[mod-vhost-ldap.git] / mod_vhost_ldap.h

/* ============================================================
 * Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas
 * All rights reserved.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *     http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * NOTE: only static members must be "used" to build, 
 * so for time-to-time used routines we don't declare static 
 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
 * version 2.0 - included ldap-based basic auth & authz
 * remember to add "-lcrypt" in Makefile if there's a need to generate new password
 * for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c
 */

#define CORE_PRIVATE
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_request.h"
#include "apr_ldap.h"
#include "apr_strings.h"
#include "apr_reslist.h"
#include "util_ldap.h"
#include "apr_md5.h"
#include "apr_sha1.h"
#include "unistd.h"
#include "crypt.h"

/* these are for checking unix crypt passwords */
#include <stdlib.h>
#include <sys/time.h>
#include <time.h>
#include <sys/types.h>

/*this functions are not needed, as apr_password_validate includes it on its own */
/*void to64(char *s, unsigned long v, int n)
{
    static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
    while (--n >= 0) {
       *s++ = itoa64[v&0x3f];
        v >>= 6;
    }
}

char *htenc(const char *clearpasswd) {
	//this function creates password compatible with htpasswd 
    char *res;
    char salt[9];
    (void) srand((int) time((time_t *) NULL));
    to64(&salt[0], rand(), 8);
    salt[8] = '\0';
    res = crypt(clearpasswd, salt);
    return res;
}
*/
/******************************************************************/
//this function creates salt for unix password crypt md5
/*
char *crypt_make_salt (void)
{
		
        struct timeval tv;
        static char result[40];

        result[0] = '\0';
        strcpy (result, "$1$"); // magic for the new MD5 crypt() 

        gettimeofday (&tv, (struct timezone *) 0);
        strcat (result, l64a (tv.tv_usec));
        strcat (result, l64a (tv.tv_sec + getpid () + clock ()));

        if (strlen (result) > 3 + 8) result[11] = '\0';

        return result;
}
*/
#ifndef APU_HAS_LDAP
#fatal "mod_vhost_ldap requires APR util to have LDAP support built in"
#endif

#ifdef MD5_CRYPT_ENAB
#undef MD5_CRYPT_ENAB
#endif

#define MD5_CRYPT_ENAB yes
#include "unixd.h"		/* Contains the suexec_identity hook used on Unix and needed for crypt() */

#define strtrue(s) (s && *s)	/* do not accept empty "" strings */
#define MIN_UID 100
#define MIN_GID 100
#define FILTER_LENGTH MAX_STRING_LEN
#define MSL MAX_STRING_LEN

/******************************************************************/
//need this global due to apache API construction
int mvhl_conf_enabled 		= 1;
int mvhl_conf_binddn 		= 2;
int mvhl_conf_bindpw 		= 3;
int mvhl_conf_deref 		= 4;
int mvhl_conf_wlcbasedn 	= 5;
int mvhl_conf_wucbasedn 	= 6;
int mvhl_conf_fallback 		= 7;
int mvhl_conf_aliasbasedn	= 8;
int mvhl_alias_enabled		= 9;
int mvhl_loc_auth_enabled	= 10;
int mvhl_dir_auth_enabled	= 11;
/******************************************************************/
#define MVHL_ENABLED 		&mvhl_conf_enabled
#define MVHL_BINDDN 		&mvhl_conf_binddn
#define MVHL_BINDPW 		&mvhl_conf_bindpw
#define MVHL_DEREF 			&mvhl_conf_deref
#define MVHL_WLCBASEDN 		&mvhl_conf_wlcbasedn
#define MVHL_WUCBASEDN 		&mvhl_conf_wucbasedn
#define MVHL_FALLBACK		&mvhl_conf_fallback
#define MVHL_ALIASBASEDN 	&mvhl_conf_aliasbasedn
#define MVHL_ALIASENABLED	&mvhl_alias_enabled
#define MVHL_LAUTHENABLED	&mvhl_loc_auth_enabled
#define MVHL_DAUTHENABLED	&mvhl_dir_auth_enabled

/******************************************************************/
typedef struct mvhl_config 
{
	int				enabled;		/* Is vhost_ldap enabled? */
	char 			*url;			/* String representation of LDAP URL */
	char 			*host;			/* Name of the LDAP server (or space separated list) */
	char			*fallback;		/* Name of the fallback vhost to return not-found info */
	int 			port;			/* Port of the LDAP server */
	char 			*basedn;		/* Base DN to do all searches from */
	int 			scope;			/* Scope of the search */
	char 			*filter;		/* Filter to further limit the search  */
	deref_options 	deref;			/* how to handle alias dereferening */
	char 			*binddn;		/* DN to bind to server (can be NULL) */
	char 			*bindpw;		/* Password to bind to server (can be NULL)  xx */
	int 			have_deref;		/* Set if we have found an Deref option */
	int 			have_ldap_url;	/* Set if we have found an LDAP url */
	char 			*wlcbasedn;		/* Base DN to do all location config searches */
	char 			*wucbasedn;		/* Base DN to do all webuser config searches */
	char			*aliasesbasedn;	/* Base DN to do all aliases config objects searches */
	int 			secure;			/* True if SSL connections are requested */
	int				alias_enabled;	/* 0 - disabled, 1 - enabled */
	int				loc_auth_enabled;	/* 0 - disabled, 1 - enabled */
	int				dir_auth_enabled;	/* 0 - disabled, 1 - enabled */
} mvhl_config;
/******************************************************************/
typedef struct mvhl_request 
{
	char	 			*dn;				/* The saved dn from a successful search */
	char 				*name;				/* apacheServerName */
	char 				*admin;				/* apacheServerAdmin */
	char 				*docroot;			/* apacheDocumentRoot */
	char 				*uid;				/* Suexec Uid */
	char 				*gid;				/* Suexec Gid */
	int 				has_reqlines;		/* we have require lines (1) or not (0) */
	int 				has_aliaslines;		/* we have aliases lines (1) or not (0) */
	apr_array_header_t 	*serveralias;		/* apacheServerAlias values */
	apr_array_header_t 	*rqlocationlines;	/* apacheExtConfigOptionsDn values */
	apr_array_header_t 	*aliaseslines;		/* apacheAliasesConfigOptionsDn values */
	
} mvhl_request;
/******************************************************************/
typedef struct mvhl_extconfig_object 
{	
	/* we use apr_array_header_t for multi-value attributed, 
	 * parsed later (yuck!) from ";" separated string
	 */
	char *extconfname;				/* apacheExtConfigObjectName, single-value, syntax SUP cn */
	apr_array_header_t *exturi;		/* apacheExtConfigUri MULTI-value, uri for which this settings are here
				 		 			 * should be used in combine with extconfig server name 
				 		 			 */
	apr_array_header_t *extdir;
	int extconftype;				/* apacheExtConfigRequireValidUser, single-value bool, 
				 		 			 * if TRUE then require valid-user, if FALSE userlist-type config 
				 		 			 */
	apr_array_header_t *extservername;	/* apacheExtConfigServerName" MULTI-value, */ 
	apr_array_header_t *extusers;		/* "apacheExtConfigUserDn"  MULTI-value, syntax SUP DN */

} mvhl_extconfig_object;
/******************************************************************/
typedef struct mvhl_aliasconf_object 
{	
	char *aliasconfname;						/* apacheAliasConfigObjectName, single value */
	apr_array_header_t *aliassourceuri;			/* apacheAliasConfigSourceUri */
	char *aliastargetdir;						/* apacheAliasConfigTargetDir */
	apr_array_header_t *aliasconfservername;	/* apacheAliasConfigServerName MULTI-value*/
} mvhl_aliasconf_object;
/******************************************************************/
typedef struct mvhl_webuser 
{
	char *webusername;						/* apacheExtConfigUserName, single-value */
	apr_array_header_t *webuserpassword;	/* userPassword, multi-value */
	apr_array_header_t *webuserserver;		/* apacheExtConfigUserServerName, server of this user, multi-value */
	apr_array_header_t *webuserlocationuri;	/* apacheExtConfigUserServerName, server of this user, multi-value */
	apr_array_header_t *webuserdirectory;	/* apacheExtConfigUserDirectoryName, server of this user, multi-value */
} mvhl_webuser;
Commit	Line	Data
9343eaf3 PW	1	/* ============================================================
	2	* Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas
	3	* All rights reserved.
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at
	7	* http://www.apache.org/licenses/LICENSE-2.0
	8	* Unless required by applicable law or agreed to in writing, software
	9	* distributed under the License is distributed on an "AS IS" BASIS,
	10	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	11	* See the License for the specific language governing permissions and
	12	* limitations under the License.
	13	* NOTE: only static members must be "used" to build,
	14	* so for time-to-time used routines we don't declare static
	15	* mod_vhost_ldap.c --- read virtual host config from LDAP directory
	16	* version 2.0 - included ldap-based basic auth & authz
	17	* remember to add "-lcrypt" in Makefile if there's a need to generate new password
	18	* for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c
	19	*/
	20
	21	#define CORE_PRIVATE
	22	#include "httpd.h"
	23	#include "http_config.h"
	24	#include "http_core.h"
	25	#include "http_log.h"
	26	#include "http_request.h"
	27	#include "apr_ldap.h"
	28	#include "apr_strings.h"
	29	#include "apr_reslist.h"
	30	#include "util_ldap.h"
	31	#include "apr_md5.h"
	32	#include "apr_sha1.h"
	33	#include "unistd.h"
	34	#include "crypt.h"
	35
	36	/* these are for checking unix crypt passwords */
	37	#include <stdlib.h>
	38	#include <sys/time.h>
	39	#include <time.h>
	40	#include <sys/types.h>
	41
	42	/this functions are not needed, as apr_password_validate includes it on its own /
	43	/void to64(char s, unsigned long v, int n)
	44	{
	45	static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
	46	while (--n >= 0) {
	47	*s++ = itoa64[v&0x3f];
	48	v >>= 6;
	49	}
	50	}
	51
	52	char htenc(const char clearpasswd) {
	53	//this function creates password compatible with htpasswd
	54	char *res;
	55	char salt[9];
	56	(void) srand((int) time((time_t *) NULL));
	57	to64(&salt[0], rand(), 8);
	58	salt[8] = '\0';
	59	res = crypt(clearpasswd, salt);
	60	return res;
	61	}
	62	*/
	63	/******************************************************************/
	64	//this function creates salt for unix password crypt md5
65	/*
66	char *crypt_make_salt (void)
67	{
68
69	struct timeval tv;
70	static char result[40];
71
72	result[0] = '\0';
73	strcpy (result, "$1$"); // magic for the new MD5 crypt()
74
75	gettimeofday (&tv, (struct timezone *) 0);
76	strcat (result, l64a (tv.tv_usec));
77	strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
78
79	if (strlen (result) > 3 + 8) result[11] = '\0';
80
81	return result;
82	}
83	*/
84	#ifndef APU_HAS_LDAP
85	#fatal "mod_vhost_ldap requires APR util to have LDAP support built in"
86	#endif
87
88	#ifdef MD5_CRYPT_ENAB
89	#undef MD5_CRYPT_ENAB
90	#endif
91
92	#define MD5_CRYPT_ENAB yes
93	#include "unixd.h" /* Contains the suexec_identity hook used on Unix and needed for crypt() */
94
95	#define strtrue(s) (s && s) / do not accept empty "" strings */
96	#define MIN_UID 100
97	#define MIN_GID 100
98	#define FILTER_LENGTH MAX_STRING_LEN
99	#define MSL MAX_STRING_LEN
100
101	/******************************************************************/
102	//need this global due to apache API construction
103	int mvhl_conf_enabled = 1;
104	int mvhl_conf_binddn = 2;
105	int mvhl_conf_bindpw = 3;
106	int mvhl_conf_deref = 4;
107	int mvhl_conf_wlcbasedn = 5;
108	int mvhl_conf_wucbasedn = 6;
109	int mvhl_conf_fallback = 7;
110	int mvhl_conf_aliasbasedn = 8;
111	int mvhl_alias_enabled = 9;
112	int mvhl_loc_auth_enabled = 10;
113	int mvhl_dir_auth_enabled = 11;
114	/******************************************************************/
115	#define MVHL_ENABLED &mvhl_conf_enabled
116	#define MVHL_BINDDN &mvhl_conf_binddn
117	#define MVHL_BINDPW &mvhl_conf_bindpw
118	#define MVHL_DEREF &mvhl_conf_deref
119	#define MVHL_WLCBASEDN &mvhl_conf_wlcbasedn
120	#define MVHL_WUCBASEDN &mvhl_conf_wucbasedn
121	#define MVHL_FALLBACK &mvhl_conf_fallback
122	#define MVHL_ALIASBASEDN &mvhl_conf_aliasbasedn
123	#define MVHL_ALIASENABLED &mvhl_alias_enabled
124	#define MVHL_LAUTHENABLED &mvhl_loc_auth_enabled
125	#define MVHL_DAUTHENABLED &mvhl_dir_auth_enabled
126
127	/******************************************************************/
128	typedef struct mvhl_config
129	{
130	int enabled; /* Is vhost_ldap enabled? */
131	char url; / String representation of LDAP URL */
132	char host; / Name of the LDAP server (or space separated list) */
133	char fallback; / Name of the fallback vhost to return not-found info */
134	int port; /* Port of the LDAP server */
135	char basedn; / Base DN to do all searches from */
136	int scope; /* Scope of the search */
137	char filter; / Filter to further limit the search */
138	deref_options deref; /* how to handle alias dereferening */
139	char binddn; / DN to bind to server (can be NULL) */
140	char bindpw; / Password to bind to server (can be NULL) xx */
141	int have_deref; /* Set if we have found an Deref option */
142	int have_ldap_url; /* Set if we have found an LDAP url */
143	char wlcbasedn; / Base DN to do all location config searches */
144	char wucbasedn; / Base DN to do all webuser config searches */
145	char aliasesbasedn; / Base DN to do all aliases config objects searches */
146	int secure; /* True if SSL connections are requested */
147	int alias_enabled; /* 0 - disabled, 1 - enabled */
148	int loc_auth_enabled; /* 0 - disabled, 1 - enabled */
149	int dir_auth_enabled; /* 0 - disabled, 1 - enabled */
150	} mvhl_config;
151	/******************************************************************/
152	typedef struct mvhl_request
153	{
154	char dn; / The saved dn from a successful search */
155	char name; / apacheServerName */
156	char admin; / apacheServerAdmin */
157	char docroot; / apacheDocumentRoot */
158	char uid; / Suexec Uid */
159	char gid; / Suexec Gid */
160	int has_reqlines; /* we have require lines (1) or not (0) */
161	int has_aliaslines; /* we have aliases lines (1) or not (0) */
162	apr_array_header_t serveralias; / apacheServerAlias values */
163	apr_array_header_t rqlocationlines; / apacheExtConfigOptionsDn values */
164	apr_array_header_t aliaseslines; / apacheAliasesConfigOptionsDn values */
165
166	} mvhl_request;
167	/******************************************************************/
168	typedef struct mvhl_extconfig_object
169	{
170	/* we use apr_array_header_t for multi-value attributed,
171	* parsed later (yuck!) from ";" separated string
172	*/
173	char extconfname; / apacheExtConfigObjectName, single-value, syntax SUP cn */
174	apr_array_header_t exturi; / apacheExtConfigUri MULTI-value, uri for which this settings are here
175	* should be used in combine with extconfig server name
176	*/
177	apr_array_header_t *extdir;
178	int extconftype; /* apacheExtConfigRequireValidUser, single-value bool,
179	* if TRUE then require valid-user, if FALSE userlist-type config
180	*/
181	apr_array_header_t extservername; / apacheExtConfigServerName" MULTI-value, */
182	apr_array_header_t extusers; / "apacheExtConfigUserDn" MULTI-value, syntax SUP DN */
183
184	} mvhl_extconfig_object;
185	/******************************************************************/
186	typedef struct mvhl_aliasconf_object
187	{
188	char aliasconfname; / apacheAliasConfigObjectName, single value */
189	apr_array_header_t aliassourceuri; / apacheAliasConfigSourceUri */
190	char aliastargetdir; / apacheAliasConfigTargetDir */
191	apr_array_header_t aliasconfservername; / apacheAliasConfigServerName MULTI-value*/
192	} mvhl_aliasconf_object;
193	/******************************************************************/
194	typedef struct mvhl_webuser
195	{
196	char webusername; / apacheExtConfigUserName, single-value */
197	apr_array_header_t webuserpassword; / userPassword, multi-value */
198	apr_array_header_t webuserserver; / apacheExtConfigUserServerName, server of this user, multi-value */
199	apr_array_header_t webuserlocationuri; / apacheExtConfigUserServerName, server of this user, multi-value */
200	apr_array_header_t webuserdirectory; / apacheExtConfigUserDirectoryName, server of this user, multi-value */
201	} mvhl_webuser;