--- /dev/null
+#
+#
+#
+
+attributetype ( 1.1.2.5.4.135 NAME 'apacheExtConfigRequireValidUser'
+ DESC 'apache Extended Config Require Type'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ EQUALITY booleanMatch
+ SINGLE-VALUE
+ )
+
+attributetype ( 1.1.2.5.4.136 NAME 'apacheExtConfigServerName'
+ DESC 'apache Extended Config ServerName'
+ SUP cn
+ )
+
+attributetype ( 1.1.2.5.4.137 NAME 'apacheExtConfigUserDn'
+ DESC 'apache Extended Config User Object Dn'
+ SUP distinguishedName
+ )
+
+attributetype ( 1.1.2.5.4.138 NAME 'apacheExtConfigUserName'
+ DESC 'apache Extended Config UserName'
+ SUP cn
+ )
+
+attributetype ( 1.1.2.5.4.139 NAME 'apacheExtConfigUserServerName'
+ DESC 'apache Extended Config User ServerName'
+ SUP cn
+ )
+
+attributetype ( 1.1.2.5.4.140 NAME 'apacheExtConfigObjectName'
+ DESC 'apache Extended Config Object Name'
+ SUP cn
+ SINGLE-VALUE
+ )
+
+attributetype ( 1.1.2.5.4.141 NAME 'apacheExtConfigHasRequireLine'
+ DESC 'determines whether apacheConfig has require Line(s)'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ EQUALITY booleanMatch
+ SINGLE-VALUE
+ )
+
+attributetype ( 1.1.2.5.4.142 NAME 'apacheLocationOptionsDn'
+ DESC 'apache Extended Config Object Location'
+ SUP distinguishedName
+ )
+
+attributetype ( 1.1.2.5.4.143 NAME 'apacheExtConfigUri'
+ DESC 'apache Extended Config Uri'
+ SUP name
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+ )
+
+attributetype ( 1.1.2.5.4.181 NAME 'apacheExtConfigPath'
+ DESC 'apache Extended Config Directory Value'
+ SUP name
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+ )
+
+attributetype ( 1.1.2.5.4.182 NAME 'apacheExtConfigUserDirectoryName'
+ DESC 'apache Extended Config User Directory Name'
+ SUP name
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+ )
+
+attributetype ( 1.1.2.5.4.183 NAME 'apacheExtConfigUserLocationUri'
+ DESC 'apache Extended Config User Directory Name'
+ SUP name
+ EQUALITY caseIgnoreMatch
+ SUBSTR caseIgnoreSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+ )
+
+objectclass ( 1.1.2.5.6.103 NAME 'apacheExtendedConfigLocation'
+ DESC 'This object class membership determines whether vhost as access control'
+ MUST ( apacheLocationOptionsDn $ apacheExtConfigHasRequireLine )
+ AUXILIARY
+ )
+
+objectclass ( 1.1.2.5.6.104 NAME 'apacheExtendedConfigObject'
+ DESC 'This object class represents access control entry options'
+ MUST ( apacheExtConfigRequireValidUser $ apacheExtConfigObjectName )
+ MAY ( apacheExtConfigServerName $ apacheExtConfigUri $ apacheExtConfigPath $ apacheExtConfigUserDn )
+ AUXILIARY
+ )
+
+objectclass ( 1.1.2.5.6.105 NAME 'apacheExtendedConfigUserObject'
+ DESC 'This object class represents httpauth user properties'
+ MUST ( apacheExtConfigUserName $ userPassword )
+ MAY ( apacheExtConfigUserServerName $ apacheExtConfigUserDirectoryName $ apacheExtConfigUserLocationUri )
+ AUXILIARY
+ )
\ No newline at end of file
--- /dev/null
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+#include <sys/types.h>
+
+#define _XOPEN_SOURCE
+#define MD5_CRYPT_ENAB yes
+#include <unistd.h>
+
+
+extern char *crypt (__const char *__key, __const char *__salt);
+
+char *crypt_make_salt (void)
+{
+ struct timeval tv;
+ static char result[40];
+
+ result[0] = '\0';
+ strcpy (result, "$1$"); /* magic for the new MD5 crypt() */
+
+ gettimeofday (&tv, (struct timezone *) 0);
+ strcat (result, l64a (tv.tv_usec));
+ strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
+
+ if (strlen (result) > 3 + 8) result[11] = '\0';
+
+ return result;
+}
+
+char *pw_encrypt (const char *clear, const char *salt)
+{
+ static char cipher[128];
+ char *cp = crypt (clear, salt);
+ strcpy (cipher, cp);
+ return cipher;
+}
+
+
+int main ()
+{
+ /* for new password, we generate salt
+ * for check we use encrypted password as salt
+ * char *crpasswd_or_newsalt = crypt_make_salt();
+ */
+
+ const char* msg = "Enter password:";
+
+ char *clear = NULL;
+ // clear = "enterclearpasswordhere";
+ // or simply get it
+ if ( !(clear = getpass(msg)) || strlen(clear) == 0 )
+ {
+ fprintf (stderr, ("You entered no password \n"));
+ return 1;
+ }
+ else
+ {
+ char *crpasswd_or_newsalt = "$1$RG.pRvZh$Q0WZ8clsqtMUBRLFckoQg1";
+ char *cipher = pw_encrypt (clear, crpasswd_or_newsalt);
+
+ if (strcmp (cipher, crpasswd_or_newsalt) != 0)
+ {
+ fprintf (stderr, (crpasswd_or_newsalt));
+ fprintf (stderr, ("\n"));
+ fprintf (stderr, ("Incorrect password. Result is:\n"));
+ fprintf (stderr, (cipher));
+ fprintf (stderr, ("\n"));
+ return 1;
+ }
+ else
+ {
+ fprintf (stderr, ("\n"));
+ fprintf (stderr, (crpasswd_or_newsalt));
+ fprintf (stderr, ("\n"));
+ fprintf (stderr, ("Good password\n"));
+ fprintf (stderr, (cipher));
+ fprintf (stderr, ("\n"));
+ return 0;
+ }
+ }
+}
+
--- /dev/null
+/* ============================================================
+ * Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas
+ * All rights reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * NOTE: only static members must be "used" to build,
+ * so for time-to-time used routines we don't declare static
+ * mod_vhost_ldap.c --- read virtual host config from LDAP directory
+ * version 2.0 - included ldap-based basic auth & authz
+ * remember to add "-lcrypt" in Makefile if there's a need to generate new password
+ * for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c
+ */
+
+#define CORE_PRIVATE
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_request.h"
+#include "apr_ldap.h"
+#include "apr_strings.h"
+#include "apr_reslist.h"
+#include "util_ldap.h"
+#include "apr_md5.h"
+#include "apr_sha1.h"
+#include "unistd.h"
+#include "crypt.h"
+
+/* these are for checking unix crypt passwords */
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+#include <sys/types.h>
+
+/*this functions are not needed, as apr_password_validate includes it on its own */
+/*void to64(char *s, unsigned long v, int n)
+{
+ static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+ while (--n >= 0) {
+ *s++ = itoa64[v&0x3f];
+ v >>= 6;
+ }
+}
+
+char *htenc(const char *clearpasswd) {
+ //this function creates password compatible with htpasswd
+ char *res;
+ char salt[9];
+ (void) srand((int) time((time_t *) NULL));
+ to64(&salt[0], rand(), 8);
+ salt[8] = '\0';
+ res = crypt(clearpasswd, salt);
+ return res;
+}
+*/
+/******************************************************************/
+//this function creates salt for unix password crypt md5
+/*
+char *crypt_make_salt (void)
+{
+
+ struct timeval tv;
+ static char result[40];
+
+ result[0] = '\0';
+ strcpy (result, "$1$"); // magic for the new MD5 crypt()
+
+ gettimeofday (&tv, (struct timezone *) 0);
+ strcat (result, l64a (tv.tv_usec));
+ strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
+
+ if (strlen (result) > 3 + 8) result[11] = '\0';
+
+ return result;
+}
+*/
+#ifndef APU_HAS_LDAP
+#fatal "mod_vhost_ldap requires APR util to have LDAP support built in"
+#endif
+
+#ifdef MD5_CRYPT_ENAB
+#undef MD5_CRYPT_ENAB
+#endif
+
+#define MD5_CRYPT_ENAB yes
+#include "unixd.h" /* Contains the suexec_identity hook used on Unix and needed for crypt() */
+
+#define strtrue(s) (s && *s) /* do not accept empty "" strings */
+#define MIN_UID 100
+#define MIN_GID 100
+#define FILTER_LENGTH MAX_STRING_LEN
+#define MSL MAX_STRING_LEN
+
+/******************************************************************/
+//need this global due to apache API construction
+int mvhl_conf_enabled = 1;
+int mvhl_conf_binddn = 2;
+int mvhl_conf_bindpw = 3;
+int mvhl_conf_deref = 4;
+int mvhl_conf_wlcbasedn = 5;
+int mvhl_conf_wucbasedn = 6;
+int mvhl_conf_fallback = 7;
+int mvhl_conf_aliasbasedn = 8;
+int mvhl_alias_enabled = 9;
+int mvhl_loc_auth_enabled = 10;
+int mvhl_dir_auth_enabled = 11;
+/******************************************************************/
+#define MVHL_ENABLED &mvhl_conf_enabled
+#define MVHL_BINDDN &mvhl_conf_binddn
+#define MVHL_BINDPW &mvhl_conf_bindpw
+#define MVHL_DEREF &mvhl_conf_deref
+#define MVHL_WLCBASEDN &mvhl_conf_wlcbasedn
+#define MVHL_WUCBASEDN &mvhl_conf_wucbasedn
+#define MVHL_FALLBACK &mvhl_conf_fallback
+#define MVHL_ALIASBASEDN &mvhl_conf_aliasbasedn
+#define MVHL_ALIASENABLED &mvhl_alias_enabled
+#define MVHL_LAUTHENABLED &mvhl_loc_auth_enabled
+#define MVHL_DAUTHENABLED &mvhl_dir_auth_enabled
+
+/******************************************************************/
+typedef struct mvhl_config
+{
+ int enabled; /* Is vhost_ldap enabled? */
+ char *url; /* String representation of LDAP URL */
+ char *host; /* Name of the LDAP server (or space separated list) */
+ char *fallback; /* Name of the fallback vhost to return not-found info */
+ int port; /* Port of the LDAP server */
+ char *basedn; /* Base DN to do all searches from */
+ int scope; /* Scope of the search */
+ char *filter; /* Filter to further limit the search */
+ deref_options deref; /* how to handle alias dereferening */
+ char *binddn; /* DN to bind to server (can be NULL) */
+ char *bindpw; /* Password to bind to server (can be NULL) xx */
+ int have_deref; /* Set if we have found an Deref option */
+ int have_ldap_url; /* Set if we have found an LDAP url */
+ char *wlcbasedn; /* Base DN to do all location config searches */
+ char *wucbasedn; /* Base DN to do all webuser config searches */
+ char *aliasesbasedn; /* Base DN to do all aliases config objects searches */
+ int secure; /* True if SSL connections are requested */
+ int alias_enabled; /* 0 - disabled, 1 - enabled */
+ int loc_auth_enabled; /* 0 - disabled, 1 - enabled */
+ int dir_auth_enabled; /* 0 - disabled, 1 - enabled */
+} mvhl_config;
+/******************************************************************/
+typedef struct mvhl_request
+{
+ char *dn; /* The saved dn from a successful search */
+ char *name; /* apacheServerName */
+ char *admin; /* apacheServerAdmin */
+ char *docroot; /* apacheDocumentRoot */
+ char *uid; /* Suexec Uid */
+ char *gid; /* Suexec Gid */
+ int has_reqlines; /* we have require lines (1) or not (0) */
+ int has_aliaslines; /* we have aliases lines (1) or not (0) */
+ apr_array_header_t *serveralias; /* apacheServerAlias values */
+ apr_array_header_t *rqlocationlines; /* apacheExtConfigOptionsDn values */
+ apr_array_header_t *aliaseslines; /* apacheAliasesConfigOptionsDn values */
+
+} mvhl_request;
+/******************************************************************/
+typedef struct mvhl_extconfig_object
+{
+ /* we use apr_array_header_t for multi-value attributed,
+ * parsed later (yuck!) from ";" separated string
+ */
+ char *extconfname; /* apacheExtConfigObjectName, single-value, syntax SUP cn */
+ apr_array_header_t *exturi; /* apacheExtConfigUri MULTI-value, uri for which this settings are here
+ * should be used in combine with extconfig server name
+ */
+ apr_array_header_t *extdir;
+ int extconftype; /* apacheExtConfigRequireValidUser, single-value bool,
+ * if TRUE then require valid-user, if FALSE userlist-type config
+ */
+ apr_array_header_t *extservername; /* apacheExtConfigServerName" MULTI-value, */
+ apr_array_header_t *extusers; /* "apacheExtConfigUserDn" MULTI-value, syntax SUP DN */
+
+} mvhl_extconfig_object;
+/******************************************************************/
+typedef struct mvhl_aliasconf_object
+{
+ char *aliasconfname; /* apacheAliasConfigObjectName, single value */
+ apr_array_header_t *aliassourceuri; /* apacheAliasConfigSourceUri */
+ char *aliastargetdir; /* apacheAliasConfigTargetDir */
+ apr_array_header_t *aliasconfservername; /* apacheAliasConfigServerName MULTI-value*/
+} mvhl_aliasconf_object;
+/******************************************************************/
+typedef struct mvhl_webuser
+{
+ char *webusername; /* apacheExtConfigUserName, single-value */
+ apr_array_header_t *webuserpassword; /* userPassword, multi-value */
+ apr_array_header_t *webuserserver; /* apacheExtConfigUserServerName, server of this user, multi-value */
+ apr_array_header_t *webuserlocationuri; /* apacheExtConfigUserServerName, server of this user, multi-value */
+ apr_array_header_t *webuserdirectory; /* apacheExtConfigUserDirectoryName, server of this user, multi-value */
+} mvhl_webuser;
andersk / mod-vhost-ldap.git / commitdiff
