#include "http_core.h"
#include "http_log.h"
#include "http_request.h"
+#include "apr_version.h"
#include "apr_ldap.h"
#include "apr_strings.h"
#include "apr_reslist.h"
char *cgiroot; /* ScriptAlias */
char *uid; /* Suexec Uid */
char *gid; /* Suexec Gid */
+ char *saved_docroot; /* Saved DocumentRoot */
} mod_vhost_ldap_request_t;
char *attributes[] =
{ "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
-#ifdef APR_HAS_LDAP
+#if (APR_MAJOR_VERSION >= 1)
static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
}
#endif
+/* Taken from server/core.c */
+static int set_document_root(request_rec *r, const char *arg)
+{
+ void *sconf = r->server->module_config;
+ core_server_config *conf = ap_get_module_config(sconf, &core_module);
+
+ /* Make it absolute, relative to ServerRoot */
+ arg = ap_server_root_relative(r->pool, arg);
+
+ if (arg == NULL) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ "[mod_vhost_ldap.c] set_document_root: DocumentRoot [%s] must be a directory",
+ arg);
+
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ /* TODO: ap_configtestonly && ap_docrootcheck && */
+ if (apr_filepath_merge((char**)&conf->ap_document_root, NULL, arg,
+ APR_FILEPATH_TRUENAME, r->pool) != APR_SUCCESS
+ || !ap_is_directory(r->pool, arg)) {
+
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0,
+ r,
+ "[mod_vhost_ldap.c] set_document_root: Warning: DocumentRoot [%s] does not exist",
+ arg);
+ conf->ap_document_root = arg;
+ }
+ return OK;
+}
+
+
static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
{
/* make sure that mod_ldap (util_ldap) is loaded */
{
int result;
apr_ldap_url_desc_t *urld;
+#if (APR_MAJOR_VERSION >= 1)
apr_ldap_err_t *result_err;
+#endif
mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
url);
-
-#ifdef APR_HAS_LDAP /* for apache >= 2.2 */
+
+#if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
if (result != LDAP_SUCCESS) {
return result_err->reason;
}
conf->have_ldap_url = 1;
-#ifdef APU_HAS_LDAP /* free only required for older apr */
+#if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
apr_ldap_free_urldesc(urld);
#endif
return NULL;
char filtbuf[FILTER_LENGTH];
mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
- core_server_config * core =
- (core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
util_ldap_connection_t *ldc = NULL;
int result = 0;
const char *dn = NULL;
char *cgi;
const char *hostname = NULL;
int is_fallback = 0;
+ int sleep = 0;
reqc =
(mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
+ memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
else {
ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
"[mod_vhost_ldap.c] translate: no conf->host - weird...?");
- return DECLINED;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
hostname = r->hostname;
fallback:
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[mod_vhost_ldap.c]: translating %s", r->uri);
+ "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]", hostname, r->uri);
apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, hostname, hostname);
util_ldap_connection_close(ldc);
/* sanity check - if server is down, retry it up to 5 times */
- if (result == LDAP_SERVER_DOWN) {
+ if (AP_LDAP_IS_SERVER_DOWN(result) ||
+ (result == LDAP_TIMEOUT) ||
+ (result == LDAP_CONNECT_ERROR)) {
if (failures++ <= 5) {
+ /* Back-off exponentially */
+ apr_sleep(apr_time_from_sec(sleep));
+ sleep = sleep+failures;
goto start_over;
- }
+ } else {
+ return HTTP_GATEWAY_TIME_OUT;
+ }
}
- if ((result == LDAP_NO_SUCH_OBJECT)) {
+ if (result == LDAP_NO_SUCH_OBJECT) {
if (conf->fallback && (is_fallback++ <= 0)) {
ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
"[mod_vhost_ldap.c] translate: "
"virtual host %s not found",
hostname);
- return DECLINED;
+ return HTTP_BAD_REQUEST;
}
/* handle bind failure */
"[mod_vhost_ldap.c] translate: "
"translate failed; virtual host %s; URI %s [%s]",
hostname, r->uri, ldap_err2string(result));
- return DECLINED;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
/* mark the user and DN */
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
"[mod_vhost_ldap.c] translate: "
"translate failed; ServerName or DocumentRoot not defined");
- return DECLINED;
+ return HTTP_INTERNAL_SERVER_ERROR;
}
cgi = NULL;
}
}
if (cgi) {
- r->filename = apr_pstrcat (r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
- r->handler = "cgi-script";
- apr_table_setn(r->notes, "alias-forced-type", r->handler);
+ /* Set exact filename for CGI script */
+ cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
+ if ((cgi = ap_server_root_relative(r->pool, cgi))) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
+ "[mod_vhost_ldap.c]: ap_document_root is: %s", ap_document_root(r));
+ r->filename = cgi;
+ r->handler = "cgi-script";
+ apr_table_setn(r->notes, "alias-forced-type", r->handler);
+ }
} else if (r->uri[0] == '/') {
- r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL);
+ /* we don't set r->filename here, and let other modules do it
+ * this allows other modules (mod_rewrite.c) to work as usual
+ */
+ /* r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL); */
} else {
+ /* We don't handle non-file requests here */
return DECLINED;
}
top->server->server_admin = apr_pstrdup (top->pool, reqc->admin);
}
+ reqc->saved_docroot = apr_pstrdup(top->pool, ap_document_root(r));
+
+ result = set_document_root(r, reqc->docroot);
+ if (result != OK) {
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
// set environment variables
e = top->subprocess_env;
- apr_table_addn (e, "SERVER_ROOT", reqc->docroot);
+ apr_table_addn(e, "DOCUMENT_ROOT", reqc->docroot);
- core->ap_document_root = apr_pstrdup(top->pool, reqc->docroot);
+ /* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */
+ return DECLINED;
+}
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[mod_vhost_ldap.c]: translated to %s", r->filename);
+static int mod_vhost_ldap_cleanup(request_rec * r)
+{
+ mod_vhost_ldap_request_t *reqc =
+ (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
+ &vhost_ldap_module);
- return OK;
+ /* Set ap_document_root back to saved value */
+ return set_document_root(r, reqc->saved_docroot);
}
#ifdef HAVE_UNIX_SUEXEC
static void
mod_vhost_ldap_register_hooks (apr_pool_t * p)
{
+
+ /*
+ * Run before mod_rewrite
+ */
+ static const char * const aszRewrite[]={ "mod_rewrite.c", NULL };
+
ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
+ ap_hook_fixups(mod_vhost_ldap_cleanup, aszRewrite, NULL, APR_HOOK_MIDDLE);
#ifdef HAVE_UNIX_SUEXEC
ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
#endif
-#ifdef APR_HAS_LDAP
+#if (APR_MAJOR_VERSION >= 1)
ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
#endif
}