1 /* ============================================================
2 * Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
8 * Unless required by applicable law or agreed to in writing, software
9 * distributed under the License is distributed on an "AS IS" BASIS,
10 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 * See the License for the specific language governing permissions and
12 * limitations under the License.
13 * NOTE: only static members must be "used" to build,
14 * so for time-to-time used routines we don't declare static
15 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
16 * version 2.0 - included ldap-based basic auth & authz
17 * remember to add "-lcrypt" in Makefile if there's a need to generate new password
18 * for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c
23 #include "http_config.h"
24 #include "http_core.h"
26 #include "http_request.h"
28 #include "apr_strings.h"
29 #include "apr_tables.h"
30 #include "apr_reslist.h"
31 #include "util_ldap.h"
37 /* these are for checking unix crypt passwords */
41 #include <sys/types.h>
43 /*this functions are not needed, as apr_password_validate includes it on its own */
44 /*void to64(char *s, unsigned long v, int n)
46 static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
48 *s++ = itoa64[v&0x3f];
53 char *htenc(const char *clearpasswd) {
54 //this function creates password compatible with htpasswd
57 (void) srand((int) time((time_t *) NULL));
58 to64(&salt[0], rand(), 8);
60 res = crypt(clearpasswd, salt);
64 /******************************************************************/
65 //this function creates salt for unix password crypt md5
67 char *crypt_make_salt (void)
71 static char result[40];
74 strcpy (result, "$1$"); // magic for the new MD5 crypt()
76 gettimeofday (&tv, (struct timezone *) 0);
77 strcat (result, l64a (tv.tv_usec));
78 strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
80 if (strlen (result) > 3 + 8) result[11] = '\0';
86 #fatal "mod_vhost_ldap requires APR util to have LDAP support built in"
93 #define MD5_CRYPT_ENAB yes
94 #include "unixd.h" /* Contains the suexec_identity hook used on Unix and needed for crypt() */
96 #define strtrue(s) (s && *s) /* do not accept empty "" strings */
99 #define FILTER_LENGTH MAX_STRING_LEN
100 #define MSL MAX_STRING_LEN
102 /******************************************************************/
103 //need this global due to apache API construction
104 int mvhl_conf_enabled = 1;
105 int mvhl_conf_binddn = 2;
106 int mvhl_conf_bindpw = 3;
107 int mvhl_conf_deref = 4;
108 int mvhl_conf_wlcbasedn = 5;
109 int mvhl_conf_wucbasedn = 6;
110 int mvhl_conf_fallback = 7;
111 int mvhl_conf_aliasbasedn = 8;
112 int mvhl_alias_enabled = 9;
113 int mvhl_loc_auth_enabled = 10;
114 int mvhl_dir_auth_enabled = 11;
115 /******************************************************************/
116 #define MVHL_ENABLED &mvhl_conf_enabled
117 #define MVHL_BINDDN &mvhl_conf_binddn
118 #define MVHL_BINDPW &mvhl_conf_bindpw
119 #define MVHL_DEREF &mvhl_conf_deref
120 #define MVHL_WLCBASEDN &mvhl_conf_wlcbasedn
121 #define MVHL_WUCBASEDN &mvhl_conf_wucbasedn
122 #define MVHL_FALLBACK &mvhl_conf_fallback
123 #define MVHL_ALIASBASEDN &mvhl_conf_aliasbasedn
124 #define MVHL_ALIASENABLED &mvhl_alias_enabled
125 #define MVHL_LAUTHENABLED &mvhl_loc_auth_enabled
126 #define MVHL_DAUTHENABLED &mvhl_dir_auth_enabled
128 /******************************************************************/
129 typedef struct mvhl_config
131 int enabled; /* Is vhost_ldap enabled? */
132 char *url; /* String representation of LDAP URL */
133 char *host; /* Name of the LDAP server (or space separated list) */
134 char *fallback; /* Name of the fallback vhost to return not-found info */
135 int port; /* Port of the LDAP server */
136 char *basedn; /* Base DN to do all searches from */
137 int scope; /* Scope of the search */
138 char *filter; /* Filter to further limit the search */
139 deref_options deref; /* how to handle alias dereferening */
140 char *binddn; /* DN to bind to server (can be NULL) */
141 char *bindpw; /* Password to bind to server (can be NULL) xx */
142 int have_deref; /* Set if we have found an Deref option */
143 int have_ldap_url; /* Set if we have found an LDAP url */
144 char *wlcbasedn; /* Base DN to do all location config searches */
145 char *wucbasedn; /* Base DN to do all webuser config searches */
146 char *aliasesbasedn; /* Base DN to do all aliases config objects searches */
147 int secure; /* True if SSL connections are requested */
148 int alias_enabled; /* 0 - disabled, 1 - enabled */
149 int loc_auth_enabled; /* 0 - disabled, 1 - enabled */
150 int dir_auth_enabled; /* 0 - disabled, 1 - enabled */
152 /******************************************************************/
153 typedef struct mvhl_request
155 char *dn; /* The saved dn from a successful search */
156 char *name; /* apacheServerName */
157 char *admin; /* apacheServerAdmin */
158 char *docroot; /* apacheDocumentRoot */
159 char *uid; /* Suexec Uid */
160 char *gid; /* Suexec Gid */
161 int has_reqlines; /* we have require lines (1) or not (0) */
162 int has_aliaslines; /* we have aliases lines (1) or not (0) */
163 apr_array_header_t *serveralias; /* apacheServerAlias values */
164 apr_array_header_t *rqlocationlines; /* apacheExtConfigOptionsDn values */
165 apr_array_header_t *aliaseslines; /* apacheAliasesConfigOptionsDn values */
168 /******************************************************************/
169 typedef struct mvhl_extconfig_object
171 /* we use apr_array_header_t for multi-value attributed,
172 * parsed later (yuck!) from ";" separated string
174 char *extconfname; /* apacheExtConfigObjectName, single-value, syntax SUP cn */
175 apr_array_header_t *exturi; /* apacheExtConfigUri MULTI-value, uri for which this settings are here
176 * should be used in combine with extconfig server name
178 apr_array_header_t *extdir;
179 int extconftype; /* apacheExtConfigRequireValidUser, single-value bool,
180 * if TRUE then require valid-user, if FALSE userlist-type config
182 apr_array_header_t *extservername; /* apacheExtConfigServerName" MULTI-value, */
183 apr_array_header_t *extusers; /* "apacheExtConfigUserDn" MULTI-value, syntax SUP DN */
185 } mvhl_extconfig_object;
186 /******************************************************************/
187 typedef struct mvhl_aliasconf_object
189 char *aliasconfname; /* apacheAliasConfigObjectName, single value */
190 apr_array_header_t *aliassourceuri; /* apacheAliasConfigSourceUri */
191 char *aliastargetdir; /* apacheAliasConfigTargetDir */
192 apr_array_header_t *aliasconfservername; /* apacheAliasConfigServerName MULTI-value*/
193 } mvhl_aliasconf_object;
194 /******************************************************************/
195 typedef struct mvhl_webuser
197 char *webusername; /* apacheExtConfigUserName, single-value */
198 apr_array_header_t *webuserpassword; /* userPassword, multi-value */
199 apr_array_header_t *webuserserver; /* apacheExtConfigUserServerName, server of this user, multi-value */
200 apr_array_header_t *webuserlocationuri; /* apacheExtConfigUserServerName, server of this user, multi-value */
201 apr_array_header_t *webuserdirectory; /* apacheExtConfigUserDirectoryName, server of this user, multi-value */