1 /* ============================================================
2 * Copyright (c) 2003-2004, Ondrej Sury
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
28 #include "http_config.h"
29 #include "http_core.h"
31 #include "http_request.h"
32 #include "apr_version.h"
34 #include "apr_strings.h"
35 #include "apr_reslist.h"
36 #include "util_ldap.h"
38 #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
39 #error mod_vhost_ldap requires APR-util to have LDAP support built in
42 #if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
43 #define HAVE_UNIX_SUEXEC
46 #ifdef HAVE_UNIX_SUEXEC
47 #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
53 module AP_MODULE_DECLARE_DATA vhost_ldap_module;
56 MVL_UNSET, MVL_DISABLED, MVL_ENABLED
57 } mod_vhost_ldap_status_e;
59 typedef struct mod_vhost_ldap_config_t {
60 mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
62 /* These parameters are all derived from the VhostLDAPURL directive */
63 char *url; /* String representation of LDAP URL */
65 char *host; /* Name of the LDAP server (or space separated list) */
66 int port; /* Port of the LDAP server */
67 char *basedn; /* Base DN to do all searches from */
68 int scope; /* Scope of the search */
69 char *filter; /* Filter to further limit the search */
70 deref_options deref; /* how to handle alias dereferening */
72 char *binddn; /* DN to bind to server (can be NULL) */
73 char *bindpw; /* Password to bind to server (can be NULL) */
75 int have_deref; /* Set if we have found an Deref option */
76 int have_ldap_url; /* Set if we have found an LDAP url */
78 int secure; /* True if SSL connections are requested */
80 char *fallback; /* Fallback virtual host */
82 } mod_vhost_ldap_config_t;
84 typedef struct mod_vhost_ldap_request_t {
85 char *dn; /* The saved dn from a successful search */
86 char *name; /* ServerName */
87 char *admin; /* ServerAdmin */
88 char *docroot; /* DocumentRoot */
89 char *cgiroot; /* ScriptAlias */
90 char *uid; /* Suexec Uid */
91 char *gid; /* Suexec Gid */
92 char *saved_docroot; /* Saved DocumentRoot */
93 } mod_vhost_ldap_request_t;
96 { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
98 #if (APR_MAJOR_VERSION >= 1)
99 static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
100 static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
101 static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
102 static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
103 static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
104 static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
105 static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
107 static void ImportULDAPOptFn(void)
109 util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
110 util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
111 util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
112 util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
113 util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
114 util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
115 util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
119 /* Taken from server/core.c */
120 static int set_document_root(request_rec *r, const char *arg)
122 void *sconf = r->server->module_config;
123 core_server_config *conf = ap_get_module_config(sconf, &core_module);
125 /* Make it absolute, relative to ServerRoot */
126 arg = ap_server_root_relative(r->pool, arg);
129 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
130 "[mod_vhost_ldap.c] set_document_root: DocumentRoot [%s] must be a directory",
133 return HTTP_INTERNAL_SERVER_ERROR;
136 /* TODO: ap_configtestonly && ap_docrootcheck && */
137 if (apr_filepath_merge((char**)&conf->ap_document_root, NULL, arg,
138 APR_FILEPATH_TRUENAME, r->pool) != APR_SUCCESS
139 || !ap_is_directory(r->pool, arg)) {
141 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
143 "[mod_vhost_ldap.c] set_document_root: Warning: DocumentRoot [%s] does not exist",
145 conf->ap_document_root = arg;
151 static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
153 /* make sure that mod_ldap (util_ldap) is loaded */
154 if (ap_find_linked_module("util_ldap.c") == NULL) {
155 ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
156 "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
157 "must be loaded in order for mod_vhost_ldap to function properly");
158 return HTTP_INTERNAL_SERVER_ERROR;
162 ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
168 mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
170 mod_vhost_ldap_config_t *conf =
171 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
173 conf->enabled = MVL_UNSET;
174 conf->have_ldap_url = 0;
175 conf->have_deref = 0;
178 conf->deref = always;
179 conf->fallback = NULL;
185 mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
187 mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
188 mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
189 mod_vhost_ldap_config_t *conf =
190 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
192 if (child->enabled == MVL_UNSET) {
193 conf->enabled = parent->enabled;
195 conf->enabled = child->enabled;
198 if (child->have_ldap_url) {
199 conf->have_ldap_url = child->have_ldap_url;
200 conf->url = child->url;
201 conf->host = child->host;
202 conf->port = child->port;
203 conf->basedn = child->basedn;
204 conf->scope = child->scope;
205 conf->filter = child->filter;
206 conf->secure = child->secure;
208 conf->have_ldap_url = parent->have_ldap_url;
209 conf->url = parent->url;
210 conf->host = parent->host;
211 conf->port = parent->port;
212 conf->basedn = parent->basedn;
213 conf->scope = parent->scope;
214 conf->filter = parent->filter;
215 conf->secure = parent->secure;
217 if (child->have_deref) {
218 conf->have_deref = child->have_deref;
219 conf->deref = child->deref;
221 conf->have_deref = parent->have_deref;
222 conf->deref = parent->deref;
225 conf->binddn = (child->binddn ? child->binddn : parent->binddn);
226 conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
228 conf->fallback = (child->fallback ? child->fallback : parent->fallback);
234 * Use the ldap url parsing routines to break up the ldap url into
237 static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd,
242 apr_ldap_url_desc_t *urld;
243 #if (APR_MAJOR_VERSION >= 1)
244 apr_ldap_err_t *result_err;
247 mod_vhost_ldap_config_t *conf =
248 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
251 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
252 cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
255 #if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
256 result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
257 if (result != LDAP_SUCCESS) {
258 return result_err->reason;
261 result = apr_ldap_url_parse(url, &(urld));
262 if (result != LDAP_SUCCESS) {
264 case LDAP_URL_ERR_NOTLDAP:
265 return "LDAP URL does not begin with ldap://";
266 case LDAP_URL_ERR_NODN:
267 return "LDAP URL does not have a DN";
268 case LDAP_URL_ERR_BADSCOPE:
269 return "LDAP URL has an invalid scope";
270 case LDAP_URL_ERR_MEM:
271 return "Out of memory parsing LDAP URL";
273 return "Could not parse LDAP URL";
277 conf->url = apr_pstrdup(cmd->pool, url);
279 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
280 cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
281 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
282 cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
283 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
284 cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
285 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
286 cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
287 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
288 cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
289 (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
290 urld->lud_scope == LDAP_SCOPE_BASE? "base" :
291 urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
292 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
293 cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
295 /* Set all the values, or at least some sane defaults */
297 char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
298 strcpy(p, urld->lud_host);
300 strcat(p, conf->host);
304 conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
306 conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
308 conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
309 LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
311 if (urld->lud_filter) {
312 if (urld->lud_filter[0] == '(') {
314 * Get rid of the surrounding parens; later on when generating the
315 * filter, they'll be put back.
317 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
318 conf->filter[strlen(conf->filter)-1] = '\0';
321 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
325 conf->filter = "objectClass=apacheConfig";
328 /* "ldaps" indicates secure ldap connections desired
330 if (strncasecmp(url, "ldaps", 5) == 0)
333 conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
334 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
335 "LDAP: vhost_ldap using SSL connections");
340 conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
341 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
342 "LDAP: vhost_ldap not using SSL connections");
345 conf->have_ldap_url = 1;
346 #if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
347 apr_ldap_free_urldesc(urld);
352 static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
354 mod_vhost_ldap_config_t *conf =
355 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
358 conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
363 static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
365 mod_vhost_ldap_config_t *conf =
366 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
369 conf->binddn = apr_pstrdup(cmd->pool, binddn);
373 static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
375 mod_vhost_ldap_config_t *conf =
376 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
379 conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
383 static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
385 mod_vhost_ldap_config_t *conf =
386 (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
389 if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
391 conf->have_deref = 1;
393 else if (strcmp(deref, "searching") == 0) {
394 conf->deref = searching;
395 conf->have_deref = 1;
397 else if (strcmp(deref, "finding") == 0) {
398 conf->deref = finding;
399 conf->have_deref = 1;
401 else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
402 conf->deref = always;
403 conf->have_deref = 1;
406 return "Unrecognized value for VhostLDAPAliasDereference directive";
411 static const char *mod_vhost_ldap_set_fallback(cmd_parms *cmd, void *dummy, const char *fallback)
413 mod_vhost_ldap_config_t *conf =
414 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
417 conf->fallback = apr_pstrdup(cmd->pool, fallback);
421 command_rec mod_vhost_ldap_cmds[] = {
422 AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
423 "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
424 "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
426 "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
427 "to specify redundant servers.\n"
428 "<li>Port is optional, and specifies the port to connect to.\n"
429 "<li>basedn specifies the base DN to start searches from\n"
432 AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
433 "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
435 AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
436 "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
438 AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
439 "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
441 AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
442 "Determines how aliases are handled during a search. Can be one of the"
443 "values \"never\", \"searching\", \"finding\", or \"always\". "
444 "Defaults to always."),
446 AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
447 "Set default virtual host which will be used when requested hostname"
448 "is not found in LDAP database. This option can be used to display"
449 "\"virtual host not found\" type of page."),
454 #define FILTER_LENGTH MAX_STRING_LEN
455 static int mod_vhost_ldap_translate_name(request_rec *r)
457 request_rec *top = (r->main)?r->main:r;
458 mod_vhost_ldap_request_t *reqc;
461 const char **vals = NULL;
462 char filtbuf[FILTER_LENGTH];
463 mod_vhost_ldap_config_t *conf =
464 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
465 util_ldap_connection_t *ldc = NULL;
467 const char *dn = NULL;
469 const char *hostname = NULL;
474 (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
475 memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
477 ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
479 // mod_vhost_ldap is disabled or we don't have LDAP Url
480 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
487 ldc = util_ldap_connection_find(r, conf->host, conf->port,
488 conf->binddn, conf->bindpw, conf->deref,
492 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
493 "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
494 return HTTP_INTERNAL_SERVER_ERROR;
497 hostname = r->hostname;
501 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
502 "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]", hostname, r->uri);
504 apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, hostname, hostname);
506 result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
507 attributes, filtbuf, &dn, &vals);
509 util_ldap_connection_close(ldc);
511 /* sanity check - if server is down, retry it up to 5 times */
512 if (AP_LDAP_IS_SERVER_DOWN(result) ||
513 (result == LDAP_TIMEOUT) ||
514 (result == LDAP_CONNECT_ERROR)) {
515 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
516 "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds", failures, sleep);
517 if (failures++ < 5) {
518 /* Back-off exponentially */
519 apr_sleep(apr_time_from_sec(sleep));
520 sleep = sleep+failures;
523 return HTTP_GATEWAY_TIME_OUT;
527 if (result == LDAP_NO_SUCH_OBJECT) {
528 if (conf->fallback && (is_fallback++ <= 0)) {
529 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
530 "[mod_vhost_ldap.c] translate: "
531 "virtual host %s not found, trying fallback %s",
532 hostname, conf->fallback);
533 hostname = conf->fallback;
537 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
538 "[mod_vhost_ldap.c] translate: "
539 "virtual host %s not found",
542 return HTTP_BAD_REQUEST;
545 /* handle bind failure */
546 if (result != LDAP_SUCCESS) {
547 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
548 "[mod_vhost_ldap.c] translate: "
549 "translate failed; virtual host %s; URI %s [%s]",
550 hostname, r->uri, ldap_err2string(result));
551 return HTTP_INTERNAL_SERVER_ERROR;
554 /* mark the user and DN */
555 reqc->dn = apr_pstrdup(r->pool, dn);
560 while (attributes[i]) {
562 if (strcasecmp (attributes[i], "apacheServerName") == 0) {
563 reqc->name = apr_pstrdup (r->pool, vals[i]);
565 else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
566 reqc->admin = apr_pstrdup (r->pool, vals[i]);
568 else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
569 reqc->docroot = apr_pstrdup (r->pool, vals[i]);
571 else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
572 reqc->cgiroot = apr_pstrdup (r->pool, vals[i]);
574 else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
575 reqc->uid = apr_pstrdup(r->pool, vals[i]);
577 else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
578 reqc->gid = apr_pstrdup(r->pool, vals[i]);
584 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
585 "[mod_vhost_ldap.c]: loaded from ldap: "
586 "apacheServerName: %s, "
587 "apacheServerAdmin: %s, "
588 "apacheDocumentRoot: %s, "
589 "apacheScriptAlias: %s, "
590 "apacheSuexecUid: %s, "
591 "apacheSuexecGid: %s",
592 reqc->name, reqc->admin, reqc->docroot, reqc->cgiroot, reqc->uid, reqc->gid);
594 if ((reqc->name == NULL)||(reqc->docroot == NULL)) {
595 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
596 "[mod_vhost_ldap.c] translate: "
597 "translate failed; ServerName or DocumentRoot not defined");
598 return HTTP_INTERNAL_SERVER_ERROR;
604 cgi = strstr(r->uri, "cgi-bin/");
605 if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
610 /* Set exact filename for CGI script */
611 cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
612 if ((cgi = ap_server_root_relative(r->pool, cgi))) {
613 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
614 "[mod_vhost_ldap.c]: ap_document_root is: %s", ap_document_root(r));
616 r->handler = "cgi-script";
617 apr_table_setn(r->notes, "alias-forced-type", r->handler);
619 } else if (r->uri[0] == '/') {
620 /* we don't set r->filename here, and let other modules do it
621 * this allows other modules (mod_rewrite.c) to work as usual
623 /* r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL); */
625 /* We don't handle non-file requests here */
629 top->server->server_hostname = apr_pstrdup (top->pool, reqc->name);
632 top->server->server_admin = apr_pstrdup (top->pool, reqc->admin);
635 reqc->saved_docroot = apr_pstrdup(top->pool, ap_document_root(r));
637 result = set_document_root(r, reqc->docroot);
639 return HTTP_INTERNAL_SERVER_ERROR;
642 // set environment variables
643 e = top->subprocess_env;
644 apr_table_addn(e, "DOCUMENT_ROOT", reqc->docroot);
646 /* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */
650 static int mod_vhost_ldap_cleanup(request_rec * r)
652 mod_vhost_ldap_request_t *reqc =
653 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
656 /* Set ap_document_root back to saved value */
657 return set_document_root(r, reqc->saved_docroot);
660 #ifdef HAVE_UNIX_SUEXEC
661 static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
663 ap_unix_identity_t *ugid = NULL;
664 mod_vhost_ldap_config_t *conf =
665 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
667 mod_vhost_ldap_request_t *req =
668 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
674 // mod_vhost_ldap is disabled or we don't have LDAP Url
675 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
679 if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
683 if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
687 uid = (uid_t)atoll(req->uid);
688 gid = (gid_t)atoll(req->gid);
690 if ((uid < MIN_UID)||(gid < MIN_GID)) {
703 mod_vhost_ldap_register_hooks (apr_pool_t * p)
707 * Run before mod_rewrite
709 static const char * const aszRewrite[]={ "mod_rewrite.c", NULL };
711 ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
712 ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
713 ap_hook_fixups(mod_vhost_ldap_cleanup, aszRewrite, NULL, APR_HOOK_MIDDLE);
714 #ifdef HAVE_UNIX_SUEXEC
715 ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
717 #if (APR_MAJOR_VERSION >= 1)
718 ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
722 module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
723 STANDARD20_MODULE_STUFF,
726 mod_vhost_ldap_create_server_config,
727 mod_vhost_ldap_merge_server_config,
729 mod_vhost_ldap_register_hooks,