1 /* ============================================================
2 * Copyright (c) 2003-2004, Ondrej Sury
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
28 #include "http_config.h"
29 #include "http_core.h"
31 #include "http_request.h"
32 #include "apr_version.h"
34 #include "apr_strings.h"
35 #include "apr_reslist.h"
36 #include "util_ldap.h"
38 #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
39 #error mod_vhost_ldap requires APR-util to have LDAP support built in
42 #if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
43 #define HAVE_UNIX_SUEXEC
46 #ifdef HAVE_UNIX_SUEXEC
47 #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
52 const char USERDIR[] = "web_scripts";
54 module AP_MODULE_DECLARE_DATA vhost_ldap_module;
57 MVL_UNSET, MVL_DISABLED, MVL_ENABLED
58 } mod_vhost_ldap_status_e;
60 typedef struct mod_vhost_ldap_config_t {
61 mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
63 /* These parameters are all derived from the VhostLDAPURL directive */
64 char *url; /* String representation of LDAP URL */
66 char *host; /* Name of the LDAP server (or space separated list) */
67 int port; /* Port of the LDAP server */
68 char *basedn; /* Base DN to do all searches from */
69 int scope; /* Scope of the search */
70 char *filter; /* Filter to further limit the search */
71 deref_options deref; /* how to handle alias dereferening */
73 char *binddn; /* DN to bind to server (can be NULL) */
74 char *bindpw; /* Password to bind to server (can be NULL) */
76 int have_deref; /* Set if we have found an Deref option */
77 int have_ldap_url; /* Set if we have found an LDAP url */
79 int secure; /* True if SSL connections are requested */
81 char *fallback; /* Fallback virtual host */
83 } mod_vhost_ldap_config_t;
85 typedef struct mod_vhost_ldap_request_t {
86 char *dn; /* The saved dn from a successful search */
87 char *name; /* ServerName */
88 char *admin; /* ServerAdmin */
89 char *docroot; /* DocumentRoot */
90 char *cgiroot; /* ScriptAlias */
91 char *uid; /* Suexec Uid */
92 char *gid; /* Suexec Gid */
93 } mod_vhost_ldap_request_t;
96 { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
98 #if (APR_MAJOR_VERSION >= 1)
99 static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
100 static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
101 static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
102 static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
103 static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
104 static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
105 static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
107 static void ImportULDAPOptFn(void)
109 util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
110 util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
111 util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
112 util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
113 util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
114 util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
115 util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
119 static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
121 /* make sure that mod_ldap (util_ldap) is loaded */
122 if (ap_find_linked_module("util_ldap.c") == NULL) {
123 ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
124 "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
125 "must be loaded in order for mod_vhost_ldap to function properly");
126 return HTTP_INTERNAL_SERVER_ERROR;
130 ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
136 mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
138 mod_vhost_ldap_config_t *conf =
139 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
141 conf->enabled = MVL_UNSET;
142 conf->have_ldap_url = 0;
143 conf->have_deref = 0;
146 conf->deref = always;
147 conf->fallback = NULL;
153 mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
155 mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
156 mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
157 mod_vhost_ldap_config_t *conf =
158 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
160 if (child->enabled == MVL_UNSET) {
161 conf->enabled = parent->enabled;
163 conf->enabled = child->enabled;
166 if (child->have_ldap_url) {
167 conf->have_ldap_url = child->have_ldap_url;
168 conf->url = child->url;
169 conf->host = child->host;
170 conf->port = child->port;
171 conf->basedn = child->basedn;
172 conf->scope = child->scope;
173 conf->filter = child->filter;
174 conf->secure = child->secure;
176 conf->have_ldap_url = parent->have_ldap_url;
177 conf->url = parent->url;
178 conf->host = parent->host;
179 conf->port = parent->port;
180 conf->basedn = parent->basedn;
181 conf->scope = parent->scope;
182 conf->filter = parent->filter;
183 conf->secure = parent->secure;
185 if (child->have_deref) {
186 conf->have_deref = child->have_deref;
187 conf->deref = child->deref;
189 conf->have_deref = parent->have_deref;
190 conf->deref = parent->deref;
193 conf->binddn = (child->binddn ? child->binddn : parent->binddn);
194 conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
196 conf->fallback = (child->fallback ? child->fallback : parent->fallback);
202 * Use the ldap url parsing routines to break up the ldap url into
205 static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd,
210 apr_ldap_url_desc_t *urld;
211 #if (APR_MAJOR_VERSION >= 1)
212 apr_ldap_err_t *result_err;
215 mod_vhost_ldap_config_t *conf =
216 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
219 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
220 cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
223 #if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
224 result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
225 if (result != LDAP_SUCCESS) {
226 return result_err->reason;
229 result = apr_ldap_url_parse(url, &(urld));
230 if (result != LDAP_SUCCESS) {
232 case LDAP_URL_ERR_NOTLDAP:
233 return "LDAP URL does not begin with ldap://";
234 case LDAP_URL_ERR_NODN:
235 return "LDAP URL does not have a DN";
236 case LDAP_URL_ERR_BADSCOPE:
237 return "LDAP URL has an invalid scope";
238 case LDAP_URL_ERR_MEM:
239 return "Out of memory parsing LDAP URL";
241 return "Could not parse LDAP URL";
245 conf->url = apr_pstrdup(cmd->pool, url);
247 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
248 cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
249 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
250 cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
251 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
252 cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
253 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
254 cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
255 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
256 cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
257 (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
258 urld->lud_scope == LDAP_SCOPE_BASE? "base" :
259 urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
260 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
261 cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
263 /* Set all the values, or at least some sane defaults */
265 char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
266 strcpy(p, urld->lud_host);
268 strcat(p, conf->host);
272 conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
274 conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
276 conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
277 LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
279 if (urld->lud_filter) {
280 if (urld->lud_filter[0] == '(') {
282 * Get rid of the surrounding parens; later on when generating the
283 * filter, they'll be put back.
285 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
286 conf->filter[strlen(conf->filter)-1] = '\0';
289 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
293 conf->filter = "objectClass=apacheConfig";
296 /* "ldaps" indicates secure ldap connections desired
298 if (strncasecmp(url, "ldaps", 5) == 0)
301 conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
302 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
303 "LDAP: vhost_ldap using SSL connections");
308 conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
309 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
310 "LDAP: vhost_ldap not using SSL connections");
313 conf->have_ldap_url = 1;
314 #if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
315 apr_ldap_free_urldesc(urld);
320 static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
322 mod_vhost_ldap_config_t *conf =
323 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
326 conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
331 static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
333 mod_vhost_ldap_config_t *conf =
334 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
337 conf->binddn = apr_pstrdup(cmd->pool, binddn);
341 static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
343 mod_vhost_ldap_config_t *conf =
344 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
347 conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
351 static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
353 mod_vhost_ldap_config_t *conf =
354 (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
357 if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
359 conf->have_deref = 1;
361 else if (strcmp(deref, "searching") == 0) {
362 conf->deref = searching;
363 conf->have_deref = 1;
365 else if (strcmp(deref, "finding") == 0) {
366 conf->deref = finding;
367 conf->have_deref = 1;
369 else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
370 conf->deref = always;
371 conf->have_deref = 1;
374 return "Unrecognized value for VhostLDAPAliasDereference directive";
379 static const char *mod_vhost_ldap_set_fallback(cmd_parms *cmd, void *dummy, const char *fallback)
381 mod_vhost_ldap_config_t *conf =
382 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
385 conf->fallback = apr_pstrdup(cmd->pool, fallback);
389 command_rec mod_vhost_ldap_cmds[] = {
390 AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
391 "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
392 "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
394 "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
395 "to specify redundant servers.\n"
396 "<li>Port is optional, and specifies the port to connect to.\n"
397 "<li>basedn specifies the base DN to start searches from\n"
400 AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
401 "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
403 AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
404 "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
406 AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
407 "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
409 AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
410 "Determines how aliases are handled during a search. Can be one of the"
411 "values \"never\", \"searching\", \"finding\", or \"always\". "
412 "Defaults to always."),
414 AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
415 "Set default virtual host which will be used when requested hostname"
416 "is not found in LDAP database. This option can be used to display"
417 "\"virtual host not found\" type of page."),
422 char *mod_vhost_ldap_escape(apr_pool_t *p, const char *source)
424 char *target = apr_palloc(p, 3 * strlen(source) + 1);
425 char *result = target;
426 for (; *source; source++) {
428 case '*': case '(': case ')': case '\\':
429 sprintf(target, "\\%02hhx", *source);
441 #define FILTER_LENGTH MAX_STRING_LEN
442 static int mod_vhost_ldap_translate_name(request_rec *r)
444 request_rec *top = (r->main)?r->main:r;
445 mod_vhost_ldap_request_t *reqc;
448 const char **vals = NULL;
449 char filtbuf[FILTER_LENGTH];
450 mod_vhost_ldap_config_t *conf =
451 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
452 core_server_config * core =
453 (core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
454 util_ldap_connection_t *ldc = NULL;
456 const char *dn = NULL;
458 const char *hostname = NULL, *s_hostname = NULL;
462 (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
463 memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
465 ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
467 // mod_vhost_ldap is disabled or we don't have LDAP Url
468 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
475 ldc = util_ldap_connection_find(r, conf->host, conf->port,
476 conf->binddn, conf->bindpw, conf->deref,
480 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
481 "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
485 hostname = r->hostname;
486 if (hostname == NULL)
491 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
492 "[mod_vhost_ldap.c]: translating %s", r->uri);
494 s_hostname = mod_vhost_ldap_escape(r->pool, hostname);
495 apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, s_hostname, s_hostname);
497 result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
498 attributes, filtbuf, &dn, &vals);
500 util_ldap_connection_close(ldc);
502 /* sanity check - if server is down, retry it up to 5 times */
503 if (result == LDAP_SERVER_DOWN) {
504 if (failures++ <= 5) {
509 if ((result == LDAP_NO_SUCH_OBJECT)) {
510 char* parent_hostname = apr_pstrdup(r->pool, hostname);
512 parent_hostname = strchr(parent_hostname + 1, '.');
513 } while (parent_hostname && parent_hostname[-1] != '*');
514 if (parent_hostname) {
515 *(--parent_hostname) = '*';
516 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
517 "[mod_vhost_ldap.c] translate: "
518 "virtual host not found, trying wildcard %s",
520 hostname = parent_hostname;
525 if (conf->fallback && (is_fallback++ <= 0)) {
526 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
527 "[mod_vhost_ldap.c] translate: "
528 "virtual host %s not found, trying fallback %s",
529 hostname, conf->fallback);
530 hostname = conf->fallback;
534 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
535 "[mod_vhost_ldap.c] translate: "
536 "virtual host %s not found",
542 /* handle bind failure */
543 if (result != LDAP_SUCCESS) {
544 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
545 "[mod_vhost_ldap.c] translate: "
546 "translate failed; virtual host %s; URI %s [%s]",
547 hostname, r->uri, ldap_err2string(result));
551 /* mark the user and DN */
552 reqc->dn = apr_pstrdup(r->pool, dn);
557 while (attributes[i]) {
559 if (strcasecmp (attributes[i], "apacheServerName") == 0) {
560 reqc->name = apr_pstrdup (r->pool, vals[i]);
562 else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
563 reqc->admin = apr_pstrdup (r->pool, vals[i]);
565 else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
566 reqc->docroot = apr_pstrdup (r->pool, vals[i]);
568 else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
569 reqc->cgiroot = apr_pstrdup (r->pool, vals[i]);
571 else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
572 reqc->uid = apr_pstrdup(r->pool, vals[i]);
574 else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
575 reqc->gid = apr_pstrdup(r->pool, vals[i]);
581 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
582 "[mod_vhost_ldap.c]: loaded from ldap: "
583 "apacheServerName: %s, "
584 "apacheServerAdmin: %s, "
585 "apacheDocumentRoot: %s, "
586 "apacheScriptAlias: %s, "
587 "apacheSuexecUid: %s, "
588 "apacheSuexecGid: %s",
589 reqc->name, reqc->admin, reqc->docroot, reqc->cgiroot, reqc->uid, reqc->gid);
591 if ((reqc->name == NULL)||(reqc->docroot == NULL)) {
592 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
593 "[mod_vhost_ldap.c] translate: "
594 "translate failed; ServerName or DocumentRoot not defined");
602 cgi = strstr(r->uri, "cgi-bin/");
603 if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
608 r->filename = apr_pstrcat (r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
609 r->handler = "cgi-script";
610 apr_table_setn(r->notes, "alias-forced-type", r->handler);
612 /* This is a quick, dirty hack. I should be shot for taking 6.170
613 * this term and being willing to write a quick, dirty hack. */
615 if (strncmp(r->uri, "/~", 2) == 0) {
617 uid_t uid = (uid_t)atoll(reqc->uid);
618 if (apr_uid_name_get(&username, uid, r->pool) != APR_SUCCESS) {
619 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
620 "could not get username for uid %d", uid);
623 if (strncmp(r->uri + 2, username, strlen(username)) == 0 &&
624 (r->uri[2 + strlen(username)] == '/' ||
625 r->uri[2 + strlen(username)] == '\0')) {
627 if (apr_uid_homepath_get(&homedir, username, r->pool) != APR_SUCCESS) {
628 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
629 "could not get home directory for user %s", username);
632 r->filename = apr_pstrcat(r->pool, homedir, "/", USERDIR, r->uri + 2 + strlen(username), NULL);
634 } else if (r->uri[0] == '/') {
635 r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL);
640 top->server->server_hostname = apr_pstrdup (top->pool, reqc->name);
643 top->server->server_admin = apr_pstrdup (top->pool, reqc->admin);
646 // set environment variables
647 e = top->subprocess_env;
648 apr_table_addn (e, "SERVER_ROOT", reqc->docroot);
650 core->ap_document_root = apr_pstrdup(top->pool, reqc->docroot);
652 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
653 "[mod_vhost_ldap.c]: translated to %s", r->filename);
658 #ifdef HAVE_UNIX_SUEXEC
659 static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
661 ap_unix_identity_t *ugid = NULL;
662 mod_vhost_ldap_config_t *conf =
663 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
665 mod_vhost_ldap_request_t *req =
666 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
672 // mod_vhost_ldap is disabled or we don't have LDAP Url
673 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
677 if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
681 if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
685 uid = (uid_t)atoll(req->uid);
686 gid = (gid_t)atoll(req->gid);
688 if ((uid < MIN_UID)||(gid < MIN_GID)) {
701 mod_vhost_ldap_register_hooks (apr_pool_t * p)
703 ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
704 ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, NULL, APR_HOOK_MIDDLE);
705 #ifdef HAVE_UNIX_SUEXEC
706 ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
708 #if (APR_MAJOR_VERSION >= 1)
709 ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
713 module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
714 STANDARD20_MODULE_STUFF,
717 mod_vhost_ldap_create_server_config,
718 mod_vhost_ldap_merge_server_config,
720 mod_vhost_ldap_register_hooks,
andersk / mod-vhost-ldap.git / blob