1 /* ============================================================
2 * Copyright (c) 2003-2004, Ondrej Sury
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
28 #include "http_config.h"
29 #include "http_core.h"
31 #include "http_request.h"
32 #include "apr_version.h"
34 #include "apr_strings.h"
35 #include "apr_reslist.h"
36 #include "util_ldap.h"
38 #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
39 #error mod_vhost_ldap requires APR-util to have LDAP support built in
42 #if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
43 #define HAVE_UNIX_SUEXEC
46 #ifdef HAVE_UNIX_SUEXEC
47 #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
52 const char USERDIR[] = "web_scripts";
54 module AP_MODULE_DECLARE_DATA vhost_ldap_module;
57 MVL_UNSET, MVL_DISABLED, MVL_ENABLED
58 } mod_vhost_ldap_status_e;
60 typedef struct mod_vhost_ldap_config_t {
61 mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
63 /* These parameters are all derived from the VhostLDAPURL directive */
64 char *url; /* String representation of LDAP URL */
66 char *host; /* Name of the LDAP server (or space separated list) */
67 int port; /* Port of the LDAP server */
68 char *basedn; /* Base DN to do all searches from */
69 int scope; /* Scope of the search */
70 char *filter; /* Filter to further limit the search */
71 deref_options deref; /* how to handle alias dereferening */
73 char *binddn; /* DN to bind to server (can be NULL) */
74 char *bindpw; /* Password to bind to server (can be NULL) */
76 int have_deref; /* Set if we have found an Deref option */
77 int have_ldap_url; /* Set if we have found an LDAP url */
79 int secure; /* True if SSL connections are requested */
81 char *fallback; /* Fallback virtual host */
83 } mod_vhost_ldap_config_t;
85 typedef struct mod_vhost_ldap_request_t {
86 char *dn; /* The saved dn from a successful search */
87 char *name; /* ServerName */
88 char *admin; /* ServerAdmin */
89 char *docroot; /* DocumentRoot */
90 char *cgiroot; /* ScriptAlias */
91 char *uid; /* Suexec Uid */
92 char *gid; /* Suexec Gid */
93 } mod_vhost_ldap_request_t;
96 { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
98 static int total_modules;
100 #if (APR_MAJOR_VERSION >= 1)
101 static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
102 static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
103 static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
104 static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
105 static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
106 static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
107 static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
109 static void ImportULDAPOptFn(void)
111 util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
112 util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
113 util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
114 util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
115 util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
116 util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
117 util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
121 static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
125 /* Stolen from modules/generators/mod_cgid.c */
127 for (m = ap_preloaded_modules; *m != NULL; m++)
130 /* make sure that mod_ldap (util_ldap) is loaded */
131 if (ap_find_linked_module("util_ldap.c") == NULL) {
132 ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
133 "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
134 "must be loaded in order for mod_vhost_ldap to function properly");
135 return HTTP_INTERNAL_SERVER_ERROR;
139 ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
145 mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
147 mod_vhost_ldap_config_t *conf =
148 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
150 conf->enabled = MVL_UNSET;
151 conf->have_ldap_url = 0;
152 conf->have_deref = 0;
155 conf->deref = always;
156 conf->fallback = NULL;
162 mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
164 mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
165 mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
166 mod_vhost_ldap_config_t *conf =
167 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
169 if (child->enabled == MVL_UNSET) {
170 conf->enabled = parent->enabled;
172 conf->enabled = child->enabled;
175 if (child->have_ldap_url) {
176 conf->have_ldap_url = child->have_ldap_url;
177 conf->url = child->url;
178 conf->host = child->host;
179 conf->port = child->port;
180 conf->basedn = child->basedn;
181 conf->scope = child->scope;
182 conf->filter = child->filter;
183 conf->secure = child->secure;
185 conf->have_ldap_url = parent->have_ldap_url;
186 conf->url = parent->url;
187 conf->host = parent->host;
188 conf->port = parent->port;
189 conf->basedn = parent->basedn;
190 conf->scope = parent->scope;
191 conf->filter = parent->filter;
192 conf->secure = parent->secure;
194 if (child->have_deref) {
195 conf->have_deref = child->have_deref;
196 conf->deref = child->deref;
198 conf->have_deref = parent->have_deref;
199 conf->deref = parent->deref;
202 conf->binddn = (child->binddn ? child->binddn : parent->binddn);
203 conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
205 conf->fallback = (child->fallback ? child->fallback : parent->fallback);
211 * Use the ldap url parsing routines to break up the ldap url into
214 static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd,
219 apr_ldap_url_desc_t *urld;
220 #if (APR_MAJOR_VERSION >= 1)
221 apr_ldap_err_t *result_err;
224 mod_vhost_ldap_config_t *conf =
225 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
228 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
229 cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
232 #if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
233 result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
234 if (result != LDAP_SUCCESS) {
235 return result_err->reason;
238 result = apr_ldap_url_parse(url, &(urld));
239 if (result != LDAP_SUCCESS) {
241 case LDAP_URL_ERR_NOTLDAP:
242 return "LDAP URL does not begin with ldap://";
243 case LDAP_URL_ERR_NODN:
244 return "LDAP URL does not have a DN";
245 case LDAP_URL_ERR_BADSCOPE:
246 return "LDAP URL has an invalid scope";
247 case LDAP_URL_ERR_MEM:
248 return "Out of memory parsing LDAP URL";
250 return "Could not parse LDAP URL";
254 conf->url = apr_pstrdup(cmd->pool, url);
256 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
257 cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
258 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
259 cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
260 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
261 cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
262 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
263 cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
264 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
265 cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
266 (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
267 urld->lud_scope == LDAP_SCOPE_BASE? "base" :
268 urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
269 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
270 cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
272 /* Set all the values, or at least some sane defaults */
274 char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
275 strcpy(p, urld->lud_host);
277 strcat(p, conf->host);
281 conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
283 conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
285 conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
286 LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
288 if (urld->lud_filter) {
289 if (urld->lud_filter[0] == '(') {
291 * Get rid of the surrounding parens; later on when generating the
292 * filter, they'll be put back.
294 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
295 conf->filter[strlen(conf->filter)-1] = '\0';
298 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
302 conf->filter = "objectClass=apacheConfig";
305 /* "ldaps" indicates secure ldap connections desired
307 if (strncasecmp(url, "ldaps", 5) == 0)
310 conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
311 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
312 "LDAP: vhost_ldap using SSL connections");
317 conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
318 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
319 "LDAP: vhost_ldap not using SSL connections");
322 conf->have_ldap_url = 1;
323 #if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
324 apr_ldap_free_urldesc(urld);
329 static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
331 mod_vhost_ldap_config_t *conf =
332 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
335 conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
340 static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
342 mod_vhost_ldap_config_t *conf =
343 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
346 conf->binddn = apr_pstrdup(cmd->pool, binddn);
350 static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
352 mod_vhost_ldap_config_t *conf =
353 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
356 conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
360 static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
362 mod_vhost_ldap_config_t *conf =
363 (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
366 if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
368 conf->have_deref = 1;
370 else if (strcmp(deref, "searching") == 0) {
371 conf->deref = searching;
372 conf->have_deref = 1;
374 else if (strcmp(deref, "finding") == 0) {
375 conf->deref = finding;
376 conf->have_deref = 1;
378 else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
379 conf->deref = always;
380 conf->have_deref = 1;
383 return "Unrecognized value for VhostLDAPAliasDereference directive";
388 static const char *mod_vhost_ldap_set_fallback(cmd_parms *cmd, void *dummy, const char *fallback)
390 mod_vhost_ldap_config_t *conf =
391 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
394 conf->fallback = apr_pstrdup(cmd->pool, fallback);
398 command_rec mod_vhost_ldap_cmds[] = {
399 AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
400 "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
401 "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
403 "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
404 "to specify redundant servers.\n"
405 "<li>Port is optional, and specifies the port to connect to.\n"
406 "<li>basedn specifies the base DN to start searches from\n"
409 AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
410 "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
412 AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
413 "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
415 AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
416 "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
418 AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
419 "Determines how aliases are handled during a search. Can be one of the"
420 "values \"never\", \"searching\", \"finding\", or \"always\". "
421 "Defaults to always."),
423 AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
424 "Set default virtual host which will be used when requested hostname"
425 "is not found in LDAP database. This option can be used to display"
426 "\"virtual host not found\" type of page."),
431 #define FILTER_LENGTH MAX_STRING_LEN
432 static int mod_vhost_ldap_translate_name(request_rec *r)
434 mod_vhost_ldap_request_t *reqc;
437 const char **vals = NULL;
438 char filtbuf[FILTER_LENGTH];
439 mod_vhost_ldap_config_t *conf =
440 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
441 core_server_config * core =
442 (core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
443 util_ldap_connection_t *ldc = NULL;
445 const char *dn = NULL;
447 const char *hostname = NULL;
451 (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
452 memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
454 ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
456 // mod_vhost_ldap is disabled or we don't have LDAP Url
457 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
464 ldc = util_ldap_connection_find(r, conf->host, conf->port,
465 conf->binddn, conf->bindpw, conf->deref,
469 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
470 "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
474 hostname = r->hostname;
475 if (hostname == NULL || hostname[0] == '\0')
480 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
481 "[mod_vhost_ldap.c]: translating %s", r->uri);
483 struct berval hostnamebv, shostnamebv;
484 ber_str2bv(hostname, 0, 0, &hostnamebv);
485 if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0)
487 apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val);
488 ber_memfree(shostnamebv.bv_val);
490 result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
491 attributes, filtbuf, &dn, &vals);
493 util_ldap_connection_close(ldc);
495 /* sanity check - if server is down, retry it up to 5 times */
496 if (result == LDAP_SERVER_DOWN) {
497 if (failures++ <= 5) {
502 if ((result == LDAP_NO_SUCH_OBJECT)) {
503 if (strcmp(hostname, "*") != 0) {
504 if (strncmp(hostname, "*.", 2) == 0)
506 hostname += strcspn(hostname, ".");
507 hostname = apr_pstrcat(r->pool, "*", hostname, NULL);
508 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
509 "[mod_vhost_ldap.c] translate: "
510 "virtual host not found, trying wildcard %s",
516 if (conf->fallback && (is_fallback++ <= 0)) {
517 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
518 "[mod_vhost_ldap.c] translate: "
519 "virtual host %s not found, trying fallback %s",
520 hostname, conf->fallback);
521 hostname = conf->fallback;
525 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
526 "[mod_vhost_ldap.c] translate: "
527 "virtual host %s not found",
533 /* handle bind failure */
534 if (result != LDAP_SUCCESS) {
535 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
536 "[mod_vhost_ldap.c] translate: "
537 "translate failed; virtual host %s; URI %s [%s]",
538 hostname, r->uri, ldap_err2string(result));
542 /* mark the user and DN */
543 reqc->dn = apr_pstrdup(r->pool, dn);
548 while (attributes[i]) {
550 if (strcasecmp (attributes[i], "apacheServerName") == 0) {
551 reqc->name = apr_pstrdup (r->pool, vals[i]);
553 else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
554 reqc->admin = apr_pstrdup (r->pool, vals[i]);
556 else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
557 reqc->docroot = apr_pstrdup (r->pool, vals[i]);
559 else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
560 reqc->cgiroot = apr_pstrdup (r->pool, vals[i]);
562 else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
563 reqc->uid = apr_pstrdup(r->pool, vals[i]);
565 else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
566 reqc->gid = apr_pstrdup(r->pool, vals[i]);
572 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
573 "[mod_vhost_ldap.c]: loaded from ldap: "
574 "apacheServerName: %s, "
575 "apacheServerAdmin: %s, "
576 "apacheDocumentRoot: %s, "
577 "apacheScriptAlias: %s, "
578 "apacheSuexecUid: %s, "
579 "apacheSuexecGid: %s",
580 reqc->name, reqc->admin, reqc->docroot, reqc->cgiroot, reqc->uid, reqc->gid);
582 if ((reqc->name == NULL)||(reqc->docroot == NULL)) {
583 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
584 "[mod_vhost_ldap.c] translate: "
585 "translate failed; ServerName or DocumentRoot not defined");
593 cgi = strstr(r->uri, "cgi-bin/");
594 if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
599 r->filename = apr_pstrcat (r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
600 r->handler = "cgi-script";
601 apr_table_setn(r->notes, "alias-forced-type", r->handler);
603 /* This is a quick, dirty hack. I should be shot for taking 6.170
604 * this term and being willing to write a quick, dirty hack. */
606 if (strncmp(r->uri, "/~", 2) == 0) {
608 uid_t uid = (uid_t)atoll(reqc->uid);
609 if (apr_uid_name_get(&username, uid, r->pool) != APR_SUCCESS) {
610 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
611 "could not get username for uid %d", uid);
614 if (strncmp(r->uri + 2, username, strlen(username)) == 0 &&
615 (r->uri[2 + strlen(username)] == '/' ||
616 r->uri[2 + strlen(username)] == '\0')) {
618 if (apr_uid_homepath_get(&homedir, username, r->pool) != APR_SUCCESS) {
619 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
620 "could not get home directory for user %s", username);
623 r->filename = apr_pstrcat(r->pool, homedir, "/", USERDIR, r->uri + 2 + strlen(username), NULL);
625 } else if (r->uri[0] == '/') {
626 r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL);
631 if ((r->server = apr_pmemdup(r->pool, r->server,
632 sizeof(*r->server))) == NULL)
633 return HTTP_INTERNAL_SERVER_ERROR;
635 r->server->server_hostname = reqc->name;
638 r->server->server_admin = reqc->admin;
641 // set environment variables
642 e = r->subprocess_env;
643 apr_table_addn (e, "SERVER_ROOT", reqc->docroot);
645 if ((r->server->module_config =
646 apr_pmemdup(r->pool, r->server->module_config,
648 (total_modules + DYNAMIC_MODULE_LIMIT))) == NULL)
649 return HTTP_INTERNAL_SERVER_ERROR;
651 if ((core = apr_pmemdup(r->pool, core, sizeof(*core))) == NULL)
652 return HTTP_INTERNAL_SERVER_ERROR;
653 ap_set_module_config(r->server->module_config, &core_module, core);
655 core->ap_document_root = reqc->docroot;
657 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
658 "[mod_vhost_ldap.c]: translated to %s", r->filename);
663 #ifdef HAVE_UNIX_SUEXEC
664 static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
666 ap_unix_identity_t *ugid = NULL;
667 mod_vhost_ldap_config_t *conf =
668 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
670 mod_vhost_ldap_request_t *req =
671 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
677 // mod_vhost_ldap is disabled or we don't have LDAP Url
678 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
682 if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
686 if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
690 uid = (uid_t)atoll(req->uid);
691 gid = (gid_t)atoll(req->gid);
693 if ((uid < MIN_UID)||(gid < MIN_GID)) {
706 mod_vhost_ldap_register_hooks (apr_pool_t * p)
708 ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
709 ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, NULL, APR_HOOK_MIDDLE);
710 #ifdef HAVE_UNIX_SUEXEC
711 ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
713 #if (APR_MAJOR_VERSION >= 1)
714 ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
718 module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
719 STANDARD20_MODULE_STUFF,
722 mod_vhost_ldap_create_server_config,
723 mod_vhost_ldap_merge_server_config,
725 mod_vhost_ldap_register_hooks,