

An apache2 module which provides authentication using cookie and PostgreSQL.

What's this?

This is a rewrite of mod_auth_cookie_mysql2, has the same function but for PostgreSQL instead of mysql.

Description

Instead of basic auth you can authorize your users with cookies. An external script (perl, C, php, ..) sets the cookie and this module checks it against a PostgreSQL database. The data stored in the cookie are compared to the data in PostgreSQL database. Additionally you can add checks for session expiry and the correct remote ip.

Features

Fake Basic Auth with Cookies
Can check expiry information stored in database against cookie
Can check if the remote IP is equal to the IP stored in database

Installation

Edit the Makefile.
# make
# cp .libs/mod_auth_cookie_pgsql2.so PATH_TO_APACHE_MODULE_DIRECTORY
Edit your httpd.conf to load the module.

Configuration

There are configuration directives you can set.

Name	Values	Description	Required
CookiePgsqlAuth	{on\|off}	Activates this module	YES
CookiePgsqlAuth_DBhost	<hostname> or <IP>	Hostname or IP of the host where postmaster is running on	YES
CookiePgsqlAuth_DBport	<dbport>	Port number which postmaster is listening to	YES
CookiePgsqlAuth_DBName	<dbname>	Name of the database in PostgreSQL	YES
CookiePgsqlAuth_DBtable	<dbtable>	Tablename in database	YES
CookiePgsqlAuth_DBUser	<username>	Username for PostgreSQL connection	YES
CookiePgsqlAuth_DBPassword	<password>	Password for PostgreSQL connection	YES
CookiePgsqlAuth_UsernameField	<fieldname>	Field in PostgreSQL table where username of session is stored. This username is displayed as the "Remote Username" variable "REMOTE_USER" in Apache	YES
CookiePgsqlAuth_SessnameField	<fieldname>	Field in PostgreSQL table where session name is stored in. This is the name of the cookie !	YES
CookiePgsqlAuth_SessvalField	<fieldname>	Field in PostgreSQL table where session value (this is the value which is compared with the cookie value) is stored in	YES
CookiePgsqlAuth_CookieName	<name>	If this option is set, only the cookie with this name is searched. If it is not set, this module searches all cookies the browser sends and checks the name against the values in Sessname field and its value against Sessval field.	OPTIONAL
CookiePgsqlAuth_ExpiryField	<fieldname>	When this option is set, the current time of the webserver is compared against this field in the database. This value is: time in seconds since 01.01.1970 (unix timestamp).	OPTIONAL
CookiePgsqlAuth_RemoteIPField	<fieldname>	When this option is set, the remote address of the connected client is checked against this field. Only when the remote IP and the stored IP are eqal the client can authorize	OPTIONAL
CookiePgsqlAuth_FailureURL	<URL>	Normally, when the authorization failed, the client gets a "AUTHORIZATION REQUIRED" message from the webserver, when this option is set, you can redirect the client to another URL instead of "AUTHORIZATION REQUIRED"	OPTIONAL

Examples

PostgreSQL table

CREATE TABLE inter_sessions (
    sessname character varying(32) DEFAULT ''::character varying NOT NULL,
    sesskey character varying(32) DEFAULT ''::character varying NOT NULL,
    expiry bigint DEFAULT 0 NOT NULL,
    remoteip character varying(15) DEFAULT ''::character varying NOT NULL,
    username character varying(32) DEFAULT ''::character varying NOT NULL
);
ALTER TABLE ONLY inter_sessions
    ADD CONSTRAINT inter_sessions_primary_key PRIMARY KEY (sessname, sesskey);

Apache Config

 AuthName "SomeName"
 AuthType Cookie

 CookiePgsqlAuth on
 CookiePgsqlAuth_DBhost localhost
 CookiePgsqlAuth_DBport 5432
 CookiePgsqlAuth_DBName authdb

 CookiePgsqlAuth_DBUser test
 CookiePgsqlAuth_DBPassword test

 CookiePgsqlAuth_DBtable inter_sessions
 CookiePgsqlAuth_UsernameField username
 CookiePgsqlAuth_SessnameField sessname
 CookiePgsqlAuth_SessvalField sesskey
 CookiePgsqlAuth_CookieName testCookie
 CookiePgsqlAuth_ExpiryField expiry
 CookiePgsqlAuth_RemoteIPField remoteip
 CookiePgsqlAuth_FailureURL /error.html

 require user testuser

Script to set cookie

<?php
  include"DB.php";
  $ip=getenv("REMOTE_ADDR");
  $sessname="abc";
  $sesskey="abc";
  $expires= time()+60*60*24*30;//expiresin one month
  $word = '';
  $dsn="pgsql://test:test@localhost/authdb";
  $conn = DB::connect($dsn);
  if(DB::isError($conn)) exit($conn->getMessage());

  if ($_COOKIE[$sessname] == $sesskey) {
    // logout emulation
    $cookie = setcookie($sessname, "");
    $word = 'remove cookie';
    $query = "delete from inter_sessions";
    $sth = $conn->prepare($query);
    $conn->execute($sth);
  } else {
    // login emulation
    $cookie = setcookie($sessname,$sesskey);
    $word = 'set fine cookie';
    $query = "INSERT INTO inter_sessions VALUES"
      ." ('$sessname', '$sesskey', '$expires', '$ip', 'test')";
    $sth = $conn->prepare($query);
    $conn->execute($sth);
  }

  $conn->disconnect();
?>
<html>
<?php
  print_r($word);
?>
</html>

Bugs

If you found a bug, please report it to me.

License

This module is licensed under the Apache License.

Download

mod_auth_cookie_pgsql2-0.2.tar.gz
Old version.

Binaries

debian package

Contact

If you have questions or bug reports, please feel free to contact me.

Email: tmatsuo at shehas.net

Website: http://mars.shehas.net/software/mod_auth_cookie_pgsql2.html