Context Navigation

source: trunk/server/common/oursrc/httpdmods/mod_vhost_ldap.c @ 2755

Last change on this file since 2755 was 2755, checked in by andersk, 8 years ago
mod_vhost_ldap: Use scriptsVhost records rather than apacheConfig records This will let us kill off the redundant apacheConfig records. It relies on the following CoS template in LDAP to make the homeDirectory, uidNumber, and gidNumber fields available as generated attributes in the scriptsVhost records. dn: cn=vhostOwnerCoS,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu cn: vhostOwnerCoS objectClass: top objectClass: ldapSubEntry objectClass: cosSuperDefinition objectClass: cosIndirectDefinition cosIndirectSpecifier: scriptsVhostAccount cosAttribute: homeDirectory operational cosAttribute: uid operational cosAttribute: uidNumber operational cosAttribute: gidNumber operational
Property svn:eol-style set to `native`
File size: 24.5 KB

Line
1	/* ============================================================
2	* Copyright (c) 2003-2004, Ondrej Sury
3	* All rights reserved.
4	*
5	* Licensed under the Apache License, Version 2.0 (the "License");
6	* you may not use this file except in compliance with the License.
7	* You may obtain a copy of the License at
8	*
9	* http://www.apache.org/licenses/LICENSE-2.0
10	*
11	* Unless required by applicable law or agreed to in writing, software
12	* distributed under the License is distributed on an "AS IS" BASIS,
13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	* See the License for the specific language governing permissions and
15	* limitations under the License.
16	*
17	*/
18
19	/*
20	* mod_vhost_ldap.c --- read virtual host config from LDAP directory
21	*/
22
23	#define CORE_PRIVATE
24
25	#include <unistd.h>
26
27	#include "httpd.h"
28	#include "http_config.h"
29	#include "http_core.h"
30	#include "http_log.h"
31	#include "http_request.h"
32	#include "apr_version.h"
33	#include "apr_ldap.h"
34	#include "apr_reslist.h"
35	#include "apr_strings.h"
36	#include "apr_tables.h"
37	#include "util_ldap.h"
38	#include "util_script.h"
39
40	#if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP)
41	#error mod_vhost_ldap requires APR-util to have LDAP support built in
42	#endif
43
44	#if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)
45	#define HAVE_UNIX_SUEXEC
46	#endif
47
48	#ifdef HAVE_UNIX_SUEXEC
49	#include "unixd.h" /* Contains the suexec_identity hook used on Unix */
50	#endif
51
52	#define MIN_UID 100
53	#define MIN_GID 100
54	const char USERDIR[] = "web_scripts";
55
56	#define MAX_FAILURES 5
57
58	module AP_MODULE_DECLARE_DATA vhost_ldap_module;
59
60	typedef enum {
61	MVL_UNSET, MVL_DISABLED, MVL_ENABLED
62	} mod_vhost_ldap_status_e;
63
64	typedef struct mod_vhost_ldap_config_t {
65	mod_vhost_ldap_status_e enabled; /* Is vhost_ldap enabled? */
66
67	/* These parameters are all derived from the VhostLDAPURL directive */
68	char url; / String representation of LDAP URL */
69
70	char host; / Name of the LDAP server (or space separated list) */
71	int port; /* Port of the LDAP server */
72	char basedn; / Base DN to do all searches from */
73	int scope; /* Scope of the search */
74	char filter; / Filter to further limit the search */
75	deref_options deref; /* how to handle alias dereferening */
76
77	char binddn; / DN to bind to server (can be NULL) */
78	char bindpw; / Password to bind to server (can be NULL) */
79
80	int have_deref; /* Set if we have found an Deref option */
81	int have_ldap_url; /* Set if we have found an LDAP url */
82
83	int secure; /* True if SSL connections are requested */
84
85	char fallback; / Fallback virtual host */
86
87	} mod_vhost_ldap_config_t;
88
89	typedef struct mod_vhost_ldap_request_t {
90	char dn; / The saved dn from a successful search */
91	char name; / ServerName */
92	char home; / HOME */
93	char directory; / DocumentRoot relative to HOME/web_scripts */
94	char uid; / Suexec Uid */
95	char gid; / Suexec Gid */
96	} mod_vhost_ldap_request_t;
97
98	char *attributes[] =
99	{ "scriptsVhostName", "homeDirectory", "scriptsVhostDirectory", "uidNumber", "gidNumber", 0 };
100
101	static int total_modules;
102
103	#if (APR_MAJOR_VERSION >= 1)
104	static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close;
105	static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find;
106	static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn;
107	static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare;
108	static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid;
109	static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn;
110	static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported;
111
112	static void ImportULDAPOptFn(void)
113	{
114	util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close);
115	util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find);
116	util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn);
117	util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare);
118	util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid);
119	util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn);
120	util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported);
121	}
122	#endif
123
124	static int mod_vhost_ldap_post_config(apr_pool_t p, apr_pool_t plog, apr_pool_t ptemp, server_rec s)
125	{
126	module **m;
127
128	/* Stolen from modules/generators/mod_cgid.c */
129	total_modules = 0;
130	for (m = ap_preloaded_modules; *m != NULL; m++)
131	total_modules++;
132
133	/* make sure that mod_ldap (util_ldap) is loaded */
134	if (ap_find_linked_module("util_ldap.c") == NULL) {
135	ap_log_error(APLOG_MARK, APLOG_ERR\|APLOG_NOERRNO, 0, s,
136	"Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
137	"must be loaded in order for mod_vhost_ldap to function properly");
138	return HTTP_INTERNAL_SERVER_ERROR;
139
140	}
141
142	ap_add_version_component(p, MOD_VHOST_LDAP_VERSION);
143
144	return OK;
145	}
146
147	static void *
148	mod_vhost_ldap_create_server_config (apr_pool_t p, server_rec s)
149	{
150	mod_vhost_ldap_config_t *conf =
151	(mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t));
152
153	conf->enabled = MVL_UNSET;
154	conf->have_ldap_url = 0;
155	conf->have_deref = 0;
156	conf->binddn = NULL;
157	conf->bindpw = NULL;
158	conf->deref = always;
159	conf->fallback = NULL;
160
161	return conf;
162	}
163
164	static void *
165	mod_vhost_ldap_merge_server_config(apr_pool_t p, void parentv, void *childv)
166	{
167	mod_vhost_ldap_config_t parent = (mod_vhost_ldap_config_t ) parentv;
168	mod_vhost_ldap_config_t child = (mod_vhost_ldap_config_t ) childv;
169	mod_vhost_ldap_config_t *conf =
170	(mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof(mod_vhost_ldap_config_t));
171
172	if (child->enabled == MVL_UNSET) {
173	conf->enabled = parent->enabled;
174	} else {
175	conf->enabled = child->enabled;
176	}
177
178	if (child->have_ldap_url) {
179	conf->have_ldap_url = child->have_ldap_url;
180	conf->url = child->url;
181	conf->host = child->host;
182	conf->port = child->port;
183	conf->basedn = child->basedn;
184	conf->scope = child->scope;
185	conf->filter = child->filter;
186	conf->secure = child->secure;
187	} else {
188	conf->have_ldap_url = parent->have_ldap_url;
189	conf->url = parent->url;
190	conf->host = parent->host;
191	conf->port = parent->port;
192	conf->basedn = parent->basedn;
193	conf->scope = parent->scope;
194	conf->filter = parent->filter;
195	conf->secure = parent->secure;
196	}
197	if (child->have_deref) {
198	conf->have_deref = child->have_deref;
199	conf->deref = child->deref;
200	} else {
201	conf->have_deref = parent->have_deref;
202	conf->deref = parent->deref;
203	}
204
205	conf->binddn = (child->binddn ? child->binddn : parent->binddn);
206	conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw);
207
208	conf->fallback = (child->fallback ? child->fallback : parent->fallback);
209
210	return conf;
211	}
212
213	/*
214	* Use the ldap url parsing routines to break up the ldap url into
215	* host and port.
216	*/
217	static const char mod_vhost_ldap_parse_url(cmd_parms cmd,
218	void *dummy,
219	const char *url)
220	{
221	int result;
222	apr_ldap_url_desc_t *urld;
223	#if (APR_MAJOR_VERSION >= 1)
224	apr_ldap_err_t *result_err;
225	#endif
226
227	mod_vhost_ldap_config_t *conf =
228	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
229	&vhost_ldap_module);
230
231	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
232	cmd->server, "[mod_vhost_ldap.c] url parse: `%s'",
233	url);
234
235	#if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */
236	result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err));
237	if (result != LDAP_SUCCESS) {
238	return result_err->reason;
239	}
240	#else
241	result = apr_ldap_url_parse(url, &(urld));
242	if (result != LDAP_SUCCESS) {
243	switch (result) {
244	case LDAP_URL_ERR_NOTLDAP:
245	return "LDAP URL does not begin with ldap://";
246	case LDAP_URL_ERR_NODN:
247	return "LDAP URL does not have a DN";
248	case LDAP_URL_ERR_BADSCOPE:
249	return "LDAP URL has an invalid scope";
250	case LDAP_URL_ERR_MEM:
251	return "Out of memory parsing LDAP URL";
252	default:
253	return "Could not parse LDAP URL";
254	}
255	}
256	#endif
257	conf->url = apr_pstrdup(cmd->pool, url);
258
259	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
260	cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host);
261	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
262	cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port);
263	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
264	cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn);
265	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
266	cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)");
267	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
268	cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s",
269	(urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" :
270	urld->lud_scope == LDAP_SCOPE_BASE? "base" :
271	urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown"));
272	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0,
273	cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter);
274
275	/* Set all the values, or at least some sane defaults */
276	if (conf->host) {
277	char *p = apr_palloc(cmd->pool, strlen(conf->host) + strlen(urld->lud_host) + 2);
278	strcpy(p, urld->lud_host);
279	strcat(p, " ");
280	strcat(p, conf->host);
281	conf->host = p;
282	}
283	else {
284	conf->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost";
285	}
286	conf->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
287
288	conf->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ?
289	LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE;
290
291	if (urld->lud_filter) {
292	if (urld->lud_filter[0] == '(') {
293	/*
294	* Get rid of the surrounding parens; later on when generating the
295	* filter, they'll be put back.
296	*/
297	conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1);
298	conf->filter[strlen(conf->filter)-1] = '\0';
299	}
300	else {
301	conf->filter = apr_pstrdup(cmd->pool, urld->lud_filter);
302	}
303	}
304	else {
305	conf->filter = "objectClass=scriptsVhost";
306	}
307
308	/* "ldaps" indicates secure ldap connections desired
309	*/
310	if (strncasecmp(url, "ldaps", 5) == 0)
311	{
312	conf->secure = 1;
313	conf->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
314	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, cmd->server,
315	"LDAP: vhost_ldap using SSL connections");
316	}
317	else
318	{
319	conf->secure = 0;
320	conf->port = urld->lud_port? urld->lud_port : LDAP_PORT;
321	ap_log_error(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, cmd->server,
322	"LDAP: vhost_ldap not using SSL connections");
323	}
324
325	conf->have_ldap_url = 1;
326	#if (APR_MAJOR_VERSION < 1) /* free only required for older apr */
327	apr_ldap_free_urldesc(urld);
328	#endif
329	return NULL;
330	}
331
332	static const char mod_vhost_ldap_set_enabled(cmd_parms cmd, void *dummy, int enabled)
333	{
334	mod_vhost_ldap_config_t *conf =
335	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
336	&vhost_ldap_module);
337
338	conf->enabled = (enabled) ? MVL_ENABLED : MVL_DISABLED;
339
340	return NULL;
341	}
342
343	static const char mod_vhost_ldap_set_binddn(cmd_parms cmd, void dummy, const char binddn)
344	{
345	mod_vhost_ldap_config_t *conf =
346	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
347	&vhost_ldap_module);
348
349	conf->binddn = apr_pstrdup(cmd->pool, binddn);
350	return NULL;
351	}
352
353	static const char mod_vhost_ldap_set_bindpw(cmd_parms cmd, void dummy, const char bindpw)
354	{
355	mod_vhost_ldap_config_t *conf =
356	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
357	&vhost_ldap_module);
358
359	conf->bindpw = apr_pstrdup(cmd->pool, bindpw);
360	return NULL;
361	}
362
363	static const char mod_vhost_ldap_set_deref(cmd_parms cmd, void dummy, const char deref)
364	{
365	mod_vhost_ldap_config_t *conf =
366	(mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config,
367	&vhost_ldap_module);
368
369	if (strcmp(deref, "never") == 0 \|\| strcasecmp(deref, "off") == 0) {
370	conf->deref = never;
371	conf->have_deref = 1;
372	}
373	else if (strcmp(deref, "searching") == 0) {
374	conf->deref = searching;
375	conf->have_deref = 1;
376	}
377	else if (strcmp(deref, "finding") == 0) {
378	conf->deref = finding;
379	conf->have_deref = 1;
380	}
381	else if (strcmp(deref, "always") == 0 \|\| strcasecmp(deref, "on") == 0) {
382	conf->deref = always;
383	conf->have_deref = 1;
384	}
385	else {
386	return "Unrecognized value for VhostLDAPAliasDereference directive";
387	}
388	return NULL;
389	}
390
391	static const char mod_vhost_ldap_set_fallback(cmd_parms cmd, void dummy, const char fallback)
392	{
393	mod_vhost_ldap_config_t *conf =
394	(mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config,
395	&vhost_ldap_module);
396
397	conf->fallback = apr_pstrdup(cmd->pool, fallback);
398	return NULL;
399	}
400
401	static int reconfigure_directive(apr_pool_t *p,
402	server_rec *s,
403	const char *dir,
404	const char *args)
405	{
406	ap_directive_t dir_s = { .directive = dir, .args = args, .next = NULL,
407	.line_num = 0, .filename = "VhostLDAPConf" };
408	return ap_process_config_tree(s, &dir_s, p, p);
409	}
410
411	command_rec mod_vhost_ldap_cmds[] = {
412	AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF,
413	"URL to define LDAP connection. This should be an RFC 2255 compliant\n"
414	"URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
415	"<ul>\n"
416	"<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
417	"to specify redundant servers.\n"
418	"<li>Port is optional, and specifies the port to connect to.\n"
419	"<li>basedn specifies the base DN to start searches from\n"
420	"</ul>\n"),
421
422	AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF,
423	"DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
424
425	AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF,
426	"Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
427
428	AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF,
429	"Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"),
430
431	AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF,
432	"Determines how aliases are handled during a search. Can be one of the"
433	"values \"never\", \"searching\", \"finding\", or \"always\". "
434	"Defaults to always."),
435
436	AP_INIT_TAKE1("VhostLDAPFallback", mod_vhost_ldap_set_fallback, NULL, RSRC_CONF,
437	"Set default virtual host which will be used when requested hostname"
438	"is not found in LDAP database. This option can be used to display"
439	"\"virtual host not found\" type of page."),
440
441	{NULL}
442	};
443
444	#define FILTER_LENGTH MAX_STRING_LEN
445	static int mod_vhost_ldap_translate_name(request_rec *r)
446	{
447	server_rec *server;
448	const char *error;
449	int code;
450	mod_vhost_ldap_request_t *reqc;
451	int failures = 0;
452	const char **vals = NULL;
453	char filtbuf[FILTER_LENGTH];
454	mod_vhost_ldap_config_t *conf =
455	(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module);
456	util_ldap_connection_t *ldc = NULL;
457	int result = 0;
458	const char *dn = NULL;
459	const char *hostname = NULL;
460	int is_fallback = 0;
461	int sleep0 = 0;
462	int sleep1 = 1;
463	int sleep;
464	struct berval hostnamebv, shostnamebv;
465
466	if ((error = ap_init_virtual_host(r->pool, "", r->server, &server)) != NULL) {
467	ap_log_rerror(APLOG_MARK, APLOG_ERR\|APLOG_NOERRNO, 0, r,
468	"[mod_vhost_ldap.c]: Could not initialize a new VirtualHost: %s",
469	error);
470	return HTTP_INTERNAL_SERVER_ERROR;
471	}
472
473	reqc =
474	(mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t));
475	memset(reqc, 0, sizeof(mod_vhost_ldap_request_t));
476
477	ap_set_module_config(r->request_config, &vhost_ldap_module, reqc);
478
479	// mod_vhost_ldap is disabled or we don't have LDAP Url
480	if ((conf->enabled != MVL_ENABLED)\|\|(!conf->have_ldap_url)) {
481	return DECLINED;
482	}
483
484	start_over:
485
486	if (conf->host) {
487	ldc = util_ldap_connection_find(r, conf->host, conf->port,
488	conf->binddn, conf->bindpw, conf->deref,
489	conf->secure);
490	}
491	else {
492	ap_log_rerror(APLOG_MARK, APLOG_WARNING\|APLOG_NOERRNO, 0, r,
493	"[mod_vhost_ldap.c] translate: no conf->host - weird...?");
494	return HTTP_INTERNAL_SERVER_ERROR;
495	}
496
497	hostname = r->hostname;
498	if (hostname == NULL \|\| hostname[0] == '\0')
499	goto null;
500
501	fallback:
502
503	ap_log_rerror(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, r,
504	"[mod_vhost_ldap.c]: translating hostname [%s], uri [%s]",
505	hostname, r->uri);
506
507	ber_str2bv(hostname, 0, 0, &hostnamebv);
508	if (ldap_bv2escaped_filter_value(&hostnamebv, &shostnamebv) != 0)
509	goto null;
510	apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(\|(scriptsVhostName=%s)(scriptsVhostAlias=%s)))", conf->filter, shostnamebv.bv_val, shostnamebv.bv_val);
511	ber_memfree(shostnamebv.bv_val);
512
513	result = util_ldap_cache_getuserdn(r, ldc, conf->url, conf->basedn, conf->scope,
514	attributes, filtbuf, &dn, &vals);
515
516	util_ldap_connection_close(ldc);
517
518	/* sanity check - if server is down, retry it up to 5 times */
519	if (AP_LDAP_IS_SERVER_DOWN(result) \|\|
520	(result == LDAP_TIMEOUT) \|\|
521	(result == LDAP_CONNECT_ERROR)) {
522	sleep = sleep0 + sleep1;
523	ap_log_rerror(APLOG_MARK, APLOG_WARNING\|APLOG_NOERRNO, 0, r,
524	"[mod_vhost_ldap.c]: lookup failure, retry number #[%d], sleeping for [%d] seconds",
525	failures, sleep);
526	if (failures++ < MAX_FAILURES) {
527	/* Back-off exponentially */
528	apr_sleep(apr_time_from_sec(sleep));
529	sleep0 = sleep1;
530	sleep1 = sleep;
531	goto start_over;
532	} else {
533	return HTTP_GATEWAY_TIME_OUT;
534	}
535	}
536
537	if (result == LDAP_NO_SUCH_OBJECT) {
538	if (strcmp(hostname, "*") != 0) {
539	if (strncmp(hostname, "*.", 2) == 0)
540	hostname += 2;
541	hostname += strcspn(hostname, ".");
542	hostname = apr_pstrcat(r->pool, "", hostname, (const char )NULL);
543	ap_log_rerror(APLOG_MARK, APLOG_NOTICE\|APLOG_NOERRNO, 0, r,
544	"[mod_vhost_ldap.c] translate: "
545	"virtual host not found, trying wildcard %s",
546	hostname);
547	goto fallback;
548	}
549
550	null:
551	if (conf->fallback && (is_fallback++ <= 0)) {
552	ap_log_rerror(APLOG_MARK, APLOG_NOTICE\|APLOG_NOERRNO, 0, r,
553	"[mod_vhost_ldap.c] translate: "
554	"virtual host %s not found, trying fallback %s",
555	hostname, conf->fallback);
556	hostname = conf->fallback;
557	goto fallback;
558	}
559
560	ap_log_rerror(APLOG_MARK, APLOG_WARNING\|APLOG_NOERRNO, 0, r,
561	"[mod_vhost_ldap.c] translate: "
562	"virtual host %s not found",
563	hostname);
564
565	return HTTP_BAD_REQUEST;
566	}
567
568	/* handle bind failure */
569	if (result != LDAP_SUCCESS) {
570	ap_log_rerror(APLOG_MARK, APLOG_WARNING\|APLOG_NOERRNO, 0, r,
571	"[mod_vhost_ldap.c] translate: "
572	"translate failed; virtual host %s; URI %s [%s]",
573	hostname, r->uri, ldap_err2string(result));
574	return HTTP_INTERNAL_SERVER_ERROR;
575	}
576
577	/* mark the user and DN */
578	reqc->dn = apr_pstrdup(r->pool, dn);
579
580	/* Optimize */
581	if (vals) {
582	int i;
583	for (i = 0; attributes[i]; i++) {
584
585	const char *directive;
586	char *val = apr_pstrdup (r->pool, vals[i]);
587	/* These do not correspond to any real directives */
588	if (strcasecmp (attributes[i], "uidNumber") == 0) {
589	reqc->uid = val;
590	continue;
591	}
592	else if (strcasecmp (attributes[i], "gidNumber") == 0) {
593	reqc->gid = val;
594	continue;
595	}
596	else if (strcasecmp (attributes[i], "homeDirectory") == 0) {
597	reqc->home = val;
598	continue;
599	}
600	else if (strcasecmp (attributes[i], "scriptsVhostDirectory") == 0) {
601	reqc->directory = val;
602	continue;
603	}
604
605	if (strcasecmp (attributes[i], "scriptsVhostName") == 0) {
606	reqc->name = val;
607	directive = "ServerName";
608	}
609	else {
610	/* This should not actually be reachable, but it's
611	good to cover all all possible cases */
612	ap_log_rerror(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, r,
613	"Unexpected attribute %s encountered", attributes[i]);
614	continue;
615	}
616
617	if (val == NULL)
618	continue;
619
620	if ((code = reconfigure_directive(r->pool, server, directive, val)) != 0)
621	return code;
622	}
623	}
624
625	ap_log_rerror(APLOG_MARK, APLOG_DEBUG\|APLOG_NOERRNO, 0, r,
626	"[mod_vhost_ldap.c]: loaded from ldap: "
627	"scriptsVhostName: %s, "
628	"homeDirectory: %s, "
629	"scriptsVhostDirectory: %s, "
630	"uidNumber: %s, "
631	"gidNumber: %s",
632	reqc->name, reqc->home, reqc->directory, reqc->uid, reqc->gid);
633
634	if (reqc->name == NULL \|\| reqc->home == NULL \|\| reqc->directory == NULL) {
635	ap_log_rerror(APLOG_MARK, APLOG_ERR\|APLOG_NOERRNO, 0, r,
636	"[mod_vhost_ldap.c] translate: "
637	"translate failed; ServerName or DocumentRoot not defined");
638	return HTTP_INTERNAL_SERVER_ERROR;
639	}
640
641	char *docroot =
642	strcmp(reqc->directory, ".") == 0 ?
643	apr_pstrcat(r->pool, reqc->home, "/web_scripts", (const char *)NULL) :
644	apr_pstrcat(r->pool, reqc->home, "/web_scripts/", reqc->directory, (const char *)NULL);
645	if ((code = reconfigure_directive(r->pool, server, "DocumentRoot", docroot)) != 0)
646	return code;
647
648	if (reqc->uid != NULL) {
649	char *username;
650	char *userdir_val;
651	uid_t uid = (uid_t) atoll(reqc->uid);
652
653	if ((code = reconfigure_directive(r->pool, server, "UserDir", USERDIR)) != 0)
654	return code;
655
656	/* Deal with ~ expansion */
657	if ((code = reconfigure_directive(r->pool, server, "UserDir", "disabled")) != 0)
658	return code;
659
660	if (apr_uid_name_get(&username, uid, r->pool) != APR_SUCCESS) {
661	ap_log_rerror(APLOG_MARK, APLOG_ERR\|APLOG_NOERRNO, 0, r,
662	"could not get username for uid %d", uid);
663	return HTTP_INTERNAL_SERVER_ERROR;
664	}
665
666	userdir_val = apr_pstrcat(r->pool, "enabled ", username, (const char *)NULL);
667
668	if ((code = reconfigure_directive(r->pool, server, "UserDir", userdir_val)) != 0)
669	return code;
670	}
671
672	ap_fixup_virtual_host(r->pool, r->server, server);
673	r->server = server;
674
675	/* Hack to allow post-processing by other modules (mod_rewrite, mod_alias) */
676	return DECLINED;
677	}
678
679	#ifdef HAVE_UNIX_SUEXEC
680	static ap_unix_identity_t mod_vhost_ldap_get_suexec_id_doer(const request_rec r)
681	{
682	ap_unix_identity_t *ugid = NULL;
683	mod_vhost_ldap_config_t *conf =
684	(mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config,
685	&vhost_ldap_module);
686	mod_vhost_ldap_request_t *req =
687	(mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config,
688	&vhost_ldap_module);
689
690	uid_t uid = -1;
691	gid_t gid = -1;
692
693	// mod_vhost_ldap is disabled or we don't have LDAP Url
694	if ((conf->enabled != MVL_ENABLED)\|\|(!conf->have_ldap_url)) {
695	return NULL;
696	}
697
698	if ((req == NULL)\|\|(req->uid == NULL)\|\|(req->gid == NULL)) {
699	return NULL;
700	}
701
702	if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) {
703	return NULL;
704	}
705
706	uid = (uid_t)atoll(req->uid);
707	gid = (gid_t)atoll(req->gid);
708
709	if ((uid < MIN_UID)\|\|(gid < MIN_GID)) {
710	return NULL;
711	}
712
713	ugid->uid = uid;
714	ugid->gid = gid;
715	ugid->userdir = 0;
716
717	return ugid;
718	}
719	#endif
720
721	static void
722	mod_vhost_ldap_register_hooks (apr_pool_t * p)
723	{
724
725	/*
726	* Run before mod_rewrite
727	*/
728	static const char * const aszRewrite[]={ "mod_rewrite.c", NULL };
729
730	ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE);
731	ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, aszRewrite, APR_HOOK_FIRST);
732	#ifdef HAVE_UNIX_SUEXEC
733	ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE);
734	#endif
735	#if (APR_MAJOR_VERSION >= 1)
736	ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE);
737	#endif
738	}
739
740	module AP_MODULE_DECLARE_DATA vhost_ldap_module = {
741	STANDARD20_MODULE_STUFF,
742	NULL,
743	NULL,
744	mod_vhost_ldap_create_server_config,
745	mod_vhost_ldap_merge_server_config,
746	mod_vhost_ldap_cmds,
747	mod_vhost_ldap_register_hooks,
748	};

Note: See TracBrowser for help on using the repository browser.

Download in other formats: