#include "http_request.h"
#include "apr_version.h"
#include "apr_ldap.h"
-#include "apr_strings.h"
#include "apr_reslist.h"
+#include "apr_strings.h"
+#include "apr_thread_mutex.h"
+#include "apr_thread_rwlock.h"
+#include "apr_tables.h"
#include "util_ldap.h"
+#include "util_script.h"
#if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
#error mod_vhost_ldap requires APR-util to have LDAP support built in
#define MIN_UID 100
#define MIN_GID 100
+#define MAX_FAILURES 5
+
module AP_MODULE_DECLARE_DATA vhost_ldap_module;
typedef enum {
char *fallback; /* Fallback virtual host */
+ apr_thread_mutex_t *mutex; /* Create per worker mutex to synchronize threads */
+
} mod_vhost_ldap_config_t;
typedef struct mod_vhost_ldap_request_t {
char *cgiroot; /* ScriptAlias */
char *uid; /* Suexec Uid */
char *gid; /* Suexec Gid */
- char *saved_docroot; /* Saved DocumentRoot */
} mod_vhost_ldap_request_t;
char *attributes[] =
conf->deref = always;
conf->fallback = NULL;
+ apr_thread_mutex_create(&conf->mutex, APR_THREAD_MUTEX_DEFAULT, p);
+
return conf;
}
{
request_rec *top = (r->main)?r->main:r;
mod_vhost_ldap_request_t *reqc;
- apr_table_t *e;
int failures = 0;
const char **vals = NULL;
char filtbuf[FILTER_LENGTH];
char *cgi;
const char *hostname = NULL;
int is_fallback = 0;
- int sleep = 0;
+ int sleep0 = 0;
+ int sleep1 = 1;
+ int sleep;
+ struct berval hostnamebv, shostnamebv;
reqc =
(mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
}
hostname = r->hostname;
+ if (hostname == NULL || hostname[0] == '\0')
+ goto null;
fallback:
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]", hostname, r->uri);
+ "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]",
+ hostname, r->uri);
- apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, hostname, hostname);
+ ber_str2bv(hostname, 0, 0, &hostnamebv);
+ if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0)
+ goto null;
+ apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val);
+ ber_memfree(shostnamebv.bv_val);
result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
attributes, filtbuf, &dn, &vals);
if (AP_LDAP_IS_SERVER_DOWN(result) ||
(result == LDAP_TIMEOUT) ||
(result == LDAP_CONNECT_ERROR)) {
+ sleep = sleep0 + sleep1;
ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
- "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds", failures, sleep);
- if (failures++ < 5) {
+ "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds",
+ failures, sleep);
+ if (failures++ < MAX_FAILURES) {
/* Back-off exponentially */
apr_sleep(apr_time_from_sec(sleep));
- sleep = sleep+failures;
+ sleep0 = sleep1;
+ sleep1 = sleep;
goto start_over;
} else {
return HTTP_GATEWAY_TIME_OUT;
}
if (result == LDAP_NO_SUCH_OBJECT) {
+ if (strcmp(hostname, "*") != 0) {
+ if (strncmp(hostname, "*.", 2) == 0)
+ hostname += 2;
+ hostname += strcspn(hostname, ".");
+ hostname = apr_pstrcat(r->pool, "*", hostname, NULL);
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
+ "[mod_vhost_ldap.c] translate: "
+ "virtual host not found, trying wildcard %s",
+ hostname);
+ goto fallback;
+ }
+
+null:
if (conf->fallback && (is_fallback++ <= 0)) {
ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
"[mod_vhost_ldap.c] translate: "
cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
if ((cgi = ap_server_root_relative(r->pool, cgi))) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
- "[mod_vhost_ldap.c]: ap_document_root is: %s", ap_document_root(r));
+ "[mod_vhost_ldap.c]: ap_document_root is: %s",
+ ap_document_root(r));
r->filename = cgi;
r->handler = "cgi-script";
apr_table_setn(r->notes, "alias-forced-type", r->handler);
return DECLINED;
}
+#if APR_HAS_THREADS
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
+ "[mod_vhost_ldap.c]: locking ap_document_root mutex for [%s]",
+ r->hostname);
+ apr_thread_mutex_lock(conf->mutex);
+#endif
+
top->server->server_hostname = apr_pstrdup (top->pool, reqc->name);
if (reqc->admin) {
top->server->server_admin = apr_pstrdup (top->pool, reqc->admin);
}
- reqc->saved_docroot = apr_pstrdup(top->pool, ap_document_root(r));
-
result = set_document_root(r, reqc->docroot);
if (result != OK) {
return HTTP_INTERNAL_SERVER_ERROR;
}
- // set environment variables
- e = top->subprocess_env;
- apr_table_addn(e, "DOCUMENT_ROOT", reqc->docroot);
-
/* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */
return DECLINED;
}
-static int mod_vhost_ldap_cleanup(request_rec * r)
-{
- mod_vhost_ldap_request_t *reqc =
- (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
- &vhost_ldap_module);
-
- /* Set ap_document_root back to saved value */
- return set_document_root(r, reqc->saved_docroot);
-}
-
#ifdef HAVE_UNIX_SUEXEC
static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
{
}
#endif
+static int mod_vhost_ldap_fixups(request_rec *r)
+{
+#if APR_HAS_THREADS
+ mod_vhost_ldap_config_t *conf =
+ (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
+ "[mod_vhost_ldap.c]: unlocking ap_document_root mutex for [%s]",
+ r->hostname);
+
+ apr_thread_mutex_unlock(conf->mutex);
+#endif
+ return OK;
+}
+
static void
mod_vhost_ldap_register_hooks (apr_pool_t * p)
{
ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
- ap_hook_fixups(mod_vhost_ldap_cleanup, aszRewrite, NULL, APR_HOOK_MIDDLE);
#ifdef HAVE_UNIX_SUEXEC
ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
#endif
#if (APR_MAJOR_VERSION >= 1)
ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
#endif
+
+ ap_hook_fixups(mod_vhost_ldap_fixups, NULL, NULL, APR_HOOK_LAST);
}
module AP_MODULE_DECLARE_DATA vhost_ldap_module = {