X-Git-Url: http://andersk.mit.edu/gitweb/mod-vhost-ldap.git/blobdiff_plain/c606ab4433a5cb775989cf84c5f020841d13ad81..649a08e857cdaf5f1a82ed3402d6a290ebee6ebd:/mod_vhost_ldap.c diff --git a/mod_vhost_ldap.c b/mod_vhost_ldap.c index 2c2d847..ed376be 100644 --- a/mod_vhost_ldap.c +++ b/mod_vhost_ldap.c @@ -31,9 +31,13 @@ #include "http_request.h" #include "apr_version.h" #include "apr_ldap.h" -#include "apr_strings.h" #include "apr_reslist.h" +#include "apr_strings.h" +#include "apr_thread_mutex.h" +#include "apr_thread_rwlock.h" +#include "apr_tables.h" #include "util_ldap.h" +#include "util_script.h" #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP) #error mod_vhost_ldap requires APR-util to have LDAP support built in @@ -50,6 +54,8 @@ #define MIN_UID 100 #define MIN_GID 100 +#define MAX_FAILURES 5 + module AP_MODULE_DECLARE_DATA vhost_ldap_module; typedef enum { @@ -79,6 +85,8 @@ typedef struct mod_vhost_ldap_config_t { char *fallback; /* Fallback virtual host */ + apr_thread_mutex_t *mutex; /* Create per worker mutex to synchronize threads */ + } mod_vhost_ldap_config_t; typedef struct mod_vhost_ldap_request_t { @@ -89,7 +97,6 @@ typedef struct mod_vhost_ldap_request_t { char *cgiroot; /* ScriptAlias */ char *uid; /* Suexec Uid */ char *gid; /* Suexec Gid */ - char *saved_docroot; /* Saved DocumentRoot */ } mod_vhost_ldap_request_t; char *attributes[] = @@ -178,6 +185,8 @@ mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s) conf->deref = always; conf->fallback = NULL; + apr_thread_mutex_create(&conf->mutex, APR_THREAD_MUTEX_DEFAULT, p); + return conf; } @@ -456,7 +465,6 @@ static int mod_vhost_ldap_translate_name(request_rec *r) { request_rec *top = (r->main)?r->main:r; mod_vhost_ldap_request_t *reqc; - apr_table_t *e; int failures = 0; const char **vals = NULL; char filtbuf[FILTER_LENGTH]; @@ -468,7 +476,10 @@ static int mod_vhost_ldap_translate_name(request_rec *r) char *cgi; const char *hostname = NULL; int is_fallback = 0; - int sleep = 1; + int sleep0 = 0; + int sleep1 = 1; + int sleep; + struct berval hostnamebv, shostnamebv; reqc = (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t)); @@ -495,13 +506,20 @@ start_over: } hostname = r->hostname; + if (hostname == NULL || hostname[0] == '\0') + goto null; fallback: ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, - "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]", hostname, r->uri); + "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]", + hostname, r->uri); - apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, hostname, hostname); + ber_str2bv(hostname, 0, 0, &hostnamebv); + if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0) + goto null; + apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val); + ber_memfree(shostnamebv.bv_val); result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope, attributes, filtbuf, &dn, &vals); @@ -512,10 +530,15 @@ fallback: if (AP_LDAP_IS_SERVER_DOWN(result) || (result == LDAP_TIMEOUT) || (result == LDAP_CONNECT_ERROR)) { - if (failures++ <= 5) { + sleep = sleep0 + sleep1; + ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds", + failures, sleep); + if (failures++ < MAX_FAILURES) { /* Back-off exponentially */ apr_sleep(apr_time_from_sec(sleep)); - sleep = sleep*2; + sleep0 = sleep1; + sleep1 = sleep; goto start_over; } else { return HTTP_GATEWAY_TIME_OUT; @@ -523,6 +546,19 @@ fallback: } if (result == LDAP_NO_SUCH_OBJECT) { + if (strcmp(hostname, "*") != 0) { + if (strncmp(hostname, "*.", 2) == 0) + hostname += 2; + hostname += strcspn(hostname, "."); + hostname = apr_pstrcat(r->pool, "*", hostname, NULL); + ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c] translate: " + "virtual host not found, trying wildcard %s", + hostname); + goto fallback; + } + +null: if (conf->fallback && (is_fallback++ <= 0)) { ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r, "[mod_vhost_ldap.c] translate: " @@ -609,7 +645,8 @@ fallback: cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL); if ((cgi = ap_server_root_relative(r->pool, cgi))) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, - "[mod_vhost_ldap.c]: ap_document_root is: %s", ap_document_root(r)); + "[mod_vhost_ldap.c]: ap_document_root is: %s", + ap_document_root(r)); r->filename = cgi; r->handler = "cgi-script"; apr_table_setn(r->notes, "alias-forced-type", r->handler); @@ -624,37 +661,28 @@ fallback: return DECLINED; } +#if APR_HAS_THREADS + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c]: locking ap_document_root mutex for [%s]", + r->hostname); + apr_thread_mutex_lock(conf->mutex); +#endif + top->server->server_hostname = apr_pstrdup (top->pool, reqc->name); if (reqc->admin) { top->server->server_admin = apr_pstrdup (top->pool, reqc->admin); } - reqc->saved_docroot = apr_pstrdup(top->pool, ap_document_root(r)); - result = set_document_root(r, reqc->docroot); if (result != OK) { return HTTP_INTERNAL_SERVER_ERROR; } - // set environment variables - e = top->subprocess_env; - apr_table_addn(e, "DOCUMENT_ROOT", reqc->docroot); - /* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */ return DECLINED; } -static int mod_vhost_ldap_cleanup(request_rec * r) -{ - mod_vhost_ldap_request_t *reqc = - (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config, - &vhost_ldap_module); - - /* Set ap_document_root back to saved value */ - return set_document_root(r, reqc->saved_docroot); -} - #ifdef HAVE_UNIX_SUEXEC static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r) { @@ -697,6 +725,20 @@ static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * } #endif +static int mod_vhost_ldap_fixups(request_rec *r) +{ +#if APR_HAS_THREADS + mod_vhost_ldap_config_t *conf = + (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c]: unlocking ap_document_root mutex for [%s]", + r->hostname); + + apr_thread_mutex_unlock(conf->mutex); +#endif + return OK; +} + static void mod_vhost_ldap_register_hooks (apr_pool_t * p) { @@ -708,13 +750,14 @@ mod_vhost_ldap_register_hooks (apr_pool_t * p) ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST); - ap_hook_fixups(mod_vhost_ldap_cleanup, aszRewrite, NULL, APR_HOOK_MIDDLE); #ifdef HAVE_UNIX_SUEXEC ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE); #endif #if (APR_MAJOR_VERSION >= 1) ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE); #endif + + ap_hook_fixups(mod_vhost_ldap_fixups, NULL, NULL, APR_HOOK_LAST); } module AP_MODULE_DECLARE_DATA vhost_ldap_module = {