1 /* ============================================================
2 * Copyright (c) 2003-2004, Ondrej Sury
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
28 #include "http_config.h"
29 #include "http_core.h"
31 #include "http_request.h"
32 #include "apr_version.h"
34 #include "apr_reslist.h"
35 #include "apr_strings.h"
36 #include "apr_tables.h"
37 #include "util_ldap.h"
38 #include "util_script.h"
40 #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
41 #error mod_vhost_ldap requires APR-util to have LDAP support built in
44 #if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
45 #define HAVE_UNIX_SUEXEC
48 #ifdef HAVE_UNIX_SUEXEC
49 #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
55 #define MAX_FAILURES 5
57 module AP_MODULE_DECLARE_DATA vhost_ldap_module;
60 MVL_UNSET, MVL_DISABLED, MVL_ENABLED
61 } mod_vhost_ldap_status_e;
63 typedef struct mod_vhost_ldap_config_t {
64 mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
66 /* These parameters are all derived from the VhostLDAPURL directive */
67 char *url; /* String representation of LDAP URL */
69 char *host; /* Name of the LDAP server (or space separated list) */
70 int port; /* Port of the LDAP server */
71 char *basedn; /* Base DN to do all searches from */
72 int scope; /* Scope of the search */
73 char *filter; /* Filter to further limit the search */
74 deref_options deref; /* how to handle alias dereferening */
76 char *binddn; /* DN to bind to server (can be NULL) */
77 char *bindpw; /* Password to bind to server (can be NULL) */
79 int have_deref; /* Set if we have found an Deref option */
80 int have_ldap_url; /* Set if we have found an LDAP url */
82 int secure; /* True if SSL connections are requested */
84 char *fallback; /* Fallback virtual host */
86 } mod_vhost_ldap_config_t;
88 typedef struct mod_vhost_ldap_request_t {
89 char *dn; /* The saved dn from a successful search */
90 char *name; /* ServerName */
91 char *admin; /* ServerAdmin */
92 char *docroot; /* DocumentRoot */
93 char *cgiroot; /* ScriptAlias */
94 char *uid; /* Suexec Uid */
95 char *gid; /* Suexec Gid */
96 } mod_vhost_ldap_request_t;
99 { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
101 #if (APR_MAJOR_VERSION >= 1)
102 static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
103 static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
104 static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
105 static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
106 static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
107 static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
108 static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
110 static void ImportULDAPOptFn(void)
112 util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
113 util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
114 util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
115 util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
116 util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
117 util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
118 util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
122 /* Taken from server/core.c */
123 static int set_document_root(request_rec *r, const char *arg)
125 void *sconf = r->server->module_config;
126 core_server_config *conf = ap_get_module_config(sconf, &core_module);
128 /* Make it absolute, relative to ServerRoot */
129 arg = ap_server_root_relative(r->pool, arg);
132 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
133 "[mod_vhost_ldap.c] set_document_root: DocumentRoot [%s] must be a directory",
136 return HTTP_INTERNAL_SERVER_ERROR;
139 /* TODO: ap_configtestonly && ap_docrootcheck && */
140 if (apr_filepath_merge((char**)&conf->ap_document_root, NULL, arg,
141 APR_FILEPATH_TRUENAME, r->pool) != APR_SUCCESS
142 || !ap_is_directory(r->pool, arg)) {
144 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
146 "[mod_vhost_ldap.c] set_document_root: Warning: DocumentRoot [%s] does not exist",
148 conf->ap_document_root = arg;
154 static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
156 /* make sure that mod_ldap (util_ldap) is loaded */
157 if (ap_find_linked_module("util_ldap.c") == NULL) {
158 ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
159 "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
160 "must be loaded in order for mod_vhost_ldap to function properly");
161 return HTTP_INTERNAL_SERVER_ERROR;
165 ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
171 mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
173 mod_vhost_ldap_config_t *conf =
174 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
176 conf->enabled = MVL_UNSET;
177 conf->have_ldap_url = 0;
178 conf->have_deref = 0;
181 conf->deref = always;
182 conf->fallback = NULL;
188 mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
190 mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
191 mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
192 mod_vhost_ldap_config_t *conf =
193 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
195 if (child->enabled == MVL_UNSET) {
196 conf->enabled = parent->enabled;
198 conf->enabled = child->enabled;
201 if (child->have_ldap_url) {
202 conf->have_ldap_url = child->have_ldap_url;
203 conf->url = child->url;
204 conf->host = child->host;
205 conf->port = child->port;
206 conf->basedn = child->basedn;
207 conf->scope = child->scope;
208 conf->filter = child->filter;
209 conf->secure = child->secure;
211 conf->have_ldap_url = parent->have_ldap_url;
212 conf->url = parent->url;
213 conf->host = parent->host;
214 conf->port = parent->port;
215 conf->basedn = parent->basedn;
216 conf->scope = parent->scope;
217 conf->filter = parent->filter;
218 conf->secure = parent->secure;
220 if (child->have_deref) {
221 conf->have_deref = child->have_deref;
222 conf->deref = child->deref;
224 conf->have_deref = parent->have_deref;
225 conf->deref = parent->deref;
228 conf->binddn = (child->binddn ? child->binddn : parent->binddn);
229 conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
231 conf->fallback = (child->fallback ? child->fallback : parent->fallback);
237 * Use the ldap url parsing routines to break up the ldap url into
240 static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd,
245 apr_ldap_url_desc_t *urld;
246 #if (APR_MAJOR_VERSION >= 1)
247 apr_ldap_err_t *result_err;
250 mod_vhost_ldap_config_t *conf =
251 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
254 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
255 cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
258 #if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
259 result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
260 if (result != LDAP_SUCCESS) {
261 return result_err->reason;
264 result = apr_ldap_url_parse(url, &(urld));
265 if (result != LDAP_SUCCESS) {
267 case LDAP_URL_ERR_NOTLDAP:
268 return "LDAP URL does not begin with ldap://";
269 case LDAP_URL_ERR_NODN:
270 return "LDAP URL does not have a DN";
271 case LDAP_URL_ERR_BADSCOPE:
272 return "LDAP URL has an invalid scope";
273 case LDAP_URL_ERR_MEM:
274 return "Out of memory parsing LDAP URL";
276 return "Could not parse LDAP URL";
280 conf->url = apr_pstrdup(cmd->pool, url);
282 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
283 cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
284 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
285 cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
286 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
287 cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
288 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
289 cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
290 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
291 cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
292 (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
293 urld->lud_scope == LDAP_SCOPE_BASE? "base" :
294 urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
295 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
296 cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
298 /* Set all the values, or at least some sane defaults */
300 char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
301 strcpy(p, urld->lud_host);
303 strcat(p, conf->host);
307 conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
309 conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
311 conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
312 LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
314 if (urld->lud_filter) {
315 if (urld->lud_filter[0] == '(') {
317 * Get rid of the surrounding parens; later on when generating the
318 * filter, they'll be put back.
320 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
321 conf->filter[strlen(conf->filter)-1] = '\0';
324 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
328 conf->filter = "objectClass=apacheConfig";
331 /* "ldaps" indicates secure ldap connections desired
333 if (strncasecmp(url, "ldaps", 5) == 0)
336 conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
337 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
338 "LDAP: vhost_ldap using SSL connections");
343 conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
344 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
345 "LDAP: vhost_ldap not using SSL connections");
348 conf->have_ldap_url = 1;
349 #if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
350 apr_ldap_free_urldesc(urld);
355 static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
357 mod_vhost_ldap_config_t *conf =
358 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
361 conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
366 static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
368 mod_vhost_ldap_config_t *conf =
369 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
372 conf->binddn = apr_pstrdup(cmd->pool, binddn);
376 static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
378 mod_vhost_ldap_config_t *conf =
379 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
382 conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
386 static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
388 mod_vhost_ldap_config_t *conf =
389 (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
392 if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
394 conf->have_deref = 1;
396 else if (strcmp(deref, "searching") == 0) {
397 conf->deref = searching;
398 conf->have_deref = 1;
400 else if (strcmp(deref, "finding") == 0) {
401 conf->deref = finding;
402 conf->have_deref = 1;
404 else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
405 conf->deref = always;
406 conf->have_deref = 1;
409 return "Unrecognized value for VhostLDAPAliasDereference directive";
414 static const char *mod_vhost_ldap_set_fallback(cmd_parms *cmd, void *dummy, const char *fallback)
416 mod_vhost_ldap_config_t *conf =
417 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
420 conf->fallback = apr_pstrdup(cmd->pool, fallback);
424 command_rec mod_vhost_ldap_cmds[] = {
425 AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
426 "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
427 "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
429 "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
430 "to specify redundant servers.\n"
431 "<li>Port is optional, and specifies the port to connect to.\n"
432 "<li>basedn specifies the base DN to start searches from\n"
435 AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
436 "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
438 AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
439 "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
441 AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
442 "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
444 AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
445 "Determines how aliases are handled during a search. Can be one of the"
446 "values \"never\", \"searching\", \"finding\", or \"always\". "
447 "Defaults to always."),
449 AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
450 "Set default virtual host which will be used when requested hostname"
451 "is not found in LDAP database. This option can be used to display"
452 "\"virtual host not found\" type of page."),
457 #define FILTER_LENGTH MAX_STRING_LEN
458 static int mod_vhost_ldap_translate_name(request_rec *r)
460 request_rec *top = (r->main)?r->main:r;
461 mod_vhost_ldap_request_t *reqc;
463 const char **vals = NULL;
464 char filtbuf[FILTER_LENGTH];
465 mod_vhost_ldap_config_t *conf =
466 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
467 util_ldap_connection_t *ldc = NULL;
469 const char *dn = NULL;
471 const char *hostname = NULL;
476 struct berval hostnamebv, shostnamebv;
479 (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
480 memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
482 ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
484 // mod_vhost_ldap is disabled or we don't have LDAP Url
485 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
492 ldc = util_ldap_connection_find(r, conf->host, conf->port,
493 conf->binddn, conf->bindpw, conf->deref,
497 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
498 "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
499 return HTTP_INTERNAL_SERVER_ERROR;
502 hostname = r->hostname;
503 if (hostname == NULL || hostname[0] == '\0')
508 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
509 "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]",
512 ber_str2bv(hostname, 0, 0, &hostnamebv);
513 if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0)
515 apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val);
516 ber_memfree(shostnamebv.bv_val);
518 result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
519 attributes, filtbuf, &dn, &vals);
521 util_ldap_connection_close(ldc);
523 /* sanity check - if server is down, retry it up to 5 times */
524 if (AP_LDAP_IS_SERVER_DOWN(result) ||
525 (result == LDAP_TIMEOUT) ||
526 (result == LDAP_CONNECT_ERROR)) {
527 sleep = sleep0 + sleep1;
528 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
529 "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds",
531 if (failures++ < MAX_FAILURES) {
532 /* Back-off exponentially */
533 apr_sleep(apr_time_from_sec(sleep));
538 return HTTP_GATEWAY_TIME_OUT;
542 if (result == LDAP_NO_SUCH_OBJECT) {
543 if (strcmp(hostname, "*") != 0) {
544 if (strncmp(hostname, "*.", 2) == 0)
546 hostname += strcspn(hostname, ".");
547 hostname = apr_pstrcat(r->pool, "*", hostname, NULL);
548 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
549 "[mod_vhost_ldap.c] translate: "
550 "virtual host not found, trying wildcard %s",
556 if (conf->fallback && (is_fallback++ <= 0)) {
557 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
558 "[mod_vhost_ldap.c] translate: "
559 "virtual host %s not found, trying fallback %s",
560 hostname, conf->fallback);
561 hostname = conf->fallback;
565 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
566 "[mod_vhost_ldap.c] translate: "
567 "virtual host %s not found",
570 return HTTP_BAD_REQUEST;
573 /* handle bind failure */
574 if (result != LDAP_SUCCESS) {
575 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
576 "[mod_vhost_ldap.c] translate: "
577 "translate failed; virtual host %s; URI %s [%s]",
578 hostname, r->uri, ldap_err2string(result));
579 return HTTP_INTERNAL_SERVER_ERROR;
582 /* mark the user and DN */
583 reqc->dn = apr_pstrdup(r->pool, dn);
588 while (attributes[i]) {
590 if (strcasecmp (attributes[i], "apacheServerName") == 0) {
591 reqc->name = apr_pstrdup (r->pool, vals[i]);
593 else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
594 reqc->admin = apr_pstrdup (r->pool, vals[i]);
596 else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
597 reqc->docroot = apr_pstrdup (r->pool, vals[i]);
599 else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
600 reqc->cgiroot = apr_pstrdup (r->pool, vals[i]);
602 else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
603 reqc->uid = apr_pstrdup(r->pool, vals[i]);
605 else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
606 reqc->gid = apr_pstrdup(r->pool, vals[i]);
612 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
613 "[mod_vhost_ldap.c]: loaded from ldap: "
614 "apacheServerName: %s, "
615 "apacheServerAdmin: %s, "
616 "apacheDocumentRoot: %s, "
617 "apacheScriptAlias: %s, "
618 "apacheSuexecUid: %s, "
619 "apacheSuexecGid: %s",
620 reqc->name, reqc->admin, reqc->docroot, reqc->cgiroot, reqc->uid, reqc->gid);
622 if ((reqc->name == NULL)||(reqc->docroot == NULL)) {
623 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
624 "[mod_vhost_ldap.c] translate: "
625 "translate failed; ServerName or DocumentRoot not defined");
626 return HTTP_INTERNAL_SERVER_ERROR;
632 cgi = strstr(r->uri, "cgi-bin/");
633 if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
638 /* Set exact filename for CGI script */
639 cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
640 if ((cgi = ap_server_root_relative(r->pool, cgi))) {
641 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
642 "[mod_vhost_ldap.c]: ap_document_root is: %s",
643 ap_document_root(r));
645 r->handler = "cgi-script";
646 apr_table_setn(r->notes, "alias-forced-type", r->handler);
648 } else if (r->uri[0] == '/') {
649 /* we don't set r->filename here, and let other modules do it
650 * this allows other modules (mod_rewrite.c) to work as usual
652 /* r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL); */
654 /* We don't handle non-file requests here */
658 top->server->server_hostname = apr_pstrdup (top->pool, reqc->name);
661 top->server->server_admin = apr_pstrdup (top->pool, reqc->admin);
664 result = set_document_root(r, reqc->docroot);
666 return HTTP_INTERNAL_SERVER_ERROR;
668 apr_table_setn(r->notes, "vhost-document-root", reqc->docroot);
670 /* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */
674 #ifdef HAVE_UNIX_SUEXEC
675 static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
677 ap_unix_identity_t *ugid = NULL;
678 mod_vhost_ldap_config_t *conf =
679 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
681 mod_vhost_ldap_request_t *req =
682 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
688 // mod_vhost_ldap is disabled or we don't have LDAP Url
689 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
693 if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
697 if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
701 uid = (uid_t)atoll(req->uid);
702 gid = (gid_t)atoll(req->gid);
704 if ((uid < MIN_UID)||(gid < MIN_GID)) {
716 static int mod_vhost_ldap_fixups(request_rec *r)
719 apr_table_get(r->notes, "vhost-document-root");
721 /* If we don't have DocumentRoot in notes then do nothing */
725 return set_document_root(r, docroot);
729 mod_vhost_ldap_register_hooks (apr_pool_t * p)
733 * Run before mod_rewrite
735 static const char * const aszRewrite[]={ "mod_rewrite.c", NULL };
737 ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
738 ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
739 #ifdef HAVE_UNIX_SUEXEC
740 ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
742 #if (APR_MAJOR_VERSION >= 1)
743 ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
746 ap_hook_fixups(mod_vhost_ldap_fixups, NULL, NULL, APR_HOOK_LAST);
749 module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
750 STANDARD20_MODULE_STUFF,
753 mod_vhost_ldap_create_server_config,
754 mod_vhost_ldap_merge_server_config,
756 mod_vhost_ldap_register_hooks,