Bug 68282

Summary: Variables of AuthDBDUserPWQuery 'AUTHENTICATE_<column-name>' are not available when mod_authn_dbd is used with mod_authz_dbd.
Product: Apache httpd-2 Reporter: duran_tci
Component: mod_authz_dbdAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal    
Priority: P2    
Version: 2.4.57   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description duran_tci 2023-12-03 19:20:53 UTC
Hi all,

We find out that all variables generated autmatically from DB Select query by AuthDBDUserPWQuery (usually called 'AUTHENTICATE_<column-name>'), are not available when mod_authn_dbd is used with mod_authz_dbd.

In this configuration example environment variable 'AUTHENTICATE_ADDR' is empty or not available:
        <Proxy *>
          AuthType Basic
          AuthName "Apache AuthDB PoC"
          AuthBasicProvider dbd

          AuthDBDUserPWQuery "SELECT token,user,addr FROM tokens.token WHERE user = %s"

         Require dbd-login
         AuthzDBDQuery "UPDATE tokens.token SET login_count=(login_count+1) WHERE user = %s"

          <RequireAll>
            Require valid-user
            <RequireAny>
              Require expr "env('AUTHENTICATE_ADDR') == ''"
              Require expr "env('AUTHENTICATE_ADDR') == 'physical'"
	      Require expr "env('AUTHENTICATE_ADDR') == 'digital'"
            </RequireAny>
          </RequireAll>

        </Proxy>

In the other hand, if we remove next lines from previous example, 'AUTHENTICATE_ADDR' environment variable is available and it comes filled with its value:
         Require dbd-login
         AuthzDBDQuery "UPDATE tokens.token SET login_count=(login_count+1) WHERE user = %s"

We think that it might be a little bug where mod_authz_dbd module overlap or removes the environment variables created by AuthDBDUserPWQuery statement.

Thank you for your support.