]>
Commit | Line | Data |
---|---|---|
9343eaf3 PW |
1 | /* ============================================================ |
2 | * Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas | |
3 | * All rights reserved. | |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at | |
7 | * http://www.apache.org/licenses/LICENSE-2.0 | |
8 | * Unless required by applicable law or agreed to in writing, software | |
9 | * distributed under the License is distributed on an "AS IS" BASIS, | |
10 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
11 | * See the License for the specific language governing permissions and | |
12 | * limitations under the License. | |
13 | * NOTE: only static members must be "used" to build, | |
14 | * so for time-to-time used routines we don't declare static | |
15 | * mod_vhost_ldap.c --- read virtual host config from LDAP directory | |
16 | * version 2.0 - included ldap-based basic auth & authz | |
17 | * remember to add "-lcrypt" in Makefile if there's a need to generate new password | |
18 | * for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c | |
19 | */ | |
20 | ||
21 | #define CORE_PRIVATE | |
22 | #include "httpd.h" | |
23 | #include "http_config.h" | |
24 | #include "http_core.h" | |
25 | #include "http_log.h" | |
26 | #include "http_request.h" | |
27 | #include "apr_ldap.h" | |
28 | #include "apr_strings.h" | |
2b7d3a6d | 29 | #include "apr_tables.h" |
9343eaf3 PW |
30 | #include "apr_reslist.h" |
31 | #include "util_ldap.h" | |
32 | #include "apr_md5.h" | |
33 | #include "apr_sha1.h" | |
34 | #include "unistd.h" | |
35 | #include "crypt.h" | |
36 | ||
37 | /* these are for checking unix crypt passwords */ | |
38 | #include <stdlib.h> | |
39 | #include <sys/time.h> | |
40 | #include <time.h> | |
41 | #include <sys/types.h> | |
42 | ||
43 | /*this functions are not needed, as apr_password_validate includes it on its own */ | |
44 | /*void to64(char *s, unsigned long v, int n) | |
45 | { | |
46 | static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | |
47 | while (--n >= 0) { | |
48 | *s++ = itoa64[v&0x3f]; | |
49 | v >>= 6; | |
50 | } | |
51 | } | |
52 | ||
53 | char *htenc(const char *clearpasswd) { | |
54 | //this function creates password compatible with htpasswd | |
55 | char *res; | |
56 | char salt[9]; | |
57 | (void) srand((int) time((time_t *) NULL)); | |
58 | to64(&salt[0], rand(), 8); | |
59 | salt[8] = '\0'; | |
60 | res = crypt(clearpasswd, salt); | |
61 | return res; | |
62 | } | |
63 | */ | |
64 | /******************************************************************/ | |
65 | //this function creates salt for unix password crypt md5 | |
66 | /* | |
67 | char *crypt_make_salt (void) | |
68 | { | |
69 | ||
70 | struct timeval tv; | |
71 | static char result[40]; | |
72 | ||
73 | result[0] = '\0'; | |
74 | strcpy (result, "$1$"); // magic for the new MD5 crypt() | |
75 | ||
76 | gettimeofday (&tv, (struct timezone *) 0); | |
77 | strcat (result, l64a (tv.tv_usec)); | |
78 | strcat (result, l64a (tv.tv_sec + getpid () + clock ())); | |
79 | ||
80 | if (strlen (result) > 3 + 8) result[11] = '\0'; | |
81 | ||
82 | return result; | |
83 | } | |
84 | */ | |
85 | #ifndef APU_HAS_LDAP | |
86 | #fatal "mod_vhost_ldap requires APR util to have LDAP support built in" | |
87 | #endif | |
88 | ||
89 | #ifdef MD5_CRYPT_ENAB | |
90 | #undef MD5_CRYPT_ENAB | |
91 | #endif | |
92 | ||
93 | #define MD5_CRYPT_ENAB yes | |
94 | #include "unixd.h" /* Contains the suexec_identity hook used on Unix and needed for crypt() */ | |
95 | ||
96 | #define strtrue(s) (s && *s) /* do not accept empty "" strings */ | |
97 | #define MIN_UID 100 | |
98 | #define MIN_GID 100 | |
99 | #define FILTER_LENGTH MAX_STRING_LEN | |
100 | #define MSL MAX_STRING_LEN | |
101 | ||
102 | /******************************************************************/ | |
103 | //need this global due to apache API construction | |
104 | int mvhl_conf_enabled = 1; | |
105 | int mvhl_conf_binddn = 2; | |
106 | int mvhl_conf_bindpw = 3; | |
107 | int mvhl_conf_deref = 4; | |
108 | int mvhl_conf_wlcbasedn = 5; | |
109 | int mvhl_conf_wucbasedn = 6; | |
110 | int mvhl_conf_fallback = 7; | |
111 | int mvhl_conf_aliasbasedn = 8; | |
112 | int mvhl_alias_enabled = 9; | |
113 | int mvhl_loc_auth_enabled = 10; | |
114 | int mvhl_dir_auth_enabled = 11; | |
115 | /******************************************************************/ | |
116 | #define MVHL_ENABLED &mvhl_conf_enabled | |
117 | #define MVHL_BINDDN &mvhl_conf_binddn | |
118 | #define MVHL_BINDPW &mvhl_conf_bindpw | |
119 | #define MVHL_DEREF &mvhl_conf_deref | |
120 | #define MVHL_WLCBASEDN &mvhl_conf_wlcbasedn | |
121 | #define MVHL_WUCBASEDN &mvhl_conf_wucbasedn | |
122 | #define MVHL_FALLBACK &mvhl_conf_fallback | |
123 | #define MVHL_ALIASBASEDN &mvhl_conf_aliasbasedn | |
124 | #define MVHL_ALIASENABLED &mvhl_alias_enabled | |
125 | #define MVHL_LAUTHENABLED &mvhl_loc_auth_enabled | |
126 | #define MVHL_DAUTHENABLED &mvhl_dir_auth_enabled | |
127 | ||
128 | /******************************************************************/ | |
129 | typedef struct mvhl_config | |
130 | { | |
131 | int enabled; /* Is vhost_ldap enabled? */ | |
132 | char *url; /* String representation of LDAP URL */ | |
133 | char *host; /* Name of the LDAP server (or space separated list) */ | |
134 | char *fallback; /* Name of the fallback vhost to return not-found info */ | |
135 | int port; /* Port of the LDAP server */ | |
136 | char *basedn; /* Base DN to do all searches from */ | |
137 | int scope; /* Scope of the search */ | |
138 | char *filter; /* Filter to further limit the search */ | |
139 | deref_options deref; /* how to handle alias dereferening */ | |
140 | char *binddn; /* DN to bind to server (can be NULL) */ | |
141 | char *bindpw; /* Password to bind to server (can be NULL) xx */ | |
142 | int have_deref; /* Set if we have found an Deref option */ | |
143 | int have_ldap_url; /* Set if we have found an LDAP url */ | |
144 | char *wlcbasedn; /* Base DN to do all location config searches */ | |
145 | char *wucbasedn; /* Base DN to do all webuser config searches */ | |
146 | char *aliasesbasedn; /* Base DN to do all aliases config objects searches */ | |
147 | int secure; /* True if SSL connections are requested */ | |
148 | int alias_enabled; /* 0 - disabled, 1 - enabled */ | |
149 | int loc_auth_enabled; /* 0 - disabled, 1 - enabled */ | |
150 | int dir_auth_enabled; /* 0 - disabled, 1 - enabled */ | |
151 | } mvhl_config; | |
152 | /******************************************************************/ | |
153 | typedef struct mvhl_request | |
154 | { | |
155 | char *dn; /* The saved dn from a successful search */ | |
156 | char *name; /* apacheServerName */ | |
157 | char *admin; /* apacheServerAdmin */ | |
158 | char *docroot; /* apacheDocumentRoot */ | |
159 | char *uid; /* Suexec Uid */ | |
160 | char *gid; /* Suexec Gid */ | |
161 | int has_reqlines; /* we have require lines (1) or not (0) */ | |
162 | int has_aliaslines; /* we have aliases lines (1) or not (0) */ | |
163 | apr_array_header_t *serveralias; /* apacheServerAlias values */ | |
164 | apr_array_header_t *rqlocationlines; /* apacheExtConfigOptionsDn values */ | |
165 | apr_array_header_t *aliaseslines; /* apacheAliasesConfigOptionsDn values */ | |
166 | ||
167 | } mvhl_request; | |
168 | /******************************************************************/ | |
169 | typedef struct mvhl_extconfig_object | |
170 | { | |
171 | /* we use apr_array_header_t for multi-value attributed, | |
172 | * parsed later (yuck!) from ";" separated string | |
173 | */ | |
174 | char *extconfname; /* apacheExtConfigObjectName, single-value, syntax SUP cn */ | |
175 | apr_array_header_t *exturi; /* apacheExtConfigUri MULTI-value, uri for which this settings are here | |
176 | * should be used in combine with extconfig server name | |
177 | */ | |
178 | apr_array_header_t *extdir; | |
179 | int extconftype; /* apacheExtConfigRequireValidUser, single-value bool, | |
180 | * if TRUE then require valid-user, if FALSE userlist-type config | |
181 | */ | |
182 | apr_array_header_t *extservername; /* apacheExtConfigServerName" MULTI-value, */ | |
183 | apr_array_header_t *extusers; /* "apacheExtConfigUserDn" MULTI-value, syntax SUP DN */ | |
184 | ||
185 | } mvhl_extconfig_object; | |
186 | /******************************************************************/ | |
187 | typedef struct mvhl_aliasconf_object | |
188 | { | |
189 | char *aliasconfname; /* apacheAliasConfigObjectName, single value */ | |
190 | apr_array_header_t *aliassourceuri; /* apacheAliasConfigSourceUri */ | |
191 | char *aliastargetdir; /* apacheAliasConfigTargetDir */ | |
192 | apr_array_header_t *aliasconfservername; /* apacheAliasConfigServerName MULTI-value*/ | |
193 | } mvhl_aliasconf_object; | |
194 | /******************************************************************/ | |
195 | typedef struct mvhl_webuser | |
196 | { | |
197 | char *webusername; /* apacheExtConfigUserName, single-value */ | |
198 | apr_array_header_t *webuserpassword; /* userPassword, multi-value */ | |
199 | apr_array_header_t *webuserserver; /* apacheExtConfigUserServerName, server of this user, multi-value */ | |
200 | apr_array_header_t *webuserlocationuri; /* apacheExtConfigUserServerName, server of this user, multi-value */ | |
201 | apr_array_header_t *webuserdirectory; /* apacheExtConfigUserDirectoryName, server of this user, multi-value */ | |
202 | } mvhl_webuser; |