+ if( (reqc->name == NULL) || (reqc->docroot == NULL) || ! (r->uri[0] == '/') ) return 0;
+ r->filename = apr_pstrcat(r->pool, reqc->docroot, r->uri, NULL);
+ return 1;
+
+}
+/******************************************************************/
+static void apply_aliasing(mvhl_request *reqc, request_rec * r, mvhl_config *conf, util_ldap_connection_t *ldc, const char *dn) {
+
+ if(reqc->has_aliaslines == 1 && reqc->aliaseslines ) {
+ const char **aliasesconfvals = NULL;
+ char aliasesfilter[FILTER_LENGTH];
+ char *aliases_attributes[] = { "apacheAliasConfigSourceUri", "apacheAliasConfigServerName", "apacheAliasConfigTargetDir", "apacheAliasConfigObjectName",0 };
+ mvhl_aliasconf_object *aliasreqc = (mvhl_aliasconf_object *) apr_pcalloc(r->pool, sizeof(mvhl_aliasconf_object));
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"This vhost has alias configuration, need to check if for current uri");
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "Original r->filename: %s", r->filename);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "Original r->uri: %s", r->uri);
+ int i = 0;
+ int result = 0;
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "Entering Alias Objects search");
+ while(i <= strlen(apr_pstrdup(r->pool, r->uri)) && !aliasesconfvals ) {
+ i++;
+ char *aliasbuff = apr_pstrndup(r->pool, r->uri, i);
+ apr_snprintf(aliasesfilter, FILTER_LENGTH,"(&(%s)(apacheAliasConfigServerName=%s)(apacheAliasConfigSourceUri=%s))", conf->filter, reqc->name, aliasbuff);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"Alias Object search filter: %s", aliasesfilter);
+ /* we reuse ldap connection opened previously with alias entries,
+ * access control entries and webusers entries searches changing used filter as needed (!!) */
+ result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->aliasesbasedn, conf->scope, aliases_attributes, aliasesfilter, &dn, &aliasesconfvals);
+ }
+
+ if(result != LDAP_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"This vhost aliases config, but probably not for this URI, alias config entry not found");
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"Tried with ldap search filter: %s", aliasesfilter);
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"This uri has aliases config, configuration object found");
+ if(aliasesconfvals) { mvhl_doaliasesconfig(r, aliases_attributes, aliasesconfvals, aliasreqc); }
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, OK, NULL, "Entering alias substitution");
+ r->filename = apr_pstrcat (r->pool, aliasreqc->aliastargetdir , r->uri + i, NULL);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "Final filename r->filename: %s", r->filename);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "Final uri (unchanged) r->uri: %s", r->uri);
+ }
+
+ }
+ else
+ {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "This vhost has no aliases, or it is disabled via apacheAliasesConfigEnabled = (FALSE|not set) skipping..");
+ }
+}
+/******************************************************************/
+static void apply_location_access_control(mvhl_request *reqc, request_rec * r, mvhl_config *conf, util_ldap_connection_t *ldc, const char *dn) {
+
+ if(reqc->has_reqlines == 1 && reqc->rqlocationlines) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"LAC: This vhost has location access control configured, need to check if it's enabled for current uri");
+ int result = 0;
+ int i = 0;
+ char extconffiltbuf[FILTER_LENGTH];
+ const char **extconfvals = NULL;
+ char *extconfigattributes[] = { "apacheExtConfigUri","apacheExtConfigRequireValidUser","apacheExtConfigServerName","apacheExtConfigObjectName","apacheExtConfigUserDn","apacheExtConfigPath",0};
+ mvhl_extconfig_object *extreqc = (mvhl_extconfig_object *) apr_pcalloc(r->pool, sizeof(mvhl_extconfig_object));
+ char *buff = NULL;
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: Entering extConfig Location Objects search");
+ while(i <= strlen(apr_pstrdup(r->pool, r->uri)) && !extconfvals) {
+ i++;
+ buff = apr_pstrndup(r->pool, r->uri, i);
+ /*
+ * ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"Searching for hostname %s and URI %s, origname is %s", hostname, buff, reqc->name);
+ * uncomment this, if You'd like to see in log how uri gets checked
+ * ap_log_error(APLOG_MARK,APLOG_DEBUG,OK,NULL,"%s", buff);
+
+ * well, we must had been connecting already, so we don't do more ldap server connection checks,
+ * and we're doing a search with cache_getuser instead of using extConfigObject dn apacheConfig object attribute value(s),
+ * because there's no convenient function in apr api.
+ * vhost location RDN attribute is used actually by some GUI to make things easier
+ * TODO: use some generic ldap functions (?) classic search or implement more ldap routines for apr
+
+ * so, we do a search below locationDnBase for config object with matches current hostname and uri..
+ * note, that we took our current uri, and we're searching starting from / adding one by one chararacter
+ * to match config object - access config is always the same as first matching upper url access config.
+ * and more - if someone defined accessobject for /main and /main/subdir, the first one is used.
+ * when upper is deleted - next below is returned, and so far..
+ * and more - if there are two or more extConfig object for the same combination of server/uri,
+ * then first found is returned and search isn't processed further.
+
+ * we do a search based on original reqc->name instead of current hostname, to apply rules even if we're accessing
+ * site via ServerAlias name
+ */
+ apr_snprintf(extconffiltbuf, FILTER_LENGTH,"(&(%s)(apacheExtConfigServerName=%s)(apacheExtConfigUri=%s))", conf->filter, reqc->name, buff);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"LAC: ExtConfig Location Object search filter: %s", extconffiltbuf);
+ result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->wlcbasedn, conf->scope, extconfigattributes, extconffiltbuf, &dn, &extconfvals);
+ //matched URI, if found, is returned anyway with extconfvals as ldap attribute value.
+ }
+
+ if(result != LDAP_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"LAC: This vhost has access control, but probably not for this URI, access config entry not found");
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"LAC: Tried with ldap search filter: %s", extconffiltbuf);
+ }
+ else
+ {
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"LAC: This uri has access control, configuration object is found");
+ //we set all into extreqc struct
+ //ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "Entering extconfig buffer fill");
+ if(extconfvals) { mvhl_doextconfig(r, extconfigattributes, extconfvals, extreqc); }
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, OK, NULL, "LAC: Entering ap_requires generation process");
+ core_dir_config *coredirconf = (core_dir_config *) ap_get_module_config(r->per_dir_config, &core_module);
+ coredirconf->ap_auth_name = extreqc->extconfname;
+ coredirconf->ap_auth_type = (char *) "basic";
+ char *userlist = "user nobody";
+
+ /*
+ st = (util_ldap_state_t *)ap_get_module_config(r->server->module_config, &ldap_module);
+ st->search_cache_ttl = 0;
+ */
+ char userfilter[FILTER_LENGTH];
+ /* we'll search for user object with custom filter applied, which has assigned matched location name and which has assigned current servername */
+ apr_snprintf(userfilter, FILTER_LENGTH, "(&(%s)(objectClass=apacheExtendedConfigUserObject)(apacheExtConfigUserServerName=%s)(apacheExtConfigUserLocationUri=%s))", conf->filter, reqc->name, buff);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r,"LAC: User search filter: %s", userfilter);
+
+ mvhl_webuser *extuserreqc = (mvhl_webuser *) apr_pcalloc(r->pool, sizeof(mvhl_webuser));
+ int i = 0;
+ if(extreqc->extusers) {
+ log_dump_apr_array(r,extreqc->extusers,"extUser");
+ char **extuserdns = (char **) extreqc->extusers->elts;
+ for (i = 0; i < extreqc->extusers->nelts; i++) {
+ const char **extuservals = NULL;
+ int result = 0;
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: User search basedn: %s", extuserdns[i]);
+ //we don't use wucbasedn as we already know what webuser distinguishedname can be
+ char *ldap_webuser_attributes[] = { "apacheExtConfigUserName","apacheExtConfigUserServerName","apacheExtConfigUserDirectoryName","apacheExtConfigUserLocationUri","userPassword",0};
+ result = util_ldap_cache_getuserdn(r, ldc, conf->url, extuserdns[i], LDAP_SCOPE_BASE, ldap_webuser_attributes, userfilter, &dn, &extuservals);
+ if(extuservals) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: Val 0: %s", extuservals[0]);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: Val 1: %s", extuservals[1]);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: Val 2: %s", extuservals[2]);
+ char *prefix = "LAC: ";
+ mvhl_doextuserconfig(r, ldap_webuser_attributes, extuservals, extuserreqc,prefix);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: current username: %s", extuserreqc->webusername);
+ userlist = apr_pstrcat(r->pool, userlist, " ", extuserreqc->webusername, NULL);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: current userlist: %s", userlist);
+ }
+ }
+ }
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: final userlist: %s ", userlist);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, OK, NULL, "LAC: AuthName set to %s", coredirconf->ap_auth_name);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, OK, NULL, "LAC: AuthType set to %s", coredirconf->ap_auth_type);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, OK, NULL, "LAC: Preparing access control line");
+ coredirconf->ap_requires = (apr_array_header_t *) get_ap_reqs(r->pool, extreqc, reqc->name, userlist);
+ }
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, "LAC: This vhost is not configured for access control, or it is disabled via apacheExtConfigHasRequireLine = ( FALSE|not set) skipping..");
+ }
+}
+/******************************************************************/
+static void apply_directory_access_control(mvhl_request *reqc, request_rec * r, mvhl_config *conf, util_ldap_connection_t *ldc, const char *dn) {