1 /* ============================================================
2 * Copyright (c) 2003-2004, Ondrej Sury
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
28 #include "http_config.h"
29 #include "http_core.h"
31 #include "http_request.h"
32 #include "apr_version.h"
34 #include "apr_strings.h"
35 #include "apr_reslist.h"
36 #include "util_ldap.h"
38 #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
39 #error mod_vhost_ldap requires APR-util to have LDAP support built in
42 #if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
43 #define HAVE_UNIX_SUEXEC
46 #ifdef HAVE_UNIX_SUEXEC
47 #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
53 #define MAX_FAILURES 5
55 module AP_MODULE_DECLARE_DATA vhost_ldap_module;
58 MVL_UNSET, MVL_DISABLED, MVL_ENABLED
59 } mod_vhost_ldap_status_e;
61 typedef struct mod_vhost_ldap_config_t {
62 mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
64 /* These parameters are all derived from the VhostLDAPURL directive */
65 char *url; /* String representation of LDAP URL */
67 char *host; /* Name of the LDAP server (or space separated list) */
68 int port; /* Port of the LDAP server */
69 char *basedn; /* Base DN to do all searches from */
70 int scope; /* Scope of the search */
71 char *filter; /* Filter to further limit the search */
72 deref_options deref; /* how to handle alias dereferening */
74 char *binddn; /* DN to bind to server (can be NULL) */
75 char *bindpw; /* Password to bind to server (can be NULL) */
77 int have_deref; /* Set if we have found an Deref option */
78 int have_ldap_url; /* Set if we have found an LDAP url */
80 int secure; /* True if SSL connections are requested */
82 char *fallback; /* Fallback virtual host */
84 } mod_vhost_ldap_config_t;
86 typedef struct mod_vhost_ldap_request_t {
87 char *dn; /* The saved dn from a successful search */
88 char *name; /* ServerName */
89 char *admin; /* ServerAdmin */
90 char *docroot; /* DocumentRoot */
91 char *cgiroot; /* ScriptAlias */
92 char *uid; /* Suexec Uid */
93 char *gid; /* Suexec Gid */
94 } mod_vhost_ldap_request_t;
97 { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
99 #if (APR_MAJOR_VERSION >= 1)
100 static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
101 static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
102 static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
103 static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
104 static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
105 static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
106 static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
108 static void ImportULDAPOptFn(void)
110 util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
111 util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
112 util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
113 util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
114 util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
115 util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
116 util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
120 /* Taken from server/core.c */
121 static int set_document_root(request_rec *r, const char *arg)
123 void *sconf = r->server->module_config;
124 core_server_config *conf = ap_get_module_config(sconf, &core_module);
126 /* Make it absolute, relative to ServerRoot */
127 arg = ap_server_root_relative(r->pool, arg);
130 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
131 "[mod_vhost_ldap.c] set_document_root: DocumentRoot [%s] must be a directory",
134 return HTTP_INTERNAL_SERVER_ERROR;
137 /* TODO: ap_configtestonly && ap_docrootcheck && */
138 if (apr_filepath_merge((char**)&conf->ap_document_root, NULL, arg,
139 APR_FILEPATH_TRUENAME, r->pool) != APR_SUCCESS
140 || !ap_is_directory(r->pool, arg)) {
142 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
144 "[mod_vhost_ldap.c] set_document_root: Warning: DocumentRoot [%s] does not exist",
146 conf->ap_document_root = arg;
152 static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
154 /* make sure that mod_ldap (util_ldap) is loaded */
155 if (ap_find_linked_module("util_ldap.c") == NULL) {
156 ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
157 "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
158 "must be loaded in order for mod_vhost_ldap to function properly");
159 return HTTP_INTERNAL_SERVER_ERROR;
163 ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
169 mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
171 mod_vhost_ldap_config_t *conf =
172 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
174 conf->enabled = MVL_UNSET;
175 conf->have_ldap_url = 0;
176 conf->have_deref = 0;
179 conf->deref = always;
180 conf->fallback = NULL;
186 mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
188 mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
189 mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
190 mod_vhost_ldap_config_t *conf =
191 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
193 if (child->enabled == MVL_UNSET) {
194 conf->enabled = parent->enabled;
196 conf->enabled = child->enabled;
199 if (child->have_ldap_url) {
200 conf->have_ldap_url = child->have_ldap_url;
201 conf->url = child->url;
202 conf->host = child->host;
203 conf->port = child->port;
204 conf->basedn = child->basedn;
205 conf->scope = child->scope;
206 conf->filter = child->filter;
207 conf->secure = child->secure;
209 conf->have_ldap_url = parent->have_ldap_url;
210 conf->url = parent->url;
211 conf->host = parent->host;
212 conf->port = parent->port;
213 conf->basedn = parent->basedn;
214 conf->scope = parent->scope;
215 conf->filter = parent->filter;
216 conf->secure = parent->secure;
218 if (child->have_deref) {
219 conf->have_deref = child->have_deref;
220 conf->deref = child->deref;
222 conf->have_deref = parent->have_deref;
223 conf->deref = parent->deref;
226 conf->binddn = (child->binddn ? child->binddn : parent->binddn);
227 conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
229 conf->fallback = (child->fallback ? child->fallback : parent->fallback);
235 * Use the ldap url parsing routines to break up the ldap url into
238 static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd,
243 apr_ldap_url_desc_t *urld;
244 #if (APR_MAJOR_VERSION >= 1)
245 apr_ldap_err_t *result_err;
248 mod_vhost_ldap_config_t *conf =
249 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
252 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
253 cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
256 #if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
257 result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
258 if (result != LDAP_SUCCESS) {
259 return result_err->reason;
262 result = apr_ldap_url_parse(url, &(urld));
263 if (result != LDAP_SUCCESS) {
265 case LDAP_URL_ERR_NOTLDAP:
266 return "LDAP URL does not begin with ldap://";
267 case LDAP_URL_ERR_NODN:
268 return "LDAP URL does not have a DN";
269 case LDAP_URL_ERR_BADSCOPE:
270 return "LDAP URL has an invalid scope";
271 case LDAP_URL_ERR_MEM:
272 return "Out of memory parsing LDAP URL";
274 return "Could not parse LDAP URL";
278 conf->url = apr_pstrdup(cmd->pool, url);
280 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
281 cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
282 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
283 cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
284 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
285 cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
286 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
287 cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
288 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
289 cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
290 (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
291 urld->lud_scope == LDAP_SCOPE_BASE? "base" :
292 urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
293 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
294 cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
296 /* Set all the values, or at least some sane defaults */
298 char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
299 strcpy(p, urld->lud_host);
301 strcat(p, conf->host);
305 conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
307 conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
309 conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
310 LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
312 if (urld->lud_filter) {
313 if (urld->lud_filter[0] == '(') {
315 * Get rid of the surrounding parens; later on when generating the
316 * filter, they'll be put back.
318 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
319 conf->filter[strlen(conf->filter)-1] = '\0';
322 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
326 conf->filter = "objectClass=apacheConfig";
329 /* "ldaps" indicates secure ldap connections desired
331 if (strncasecmp(url, "ldaps", 5) == 0)
334 conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
335 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
336 "LDAP: vhost_ldap using SSL connections");
341 conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
342 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
343 "LDAP: vhost_ldap not using SSL connections");
346 conf->have_ldap_url = 1;
347 #if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
348 apr_ldap_free_urldesc(urld);
353 static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
355 mod_vhost_ldap_config_t *conf =
356 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
359 conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
364 static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
366 mod_vhost_ldap_config_t *conf =
367 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
370 conf->binddn = apr_pstrdup(cmd->pool, binddn);
374 static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
376 mod_vhost_ldap_config_t *conf =
377 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
380 conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
384 static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
386 mod_vhost_ldap_config_t *conf =
387 (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
390 if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
392 conf->have_deref = 1;
394 else if (strcmp(deref, "searching") == 0) {
395 conf->deref = searching;
396 conf->have_deref = 1;
398 else if (strcmp(deref, "finding") == 0) {
399 conf->deref = finding;
400 conf->have_deref = 1;
402 else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
403 conf->deref = always;
404 conf->have_deref = 1;
407 return "Unrecognized value for VhostLDAPAliasDereference directive";
412 static const char *mod_vhost_ldap_set_fallback(cmd_parms *cmd, void *dummy, const char *fallback)
414 mod_vhost_ldap_config_t *conf =
415 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
418 conf->fallback = apr_pstrdup(cmd->pool, fallback);
422 command_rec mod_vhost_ldap_cmds[] = {
423 AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
424 "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
425 "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
427 "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
428 "to specify redundant servers.\n"
429 "<li>Port is optional, and specifies the port to connect to.\n"
430 "<li>basedn specifies the base DN to start searches from\n"
433 AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
434 "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
436 AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
437 "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
439 AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
440 "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
442 AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
443 "Determines how aliases are handled during a search. Can be one of the"
444 "values \"never\", \"searching\", \"finding\", or \"always\". "
445 "Defaults to always."),
447 AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
448 "Set default virtual host which will be used when requested hostname"
449 "is not found in LDAP database. This option can be used to display"
450 "\"virtual host not found\" type of page."),
455 #define FILTER_LENGTH MAX_STRING_LEN
456 static int mod_vhost_ldap_translate_name(request_rec *r)
458 request_rec *top = (r->main)?r->main:r;
459 mod_vhost_ldap_request_t *reqc;
462 const char **vals = NULL;
463 char filtbuf[FILTER_LENGTH];
464 mod_vhost_ldap_config_t *conf =
465 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
466 util_ldap_connection_t *ldc = NULL;
468 const char *dn = NULL;
470 const char *hostname = NULL;
475 struct berval hostnamebv, shostnamebv;
478 (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
479 memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
481 ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
483 // mod_vhost_ldap is disabled or we don't have LDAP Url
484 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
491 ldc = util_ldap_connection_find(r, conf->host, conf->port,
492 conf->binddn, conf->bindpw, conf->deref,
496 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
497 "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
498 return HTTP_INTERNAL_SERVER_ERROR;
501 hostname = r->hostname;
502 if (hostname == NULL || hostname[0] == '\0')
507 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
508 "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]", hostname, r->uri);
510 ber_str2bv(hostname, 0, 0, &hostnamebv);
511 if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0)
513 apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val);
514 ber_memfree(shostnamebv.bv_val);
516 result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
517 attributes, filtbuf, &dn, &vals);
519 util_ldap_connection_close(ldc);
521 /* sanity check - if server is down, retry it up to 5 times */
522 if (AP_LDAP_IS_SERVER_DOWN(result) ||
523 (result == LDAP_TIMEOUT) ||
524 (result == LDAP_CONNECT_ERROR)) {
525 sleep = sleep0 + sleep1;
526 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
527 "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds", failures, sleep);
528 if (failures++ < MAX_FAILURES) {
529 /* Back-off exponentially */
530 apr_sleep(apr_time_from_sec(sleep));
535 return HTTP_GATEWAY_TIME_OUT;
539 if (result == LDAP_NO_SUCH_OBJECT) {
541 if (conf->fallback && (is_fallback++ <= 0)) {
542 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
543 "[mod_vhost_ldap.c] translate: "
544 "virtual host %s not found, trying fallback %s",
545 hostname, conf->fallback);
546 hostname = conf->fallback;
550 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
551 "[mod_vhost_ldap.c] translate: "
552 "virtual host %s not found",
555 return HTTP_BAD_REQUEST;
558 /* handle bind failure */
559 if (result != LDAP_SUCCESS) {
560 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
561 "[mod_vhost_ldap.c] translate: "
562 "translate failed; virtual host %s; URI %s [%s]",
563 hostname, r->uri, ldap_err2string(result));
564 return HTTP_INTERNAL_SERVER_ERROR;
567 /* mark the user and DN */
568 reqc->dn = apr_pstrdup(r->pool, dn);
573 while (attributes[i]) {
575 if (strcasecmp (attributes[i], "apacheServerName") == 0) {
576 reqc->name = apr_pstrdup (r->pool, vals[i]);
578 else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
579 reqc->admin = apr_pstrdup (r->pool, vals[i]);
581 else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
582 reqc->docroot = apr_pstrdup (r->pool, vals[i]);
584 else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
585 reqc->cgiroot = apr_pstrdup (r->pool, vals[i]);
587 else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
588 reqc->uid = apr_pstrdup(r->pool, vals[i]);
590 else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
591 reqc->gid = apr_pstrdup(r->pool, vals[i]);
597 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
598 "[mod_vhost_ldap.c]: loaded from ldap: "
599 "apacheServerName: %s, "
600 "apacheServerAdmin: %s, "
601 "apacheDocumentRoot: %s, "
602 "apacheScriptAlias: %s, "
603 "apacheSuexecUid: %s, "
604 "apacheSuexecGid: %s",
605 reqc->name, reqc->admin, reqc->docroot, reqc->cgiroot, reqc->uid, reqc->gid);
607 if ((reqc->name == NULL)||(reqc->docroot == NULL)) {
608 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
609 "[mod_vhost_ldap.c] translate: "
610 "translate failed; ServerName or DocumentRoot not defined");
611 return HTTP_INTERNAL_SERVER_ERROR;
617 cgi = strstr(r->uri, "cgi-bin/");
618 if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
623 /* Set exact filename for CGI script */
624 cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
625 if ((cgi = ap_server_root_relative(r->pool, cgi))) {
626 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
627 "[mod_vhost_ldap.c]: ap_document_root is: %s", ap_document_root(r));
629 r->handler = "cgi-script";
630 apr_table_setn(r->notes, "alias-forced-type", r->handler);
632 } else if (r->uri[0] == '/') {
633 /* we don't set r->filename here, and let other modules do it
634 * this allows other modules (mod_rewrite.c) to work as usual
636 /* r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL); */
638 /* We don't handle non-file requests here */
642 top->server->server_hostname = apr_pstrdup (top->pool, reqc->name);
645 top->server->server_admin = apr_pstrdup (top->pool, reqc->admin);
648 result = set_document_root(r, reqc->docroot);
650 return HTTP_INTERNAL_SERVER_ERROR;
653 // set environment variables
654 e = top->subprocess_env;
655 apr_table_addn(e, "DOCUMENT_ROOT", reqc->docroot);
657 /* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */
661 #ifdef HAVE_UNIX_SUEXEC
662 static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
664 ap_unix_identity_t *ugid = NULL;
665 mod_vhost_ldap_config_t *conf =
666 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
668 mod_vhost_ldap_request_t *req =
669 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
675 // mod_vhost_ldap is disabled or we don't have LDAP Url
676 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
680 if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
684 if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
688 uid = (uid_t)atoll(req->uid);
689 gid = (gid_t)atoll(req->gid);
691 if ((uid < MIN_UID)||(gid < MIN_GID)) {
704 mod_vhost_ldap_register_hooks (apr_pool_t * p)
708 * Run before mod_rewrite
710 static const char * const aszRewrite[]={ "mod_rewrite.c", NULL };
712 ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
713 ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
714 #ifdef HAVE_UNIX_SUEXEC
715 ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
717 #if (APR_MAJOR_VERSION >= 1)
718 ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
722 module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
723 STANDARD20_MODULE_STUFF,
726 mod_vhost_ldap_create_server_config,
727 mod_vhost_ldap_merge_server_config,
729 mod_vhost_ldap_register_hooks,