From: Piotr Wadas Date: Tue, 18 Jul 2006 21:38:01 +0000 (+0000) Subject: upstream? :-) X-Git-Url: http://andersk.mit.edu/gitweb/mod-vhost-ldap.git/commitdiff_plain/9343eaf320ae8833473d2af7c6f18308148e9ee6 upstream? :-) git-svn-id: svn://svn.debian.org/svn/modvhostldap/branches/ext-config/mod-vhost-ldap@47 4dd36cbf-e3fd-0310-983d-db0e06859cf4 --- diff --git a/apache_alias.schema b/apache_alias.schema new file mode 100644 index 0000000..8cb2125 --- /dev/null +++ b/apache_alias.schema @@ -0,0 +1,59 @@ +# +# +# + +attributetype ( 1.1.2.5.4.175 NAME 'apacheAliasesConfigEnabled' + DESC 'determines whether apacheConfig has aliases configured' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + EQUALITY booleanMatch + SINGLE-VALUE + ) + +attributetype ( 1.1.2.5.4.176 NAME 'apacheAliasConfigOptionsDn' + DESC 'apache Aliases Config Object Location' + SUP distinguishedName + ) + +attributetype ( 1.1.2.5.4.177 NAME 'apacheAliasConfigObjectName' + DESC 'apache Alias Config Object Naming Attribute' + SUP cn + SINGLE-VALUE + ) + +attributetype ( 1.1.2.5.4.178 NAME 'apacheAliasConfigSourceUri' + DESC 'apache Alias Config source URI' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +attributetype ( 1.1.2.5.4.179 NAME 'apacheAliasConfigTargetDir' + DESC 'apache Alias Config target directory' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE + ) + +attributetype ( 1.1.2.5.4.180 NAME 'apacheAliasConfigServerName' + DESC 'apache Alias Config ServerName' + SUP cn + ) + +objectclass ( 1.1.2.5.6.107 NAME 'apacheAliasesConfigLocation' + DESC 'This object class membership means vhost has directory or location aliases' + MUST ( apacheAliasesConfigEnabled $ apacheAliasConfigOptionsDn ) + AUXILIARY + ) + +objectclass ( 1.1.2.5.6.108 NAME 'apacheAliasConfigObject' + DESC 'This object class represents alias entry properties' + MUST ( apacheAliasConfigSourceUri $ + apacheAliasConfigServerName $ + apacheAliasConfigTargetDir $ + apacheAliasConfigObjectName + ) + AUXILIARY + ) diff --git a/apache_ext.schema b/apache_ext.schema new file mode 100644 index 0000000..eda5ee0 --- /dev/null +++ b/apache_ext.schema @@ -0,0 +1,100 @@ +# +# +# + +attributetype ( 1.1.2.5.4.135 NAME 'apacheExtConfigRequireValidUser' + DESC 'apache Extended Config Require Type' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + EQUALITY booleanMatch + SINGLE-VALUE + ) + +attributetype ( 1.1.2.5.4.136 NAME 'apacheExtConfigServerName' + DESC 'apache Extended Config ServerName' + SUP cn + ) + +attributetype ( 1.1.2.5.4.137 NAME 'apacheExtConfigUserDn' + DESC 'apache Extended Config User Object Dn' + SUP distinguishedName + ) + +attributetype ( 1.1.2.5.4.138 NAME 'apacheExtConfigUserName' + DESC 'apache Extended Config UserName' + SUP cn + ) + +attributetype ( 1.1.2.5.4.139 NAME 'apacheExtConfigUserServerName' + DESC 'apache Extended Config User ServerName' + SUP cn + ) + +attributetype ( 1.1.2.5.4.140 NAME 'apacheExtConfigObjectName' + DESC 'apache Extended Config Object Name' + SUP cn + SINGLE-VALUE + ) + +attributetype ( 1.1.2.5.4.141 NAME 'apacheExtConfigHasRequireLine' + DESC 'determines whether apacheConfig has require Line(s)' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + EQUALITY booleanMatch + SINGLE-VALUE + ) + +attributetype ( 1.1.2.5.4.142 NAME 'apacheLocationOptionsDn' + DESC 'apache Extended Config Object Location' + SUP distinguishedName + ) + +attributetype ( 1.1.2.5.4.143 NAME 'apacheExtConfigUri' + DESC 'apache Extended Config Uri' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +attributetype ( 1.1.2.5.4.181 NAME 'apacheExtConfigPath' + DESC 'apache Extended Config Directory Value' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +attributetype ( 1.1.2.5.4.182 NAME 'apacheExtConfigUserDirectoryName' + DESC 'apache Extended Config User Directory Name' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +attributetype ( 1.1.2.5.4.183 NAME 'apacheExtConfigUserLocationUri' + DESC 'apache Extended Config User Directory Name' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +objectclass ( 1.1.2.5.6.103 NAME 'apacheExtendedConfigLocation' + DESC 'This object class membership determines whether vhost as access control' + MUST ( apacheLocationOptionsDn $ apacheExtConfigHasRequireLine ) + AUXILIARY + ) + +objectclass ( 1.1.2.5.6.104 NAME 'apacheExtendedConfigObject' + DESC 'This object class represents access control entry options' + MUST ( apacheExtConfigRequireValidUser $ apacheExtConfigObjectName ) + MAY ( apacheExtConfigServerName $ apacheExtConfigUri $ apacheExtConfigPath $ apacheExtConfigUserDn ) + AUXILIARY + ) + +objectclass ( 1.1.2.5.6.105 NAME 'apacheExtendedConfigUserObject' + DESC 'This object class represents httpauth user properties' + MUST ( apacheExtConfigUserName $ userPassword ) + MAY ( apacheExtConfigUserServerName $ apacheExtConfigUserDirectoryName $ apacheExtConfigUserLocationUri ) + AUXILIARY + ) \ No newline at end of file diff --git a/dtpasswd.c b/dtpasswd.c new file mode 100644 index 0000000..fbdb6d5 --- /dev/null +++ b/dtpasswd.c @@ -0,0 +1,86 @@ + +#include +#include +#include +#include +#include +#include +#include + +#define _XOPEN_SOURCE +#define MD5_CRYPT_ENAB yes +#include + + +extern char *crypt (__const char *__key, __const char *__salt); + +char *crypt_make_salt (void) +{ + struct timeval tv; + static char result[40]; + + result[0] = '\0'; + strcpy (result, "$1$"); /* magic for the new MD5 crypt() */ + + gettimeofday (&tv, (struct timezone *) 0); + strcat (result, l64a (tv.tv_usec)); + strcat (result, l64a (tv.tv_sec + getpid () + clock ())); + + if (strlen (result) > 3 + 8) result[11] = '\0'; + + return result; +} + +char *pw_encrypt (const char *clear, const char *salt) +{ + static char cipher[128]; + char *cp = crypt (clear, salt); + strcpy (cipher, cp); + return cipher; +} + + +int main () +{ + /* for new password, we generate salt + * for check we use encrypted password as salt + * char *crpasswd_or_newsalt = crypt_make_salt(); + */ + + const char* msg = "Enter password:"; + + char *clear = NULL; + // clear = "enterclearpasswordhere"; + // or simply get it + if ( !(clear = getpass(msg)) || strlen(clear) == 0 ) + { + fprintf (stderr, ("You entered no password \n")); + return 1; + } + else + { + char *crpasswd_or_newsalt = "$1$RG.pRvZh$Q0WZ8clsqtMUBRLFckoQg1"; + char *cipher = pw_encrypt (clear, crpasswd_or_newsalt); + + if (strcmp (cipher, crpasswd_or_newsalt) != 0) + { + fprintf (stderr, (crpasswd_or_newsalt)); + fprintf (stderr, ("\n")); + fprintf (stderr, ("Incorrect password. Result is:\n")); + fprintf (stderr, (cipher)); + fprintf (stderr, ("\n")); + return 1; + } + else + { + fprintf (stderr, ("\n")); + fprintf (stderr, (crpasswd_or_newsalt)); + fprintf (stderr, ("\n")); + fprintf (stderr, ("Good password\n")); + fprintf (stderr, (cipher)); + fprintf (stderr, ("\n")); + return 0; + } + } +} + diff --git a/examples/indexes b/examples/indexes new file mode 100644 index 0000000..420c07f --- /dev/null +++ b/examples/indexes @@ -0,0 +1,17 @@ +index apacheExtConfigServerName pres,eq,sub +index apacheExtConfigUri pres,eq,sub +index apacheExtConfigPath pres,eq,sub +index apacheAliasConfigSourceUri pres,eq,sub +index apacheAliasConfigTargetDir pres,eq,sub +index apacheAliasConfigServerName pres,eq,sub +index apacheDocumentRoot pres,eq +index apacheExtConfigObjectName pres,eq +index apacheExtConfigRequireValidUser pres,eq +index apacheExtConfigUserDn pres,eq +index apacheExtConfigUserServerName pres,eq +index apacheLocationOptionsDn pres,eq +index apacheAliasConfigOptionsDn pres,eq +index apacheAliasConfigObjectName pres,eq +index apacheServerAdmin pres,eq +index apacheServerAlias pres,eq +index apacheServerName pres,eq \ No newline at end of file diff --git a/mod_vhost_ldap.h b/mod_vhost_ldap.h new file mode 100644 index 0000000..30bf50f --- /dev/null +++ b/mod_vhost_ldap.h @@ -0,0 +1,201 @@ +/* ============================================================ + * Copyright (c) 2003-2006, Ondrej Sury, Piotr Wadas + * All rights reserved. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * NOTE: only static members must be "used" to build, + * so for time-to-time used routines we don't declare static + * mod_vhost_ldap.c --- read virtual host config from LDAP directory + * version 2.0 - included ldap-based basic auth & authz + * remember to add "-lcrypt" in Makefile if there's a need to generate new password + * for now not needed (validation only), this below is almost copy-paste from apache source, htpasswd.c + */ + +#define CORE_PRIVATE +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_log.h" +#include "http_request.h" +#include "apr_ldap.h" +#include "apr_strings.h" +#include "apr_reslist.h" +#include "util_ldap.h" +#include "apr_md5.h" +#include "apr_sha1.h" +#include "unistd.h" +#include "crypt.h" + +/* these are for checking unix crypt passwords */ +#include +#include +#include +#include + +/*this functions are not needed, as apr_password_validate includes it on its own */ +/*void to64(char *s, unsigned long v, int n) +{ + static unsigned char itoa64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + while (--n >= 0) { + *s++ = itoa64[v&0x3f]; + v >>= 6; + } +} + +char *htenc(const char *clearpasswd) { + //this function creates password compatible with htpasswd + char *res; + char salt[9]; + (void) srand((int) time((time_t *) NULL)); + to64(&salt[0], rand(), 8); + salt[8] = '\0'; + res = crypt(clearpasswd, salt); + return res; +} +*/ +/******************************************************************/ +//this function creates salt for unix password crypt md5 +/* +char *crypt_make_salt (void) +{ + + struct timeval tv; + static char result[40]; + + result[0] = '\0'; + strcpy (result, "$1$"); // magic for the new MD5 crypt() + + gettimeofday (&tv, (struct timezone *) 0); + strcat (result, l64a (tv.tv_usec)); + strcat (result, l64a (tv.tv_sec + getpid () + clock ())); + + if (strlen (result) > 3 + 8) result[11] = '\0'; + + return result; +} +*/ +#ifndef APU_HAS_LDAP +#fatal "mod_vhost_ldap requires APR util to have LDAP support built in" +#endif + +#ifdef MD5_CRYPT_ENAB +#undef MD5_CRYPT_ENAB +#endif + +#define MD5_CRYPT_ENAB yes +#include "unixd.h" /* Contains the suexec_identity hook used on Unix and needed for crypt() */ + +#define strtrue(s) (s && *s) /* do not accept empty "" strings */ +#define MIN_UID 100 +#define MIN_GID 100 +#define FILTER_LENGTH MAX_STRING_LEN +#define MSL MAX_STRING_LEN + +/******************************************************************/ +//need this global due to apache API construction +int mvhl_conf_enabled = 1; +int mvhl_conf_binddn = 2; +int mvhl_conf_bindpw = 3; +int mvhl_conf_deref = 4; +int mvhl_conf_wlcbasedn = 5; +int mvhl_conf_wucbasedn = 6; +int mvhl_conf_fallback = 7; +int mvhl_conf_aliasbasedn = 8; +int mvhl_alias_enabled = 9; +int mvhl_loc_auth_enabled = 10; +int mvhl_dir_auth_enabled = 11; +/******************************************************************/ +#define MVHL_ENABLED &mvhl_conf_enabled +#define MVHL_BINDDN &mvhl_conf_binddn +#define MVHL_BINDPW &mvhl_conf_bindpw +#define MVHL_DEREF &mvhl_conf_deref +#define MVHL_WLCBASEDN &mvhl_conf_wlcbasedn +#define MVHL_WUCBASEDN &mvhl_conf_wucbasedn +#define MVHL_FALLBACK &mvhl_conf_fallback +#define MVHL_ALIASBASEDN &mvhl_conf_aliasbasedn +#define MVHL_ALIASENABLED &mvhl_alias_enabled +#define MVHL_LAUTHENABLED &mvhl_loc_auth_enabled +#define MVHL_DAUTHENABLED &mvhl_dir_auth_enabled + +/******************************************************************/ +typedef struct mvhl_config +{ + int enabled; /* Is vhost_ldap enabled? */ + char *url; /* String representation of LDAP URL */ + char *host; /* Name of the LDAP server (or space separated list) */ + char *fallback; /* Name of the fallback vhost to return not-found info */ + int port; /* Port of the LDAP server */ + char *basedn; /* Base DN to do all searches from */ + int scope; /* Scope of the search */ + char *filter; /* Filter to further limit the search */ + deref_options deref; /* how to handle alias dereferening */ + char *binddn; /* DN to bind to server (can be NULL) */ + char *bindpw; /* Password to bind to server (can be NULL) xx */ + int have_deref; /* Set if we have found an Deref option */ + int have_ldap_url; /* Set if we have found an LDAP url */ + char *wlcbasedn; /* Base DN to do all location config searches */ + char *wucbasedn; /* Base DN to do all webuser config searches */ + char *aliasesbasedn; /* Base DN to do all aliases config objects searches */ + int secure; /* True if SSL connections are requested */ + int alias_enabled; /* 0 - disabled, 1 - enabled */ + int loc_auth_enabled; /* 0 - disabled, 1 - enabled */ + int dir_auth_enabled; /* 0 - disabled, 1 - enabled */ +} mvhl_config; +/******************************************************************/ +typedef struct mvhl_request +{ + char *dn; /* The saved dn from a successful search */ + char *name; /* apacheServerName */ + char *admin; /* apacheServerAdmin */ + char *docroot; /* apacheDocumentRoot */ + char *uid; /* Suexec Uid */ + char *gid; /* Suexec Gid */ + int has_reqlines; /* we have require lines (1) or not (0) */ + int has_aliaslines; /* we have aliases lines (1) or not (0) */ + apr_array_header_t *serveralias; /* apacheServerAlias values */ + apr_array_header_t *rqlocationlines; /* apacheExtConfigOptionsDn values */ + apr_array_header_t *aliaseslines; /* apacheAliasesConfigOptionsDn values */ + +} mvhl_request; +/******************************************************************/ +typedef struct mvhl_extconfig_object +{ + /* we use apr_array_header_t for multi-value attributed, + * parsed later (yuck!) from ";" separated string + */ + char *extconfname; /* apacheExtConfigObjectName, single-value, syntax SUP cn */ + apr_array_header_t *exturi; /* apacheExtConfigUri MULTI-value, uri for which this settings are here + * should be used in combine with extconfig server name + */ + apr_array_header_t *extdir; + int extconftype; /* apacheExtConfigRequireValidUser, single-value bool, + * if TRUE then require valid-user, if FALSE userlist-type config + */ + apr_array_header_t *extservername; /* apacheExtConfigServerName" MULTI-value, */ + apr_array_header_t *extusers; /* "apacheExtConfigUserDn" MULTI-value, syntax SUP DN */ + +} mvhl_extconfig_object; +/******************************************************************/ +typedef struct mvhl_aliasconf_object +{ + char *aliasconfname; /* apacheAliasConfigObjectName, single value */ + apr_array_header_t *aliassourceuri; /* apacheAliasConfigSourceUri */ + char *aliastargetdir; /* apacheAliasConfigTargetDir */ + apr_array_header_t *aliasconfservername; /* apacheAliasConfigServerName MULTI-value*/ +} mvhl_aliasconf_object; +/******************************************************************/ +typedef struct mvhl_webuser +{ + char *webusername; /* apacheExtConfigUserName, single-value */ + apr_array_header_t *webuserpassword; /* userPassword, multi-value */ + apr_array_header_t *webuserserver; /* apacheExtConfigUserServerName, server of this user, multi-value */ + apr_array_header_t *webuserlocationuri; /* apacheExtConfigUserServerName, server of this user, multi-value */ + apr_array_header_t *webuserdirectory; /* apacheExtConfigUserDirectoryName, server of this user, multi-value */ +} mvhl_webuser; diff --git a/vhost_ldap.load b/vhost_ldap.load new file mode 100644 index 0000000..7ba29c1 --- /dev/null +++ b/vhost_ldap.load @@ -0,0 +1 @@ +LoadModule vhost_ldap_module /usr/lib/apache2/modules/mod_vhost_ldap.so