[mod-vhost-ldap.git] / mod_vhost_ldap.c

/* ============================================================
 * Copyright (c) 2003-2004, Ondrej Sury
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * 
 */

/*
 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
 */

#define CORE_PRIVATE

#include <unistd.h>

#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_request.h"
#include "apr_ldap.h"
#include "apr_strings.h"
#include "apr_reslist.h"
#include "util_ldap.h"

#ifndef APU_HAS_LDAP
#error mod_vhost_ldap requires APR-util to have LDAP support built in
#endif

#if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
#define HAVE_UNIX_SUEXEC
#endif

#ifdef HAVE_UNIX_SUEXEC
#include "unixd.h"              /* Contains the suexec_identity hook used on Unix */
#endif

#define MIN_UID 100
#define MIN_GID 100

module AP_MODULE_DECLARE_DATA vhost_ldap_module;

typedef enum {
    MVL_UNSET, MVL_DISABLED, MVL_ENABLED
} mod_vhost_ldap_status_e;

typedef struct mod_vhost_ldap_config_t {
    mod_vhost_ldap_status_e enabled;			/* Is vhost_ldap enabled? */

    /* These parameters are all derived from the VhostLDAPURL directive */
    char *url;				/* String representation of LDAP URL */

    char *host;				/* Name of the LDAP server (or space separated list) */
    int port;				/* Port of the LDAP server */
    char *basedn;			/* Base DN to do all searches from */
    int scope;				/* Scope of the search */
    char *filter;			/* Filter to further limit the search  */
    deref_options deref;		/* how to handle alias dereferening */

    char *binddn;			/* DN to bind to server (can be NULL) */
    char *bindpw;			/* Password to bind to server (can be NULL) */

    int have_deref;                     /* Set if we have found an Deref option */
    int have_ldap_url;			/* Set if we have found an LDAP url */

    int secure;				/* True if SSL connections are requested */
} mod_vhost_ldap_config_t;

typedef struct mod_vhost_ldap_request_t {
    char *dn;				/* The saved dn from a successful search */
    char *name;				/* ServerName */
    char *admin;			/* ServerAdmin */
    char *docroot;			/* DocumentRoot */
    char *cgiroot;			/* ScriptAlias */
    char *uid;				/* Suexec Uid */
    char *gid;				/* Suexec Gid */
} mod_vhost_ldap_request_t;

char *attributes[] =
  { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };

static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
{
    /* make sure that mod_ldap (util_ldap) is loaded */
    if (ap_find_linked_module("util_ldap.c") == NULL) {
        ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
                     "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
                     "must be loaded in order for mod_vhost_ldap to function properly");
        return HTTP_INTERNAL_SERVER_ERROR;

    }

    ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);

    return OK;
}

static void *
mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
{
    mod_vhost_ldap_config_t *conf =
	(mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));

    conf->enabled = MVL_UNSET;
    conf->have_ldap_url = 0;
    conf->have_deref = 0;
    conf->binddn = NULL;
    conf->bindpw = NULL;
    conf->deref = always;

    return conf;
}

static void *
mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
{
    mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
    mod_vhost_ldap_config_t *child  = (mod_vhost_ldap_config_t *) childv;
    mod_vhost_ldap_config_t *conf =
	(mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));

    if (child->enabled == MVL_UNSET) {
	conf->enabled = parent->enabled;
    } else {
	conf->enabled = child->enabled;
    }

    if (child->have_ldap_url) {
	conf->have_ldap_url = child->have_ldap_url;
	conf->url = child->url;
	conf->host = child->host;
	conf->port = child->port;
	conf->basedn = child->basedn;
	conf->scope = child->scope;
	conf->filter = child->filter;
	conf->secure = child->secure;
    } else {
	conf->have_ldap_url = parent->have_ldap_url;
	conf->url = parent->url;
	conf->host = parent->host;
	conf->port = parent->port;
	conf->basedn = parent->basedn;
	conf->scope = parent->scope;
	conf->filter = parent->filter;
	conf->secure = parent->secure;
    }
    if (child->have_deref) {
	conf->have_deref = child->have_deref;
	conf->deref = child->deref;
    } else {
	conf->have_deref = parent->have_deref;
	conf->deref = parent->deref;
    }

    conf->binddn = (child->binddn ? child->binddn : parent->binddn);
    conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);

    return conf;
}

/* 
 * Use the ldap url parsing routines to break up the ldap url into
 * host and port.
 */
static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd, 
					    void *dummy,
					    const char *url)
{
    int result;
    apr_ldap_url_desc_t *urld;

    mod_vhost_ldap_config_t *conf =
	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
							&vhost_ldap_module);

    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
	         cmd->server, "[mod_vhost_ldap.c] url parse: `%s'", 
	         url);

    result = apr_ldap_url_parse(url, &(urld));
    if (result != LDAP_SUCCESS) {
        switch (result) {
        case LDAP_URL_ERR_NOTLDAP:
            return "LDAP URL does not begin with ldap://";
        case LDAP_URL_ERR_NODN:
            return "LDAP URL does not have a DN";
        case LDAP_URL_ERR_BADSCOPE:
            return "LDAP URL has an invalid scope";
        case LDAP_URL_ERR_MEM:
            return "Out of memory parsing LDAP URL";
        default:
            return "Could not parse LDAP URL";
        }
    }
    conf->url = apr_pstrdup(cmd->pool, url);

    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
	         cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
	         cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
	         cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
	         cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
	         cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s", 
	         (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" : 
		 urld->lud_scope == LDAP_SCOPE_BASE? "base" : 
		 urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
	         cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);

    /* Set all the values, or at least some sane defaults */
    if (conf->host) {
        char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
        strcpy(p, urld->lud_host);
        strcat(p, " ");
        strcat(p, conf->host);
        conf->host = p;
    }
    else {
        conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
    }
    conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";

    conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
        LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;

    if (urld->lud_filter) {
        if (urld->lud_filter[0] == '(') {
            /* 
	     * Get rid of the surrounding parens; later on when generating the
	     * filter, they'll be put back.
             */
            conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
            conf->filter[strlen(conf->filter)-1] = '\0';
        }
        else {
            conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
        }
    }
    else {
        conf->filter = "objectClass=apacheConfig";
    }

      /* "ldaps" indicates secure ldap connections desired
      */
    if (strncasecmp(url, "ldaps", 5) == 0)
    {
        conf->secure = 1;
        conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
                     "LDAP: vhost_ldap using SSL connections");
    }
    else
    {
        conf->secure = 0;
        conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, 
                     "LDAP: vhost_ldap not using SSL connections");
    }

    conf->have_ldap_url = 1;
    apr_ldap_free_urldesc(urld);
    return NULL;
}

static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
{
    mod_vhost_ldap_config_t *conf =
	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
							 &vhost_ldap_module);

    conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;

    return NULL;
}

static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
{
    mod_vhost_ldap_config_t *conf =
	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
							 &vhost_ldap_module);

    conf->binddn = apr_pstrdup(cmd->pool, binddn);
    return NULL;
}

static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
{
    mod_vhost_ldap_config_t *conf =
	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
							 &vhost_ldap_module);

    conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
    return NULL;
}

static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
{
    mod_vhost_ldap_config_t *conf = 
	(mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
							 &vhost_ldap_module);

    if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
        conf->deref = never;
	conf->have_deref = 1;
    }
    else if (strcmp(deref, "searching") == 0) {
        conf->deref = searching;
	conf->have_deref = 1;
    }
    else if (strcmp(deref, "finding") == 0) {
        conf->deref = finding;
	conf->have_deref = 1;
    }
    else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
        conf->deref = always;
	conf->have_deref = 1;
    }
    else {
        return "Unrecognized value for VhostLDAPAliasDereference directive";
    }
    return NULL;
}

command_rec mod_vhost_ldap_cmds[] = {
    AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
                  "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
                  "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
                  "<ul>\n"
                  "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
                  "to specify redundant servers.\n"
                  "<li>Port is optional, and specifies the port to connect to.\n"
                  "<li>basedn specifies the base DN to start searches from\n"
                  "</ul>\n"),

    AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
		   "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
    
    AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
                  "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),

    AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
                 "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),

    AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
                  "Determines how aliases are handled during a search. Can be one of the"
                  "values \"never\", \"searching\", \"finding\", or \"always\". "
                  "Defaults to always."),

    {NULL}
};

#define FILTER_LENGTH MAX_STRING_LEN
static int
mod_vhost_ldap_translate_name (request_rec * r)
{
    apr_table_t *e;
    int failures = 0;
    const char **vals = NULL;
    char filtbuf[FILTER_LENGTH];
    mod_vhost_ldap_config_t *conf =
	(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
    core_server_config * core =
	(core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
    util_ldap_connection_t *ldc = NULL;
    int result = 0;
    const char *dn = NULL;
    char *cgi;

    mod_vhost_ldap_request_t *req =
	(mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
    ap_set_module_config(r->request_config, &vhost_ldap_module, req);

    // mod_vhost_ldap is disabled or we don't have LDAP Url
    if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
	return DECLINED;
    }

start_over:

    if (conf->host) {
        ldc = util_ldap_connection_find(r, conf->host, conf->port,
					conf->binddn, conf->bindpw, conf->deref,
					conf->secure);
    }
    else {
        ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, 
                      "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
        return DECLINED;
    }

    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
		   "[mod_vhost_ldap.c]: translating %s", r->uri);

    apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, r->hostname, r->hostname);

    result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
				       attributes, filtbuf, &dn, &vals);

    util_ldap_connection_close(ldc);

    /* sanity check - if server is down, retry it up to 5 times */
    if (result == LDAP_SERVER_DOWN) {
        if (failures++ <= 5) {
            goto start_over;
        }
    }

    /* handle bind failure */
    if (result != LDAP_SUCCESS) {
        ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, 
                      "[mod_vhost_ldap.c] translate: "
                      "translate failed; VHost %s; URI %s[%s]",
		      r->hostname, r->uri, ldap_err2string(result));
	return DECLINED;
    }

    /* mark the user and DN */
    req->dn = apr_pstrdup(r->pool, dn);

    /* Optimize */
    if (vals) {
	int i = 0;
	while (attributes[i]) {

	    if (strcasecmp (attributes[i], "apacheServerName") == 0) {
		req->name = apr_pstrdup (r->pool, vals[i]);
	    }
	    else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
		req->admin = apr_pstrdup (r->pool, vals[i]);
	    }
	    else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
		req->docroot = apr_pstrdup (r->pool, vals[i]);
	    }
	    else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
		req->cgiroot = apr_pstrdup (r->pool, vals[i]);
	    }
	    else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
		req->uid = apr_pstrdup(r->pool, vals[i]);
	    }
	    else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
		req->gid = apr_pstrdup(r->pool, vals[i]);
	    }
	    i++;
	}
    }

    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
		  "[mod_vhost_ldap.c]: loaded from ldap: "
		  "apacheServerName: %s, "
		  "apacheServerAdmin: %s, "
		  "apacheDocumentRoot: %s, "
		  "apacheScriptAlias: %s, "
		  "apacheSuexecUid: %s, "
		  "apacheSuexecGid: %s"
		  , req->name, req->admin, req->docroot, req->cgiroot, req->uid, req->gid);

    if ((req->name == NULL)||(req->docroot == NULL)) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, 
                      "[mod_vhost_ldap.c] translate: "
                      "translate failed; ServerName or DocumentRoot not defined");
	return DECLINED;
    }

    cgi = NULL;
  
    if (req->cgiroot) {
	cgi = strstr(r->uri, "cgi-bin/");
	if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
	    cgi = NULL;
	}
    }
    if (cgi) {
	r->filename = apr_pstrcat (r->pool, req->cgiroot, cgi + strlen("cgi-bin"), NULL);
	r->handler = "cgi-script";
	apr_table_setn(r->notes, "alias-forced-type", r->handler);
    } else if (r->uri[0] == '/') {
	r->filename = apr_pstrcat (r->pool, req->docroot, r->uri, NULL);
    } else {
	return DECLINED;
    }

    r->server->server_hostname = apr_pstrdup (r->pool, req->name);

    if (req->admin) {
	r->server->server_admin = apr_pstrdup (r->pool, req->admin);
    }

    // set environment variables
    e = r->subprocess_env;
    apr_table_addn (e, "SERVER_ROOT", req->docroot);

    core->ap_document_root = apr_pstrdup(r->pool, req->docroot);

    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
		  "[mod_vhost_ldap.c]: translated to %s", r->filename);

    return OK;
}

#ifdef HAVE_UNIX_SUEXEC
static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
{
  ap_unix_identity_t *ugid = NULL;
  mod_vhost_ldap_config_t *conf = 
      (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
						      &vhost_ldap_module);
  mod_vhost_ldap_request_t *req =
      (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
						       &vhost_ldap_module);

  uid_t uid = -1;
  gid_t gid = -1;

  // mod_vhost_ldap is disabled or we don't have LDAP Url
  if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
      return NULL;
  }

  if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
      return NULL;
  }

  if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
      return NULL;
  }

  uid = (uid_t)atoll(req->uid);
  gid = (gid_t)atoll(req->gid);

  if ((uid < MIN_UID)||(gid < MIN_GID)) {
      return NULL;
  }

  ugid->uid = uid;
  ugid->gid = gid;
  ugid->userdir = 0;
  
  return ugid;
}
#endif

static void
mod_vhost_ldap_register_hooks (apr_pool_t * p)
{
    ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, NULL, APR_HOOK_MIDDLE);
#ifdef HAVE_UNIX_SUEXEC
    ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
#endif
}

module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
  STANDARD20_MODULE_STUFF,
  NULL,
  NULL,
  mod_vhost_ldap_create_server_config,
  mod_vhost_ldap_merge_server_config,
  mod_vhost_ldap_cmds,
  mod_vhost_ldap_register_hooks,
};
Commit	Line	Data
7f9875bb OS	1	/* ============================================================
	2	* Copyright (c) 2003-2004, Ondrej Sury
	3	* All rights reserved.
	4	*
	5	* Licensed under the Apache License, Version 2.0 (the "License");
	6	* you may not use this file except in compliance with the License.
	7	* You may obtain a copy of the License at
	8	*
	9	* http://www.apache.org/licenses/LICENSE-2.0
	10	*
	11	* Unless required by applicable law or agreed to in writing, software
	12	* distributed under the License is distributed on an "AS IS" BASIS,
	13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	14	* See the License for the specific language governing permissions and
	15	* limitations under the License.
	16	*
	17	*/
	18
	19	/*
	20	* mod_vhost_ldap.c --- read virtual host config from LDAP directory
	21	*/
	22
9ee2dda1	23	#define CORE_PRIVATE
9ee2dda1	24
7f9875bb OS	25	#include <unistd.h>
	26
	27	#include "httpd.h"
	28	#include "http_config.h"
	29	#include "http_core.h"
	30	#include "http_log.h"
	31	#include "http_request.h"
	32	#include "apr_ldap.h"
	33	#include "apr_strings.h"
	34	#include "apr_reslist.h"
	35	#include "util_ldap.h"
	36
	37	#ifndef APU_HAS_LDAP
	38	#error mod_vhost_ldap requires APR-util to have LDAP support built in
	39	#endif
	40
	41	#if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
	42	#define HAVE_UNIX_SUEXEC
	43	#endif
	44
	45	#ifdef HAVE_UNIX_SUEXEC
	46	#include "unixd.h" /* Contains the suexec_identity hook used on Unix */
	47	#endif
	48
d129bb81 OS	49	#define MIN_UID 100
d129bb81 OS	50	#define MIN_GID 100
7f9875bb OS	51
	52	module AP_MODULE_DECLARE_DATA vhost_ldap_module;
	53
8196fae3 OS	54	typedef enum {
	55	MVL_UNSET, MVL_DISABLED, MVL_ENABLED
	56	} mod_vhost_ldap_status_e;
	57
7f9875bb	58	typedef struct mod_vhost_ldap_config_t {
8196fae3	59	mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
7f9875bb OS	60
	61	/* These parameters are all derived from the VhostLDAPURL directive */
	62	char url; / String representation of LDAP URL */
	63
	64	char host; / Name of the LDAP server (or space separated list) */
	65	int port; /* Port of the LDAP server */
	66	char basedn; / Base DN to do all searches from */
	67	int scope; /* Scope of the search */
	68	char filter; / Filter to further limit the search */
	69	deref_options deref; /* how to handle alias dereferening */
	70
	71	char binddn; / DN to bind to server (can be NULL) */
	72	char bindpw; / Password to bind to server (can be NULL) */
	73
8196fae3	74	int have_deref; /* Set if we have found an Deref option */
7f9875bb OS	75	int have_ldap_url; /* Set if we have found an LDAP url */
	76
	77	int secure; /* True if SSL connections are requested */
	78	} mod_vhost_ldap_config_t;
	79
	80	typedef struct mod_vhost_ldap_request_t {
	81	char dn; / The saved dn from a successful search */
	82	char name; / ServerName */
	83	char admin; / ServerAdmin */
	84	char docroot; / DocumentRoot */
9ee2dda1	85	char cgiroot; / ScriptAlias */
7f9875bb OS	86	char uid; / Suexec Uid */
	87	char gid; / Suexec Gid */
	88	} mod_vhost_ldap_request_t;
	89
	90	char *attributes[] =
6f705808	91	{ "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
7f9875bb OS	92
	93	static int mod_vhost_ldap_post_config(apr_pool_t p, apr_pool_t plog, apr_pool_t ptemp, server_rec s)
	94	{
	95	/* make sure that mod_ldap (util_ldap) is loaded */
	96	if (ap_find_linked_module("util_ldap.c") == NULL) {
	97	ap_log_error(APLOG_MARK, APLOG_ERR\|APLOG_NOERRNO, 0, s,
	98	"Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
	99	"must be loaded in order for mod_vhost_ldap to function properly");
	100	return HTTP_INTERNAL_SERVER_ERROR;
	101
	102	}
	103
9ee2dda1	104	ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
7f9875bb OS	105
	106	return OK;
	107	}
	108
	109	static void *
	110	mod_vhost_ldap_create_server_config (apr_pool_t p, server_rec s)
	111	{
8196fae3	112	mod_vhost_ldap_config_t *conf =
7f9875bb OS	113	(mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
7f9875bb OS	114
8196fae3 OS	115	conf->enabled = MVL_UNSET;
	116	conf->have_ldap_url = 0;
	117	conf->have_deref = 0;
	118	conf->binddn = NULL;
	119	conf->bindpw = NULL;
	120	conf->deref = always;
	121
	122	return conf;
	123	}
	124
	125	static void *
	126	mod_vhost_ldap_merge_server_config(apr_pool_t p, void parentv, void *childv)
	127	{
	128	mod_vhost_ldap_config_t parent = (mod_vhost_ldap_config_t ) parentv;
	129	mod_vhost_ldap_config_t child = (mod_vhost_ldap_config_t ) childv;
	130	mod_vhost_ldap_config_t *conf =
	131	(mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
7f9875bb	132
8196fae3 OS	133	if (child->enabled == MVL_UNSET) {
	134	conf->enabled = parent->enabled;
	135	} else {
	136	conf->enabled = child->enabled;
	137	}
7f9875bb	138
8196fae3 OS	139	if (child->have_ldap_url) {
	140	conf->have_ldap_url = child->have_ldap_url;
	141	conf->url = child->url;
	142	conf->host = child->host;
	143	conf->port = child->port;
	144	conf->basedn = child->basedn;
	145	conf->scope = child->scope;
	146	conf->filter = child->filter;
	147	conf->secure = child->secure;
	148	} else {
	149	conf->have_ldap_url = parent->have_ldap_url;
	150	conf->url = parent->url;
	151	conf->host = parent->host;
	152	conf->port = parent->port;
	153	conf->basedn = parent->basedn;
	154	conf->scope = parent->scope;
	155	conf->filter = parent->filter;
	156	conf->secure = parent->secure;
	157	}
	158	if (child->have_deref) {
	159	conf->have_deref = child->have_deref;
	160	conf->deref = child->deref;
	161	} else {
	162	conf->have_deref = parent->have_deref;
	163	conf->deref = parent->deref;
	164	}
	165
	166	conf->binddn = (child->binddn ? child->binddn : parent->binddn);
	167	conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
	168
	169	return conf;
7f9875bb OS	170	}
	171
	172	/*
	173	* Use the ldap url parsing routines to break up the ldap url into
	174	* host and port.
	175	*/
	176	static const char mod_vhost_ldap_parse_url(cmd_parms cmd,
	177	void *dummy,
	178	const char *url)
	179	{
	180	int result;
	181	apr_ldap_url_desc_t *urld;
	182
8196fae3	183	mod_vhost_ldap_config_t *conf =
7f9875bb OS	184	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
	185	&vhost_ldap_module);
	186
	187	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
	188	cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
	189	url);
	190
	191	result = apr_ldap_url_parse(url, &(urld));
	192	if (result != LDAP_SUCCESS) {
	193	switch (result) {
	194	case LDAP_URL_ERR_NOTLDAP:
	195	return "LDAP URL does not begin with ldap://";
	196	case LDAP_URL_ERR_NODN:
	197	return "LDAP URL does not have a DN";
	198	case LDAP_URL_ERR_BADSCOPE:
	199	return "LDAP URL has an invalid scope";
	200	case LDAP_URL_ERR_MEM:
	201	return "Out of memory parsing LDAP URL";
	202	default:
	203	return "Could not parse LDAP URL";
	204	}
	205	}
8196fae3	206	conf->url = apr_pstrdup(cmd->pool, url);
7f9875bb OS	207
	208	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
	209	cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
	210	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
	211	cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
	212	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
	213	cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
	214	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
	215	cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
	216	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
	217	cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
	218	(urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
	219	urld->lud_scope == LDAP_SCOPE_BASE? "base" :
	220	urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
	221	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
	222	cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
	223
	224	/* Set all the values, or at least some sane defaults */
8196fae3 OS	225	if (conf->host) {
8196fae3 OS	226	char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
7f9875bb OS	227	strcpy(p, urld->lud_host);
7f9875bb OS	228	strcat(p, " ");
8196fae3 OS	229	strcat(p, conf->host);
8196fae3 OS	230	conf->host = p;
7f9875bb OS	231	}
7f9875bb OS	232	else {
8196fae3	233	conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
7f9875bb	234	}
8196fae3	235	conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
7f9875bb	236
8196fae3	237	conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
7f9875bb OS	238	LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
	239
	240	if (urld->lud_filter) {
	241	if (urld->lud_filter[0] == '(') {
	242	/*
	243	* Get rid of the surrounding parens; later on when generating the
	244	* filter, they'll be put back.
	245	*/
8196fae3 OS	246	conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
8196fae3 OS	247	conf->filter[strlen(conf->filter)-1] = '\0';
7f9875bb OS	248	}
7f9875bb OS	249	else {
8196fae3	250	conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
7f9875bb OS	251	}
	252	}
	253	else {
8196fae3	254	conf->filter = "objectClass=apacheConfig";
7f9875bb OS	255	}
	256
	257	/* "ldaps" indicates secure ldap connections desired
	258	*/
	259	if (strncasecmp(url, "ldaps", 5) == 0)
	260	{
8196fae3 OS	261	conf->secure = 1;
8196fae3 OS	262	conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
7f9875bb OS	263	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, cmd->server,
	264	"LDAP: vhost_ldap using SSL connections");
	265	}
	266	else
	267	{
8196fae3 OS	268	conf->secure = 0;
8196fae3 OS	269	conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
fb323462	270	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, cmd->server,
7f9875bb OS	271	"LDAP: vhost_ldap not using SSL connections");
	272	}
	273
8196fae3	274	conf->have_ldap_url = 1;
7f9875bb OS	275	apr_ldap_free_urldesc(urld);
	276	return NULL;
	277	}
	278
	279	static const char mod_vhost_ldap_set_enabled(cmd_parms cmd, void *dummy, int enabled)
	280	{
8196fae3	281	mod_vhost_ldap_config_t *conf =
7f9875bb OS	282	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
	283	&vhost_ldap_module);
	284
8196fae3 OS	285	conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
8196fae3 OS	286
7f9875bb OS	287	return NULL;
	288	}
	289
	290	static const char mod_vhost_ldap_set_binddn(cmd_parms cmd, void dummy, const char binddn)
	291	{
8196fae3	292	mod_vhost_ldap_config_t *conf =
7f9875bb OS	293	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
	294	&vhost_ldap_module);
	295
8196fae3	296	conf->binddn = apr_pstrdup(cmd->pool, binddn);
7f9875bb OS	297	return NULL;
	298	}
	299
	300	static const char mod_vhost_ldap_set_bindpw(cmd_parms cmd, void dummy, const char bindpw)
	301	{
8196fae3	302	mod_vhost_ldap_config_t *conf =
7f9875bb OS	303	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
	304	&vhost_ldap_module);
	305
8196fae3	306	conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
7f9875bb OS	307	return NULL;
	308	}
	309
	310	static const char mod_vhost_ldap_set_deref(cmd_parms cmd, void dummy, const char deref)
	311	{
8196fae3	312	mod_vhost_ldap_config_t *conf =
7f9875bb OS	313	(mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
	314	&vhost_ldap_module);
	315
	316	if (strcmp(deref, "never") == 0 \|\| strcasecmp(deref, "off") == 0) {
8196fae3 OS	317	conf->deref = never;
8196fae3 OS	318	conf->have_deref = 1;
7f9875bb OS	319	}
7f9875bb OS	320	else if (strcmp(deref, "searching") == 0) {
8196fae3 OS	321	conf->deref = searching;
8196fae3 OS	322	conf->have_deref = 1;
7f9875bb OS	323	}
7f9875bb OS	324	else if (strcmp(deref, "finding") == 0) {
8196fae3 OS	325	conf->deref = finding;
8196fae3 OS	326	conf->have_deref = 1;
7f9875bb OS	327	}
7f9875bb OS	328	else if (strcmp(deref, "always") == 0 \|\| strcasecmp(deref, "on") == 0) {
8196fae3 OS	329	conf->deref = always;
8196fae3 OS	330	conf->have_deref = 1;
7f9875bb OS	331	}
	332	else {
	333	return "Unrecognized value for VhostLDAPAliasDereference directive";
	334	}
	335	return NULL;
	336	}
	337
	338	command_rec mod_vhost_ldap_cmds[] = {
	339	AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
a940f969	340	"URL to define LDAP connection. This should be an RFC 2255 compliant\n"
7f9875bb OS	341	"URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
	342	"<ul>\n"
	343	"<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
	344	"to specify redundant servers.\n"
	345	"<li>Port is optional, and specifies the port to connect to.\n"
	346	"<li>basedn specifies the base DN to start searches from\n"
	347	"</ul>\n"),
	348
	349	AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
	350	"DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
	351
	352	AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
	353	"Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
	354
	355	AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
	356	"Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
	357
	358	AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
a940f969	359	"Determines how aliases are handled during a search. Can be one of the"
7f9875bb OS	360	"values \"never\", \"searching\", \"finding\", or \"always\". "
	361	"Defaults to always."),
	362
	363	{NULL}
	364	};
	365
	366	#define FILTER_LENGTH MAX_STRING_LEN
	367	static int
	368	mod_vhost_ldap_translate_name (request_rec * r)
	369	{
	370	apr_table_t *e;
	371	int failures = 0;
	372	const char **vals = NULL;
	373	char filtbuf[FILTER_LENGTH];
8196fae3	374	mod_vhost_ldap_config_t *conf =
7f9875bb	375	(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
9ee2dda1 OS	376	core_server_config * core =
9ee2dda1 OS	377	(core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
7f9875bb OS	378	util_ldap_connection_t *ldc = NULL;
	379	int result = 0;
	380	const char *dn = NULL;
	381	char *cgi;
	382
	383	mod_vhost_ldap_request_t *req =
	384	(mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
	385	ap_set_module_config(r->request_config, &vhost_ldap_module, req);
	386
8196fae3 OS	387	// mod_vhost_ldap is disabled or we don't have LDAP Url
8196fae3 OS	388	if ((conf->enabled != MVL_ENABLED)\|\|(!conf->have_ldap_url)) {
7f9875bb OS	389	return DECLINED;
	390	}
	391
	392	start_over:
	393
8196fae3 OS	394	if (conf->host) {
	395	ldc = util_ldap_connection_find(r, conf->host, conf->port,
	396	conf->binddn, conf->bindpw, conf->deref,
	397	conf->secure);
7f9875bb OS	398	}
	399	else {
	400	ap_log_rerror(APLOG_MARK, APLOG_WARNING\|APLOG_NOERRNO, 0, r,
fb323462	401	"[mod_vhost_ldap.c] translate: no conf->host - weird...?");
7f9875bb OS	402	return DECLINED;
	403	}
	404
fb323462	405	ap_log_rerror(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, r,
6f705808	406	"[mod_vhost_ldap.c]: translating %s", r->uri);
7f9875bb	407
8196fae3	408	apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(\|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, r->hostname, r->hostname);
7f9875bb	409
8196fae3	410	result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
7f9875bb OS	411	attributes, filtbuf, &dn, &vals);
	412
	413	util_ldap_connection_close(ldc);
	414
	415	/* sanity check - if server is down, retry it up to 5 times */
	416	if (result == LDAP_SERVER_DOWN) {
	417	if (failures++ <= 5) {
	418	goto start_over;
	419	}
	420	}
	421
	422	/* handle bind failure */
	423	if (result != LDAP_SUCCESS) {
cbd5c5f5	424	ap_log_rerror(APLOG_MARK, APLOG_WARNING\|APLOG_NOERRNO, 0, r,
7f9875bb	425	"[mod_vhost_ldap.c] translate: "
fb323462 OS	426	"translate failed; VHost %s; URI %s[%s]",
fb323462 OS	427	r->hostname, r->uri, ldap_err2string(result));
7f9875bb OS	428	return DECLINED;
	429	}
	430
	431	/* mark the user and DN */
	432	req->dn = apr_pstrdup(r->pool, dn);
	433
	434	/* Optimize */
	435	if (vals) {
	436	int i = 0;
	437	while (attributes[i]) {
	438
	439	if (strcasecmp (attributes[i], "apacheServerName") == 0) {
	440	req->name = apr_pstrdup (r->pool, vals[i]);
	441	}
	442	else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
	443	req->admin = apr_pstrdup (r->pool, vals[i]);
	444	}
	445	else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
	446	req->docroot = apr_pstrdup (r->pool, vals[i]);
	447	}
	448	else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
	449	req->cgiroot = apr_pstrdup (r->pool, vals[i]);
	450	}
	451	else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
	452	req->uid = apr_pstrdup(r->pool, vals[i]);
	453	}
	454	else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
	455	req->gid = apr_pstrdup(r->pool, vals[i]);
	456	}
	457	i++;
	458	}
	459	}
	460
6f705808 OS	461	ap_log_rerror(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, r,
	462	"[mod_vhost_ldap.c]: loaded from ldap: "
	463	"apacheServerName: %s, "
	464	"apacheServerAdmin: %s, "
	465	"apacheDocumentRoot: %s, "
	466	"apacheScriptAlias: %s, "
	467	"apacheSuexecUid: %s, "
	468	"apacheSuexecGid: %s"
	469	, req->name, req->admin, req->docroot, req->cgiroot, req->uid, req->gid);
	470
7f9875bb OS	471	if ((req->name == NULL)\|\|(req->docroot == NULL)) {
	472	ap_log_rerror(APLOG_MARK, APLOG_ERR\|APLOG_NOERRNO, 0, r,
	473	"[mod_vhost_ldap.c] translate: "
	474	"translate failed; ServerName or DocumentRoot not defined");
	475	return DECLINED;
	476	}
	477
	478	cgi = NULL;
	479
	480	if (req->cgiroot) {
6f705808 OS	481	cgi = strstr(r->uri, "cgi-bin/");
6f705808 OS	482	if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
7f9875bb OS	483	cgi = NULL;
7f9875bb OS	484	}
9ee2dda1	485	}
9ee2dda1	486	if (cgi) {
6f705808	487	r->filename = apr_pstrcat (r->pool, req->cgiroot, cgi + strlen("cgi-bin"), NULL);
9ee2dda1 OS	488	r->handler = "cgi-script";
9ee2dda1 OS	489	apr_table_setn(r->notes, "alias-forced-type", r->handler);
6f705808 OS	490	} else if (r->uri[0] == '/') {
6f705808 OS	491	r->filename = apr_pstrcat (r->pool, req->docroot, r->uri, NULL);
9ee2dda1	492	} else {
6f705808	493	return DECLINED;
7f9875bb OS	494	}
	495
	496	r->server->server_hostname = apr_pstrdup (r->pool, req->name);
	497
	498	if (req->admin) {
	499	r->server->server_admin = apr_pstrdup (r->pool, req->admin);
	500	}
	501
	502	// set environment variables
	503	e = r->subprocess_env;
	504	apr_table_addn (e, "SERVER_ROOT", req->docroot);
	505
9ee2dda1 OS	506	core->ap_document_root = apr_pstrdup(r->pool, req->docroot);
9ee2dda1 OS	507
7f9875bb OS	508	ap_log_rerror(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, r,
	509	"[mod_vhost_ldap.c]: translated to %s", r->filename);
	510
	511	return OK;
	512	}
	513
	514	#ifdef HAVE_UNIX_SUEXEC
	515	static ap_unix_identity_t mod_vhost_ldap_get_suexec_id_doer(const request_rec r)
	516	{
	517	ap_unix_identity_t *ugid = NULL;
8196fae3	518	mod_vhost_ldap_config_t *conf =
7f9875bb OS	519	(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
	520	&vhost_ldap_module);
	521	mod_vhost_ldap_request_t *req =
	522	(mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
	523	&vhost_ldap_module);
	524
	525	uid_t uid = -1;
	526	gid_t gid = -1;
	527
8196fae3 OS	528	// mod_vhost_ldap is disabled or we don't have LDAP Url
8196fae3 OS	529	if ((conf->enabled != MVL_ENABLED)\|\|(!conf->have_ldap_url)) {
7f9875bb OS	530	return NULL;
	531	}
	532
	533	if ((req == NULL)\|\|(req->uid == NULL)\|\|(req->gid == NULL)) {
	534	return NULL;
	535	}
	536
	537	if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
	538	return NULL;
	539	}
	540
	541	uid = (uid_t)atoll(req->uid);
	542	gid = (gid_t)atoll(req->gid);
	543
eea38f6d	544	if ((uid < MIN_UID)\|\|(gid < MIN_GID)) {
7f9875bb OS	545	return NULL;
	546	}
	547
	548	ugid->uid = uid;
	549	ugid->gid = gid;
	550	ugid->userdir = 0;
	551
	552	return ugid;
	553	}
	554	#endif
	555
	556	static void
	557	mod_vhost_ldap_register_hooks (apr_pool_t * p)
	558	{
	559	ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
	560	ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, NULL, APR_HOOK_MIDDLE);
	561	#ifdef HAVE_UNIX_SUEXEC
	562	ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
	563	#endif
	564	}
	565
	566	module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
	567	STANDARD20_MODULE_STUFF,
	568	NULL,
	569	NULL,
	570	mod_vhost_ldap_create_server_config,
8196fae3	571	mod_vhost_ldap_merge_server_config,
7f9875bb OS	572	mod_vhost_ldap_cmds,
	573	mod_vhost_ldap_register_hooks,
	574	};