API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 27th, 2012
199
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.51 KB | None | 0 0
raw download clone embed print report
  1. /* ============================================================
  2. * Copyright (c) 2003-2004, Ondrej Sury
  3. * All rights reserved.
  4. *
  5. * Licensed under the Apache License, Version 2.0 (the "License");
  6. * you may not use this file except in compliance with the License.
  7. * You may obtain a copy of the License at
  8. *
  9. * http://www.apache.org/licenses/LICENSE-2.0
  10. *
  11. * Unless required by applicable law or agreed to in writing, software
  12. * distributed under the License is distributed on an "AS IS" BASIS,
  13. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. * See the License for the specific language governing permissions and
  15. * limitations under the License.
  16. *
  17. */
  18.  
  19. /*
  20. * mod_vhost_ldap.c --- read virtual host config from LDAP directory
  21. */
  22.  
  23. #define CORE_PRIVATE
  24.  
  25. #include <unistd.h>
  26.  
  27. #include "httpd.h"
  28. #include "http_config.h"
  29. #include "http_core.h"
  30. #include "http_log.h"
  31. #include "http_request.h"
  32. #include "apr_version.h"
  33. #include "apr_ldap.h"
  34. #include "apr_reslist.h"
  35. #include "apr_strings.h"
  36. #include "apr_tables.h"
  37. #include "util_ldap.h"
  38. #include "util_script.h"
  39.  
  40. #if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
  41. #error mod_vhost_ldap requires APR-util to have LDAP support built in
  42. #endif
  43.  
  44. #if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
  45. #define HAVE_UNIX_SUEXEC
  46. #endif
  47.  
  48. #ifdef HAVE_UNIX_SUEXEC
  49. #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
  50. #endif
  51.  
  52. #define MIN_UID 100
  53. #define MIN_GID 100
  54.  
  55. #define MAX_FAILURES 5
  56.  
  57. module AP_MODULE_DECLARE_DATA vhost_ldap_module;
  58.  
  59. typedef enum {
  60. MVL_UNSET, MVL_DISABLED, MVL_ENABLED
  61. } mod_vhost_ldap_status_e;
  62.  
  63. typedef struct mod_vhost_ldap_config_t {
  64. mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
  65.  
  66. /* These parameters are all derived from the VhostLDAPURL directive */
  67. char *url; /* String representation of LDAP URL */
  68.  
  69. char *host; /* Name of the LDAP server (or space separated list) */
  70. int port; /* Port of the LDAP server */
  71. char *basedn; /* Base DN to do all searches from */
  72. int scope; /* Scope of the search */
  73. char *filter; /* Filter to further limit the search */
  74. deref_options deref; /* how to handle alias dereferening */
  75.  
  76. char *binddn; /* DN to bind to server (can be NULL) */
  77. char *bindpw; /* Password to bind to server (can be NULL) */
  78.  
  79. int have_deref; /* Set if we have found an Deref option */
  80. int have_ldap_url; /* Set if we have found an LDAP url */
  81.  
  82. int secure; /* True if SSL connections are requested */
  83.  
  84. char *fallback; /* Fallback virtual host */
  85.  
  86. int wildcard; /* Do wildcard search if host not found */
  87.  
  88. } mod_vhost_ldap_config_t;
  89.  
  90. typedef struct mod_vhost_ldap_request_t {
  91. char *dn; /* The saved dn from a successful search */
  92. char *name; /* ServerName */
  93. char *admin; /* ServerAdmin */
  94. char *docroot; /* DocumentRoot */
  95. char *cgiroot; /* ScriptAlias */
  96. char *uid; /* Suexec Uid */
  97. char *gid; /* Suexec Gid */
  98. } mod_vhost_ldap_request_t;
  99.  
  100. char *attributes[] =
  101. { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 };
  102.  
  103. static int total_modules;
  104.  
  105. #if (APR_MAJOR_VERSION >= 1)
  106. static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
  107. static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
  108. static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
  109. static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
  110. static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
  111. static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
  112. static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
  113.  
  114. static void ImportULDAPOptFn(void)
  115. {
  116. util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
  117. util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
  118. util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
  119. util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
  120. util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
  121. util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
  122. util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
  123. }
  124. #endif
  125.  
  126. static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
  127. {
  128. module **m;
  129.  
  130. /* Stolen from modules/generators/mod_cgid.c */
  131. total_modules = 0;
  132. for (m = ap_preloaded_modules; *m != NULL; m++)
  133. total_modules++;
  134.  
  135. /* make sure that mod_ldap (util_ldap) is loaded */
  136. if (ap_find_linked_module("util_ldap.c") == NULL) {
  137. ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
  138. "Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
  139. "must be loaded in order for mod_vhost_ldap to function properly");
  140. return HTTP_INTERNAL_SERVER_ERROR;
  141.  
  142. }
  143.  
  144. ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
  145.  
  146. return OK;
  147. }
  148.  
  149. static void *
  150. mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s)
  151. {
  152. mod_vhost_ldap_config_t *conf =
  153. (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
  154.  
  155. conf->enabled = MVL_UNSET;
  156. conf->have_ldap_url = 0;
  157. conf->have_deref = 0;
  158. conf->binddn = NULL;
  159. conf->bindpw = NULL;
  160. conf->deref = always;
  161. conf->fallback = NULL;
  162. conf->wildcard = MVL_ENABLED;
  163.  
  164. return conf;
  165. }
  166.  
  167. static void *
  168. mod_vhost_ldap_merge_server_config(apr_pool_t *p, void *parentv, void *childv)
  169. {
  170. mod_vhost_ldap_config_t *parent = (mod_vhost_ldap_config_t *) parentv;
  171. mod_vhost_ldap_config_t *child = (mod_vhost_ldap_config_t *) childv;
  172. mod_vhost_ldap_config_t *conf =
  173. (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
  174.  
  175. conf->enabled = (child->enabled != MVL_UNSET) ? child->enabled : parent->enabled;
  176.  
  177. if (child->have_ldap_url) {
  178. conf->have_ldap_url = child->have_ldap_url;
  179. conf->url = child->url;
  180. conf->host = child->host;
  181. conf->port = child->port;
  182. conf->basedn = child->basedn;
  183. conf->scope = child->scope;
  184. conf->filter = child->filter;
  185. conf->secure = child->secure;
  186. } else {
  187. conf->have_ldap_url = parent->have_ldap_url;
  188. conf->url = parent->url;
  189. conf->host = parent->host;
  190. conf->port = parent->port;
  191. conf->basedn = parent->basedn;
  192. conf->scope = parent->scope;
  193. conf->filter = parent->filter;
  194. conf->secure = parent->secure;
  195. }
  196. if (child->have_deref) {
  197. conf->have_deref = child->have_deref;
  198. conf->deref = child->deref;
  199. } else {
  200. conf->have_deref = parent->have_deref;
  201. conf->deref = parent->deref;
  202. }
  203.  
  204. conf->binddn = (child->binddn ? child->binddn : parent->binddn);
  205. conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
  206.  
  207. conf->fallback = (child->fallback ? child->fallback : parent->fallback);
  208.  
  209. conf->wildcard = (child->wildcard != MVL_UNSET) ? child->wildcard : parent->wildcard;
  210.  
  211. return conf;
  212. }
  213.  
  214. /*
  215. * Use the ldap url parsing routines to break up the ldap url into
  216. * host and port.
  217. */
  218. static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd,
  219. void *dummy,
  220. const char *url)
  221. {
  222. int result;
  223. apr_ldap_url_desc_t *urld;
  224. #if (APR_MAJOR_VERSION >= 1)
  225. apr_ldap_err_t *result_err;
  226. #endif
  227.  
  228. mod_vhost_ldap_config_t *conf =
  229. (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
  230. &vhost_ldap_module);
  231.  
  232. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
  233. cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
  234. url);
  235.  
  236. #if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
  237. result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
  238. if (result != LDAP_SUCCESS) {
  239. return result_err->reason;
  240. }
  241. #else
  242. result = apr_ldap_url_parse(url, &(urld));
  243. if (result != LDAP_SUCCESS) {
  244. switch (result) {
  245. case LDAP_URL_ERR_NOTLDAP:
  246. return "LDAP URL does not begin with ldap://";
  247. case LDAP_URL_ERR_NODN:
  248. return "LDAP URL does not have a DN";
  249. case LDAP_URL_ERR_BADSCOPE:
  250. return "LDAP URL has an invalid scope";
  251. case LDAP_URL_ERR_MEM:
  252. return "Out of memory parsing LDAP URL";
  253. default:
  254. return "Could not parse LDAP URL";
  255. }
  256. }
  257. #endif
  258. conf->url = apr_pstrdup(cmd->pool, url);
  259.  
  260. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
  261. cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
  262. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
  263. cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
  264. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
  265. cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
  266. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
  267. cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
  268. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
  269. cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
  270. (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
  271. urld->lud_scope == LDAP_SCOPE_BASE? "base" :
  272. urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
  273. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
  274. cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
  275.  
  276. /* Set all the values, or at least some sane defaults */
  277. if (conf->host) {
  278. char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
  279. strcpy(p, urld->lud_host);
  280. strcat(p, " ");
  281. strcat(p, conf->host);
  282. conf->host = p;
  283. }
  284. else {
  285. conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
  286. }
  287. conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
  288.  
  289. conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
  290. LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
  291.  
  292. if (urld->lud_filter) {
  293. if (urld->lud_filter[0] == '(') {
  294. /*
  295. * Get rid of the surrounding parens; later on when generating the
  296. * filter, they'll be put back.
  297. */
  298. conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
  299. conf->filter[strlen(conf->filter)-1] = '\0';
  300. }
  301. else {
  302. conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
  303. }
  304. }
  305. else {
  306. conf->filter = "objectClass=apacheConfig";
  307. }
  308.  
  309. /* "ldaps" indicates secure ldap connections desired
  310. */
  311. if (strncasecmp(url, "ldaps", 5) == 0)
  312. {
  313. conf->secure = 1;
  314. conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
  315. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
  316. "LDAP: vhost_ldap using SSL connections");
  317. }
  318. else
  319. {
  320. conf->secure = 0;
  321. conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
  322. ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
  323. "LDAP: vhost_ldap not using SSL connections");
  324. }
  325.  
  326. conf->have_ldap_url = 1;
  327. #if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
  328. apr_ldap_free_urldesc(urld);
  329. #endif
  330. return NULL;
  331. }
  332.  
  333. static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled)
  334. {
  335. mod_vhost_ldap_config_t *conf =
  336. (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
  337. &vhost_ldap_module);
  338.  
  339. conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
  340.  
  341. return NULL;
  342. }
  343.  
  344. static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn)
  345. {
  346. mod_vhost_ldap_config_t *conf =
  347. (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
  348. &vhost_ldap_module);
  349.  
  350. conf->binddn = apr_pstrdup(cmd->pool, binddn);
  351. return NULL;
  352. }
  353.  
  354. static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw)
  355. {
  356. mod_vhost_ldap_config_t *conf =
  357. (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
  358. &vhost_ldap_module);
  359.  
  360. conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
  361. return NULL;
  362. }
  363.  
  364. static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref)
  365. {
  366. mod_vhost_ldap_config_t *conf =
  367. (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
  368. &vhost_ldap_module);
  369.  
  370. if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) {
  371. conf->deref = never;
  372. conf->have_deref = 1;
  373. }
  374. else if (strcmp(deref, "searching") == 0) {
  375. conf->deref = searching;
  376. conf->have_deref = 1;
  377. }
  378. else if (strcmp(deref, "finding") == 0) {
  379. conf->deref = finding;
  380. conf->have_deref = 1;
  381. }
  382. else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) {
  383. conf->deref = always;
  384. conf->have_deref = 1;
  385. }
  386. else {
  387. return "Unrecognized value for VhostLDAPAliasDereference directive";
  388. }
  389. return NULL;
  390. }
  391.  
  392. static const char *mod_vhost_ldap_set_fallback(cmd_parms *cmd, void *dummy, const char *fallback)
  393. {
  394. mod_vhost_ldap_config_t *conf =
  395. (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
  396. &vhost_ldap_module);
  397.  
  398. conf->fallback = apr_pstrdup(cmd->pool, fallback);
  399. return NULL;
  400. }
  401.  
  402. static const char *mod_vhost_ldap_set_wildcard(cmd_parms *cmd, void *dummy, int wildcard)
  403. {
  404. mod_vhost_ldap_config_t *conf =
  405. (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
  406. &vhost_ldap_module);
  407.  
  408. conf->wildcard = (wildcard) ? MVL_ENABLED : MVL_DISABLED;
  409.  
  410. return NULL;
  411. }
  412.  
  413. command_rec mod_vhost_ldap_cmds[] = {
  414. AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
  415. "URL to define LDAP connection. This should be an RFC 2255 compliant\n"
  416. "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
  417. "<ul>\n"
  418. "<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
  419. "to specify redundant servers.\n"
  420. "<li>Port is optional, and specifies the port to connect to.\n"
  421. "<li>basedn specifies the base DN to start searches from\n"
  422. "</ul>\n"),
  423.  
  424. AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
  425. "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
  426.  
  427. AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
  428. "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
  429.  
  430. AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
  431. "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
  432.  
  433. AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
  434. "Determines how aliases are handled during a search. Can be one of the"
  435. "values \"never\", \"searching\", \"finding\", or \"always\". "
  436. "Defaults to always."),
  437.  
  438. AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
  439. "Set default virtual host which will be used when requested hostname"
  440. "is not found in LDAP database. This option can be used to display"
  441. "\"virtual host not found\" type of page."),
  442.  
  443. AP_INIT_FLAG("VhostLDAPWildcard", mod_vhost_ldap_set_wildcard, NULL, RSRC_CONF,
  444. "Set to off to disable wildcard search if the requested hostname is not found."),
  445.  
  446. {NULL}
  447. };
  448.  
  449. #define FILTER_LENGTH MAX_STRING_LEN
  450. static int mod_vhost_ldap_translate_name(request_rec *r)
  451. {
  452. mod_vhost_ldap_request_t *reqc;
  453. int failures = 0;
  454. const char **vals = NULL;
  455. char filtbuf[FILTER_LENGTH];
  456. mod_vhost_ldap_config_t *conf =
  457. (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
  458. #ifndef HAS_PER_REQUEST_DOCUMENT_ROOT
  459. core_server_config *core =
  460. (core_server_config *)ap_get_module_config(r->server->module_config, &core_module);
  461. #endif
  462. util_ldap_connection_t *ldc = NULL;
  463. int result = 0;
  464. const char *dn = NULL;
  465. char *cgi;
  466. const char *hostname = NULL;
  467. int is_fallback = 0;
  468. int sleep0 = 0;
  469. int sleep1 = 1;
  470. int sleep;
  471. struct berval hostnamebv, shostnamebv;
  472. char **document_root_ptr;
  473. int ret = DECLINED;
  474.  
  475. reqc =
  476. (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
  477. memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
  478.  
  479. ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
  480.  
  481. // mod_vhost_ldap is disabled or we don't have LDAP Url
  482. if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
  483. return DECLINED;
  484. }
  485.  
  486. start_over:
  487.  
  488. if (conf->host) {
  489. ldc = util_ldap_connection_find(r, conf->host, conf->port,
  490. conf->binddn, conf->bindpw, conf->deref,
  491. conf->secure);
  492. }
  493. else {
  494. ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
  495. "[mod_vhost_ldap.c] translate: no conf->host - weird...?");
  496. return HTTP_INTERNAL_SERVER_ERROR;
  497. }
  498.  
  499. hostname = r->hostname;
  500. if (hostname == NULL || hostname[0] == '\0')
  501. goto null;
  502.  
  503. fallback:
  504.  
  505. ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
  506. "[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]",
  507. hostname, r->uri);
  508.  
  509. ber_str2bv(hostname, 0, 0, &hostnamebv);
  510. if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0)
  511. goto null;
  512. apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val);
  513. ber_memfree(shostnamebv.bv_val);
  514.  
  515. result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
  516. attributes, filtbuf, &dn, &vals);
  517.  
  518. util_ldap_connection_close(ldc);
  519.  
  520. /* sanity check - if server is down, retry it up to 5 times */
  521. if (AP_LDAP_IS_SERVER_DOWN(result) ||
  522. (result == LDAP_TIMEOUT) ||
  523. (result == LDAP_CONNECT_ERROR)) {
  524. sleep = sleep0 + sleep1;
  525. ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
  526. "[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds",
  527. failures, sleep);
  528. if (failures++ < MAX_FAILURES) {
  529. /* Back-off exponentially */
  530. apr_sleep(apr_time_from_sec(sleep));
  531. sleep0 = sleep1;
  532. sleep1 = sleep;
  533. goto start_over;
  534. } else {
  535. return HTTP_GATEWAY_TIME_OUT;
  536. }
  537. }
  538.  
  539. if (result == LDAP_NO_SUCH_OBJECT) {
  540. if (conf->wildcard == MVL_ENABLED) {
  541. if (strcmp(hostname, "*") != 0) {
  542. if (strncmp(hostname, "*.", 2) == 0)
  543. hostname += 2;
  544. hostname += strcspn(hostname, ".");
  545. hostname = apr_pstrcat(r->pool, "*", hostname, NULL);
  546. ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
  547. "[mod_vhost_ldap.c] translate: "
  548. "virtual host not found, trying wildcard %s",
  549. hostname);
  550. goto fallback;
  551. }
  552. }
  553.  
  554. null:
  555. if (conf->fallback && (is_fallback++ <= 0)) {
  556. ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
  557. "[mod_vhost_ldap.c] translate: "
  558. "virtual host %s not found, trying fallback %s",
  559. hostname, conf->fallback);
  560. hostname = conf->fallback;
  561. goto fallback;
  562. }
  563.  
  564. ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
  565. "[mod_vhost_ldap.c] translate: "
  566. "virtual host %s not found",
  567. hostname);
  568.  
  569. return HTTP_BAD_REQUEST;
  570. }
  571.  
  572. /* handle bind failure */
  573. if (result != LDAP_SUCCESS) {
  574. ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
  575. "[mod_vhost_ldap.c] translate: "
  576. "translate failed; virtual host %s; URI %s [%s]",
  577. hostname, r->uri, ldap_err2string(result));
  578. return HTTP_INTERNAL_SERVER_ERROR;
  579. }
  580.  
  581. /* mark the user and DN */
  582. reqc->dn = apr_pstrdup(r->pool, dn);
  583.  
  584. /* Optimize */
  585. if (vals) {
  586. int i = 0;
  587. while (attributes[i]) {
  588.  
  589. if (strcasecmp (attributes[i], "apacheServerName") == 0) {
  590. reqc->name = apr_pstrdup (r->pool, vals[i]);
  591. }
  592. else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) {
  593. reqc->admin = apr_pstrdup (r->pool, vals[i]);
  594. }
  595. else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) {
  596. reqc->docroot = apr_pstrdup (r->pool, vals[i]);
  597. }
  598. else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) {
  599. reqc->cgiroot = apr_pstrdup (r->pool, vals[i]);
  600. }
  601. else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) {
  602. reqc->uid = apr_pstrdup(r->pool, vals[i]);
  603. }
  604. else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) {
  605. reqc->gid = apr_pstrdup(r->pool, vals[i]);
  606. }
  607. i++;
  608. }
  609. }
  610.  
  611. ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
  612. "[mod_vhost_ldap.c]: loaded from ldap: "
  613. "apacheServerName: %s, "
  614. "apacheServerAdmin: %s, "
  615. "apacheDocumentRoot: %s, "
  616. "apacheScriptAlias: %s, "
  617. "apacheSuexecUid: %s, "
  618. "apacheSuexecGid: %s",
  619. reqc->name, reqc->admin, reqc->docroot, reqc->cgiroot, reqc->uid, reqc->gid);
  620.  
  621. if ((reqc->name == NULL)||(reqc->docroot == NULL)) {
  622. ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
  623. "[mod_vhost_ldap.c] translate: "
  624. "translate failed; ServerName or DocumentRoot not defined");
  625. return HTTP_INTERNAL_SERVER_ERROR;
  626. }
  627.  
  628. cgi = NULL;
  629.  
  630. if (reqc->cgiroot) {
  631. cgi = strstr(r->uri, "cgi-bin/");
  632. if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
  633. cgi = NULL;
  634. }
  635. }
  636. if (cgi) {
  637. /* Set exact filename for CGI script */
  638. cgi = apr_pstrcat(r->pool, reqc->cgiroot, cgi + strlen("cgi-bin"), NULL);
  639. if ((cgi = ap_server_root_relative(r->pool, cgi))) {
  640. ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
  641. "[mod_vhost_ldap.c]: ap_document_root is: %s",
  642. ap_document_root(r));
  643. r->filename = cgi;
  644. r->handler = "cgi-script";
  645. apr_table_setn(r->notes, "alias-forced-type", r->handler);
  646. ret = OK;
  647. }
  648. } else if (r->uri[0] == '/') {
  649. /* we don't set r->filename here, and let other modules do it
  650. * this allows other modules (mod_rewrite.c) to work as usual
  651. */
  652. /* r->filename = apr_pstrcat (r->pool, reqc->docroot, r->uri, NULL); */
  653. } else {
  654. /* We don't handle non-file requests here */
  655. return DECLINED;
  656. }
  657.  
  658. #ifndef HAS_PER_REQUEST_DOCUMENT_ROOT
  659.  
  660. if ((r->server = apr_pmemdup(r->pool, r->server, sizeof(*r->server))) == NULL) {
  661. ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
  662. "[mod_vhost_ldap.c] translate: "
  663. "translate failed; Unable to copy r->server structure");
  664. return HTTP_INTERNAL_SERVER_ERROR;
  665. }
  666.  
  667. r->server->server_hostname = reqc->name;
  668.  
  669. if (reqc->admin) {
  670. r->server->server_admin = reqc->admin;
  671. }
  672.  
  673. if ((r->server->module_config = apr_pmemdup(r->pool, r->server->module_config,
  674. sizeof(void *) *
  675. (total_modules + DYNAMIC_MODULE_LIMIT))) == NULL) {
  676. ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
  677. "[mod_vhost_ldap.c] translate: "
  678. "translate failed; Unable to copy r->server->module_config structure");
  679. return HTTP_INTERNAL_SERVER_ERROR;
  680. }
  681.  
  682. if ((core = apr_pmemdup(r->pool, core, sizeof(*core))) == NULL) {
  683. ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r,
  684. "[mod_vhost_ldap.c] translate: "
  685. "translate failed; Unable to copy r->core structure");
  686. return HTTP_INTERNAL_SERVER_ERROR;
  687. }
  688. ap_set_module_config(r->server->module_config, &core_module, core);
  689.  
  690. document_root_ptr = (char **)&core->ap_document_root;
  691. #else
  692. document_root_ptr = (char **)&r->document_root;
  693. #endif
  694.  
  695. /* Make it absolute, relative to ServerRoot */
  696. reqc->docroot = ap_server_root_relative(r->pool, reqc->docroot);
  697.  
  698. if (reqc->docroot == NULL) {
  699. ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
  700. "[mod_vhost_ldap.c] set_document_root: DocumentRoot must be a directory");
  701.  
  702. return HTTP_INTERNAL_SERVER_ERROR;
  703. }
  704.  
  705. /* TODO: ap_configtestonly && ap_docrootcheck && */
  706. if (apr_filepath_merge(document_root_ptr, NULL, reqc->docroot,
  707. APR_FILEPATH_TRUENAME, r->pool) != APR_SUCCESS
  708. || !ap_is_directory(r->pool, reqc->docroot)) {
  709.  
  710. ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
  711. "[mod_vhost_ldap.c] set_document_root: Warning: DocumentRoot [%s] does not exist",
  712. reqc->docroot);
  713. *document_root_ptr = reqc->docroot;
  714. }
  715.  
  716. /* Return DECLINE to allow post-processing by other modules (mod_rewrite, mod_alias) */
  717. return ret;
  718. }
  719.  
  720. #ifdef HAVE_UNIX_SUEXEC
  721. static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r)
  722. {
  723. ap_unix_identity_t *ugid = NULL;
  724. mod_vhost_ldap_config_t *conf =
  725. (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
  726. &vhost_ldap_module);
  727. mod_vhost_ldap_request_t *req =
  728. (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
  729. &vhost_ldap_module);
  730.  
  731. uid_t uid = -1;
  732. gid_t gid = -1;
  733.  
  734. core_dir_config *coreconf =
  735. (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
  736.  
  737. ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
  738. "OLOLO: "
  739. "MY OPTION: %s",
  740. coreconf->d);
  741.  
  742. // mod_vhost_ldap is disabled or we don't have LDAP Url
  743. if ((conf->enabled != MVL_ENABLED)||(!conf->have_ldap_url)) {
  744. return NULL;
  745. }
  746.  
  747. if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) {
  748. return NULL;
  749. }
  750.  
  751. if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
  752. return NULL;
  753. }
  754.  
  755. uid = (uid_t)atoll(req->uid);
  756. gid = (gid_t)atoll(req->gid);
  757.  
  758. if ((uid < MIN_UID)||(gid < MIN_GID)) {
  759. return NULL;
  760. }
  761.  
  762. ugid->uid = uid;
  763. ugid->gid = gid;
  764. ugid->userdir = 0;
  765.  
  766. return ugid;
  767. }
  768. #endif
  769.  
  770. static void
  771. mod_vhost_ldap_register_hooks (apr_pool_t * p)
  772. {
  773.  
  774. /*
  775. * Run before mod_rewrite
  776. */
  777. static const char * const aszRewrite[]={ "mod_rewrite.c", NULL };
  778.  
  779. ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
  780. ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
  781. #ifdef HAVE_UNIX_SUEXEC
  782. ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
  783. #endif
  784. #if (APR_MAJOR_VERSION >= 1)
  785. ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
  786. #endif
  787. }
  788.  
  789. module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
  790. STANDARD20_MODULE_STUFF,
  791. NULL,
  792. NULL,
  793. mod_vhost_ldap_create_server_config,
  794. mod_vhost_ldap_merge_server_config,
  795. mod_vhost_ldap_cmds,
  796. mod_vhost_ldap_register_hooks,
  797. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!