1 /* ============================================================
2 * Copyright (c) 2003-2004, Ondrej Sury
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * mod_vhost_ldap.c --- read virtual host config from LDAP directory
28 #include "http_config.h"
29 #include "http_core.h"
31 #include "http_request.h"
32 #include "apr_version.h"
34 #include "apr_strings.h"
35 #include "apr_reslist.h"
36 #include "util_ldap.h"
38 #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
39 #error mod_vhost_ldap requires APR-util to have LDAP support built in
42 #if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
43 #define HAVE_UNIX_SUEXEC
46 #ifdef HAVE_UNIX_SUEXEC
47 #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
53 #define MAX_FAILURES 5
55 module AP_MODULE_DECLARE_DATA vhost_ldap_module;
58 MVL_UNSET, MVL_DISABLED, MVL_ENABLED
59 } mod_vhost_ldap_status_e;
61 typedef struct mod_vhost_ldap_config_t {
62 mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
64 /* These parameters are all derived from the VhostLDAPURL directive */
65 char *url; /* String representation of LDAP URL */
67 char *host; /* Name of the LDAP server (or space separated list) */
68 int port; /* Port of the LDAP server */
69 char *basedn; /* Base DN to do all searches from */
70 int scope; /* Scope of the search */
71 char *filter; /* Filter to further limit the search */
72 deref_options deref; /* how to handle alias dereferening */
74 char *binddn; /* DN to bind to server (can be NULL) */
75 char *bindpw; /* Password to bind to server (can be NULL) */
77 int have_deref; /* Set if we have found an Deref option */
78 int have_ldap_url; /* Set if we have found an LDAP url */
80 int secure; /* True if SSL connections are requested */
82 char *fallback; /* Fallback virtual host */
84 } mod_vhost_ldap_config_t;
86 typedef struct mod_vhost_ldap_request_t {
87 char *dn; /* The saved dn from a successful search */
88 char *name; /* ServerName */
89 char *admin; /* ServerAdmin */
90 char *docroot; /* DocumentRoot */
91 char *cgiroot; /* ScriptAlias */
92 char *uid; /* Suexec Uid */
93 char *gid; /* Suexec Gid */
94 char *saved_docroot; /* Saved DocumentRoot */
95 } mod_vhost_ldap_request_t;
98 { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
100 #if (APR_MAJOR_VERSION >= 1)
101 static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
102 static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
103 static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
104 static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
105 static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
106 static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
107 static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
109 static void ImportULDAPOptFn(void)
111 util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
112 util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
113 util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
114 util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
115 util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
116 util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
117 util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
121 /* Taken from server/core.c */
122 static int set_document_root(request_rec *r, const char *arg)
124 void *sconf = r->server->module_config;
125 core_server_config *conf = ap_get_module_config(sconf, &core_module);
127 /* Make it absolute, relative to ServerRoot */
128 arg = ap_server_root_relative(r->pool, arg);
131 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
132 "[mod_vhost_ldap.c] set_document_root: DocumentRoot [%s] must be a directory",
135 return HTTP_INTERNAL_SERVER_ERROR;
138 /* TODO: ap_configtestonly && ap_docrootcheck && */
139 if (apr_filepath_merge((char**)&conf->ap_document_root, NULL, arg,
140 APR_FILEPATH_TRUENAME, r->pool) != APR_SUCCESS
141 || !ap_is_directory(r->pool, arg)) {
143 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
145 "[mod_vhost_ldap.c] set_document_root: Warning: DocumentRoot [%s] does not exist",
147 conf->ap_document_root = arg;
153 static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
155 /* make sure that mod_ldap (util_ldap) is loaded */
156 if (ap_find_linked_module("util_ldap.c") == NULL) {
157 ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
158 "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
159 "must be loaded in order for mod_vhost_ldap to function properly");
160 return HTTP_INTERNAL_SERVER_ERROR;
164 ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
170 mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
172 mod_vhost_ldap_config_t *conf =
173 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
175 conf->enabled = MVL_UNSET;
176 conf->have_ldap_url = 0;
177 conf->have_deref = 0;
180 conf->deref = always;
181 conf->fallback = NULL;
187 mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
189 mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
190 mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
191 mod_vhost_ldap_config_t *conf =
192 (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
194 if (child->enabled == MVL_UNSET) {
195 conf->enabled = parent->enabled;
197 conf->enabled = child->enabled;
200 if (child->have_ldap_url) {
201 conf->have_ldap_url = child->have_ldap_url;
202 conf->url = child->url;
203 conf->host = child->host;
204 conf->port = child->port;
205 conf->basedn = child->basedn;
206 conf->scope = child->scope;
207 conf->filter = child->filter;
208 conf->secure = child->secure;
210 conf->have_ldap_url = parent->have_ldap_url;
211 conf->url = parent->url;
212 conf->host = parent->host;
213 conf->port = parent->port;
214 conf->basedn = parent->basedn;
215 conf->scope = parent->scope;
216 conf->filter = parent->filter;
217 conf->secure = parent->secure;
219 if (child->have_deref) {
220 conf->have_deref = child->have_deref;
221 conf->deref = child->deref;
223 conf->have_deref = parent->have_deref;
224 conf->deref = parent->deref;
227 conf->binddn = (child->binddn ? child->binddn : parent->binddn);
228 conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
230 conf->fallback = (child->fallback ? child->fallback : parent->fallback);
236 * Use the ldap url parsing routines to break up the ldap url into
239 static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd,
244 apr_ldap_url_desc_t *urld;
245 #if (APR_MAJOR_VERSION >= 1)
246 apr_ldap_err_t *result_err;
249 mod_vhost_ldap_config_t *conf =
250 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
253 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
254 cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
257 #if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
258 result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
259 if (result != LDAP_SUCCESS) {
260 return result_err->reason;
263 result = apr_ldap_url_parse(url, &(urld));
264 if (result != LDAP_SUCCESS) {
266 case LDAP_URL_ERR_NOTLDAP:
267 return "LDAP URL does not begin with ldap://";
268 case LDAP_URL_ERR_NODN:
269 return "LDAP URL does not have a DN";
270 case LDAP_URL_ERR_BADSCOPE:
271 return "LDAP URL has an invalid scope";
272 case LDAP_URL_ERR_MEM:
273 return "Out of memory parsing LDAP URL";
275 return "Could not parse LDAP URL";
279 conf->url = apr_pstrdup(cmd->pool, url);
281 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
282 cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
283 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
284 cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
285 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
286 cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
287 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
288 cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
289 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
290 cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
291 (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
292 urld->lud_scope == LDAP_SCOPE_BASE? "base" :
293 urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
294 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
295 cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
297 /* Set all the values, or at least some sane defaults */
299 char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
300 strcpy(p, urld->lud_host);
302 strcat(p, conf->host);
306 conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
308 conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
310 conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
311 LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
313 if (urld->lud_filter) {
314 if (urld->lud_filter[0] == '(') {
316 * Get rid of the surrounding parens; later on when generating the
317 * filter, they'll be put back.
319 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
320 conf->filter[strlen(conf->filter)-1] = '\0';
323 conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
327 conf->filter = "objectClass=apacheConfig";
330 /* "ldaps" indicates secure ldap connections desired
332 if (strncasecmp(url, "ldaps", 5) == 0)
335 conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
336 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
337 "LDAP: vhost_ldap using SSL connections");
342 conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
343 ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
344 "LDAP: vhost_ldap not using SSL connections");
347 conf->have_ldap_url = 1;
348 #if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
349 apr_ldap_free_urldesc(urld);
354 static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
356 mod_vhost_ldap_config_t *conf =
357 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
360 conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
365 static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
367 mod_vhost_ldap_config_t *conf =
368 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
371 conf->binddn = apr_pstrdup(cmd->pool, binddn);
375 static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
377 mod_vhost_ldap_config_t *conf =
378 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
381 conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
385 static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
387 mod_vhost_ldap_config_t *conf =
388 (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
391 if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
393 conf->have_deref = 1;
395 else if (strcmp(deref, "searching") == 0) {
396 conf->deref = searching;
397 conf->have_deref = 1;
399 else if (strcmp(deref, "finding") == 0) {
400 conf->deref = finding;
401 conf->have_deref = 1;
403 else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
404 conf->deref = always;
405 conf->have_deref = 1;
408 return "Unrecognized value for VhostLDAPAliasDereference directive";
413 static const char *mod_vhost_ldap_set_fallback(cmd_parms *cmd, void *dummy, const char *fallback)
415 mod_vhost_ldap_config_t *conf =
416 (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
419 conf->fallback = apr_pstrdup(cmd->pool, fallback);
423 command_rec mod_vhost_ldap_cmds[] = {
424 AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
425 "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
426 "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
428 "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
429 "to specify redundant servers.\n"
430 "<li>Port is optional, and specifies the port to connect to.\n"
431 "<li>basedn specifies the base DN to start searches from\n"
434 AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
435 "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
437 AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
438 "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
440 AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
441 "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
443 AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
444 "Determines how aliases are handled during a search. Can be one of the"
445 "values \"never\", \"searching\", \"finding\", or \"always\". "
446 "Defaults to always."),
448 AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
449 "Set default virtual host which will be used when requested hostname"
450 "is not found in LDAP database. This option can be used to display"
451 "\"virtual host not found\" type of page."),
456 #define FILTER_LENGTH MAX_STRING_LEN
457 static int mod_vhost_ldap_translate_name(request_rec *r)
459 request_rec *top = (r->main)?r->main:r;
460 mod_vhost_ldap_request_t *reqc;
463 const char **vals = NULL;
464 char filtbuf[FILTER_LENGTH];
465 mod_vhost_ldap_config_t *conf =
466 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
467 util_ldap_connection_t *ldc = NULL;
469 const char *dn = NULL;
471 const char *hostname = NULL;
478 (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
479 memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
481 ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
483 // mod_vhost_ldap is disabled or we don't have LDAP Url
484 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
491 ldc = util_ldap_connection_find(r, conf->host, conf->port,
492 conf->binddn, conf->bindpw, conf->deref,
496 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
497 "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
498 return HTTP_INTERNAL_SERVER_ERROR;
501 hostname = r->hostname;
505 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
506 "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]", hostname, r->uri);
508 apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, hostname, hostname);
510 result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
511 attributes, filtbuf, &dn, &vals);
513 util_ldap_connection_close(ldc);
515 /* sanity check - if server is down, retry it up to 5 times */
516 if (AP_LDAP_IS_SERVER_DOWN(result) ||
517 (result == LDAP_TIMEOUT) ||
518 (result == LDAP_CONNECT_ERROR)) {
519 sleep = sleep0 + sleep1;
520 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
521 "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds", failures, sleep);
522 if (failures++ < MAX_FAILURES) {
523 /* Back-off exponentially */
524 apr_sleep(apr_time_from_sec(sleep));
529 return HTTP_GATEWAY_TIME_OUT;
533 if (result == LDAP_NO_SUCH_OBJECT) {
534 if (conf->fallback && (is_fallback++ <= 0)) {
535 ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
536 "[mod_vhost_ldap.c] translate: "
537 "virtual host %s not found, trying fallback %s",
538 hostname, conf->fallback);
539 hostname = conf->fallback;
543 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
544 "[mod_vhost_ldap.c] translate: "
545 "virtual host %s not found",
548 return HTTP_BAD_REQUEST;
551 /* handle bind failure */
552 if (result != LDAP_SUCCESS) {
553 ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
554 "[mod_vhost_ldap.c] translate: "
555 "translate failed; virtual host %s; URI %s [%s]",
556 hostname, r->uri, ldap_err2string(result));
557 return HTTP_INTERNAL_SERVER_ERROR;
560 /* mark the user and DN */
561 reqc->dn = apr_pstrdup(r->pool, dn);
566 while (attributes[i]) {
568 if (strcasecmp (attributes[i], "apacheServerName") == 0) {
569 reqc->name = apr_pstrdup (r->pool, vals[i]);
571 else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
572 reqc->admin = apr_pstrdup (r->pool, vals[i]);
574 else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
575 reqc->docroot = apr_pstrdup (r->pool, vals[i]);
577 else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
578 reqc->cgiroot = apr_pstrdup (r->pool, vals[i]);
580 else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
581 reqc->uid = apr_pstrdup(r->pool, vals[i]);
583 else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
584 reqc->gid = apr_pstrdup(r->pool, vals[i]);
590 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
591 "[mod_vhost_ldap.c]: loaded from ldap: "
592 "apacheServerName: %s, "
593 "apacheServerAdmin: %s, "
594 "apacheDocumentRoot: %s, "
595 "apacheScriptAlias: %s, "
596 "apacheSuexecUid: %s, "
597 "apacheSuexecGid: %s",
598 reqc->name, reqc->admin, reqc->docroot, reqc->cgiroot, reqc->uid, reqc->gid);
600 if ((reqc->name == NULL)||(reqc->docroot == NULL)) {
601 ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
602 "[mod_vhost_ldap.c] translate: "
603 "translate failed; ServerName or DocumentRoot not defined");
604 return HTTP_INTERNAL_SERVER_ERROR;
610 cgi = strstr(r->uri, "cgi-bin/");
611 if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
616 /* Set exact filename for CGI script */
617 cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
618 if ((cgi = ap_server_root_relative(r->pool, cgi))) {
619 ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
620 "[mod_vhost_ldap.c]: ap_document_root is: %s", ap_document_root(r));
622 r->handler = "cgi-script";
623 apr_table_setn(r->notes, "alias-forced-type", r->handler);
625 } else if (r->uri[0] == '/') {
626 /* we don't set r->filename here, and let other modules do it
627 * this allows other modules (mod_rewrite.c) to work as usual
629 /* r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL); */
631 /* We don't handle non-file requests here */
635 top->server->server_hostname = apr_pstrdup (top->pool, reqc->name);
638 top->server->server_admin = apr_pstrdup (top->pool, reqc->admin);
641 reqc->saved_docroot = apr_pstrdup(top->pool, ap_document_root(r));
643 result = set_document_root(r, reqc->docroot);
645 return HTTP_INTERNAL_SERVER_ERROR;
648 // set environment variables
649 e = top->subprocess_env;
650 apr_table_addn(e, "DOCUMENT_ROOT", reqc->docroot);
652 /* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */
656 static int mod_vhost_ldap_cleanup(request_rec * r)
658 mod_vhost_ldap_request_t *reqc =
659 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
662 /* Set ap_document_root back to saved value */
663 return set_document_root(r, reqc->saved_docroot);
666 #ifdef HAVE_UNIX_SUEXEC
667 static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
669 ap_unix_identity_t *ugid = NULL;
670 mod_vhost_ldap_config_t *conf =
671 (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
673 mod_vhost_ldap_request_t *req =
674 (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
680 // mod_vhost_ldap is disabled or we don't have LDAP Url
681 if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
685 if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
689 if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
693 uid = (uid_t)atoll(req->uid);
694 gid = (gid_t)atoll(req->gid);
696 if ((uid < MIN_UID)||(gid < MIN_GID)) {
709 mod_vhost_ldap_register_hooks (apr_pool_t * p)
713 * Run before mod_rewrite
715 static const char * const aszRewrite[]={ "mod_rewrite.c", NULL };
717 ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
718 ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
719 ap_hook_fixups(mod_vhost_ldap_cleanup, aszRewrite, NULL, APR_HOOK_MIDDLE);
720 #ifdef HAVE_UNIX_SUEXEC
721 ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
723 #if (APR_MAJOR_VERSION >= 1)
724 ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
728 module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
729 STANDARD20_MODULE_STUFF,
732 mod_vhost_ldap_create_server_config,
733 mod_vhost_ldap_merge_server_config,
735 mod_vhost_ldap_register_hooks,