[mod-vhost-ldap.git] / mod_vhost_ldap.h

/* ============================================================
 * Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas
 * All rights reserved.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *     http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * NOTE: only static members must be "used" to build, 
 * so for time-to-time used routines we don't declare static 
 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
 * version 2.0 - included ldap-based basic auth & authz
 * remember to add "-lcrypt" in Makefile if there's a need to generate new password
 * for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c
 */

#define CORE_PRIVATE
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_request.h"
#include "apr_ldap.h"
#include "apr_strings.h"
#include "apr_tables.h"
#include "apr_reslist.h"
#include "util_ldap.h"
#include "apr_md5.h"
#include "apr_sha1.h"
#include "unistd.h"
#include "crypt.h"

/* these are for checking unix crypt passwords */
#include <stdlib.h>
#include <sys/time.h>
#include <time.h>
#include <sys/types.h>

/*this functions are not needed, as apr_password_validate includes it on its own */
/*void to64(char *s, unsigned long v, int n)
{
    static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
    while (--n >= 0) {
       *s++ = itoa64[v&0x3f];
        v >>= 6;
    }
}

char *htenc(const char *clearpasswd) {
	//this function creates password compatible with htpasswd 
    char *res;
    char salt[9];
    (void) srand((int) time((time_t *) NULL));
    to64(&salt[0], rand(), 8);
    salt[8] = '\0';
    res = crypt(clearpasswd, salt);
    return res;
}
*/
/******************************************************************/
//this function creates salt for unix password crypt md5
/*
char *crypt_make_salt (void)
{
		
        struct timeval tv;
        static char result[40];

        result[0] = '\0';
        strcpy (result, "$1$"); // magic for the new MD5 crypt() 

        gettimeofday (&tv, (struct timezone *) 0);
        strcat (result, l64a (tv.tv_usec));
        strcat (result, l64a (tv.tv_sec + getpid () + clock ()));

        if (strlen (result) > 3 + 8) result[11] = '\0';

        return result;
}
*/
#ifndef APU_HAS_LDAP
#fatal "mod_vhost_ldap requires APR util to have LDAP support built in"
#endif

#ifdef MD5_CRYPT_ENAB
#undef MD5_CRYPT_ENAB
#endif

#define MD5_CRYPT_ENAB yes
#include "unixd.h"		/* Contains the suexec_identity hook used on Unix and needed for crypt() */

#define strtrue(s) (s && *s)	/* do not accept empty "" strings */
#define MIN_UID 100
#define MIN_GID 100
#define FILTER_LENGTH MAX_STRING_LEN
#define MSL MAX_STRING_LEN

/******************************************************************/
//need this global due to apache API construction
int mvhl_conf_enabled 		= 1;
int mvhl_conf_binddn 		= 2;
int mvhl_conf_bindpw 		= 3;
int mvhl_conf_deref 		= 4;
int mvhl_conf_wlcbasedn 	= 5;
int mvhl_conf_wucbasedn 	= 6;
int mvhl_conf_fallback 		= 7;
int mvhl_conf_aliasbasedn	= 8;
int mvhl_alias_enabled		= 9;
int mvhl_loc_auth_enabled	= 10;
int mvhl_dir_auth_enabled	= 11;
/******************************************************************/
#define MVHL_ENABLED 		&mvhl_conf_enabled
#define MVHL_BINDDN 		&mvhl_conf_binddn
#define MVHL_BINDPW 		&mvhl_conf_bindpw
#define MVHL_DEREF 			&mvhl_conf_deref
#define MVHL_WLCBASEDN 		&mvhl_conf_wlcbasedn
#define MVHL_WUCBASEDN 		&mvhl_conf_wucbasedn
#define MVHL_FALLBACK		&mvhl_conf_fallback
#define MVHL_ALIASBASEDN 	&mvhl_conf_aliasbasedn
#define MVHL_ALIASENABLED	&mvhl_alias_enabled
#define MVHL_LAUTHENABLED	&mvhl_loc_auth_enabled
#define MVHL_DAUTHENABLED	&mvhl_dir_auth_enabled

/******************************************************************/
typedef struct mvhl_config 
{
	int				enabled;		/* Is vhost_ldap enabled? */
	char 			*url;			/* String representation of LDAP URL */
	char 			*host;			/* Name of the LDAP server (or space separated list) */
	char			*fallback;		/* Name of the fallback vhost to return not-found info */
	int 			port;			/* Port of the LDAP server */
	char 			*basedn;		/* Base DN to do all searches from */
	int 			scope;			/* Scope of the search */
	char 			*filter;		/* Filter to further limit the search  */
	deref_options 	deref;			/* how to handle alias dereferening */
	char 			*binddn;		/* DN to bind to server (can be NULL) */
	char 			*bindpw;		/* Password to bind to server (can be NULL)  xx */
	int 			have_deref;		/* Set if we have found an Deref option */
	int 			have_ldap_url;	/* Set if we have found an LDAP url */
	char 			*wlcbasedn;		/* Base DN to do all location config searches */
	char 			*wucbasedn;		/* Base DN to do all webuser config searches */
	char			*aliasesbasedn;	/* Base DN to do all aliases config objects searches */
	int 			secure;			/* True if SSL connections are requested */
	int				alias_enabled;	/* 0 - disabled, 1 - enabled */
	int				loc_auth_enabled;	/* 0 - disabled, 1 - enabled */
	int				dir_auth_enabled;	/* 0 - disabled, 1 - enabled */
} mvhl_config;
/******************************************************************/
typedef struct mvhl_request 
{
	char	 			*dn;				/* The saved dn from a successful search */
	char 				*name;				/* apacheServerName */
	char 				*admin;				/* apacheServerAdmin */
	char 				*docroot;			/* apacheDocumentRoot */
	char 				*uid;				/* Suexec Uid */
	char 				*gid;				/* Suexec Gid */
	int 				has_reqlines;		/* we have require lines (1) or not (0) */
	int 				has_aliaslines;		/* we have aliases lines (1) or not (0) */
	apr_array_header_t 	*serveralias;		/* apacheServerAlias values */
	apr_array_header_t 	*rqlocationlines;	/* apacheExtConfigOptionsDn values */
	apr_array_header_t 	*aliaseslines;		/* apacheAliasesConfigOptionsDn values */
	
} mvhl_request;
/******************************************************************/
typedef struct mvhl_extconfig_object 
{	
	/* we use apr_array_header_t for multi-value attributed, 
	 * parsed later (yuck!) from ";" separated string
	 */
	char *extconfname;				/* apacheExtConfigObjectName, single-value, syntax SUP cn */
	apr_array_header_t *exturi;		/* apacheExtConfigUri MULTI-value, uri for which this settings are here
				 		 			 * should be used in combine with extconfig server name 
				 		 			 */
	apr_array_header_t *extdir;
	int extconftype;				/* apacheExtConfigRequireValidUser, single-value bool, 
				 		 			 * if TRUE then require valid-user, if FALSE userlist-type config 
				 		 			 */
	apr_array_header_t *extservername;	/* apacheExtConfigServerName" MULTI-value, */ 
	apr_array_header_t *extusers;		/* "apacheExtConfigUserDn"  MULTI-value, syntax SUP DN */

} mvhl_extconfig_object;
/******************************************************************/
typedef struct mvhl_aliasconf_object 
{	
	char *aliasconfname;						/* apacheAliasConfigObjectName, single value */
	apr_array_header_t *aliassourceuri;			/* apacheAliasConfigSourceUri */
	char *aliastargetdir;						/* apacheAliasConfigTargetDir */
	apr_array_header_t *aliasconfservername;	/* apacheAliasConfigServerName MULTI-value*/
} mvhl_aliasconf_object;
/******************************************************************/
typedef struct mvhl_webuser 
{
	char *webusername;						/* apacheExtConfigUserName, single-value */
	apr_array_header_t *webuserpassword;	/* userPassword, multi-value */
	apr_array_header_t *webuserserver;		/* apacheExtConfigUserServerName, server of this user, multi-value */
	apr_array_header_t *webuserlocationuri;	/* apacheExtConfigUserServerName, server of this user, multi-value */
	apr_array_header_t *webuserdirectory;	/* apacheExtConfigUserDirectoryName, server of this user, multi-value */
} mvhl_webuser;
Commit	Line	Data
9343eaf3 PW	1	/* ============================================================
	2	* Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas
	3	* All rights reserved.
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at
	7	* http://www.apache.org/licenses/LICENSE-2.0
	8	* Unless required by applicable law or agreed to in writing, software
	9	* distributed under the License is distributed on an "AS IS" BASIS,
	10	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	11	* See the License for the specific language governing permissions and
	12	* limitations under the License.
	13	* NOTE: only static members must be "used" to build,
	14	* so for time-to-time used routines we don't declare static
	15	* mod_vhost_ldap.c --- read virtual host config from LDAP directory
	16	* version 2.0 - included ldap-based basic auth & authz
	17	* remember to add "-lcrypt" in Makefile if there's a need to generate new password
	18	* for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c
	19	*/
	20
	21	#define CORE_PRIVATE
	22	#include "httpd.h"
	23	#include "http_config.h"
	24	#include "http_core.h"
	25	#include "http_log.h"
	26	#include "http_request.h"
	27	#include "apr_ldap.h"
	28	#include "apr_strings.h"
2b7d3a6d	29	#include "apr_tables.h"
9343eaf3 PW	30	#include "apr_reslist.h"
	31	#include "util_ldap.h"
	32	#include "apr_md5.h"
	33	#include "apr_sha1.h"
	34	#include "unistd.h"
	35	#include "crypt.h"
	36
	37	/* these are for checking unix crypt passwords */
	38	#include <stdlib.h>
	39	#include <sys/time.h>
	40	#include <time.h>
	41	#include <sys/types.h>
	42
	43	/this functions are not needed, as apr_password_validate includes it on its own /
	44	/void to64(char s, unsigned long v, int n)
	45	{
	46	static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
	47	while (--n >= 0) {
	48	*s++ = itoa64[v&0x3f];
	49	v >>= 6;
	50	}
	51	}
	52
	53	char htenc(const char clearpasswd) {
	54	//this function creates password compatible with htpasswd
	55	char *res;
	56	char salt[9];
	57	(void) srand((int) time((time_t *) NULL));
	58	to64(&salt[0], rand(), 8);
	59	salt[8] = '\0';
	60	res = crypt(clearpasswd, salt);
	61	return res;
	62	}
	63	*/
	64	/******************************************************************/
	65	//this function creates salt for unix password crypt md5
	66	/*
	67	char *crypt_make_salt (void)
	68	{
	69
	70	struct timeval tv;
	71	static char result[40];
	72
	73	result[0] = '\0';
	74	strcpy (result, "$1$"); // magic for the new MD5 crypt()
	75
	76	gettimeofday (&tv, (struct timezone *) 0);
	77	strcat (result, l64a (tv.tv_usec));
	78	strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
	79
	80	if (strlen (result) > 3 + 8) result[11] = '\0';
	81
	82	return result;
	83	}
	84	*/
	85	#ifndef APU_HAS_LDAP
	86	#fatal "mod_vhost_ldap requires APR util to have LDAP support built in"
	87	#endif
	88
	89	#ifdef MD5_CRYPT_ENAB
	90	#undef MD5_CRYPT_ENAB
	91	#endif
	92
	93	#define MD5_CRYPT_ENAB yes
94	#include "unixd.h" /* Contains the suexec_identity hook used on Unix and needed for crypt() */
95
96	#define strtrue(s) (s && s) / do not accept empty "" strings */
97	#define MIN_UID 100
98	#define MIN_GID 100
99	#define FILTER_LENGTH MAX_STRING_LEN
100	#define MSL MAX_STRING_LEN
101
102	/******************************************************************/
103	//need this global due to apache API construction
104	int mvhl_conf_enabled = 1;
105	int mvhl_conf_binddn = 2;
106	int mvhl_conf_bindpw = 3;
107	int mvhl_conf_deref = 4;
108	int mvhl_conf_wlcbasedn = 5;
109	int mvhl_conf_wucbasedn = 6;
110	int mvhl_conf_fallback = 7;
111	int mvhl_conf_aliasbasedn = 8;
112	int mvhl_alias_enabled = 9;
113	int mvhl_loc_auth_enabled = 10;
114	int mvhl_dir_auth_enabled = 11;
115	/******************************************************************/
116	#define MVHL_ENABLED &mvhl_conf_enabled
117	#define MVHL_BINDDN &mvhl_conf_binddn
118	#define MVHL_BINDPW &mvhl_conf_bindpw
119	#define MVHL_DEREF &mvhl_conf_deref
120	#define MVHL_WLCBASEDN &mvhl_conf_wlcbasedn
121	#define MVHL_WUCBASEDN &mvhl_conf_wucbasedn
122	#define MVHL_FALLBACK &mvhl_conf_fallback
123	#define MVHL_ALIASBASEDN &mvhl_conf_aliasbasedn
124	#define MVHL_ALIASENABLED &mvhl_alias_enabled
125	#define MVHL_LAUTHENABLED &mvhl_loc_auth_enabled
126	#define MVHL_DAUTHENABLED &mvhl_dir_auth_enabled
127
128	/******************************************************************/
129	typedef struct mvhl_config
130	{
131	int enabled; /* Is vhost_ldap enabled? */
132	char url; / String representation of LDAP URL */
133	char host; / Name of the LDAP server (or space separated list) */
134	char fallback; / Name of the fallback vhost to return not-found info */
135	int port; /* Port of the LDAP server */
136	char basedn; / Base DN to do all searches from */
137	int scope; /* Scope of the search */
138	char filter; / Filter to further limit the search */
139	deref_options deref; /* how to handle alias dereferening */
140	char binddn; / DN to bind to server (can be NULL) */
141	char bindpw; / Password to bind to server (can be NULL) xx */
142	int have_deref; /* Set if we have found an Deref option */
143	int have_ldap_url; /* Set if we have found an LDAP url */
144	char wlcbasedn; / Base DN to do all location config searches */
145	char wucbasedn; / Base DN to do all webuser config searches */
146	char aliasesbasedn; / Base DN to do all aliases config objects searches */
147	int secure; /* True if SSL connections are requested */
148	int alias_enabled; /* 0 - disabled, 1 - enabled */
149	int loc_auth_enabled; /* 0 - disabled, 1 - enabled */
150	int dir_auth_enabled; /* 0 - disabled, 1 - enabled */
151	} mvhl_config;
152	/******************************************************************/
153	typedef struct mvhl_request
154	{
155	char dn; / The saved dn from a successful search */
156	char name; / apacheServerName */
157	char admin; / apacheServerAdmin */
158	char docroot; / apacheDocumentRoot */
159	char uid; / Suexec Uid */
160	char gid; / Suexec Gid */
161	int has_reqlines; /* we have require lines (1) or not (0) */
162	int has_aliaslines; /* we have aliases lines (1) or not (0) */
163	apr_array_header_t serveralias; / apacheServerAlias values */
164	apr_array_header_t rqlocationlines; / apacheExtConfigOptionsDn values */
165	apr_array_header_t aliaseslines; / apacheAliasesConfigOptionsDn values */
166
167	} mvhl_request;
168	/******************************************************************/
169	typedef struct mvhl_extconfig_object
170	{
171	/* we use apr_array_header_t for multi-value attributed,
172	* parsed later (yuck!) from ";" separated string
173	*/
174	char extconfname; / apacheExtConfigObjectName, single-value, syntax SUP cn */
175	apr_array_header_t exturi; / apacheExtConfigUri MULTI-value, uri for which this settings are here
176	* should be used in combine with extconfig server name
177	*/
178	apr_array_header_t *extdir;
179	int extconftype; /* apacheExtConfigRequireValidUser, single-value bool,
180	* if TRUE then require valid-user, if FALSE userlist-type config
181	*/
182	apr_array_header_t extservername; / apacheExtConfigServerName" MULTI-value, */
183	apr_array_header_t extusers; / "apacheExtConfigUserDn" MULTI-value, syntax SUP DN */
184
185	} mvhl_extconfig_object;
186	/******************************************************************/
187	typedef struct mvhl_aliasconf_object
188	{
189	char aliasconfname; / apacheAliasConfigObjectName, single value */
190	apr_array_header_t aliassourceuri; / apacheAliasConfigSourceUri */
191	char aliastargetdir; / apacheAliasConfigTargetDir */
192	apr_array_header_t aliasconfservername; / apacheAliasConfigServerName MULTI-value*/
193	} mvhl_aliasconf_object;
194	/******************************************************************/
195	typedef struct mvhl_webuser
196	{
197	char webusername; / apacheExtConfigUserName, single-value */
198	apr_array_header_t webuserpassword; / userPassword, multi-value */
199	apr_array_header_t webuserserver; / apacheExtConfigUserServerName, server of this user, multi-value */
200	apr_array_header_t webuserlocationuri; / apacheExtConfigUserServerName, server of this user, multi-value */
201	apr_array_header_t webuserdirectory; / apacheExtConfigUserDirectoryName, server of this user, multi-value */
202	} mvhl_webuser;