*/
#define CORE_PRIVATE
-#define MOD_VHOST_LDAP_VERSION "mod_vhost_ldap/0.2.4"
#include <unistd.h>
module AP_MODULE_DECLARE_DATA vhost_ldap_module;
+typedef enum {
+ MVL_UNSET, MVL_DISABLED, MVL_ENABLED
+} mod_vhost_ldap_status_e;
+
typedef struct mod_vhost_ldap_config_t {
- apr_pool_t *pool; /* Pool that this config is allocated from */
-#if APR_HAS_THREADS
- apr_thread_mutex_t *lock; /* Lock for this config */
-#endif
- int enabled; /* Is vhost_ldap enabled? */
+ mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
/* These parameters are all derived from the VhostLDAPURL directive */
char *url; /* String representation of LDAP URL */
char *binddn; /* DN to bind to server (can be NULL) */
char *bindpw; /* Password to bind to server (can be NULL) */
+ int have_deref; /* Set if we have found an Deref option */
int have_ldap_url; /* Set if we have found an LDAP url */
int secure; /* True if SSL connections are requested */
} mod_vhost_ldap_request_t;
char *attributes[] =
- { "apacheServerName", "apacheServerAdmin", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", 0 };
+ { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
{
static void *
mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
{
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
- cfg->pool = p;
+ conf->enabled = MVL_UNSET;
+ conf->have_ldap_url = 0;
+ conf->have_deref = 0;
+ conf->binddn = NULL;
+ conf->bindpw = NULL;
+ conf->deref = always;
-#if APR_HAS_THREADS
- apr_thread_mutex_create(&cfg->lock, APR_THREAD_MUTEX_DEFAULT, p);
-#endif
+ return conf;
+}
+
+static void *
+mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
+{
+ mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
+ mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
+ mod_vhost_ldap_config_t *conf =
+ (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
+
+ if (child->enabled == MVL_UNSET) {
+ conf->enabled = parent->enabled;
+ } else {
+ conf->enabled = child->enabled;
+ }
+
+ if (child->have_ldap_url) {
+ conf->have_ldap_url = child->have_ldap_url;
+ conf->url = child->url;
+ conf->host = child->host;
+ conf->port = child->port;
+ conf->basedn = child->basedn;
+ conf->scope = child->scope;
+ conf->filter = child->filter;
+ conf->secure = child->secure;
+ } else {
+ conf->have_ldap_url = parent->have_ldap_url;
+ conf->url = parent->url;
+ conf->host = parent->host;
+ conf->port = parent->port;
+ conf->basedn = parent->basedn;
+ conf->scope = parent->scope;
+ conf->filter = parent->filter;
+ conf->secure = parent->secure;
+ }
+ if (child->have_deref) {
+ conf->have_deref = child->have_deref;
+ conf->deref = child->deref;
+ } else {
+ conf->have_deref = parent->have_deref;
+ conf->deref = parent->deref;
+ }
- cfg->enabled = 0;
- cfg->have_ldap_url = 0;
- cfg->url = "";
- cfg->host = NULL;
- cfg->binddn = NULL;
- cfg->bindpw = NULL;
- cfg->deref = always;
- cfg->secure = 0;
+ conf->binddn = (child->binddn ? child->binddn : parent->binddn);
+ conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
- return cfg;
+ return conf;
}
/*
int result;
apr_ldap_url_desc_t *urld;
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
&vhost_ldap_module);
return "Could not parse LDAP URL";
}
}
- cfg->url = apr_pstrdup(cmd->pool, url);
+ conf->url = apr_pstrdup(cmd->pool, url);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
/* Set all the values, or at least some sane defaults */
- if (cfg->host) {
- char *p = apr_palloc(cmd->pool, strlen(cfg->host) + strlen(urld->lud_host) + 2);
+ if (conf->host) {
+ char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
strcpy(p, urld->lud_host);
strcat(p, " ");
- strcat(p, cfg->host);
- cfg->host = p;
+ strcat(p, conf->host);
+ conf->host = p;
}
else {
- cfg->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
+ conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
}
- cfg->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
+ conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
- cfg->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
+ conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
if (urld->lud_filter) {
* Get rid of the surrounding parens; later on when generating the
* filter, they'll be put back.
*/
- cfg->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
- cfg->filter[strlen(cfg->filter)-1] = '\0';
+ conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
+ conf->filter[strlen(conf->filter)-1] = '\0';
}
else {
- cfg->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
+ conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
}
}
else {
- cfg->filter = "objectClass=apacheConfig";
+ conf->filter = "objectClass=apacheConfig";
}
/* "ldaps" indicates secure ldap connections desired
*/
if (strncasecmp(url, "ldaps", 5) == 0)
{
- cfg->secure = 1;
- cfg->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
+ conf->secure = 1;
+ conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
"LDAP: vhost_ldap using SSL connections");
}
else
{
- cfg->secure = 0;
- cfg->port = urld->lud_port? urld->lud_port : LDAP_PORT;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
+ conf->secure = 0;
+ conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
"LDAP: vhost_ldap not using SSL connections");
}
- cfg->have_ldap_url = 1;
+ conf->have_ldap_url = 1;
apr_ldap_free_urldesc(urld);
return NULL;
}
static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
{
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
&vhost_ldap_module);
- cfg->enabled = enabled;
+ conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
+
return NULL;
}
static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
{
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
&vhost_ldap_module);
- cfg->binddn = apr_pstrdup(cmd->pool, binddn);
+ conf->binddn = apr_pstrdup(cmd->pool, binddn);
return NULL;
}
static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
{
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
&vhost_ldap_module);
- cfg->bindpw = apr_pstrdup(cmd->pool, bindpw);
+ conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
return NULL;
}
static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
{
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
&vhost_ldap_module);
if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
- cfg->deref = never;
+ conf->deref = never;
+ conf->have_deref = 1;
}
else if (strcmp(deref, "searching") == 0) {
- cfg->deref = searching;
+ conf->deref = searching;
+ conf->have_deref = 1;
}
else if (strcmp(deref, "finding") == 0) {
- cfg->deref = finding;
+ conf->deref = finding;
+ conf->have_deref = 1;
}
else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
- cfg->deref = always;
+ conf->deref = always;
+ conf->have_deref = 1;
}
else {
return "Unrecognized value for VhostLDAPAliasDereference directive";
int failures = 0;
const char **vals = NULL;
char filtbuf[FILTER_LENGTH];
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
core_server_config * core =
(core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
(mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
ap_set_module_config(r->request_config, &vhost_ldap_module, req);
- if (!cfg->enabled) {
- return DECLINED;
- }
-
- if (!cfg->have_ldap_url) {
+ // mod_vhost_ldap is disabled or we don't have LDAP Url
+ if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
return DECLINED;
}
start_over:
- if (cfg->host) {
- ldc = util_ldap_connection_find(r, cfg->host, cfg->port,
- cfg->binddn, cfg->bindpw, cfg->deref,
- cfg->secure);
+ if (conf->host) {
+ ldc = util_ldap_connection_find(r, conf->host, conf->port,
+ conf->binddn, conf->bindpw, conf->deref,
+ conf->secure);
}
else {
ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
- "[mod_vhost_ldap.c] translate: no sec->host - weird...?");
+ "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
return DECLINED;
}
- ap_log_rerror (APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[mod_vhost_ldap.c]: translating %s", r->parsed_uri.path);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
+ "[mod_vhost_ldap.c]: translating %s", r->uri);
- apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", cfg->filter, r->hostname, r->hostname);
+ apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, r->hostname, r->hostname);
- result = util_ldap_cache_getuserdn(r, ldc, cfg->url, cfg->basedn, cfg->scope,
+ result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
attributes, filtbuf, &dn, &vals);
util_ldap_connection_close(ldc);
/* handle bind failure */
if (result != LDAP_SUCCESS) {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_WARN|APLOG_NOERRNO, 0, r,
"[mod_vhost_ldap.c] translate: "
- "translate failed; URI %s [%s][%s]",
- r->parsed_uri.path, ldc->reason, ldap_err2string(result));
+ "translate failed; VHost %s; URI %s[%s]",
+ r->hostname, r->uri, ldap_err2string(result));
return DECLINED;
}
}
}
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
+ "[mod_vhost_ldap.c]: loaded from ldap: "
+ "apacheServerName: %s, "
+ "apacheServerAdmin: %s, "
+ "apacheDocumentRoot: %s, "
+ "apacheScriptAlias: %s, "
+ "apacheSuexecUid: %s, "
+ "apacheSuexecGid: %s"
+ , req->name, req->admin, req->docroot, req->cgiroot, req->uid, req->gid);
+
if ((req->name == NULL)||(req->docroot == NULL)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
"[mod_vhost_ldap.c] translate: "
cgi = NULL;
if (req->cgiroot) {
- cgi = strstr(r->parsed_uri.path, "cgi-bin/");
- if (cgi && (cgi != r->uri + strspn(r->parsed_uri.path, "/"))) {
+ cgi = strstr(r->uri, "cgi-bin/");
+ if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
cgi = NULL;
}
}
-
if (cgi) {
- r->filename =
- apr_pstrcat (r->pool, req->cgiroot, cgi + strlen("cgi-bin"), NULL);
+ r->filename = apr_pstrcat (r->pool, req->cgiroot, cgi + strlen("cgi-bin"), NULL);
r->handler = "cgi-script";
apr_table_setn(r->notes, "alias-forced-type", r->handler);
+ } else if (r->uri[0] == '/') {
+ r->filename = apr_pstrcat (r->pool, req->docroot, r->uri, NULL);
} else {
- r->filename =
- apr_pstrcat (r->pool, req->docroot, r->parsed_uri.path, NULL);
+ return DECLINED;
}
r->server->server_hostname = apr_pstrdup (r->pool, req->name);
static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
{
ap_unix_identity_t *ugid = NULL;
- mod_vhost_ldap_config_t *cfg =
+ mod_vhost_ldap_config_t *conf =
(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
&vhost_ldap_module);
mod_vhost_ldap_request_t *req =
uid_t uid = -1;
gid_t gid = -1;
- // mod_vhost_ldap is disabled
- if (!cfg->enabled) {
+ // mod_vhost_ldap is disabled or we don't have LDAP Url
+ if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
return NULL;
}
NULL,
NULL,
mod_vhost_ldap_create_server_config,
- NULL,
+ mod_vhost_ldap_merge_server_config,
mod_vhost_ldap_cmds,
mod_vhost_ldap_register_hooks,
};