Only in mod_vhost_ldap: .cdtproject diff -ur /home/bart/development/sources/mod-vhost-ldap-1.0.0/ChangeLog mod_vhost_ldap/ChangeLog --- /home/bart/development/sources/mod-vhost-ldap-1.0.0/ChangeLog 2005-10-03 16:10:28.000000000 +0200 +++ mod_vhost_ldap/ChangeLog 2006-05-07 15:31:03.000000000 +0200 @@ -1,3 +1,14 @@ +2006-05-07 Bart Vanbrabant + * Add support for RedirectTo, Openbasedir and vhost expire + +2006-04-21 Bart Vanbrabant + * VERSION: 1.0.1 release + * mod_vhost_ldap.c: add support for apache-2.2.x + +2006-01-30 Ondřej Surý + * VERSION: 1.0.0 release + * Fix small memory leak when used in subrequest (e.g. fastcgi) + 2005-10-03 Ondřej Surý * mod_vhost_ldap.c: add support for running from subrequest (ie. mod_fastcgi) * VERSION: 0.2.9 release Only in mod_vhost_ldap: debian Only in mod_vhost_ldap: .libs diff -ur /home/bart/development/sources/mod-vhost-ldap-1.0.0/Makefile mod_vhost_ldap/Makefile --- /home/bart/development/sources/mod-vhost-ldap-1.0.0/Makefile 2005-08-30 15:45:58.000000000 +0200 +++ mod_vhost_ldap/Makefile 2006-05-07 14:27:56.000000000 +0200 @@ -1,4 +1,4 @@ -APXS=apxs2 +APXS=/usr/sbin/apxs VERSION=`cat VERSION` DISTFILES=`cat FILES` @@ -17,7 +17,7 @@ rm -rf mod_vhost_ldap-$(VERSION).tar.gz mod_vhost_ldap.o: mod_vhost_ldap.c - $(APXS) -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG -Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/$(VERSION)\\\" -c -lldap_r mod_vhost_ldap.c + $(APXS) -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG -Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/$(VERSION)\\\" -DWITH_PHP_OPENBASEDIR -c -lldap_r mod_vhost_ldap.c deb: make clean svn export svn+ssh://ondrej@svn.debian.org/svn/modvhostldap mod-vhost-ldap-`cat VERSION`.orig; diff -ur /home/bart/development/sources/mod-vhost-ldap-1.0.0/mod_vhost_ldap.c mod_vhost_ldap/mod_vhost_ldap.c --- /home/bart/development/sources/mod-vhost-ldap-1.0.0/mod_vhost_ldap.c 2006-01-20 16:20:01.000000000 +0100 +++ mod_vhost_ldap/mod_vhost_ldap.c 2006-05-07 23:53:04.000000000 +0200 @@ -1,5 +1,5 @@ /* ============================================================ - * Copyright (c) 2003-2004, Ondrej Sury + * Copyright (c) 2003-2006, Ondrej Sury * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,12 +29,34 @@ #include "http_core.h" #include "http_log.h" #include "http_request.h" +#include "apr_version.h" #include "apr_ldap.h" #include "apr_strings.h" #include "apr_reslist.h" #include "util_ldap.h" +#include -#ifndef APU_HAS_LDAP +#ifdef WITH_PHP_OPENBASEDIR +#include "zend.h" + +typedef struct { + HashTable config; +} php_conf_rec; + +typedef struct { + char *value; + size_t value_len; + char status; +} php_dir_entry; + +#define ZEND_INI_SYSTEM (1<<2) + +/* use this for php open_basedir */ +extern module AP_MODULE_DECLARE_DATA php5_module; +#endif + + +#if !defined(APU_HAS_LDAP) && !defined(APR_HAS_LDAP) #error mod_vhost_ldap requires APR-util to have LDAP support built in #endif @@ -66,18 +88,19 @@ char *basedn; /* Base DN to do all searches from */ int scope; /* Scope of the search */ char *filter; /* Filter to further limit the search */ - deref_options deref; /* how to handle alias dereferening */ + deref_options deref; /* how to handle alias dereferening */ char *binddn; /* DN to bind to server (can be NULL) */ char *bindpw; /* Password to bind to server (can be NULL) */ - int have_deref; /* Set if we have found an Deref option */ - int have_ldap_url; /* Set if we have found an LDAP url */ + int have_deref; /* Set if we have found an Deref option */ + int have_ldap_url; /* Set if we have found an LDAP url */ int secure; /* True if SSL connections are requested */ - char *fallback; /* Fallback virtual host */ - + char *fallback; /* Fallback virtual host */ + char *openbasedir; /* the shared openbasedir for all accounts, like pear and /tmp */ + size_t openbasedir_len; /* the length of this string */ } mod_vhost_ldap_config_t; typedef struct mod_vhost_ldap_request_t { @@ -88,10 +111,36 @@ char *cgiroot; /* ScriptAlias */ char *uid; /* Suexec Uid */ char *gid; /* Suexec Gid */ + char *redirect; /* Redirect the user to */ + char *openbasedir; /* php openbasedir restriction */ + int expire; /* the expire for this vhost */ } mod_vhost_ldap_request_t; char *attributes[] = - { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", "apacheServerAdmin", 0 }; + { "apacheServerName", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", + "apacheSuexecGid", "apacheServerAdmin", "apacheOpenBasedir", "apacheRedirectTo", + "apacheExpire", 0 }; + +#if (APR_MAJOR_VERSION >= 1) +static APR_OPTIONAL_FN_TYPE(uldap_connection_close) *util_ldap_connection_close; +static APR_OPTIONAL_FN_TYPE(uldap_connection_find) *util_ldap_connection_find; +static APR_OPTIONAL_FN_TYPE(uldap_cache_comparedn) *util_ldap_cache_comparedn; +static APR_OPTIONAL_FN_TYPE(uldap_cache_compare) *util_ldap_cache_compare; +static APR_OPTIONAL_FN_TYPE(uldap_cache_checkuserid) *util_ldap_cache_checkuserid; +static APR_OPTIONAL_FN_TYPE(uldap_cache_getuserdn) *util_ldap_cache_getuserdn; +static APR_OPTIONAL_FN_TYPE(uldap_ssl_supported) *util_ldap_ssl_supported; + +static void ImportULDAPOptFn(void) +{ + util_ldap_connection_close = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_close); + util_ldap_connection_find = APR_RETRIEVE_OPTIONAL_FN(uldap_connection_find); + util_ldap_cache_comparedn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_comparedn); + util_ldap_cache_compare = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_compare); + util_ldap_cache_checkuserid = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_checkuserid); + util_ldap_cache_getuserdn = APR_RETRIEVE_OPTIONAL_FN(uldap_cache_getuserdn); + util_ldap_ssl_supported = APR_RETRIEVE_OPTIONAL_FN(uldap_ssl_supported); +} +#endif static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { @@ -122,6 +171,8 @@ conf->bindpw = NULL; conf->deref = always; conf->fallback = NULL; + conf->openbasedir = NULL; + conf->openbasedir_len = 0; return conf; } @@ -171,6 +222,8 @@ conf->bindpw = (child->bindpw ? child->bindpw : parent->bindpw); conf->fallback = (child->fallback ? child->fallback : parent->fallback); + conf->openbasedir = parent->openbasedir; + conf->openbasedir_len = parent->openbasedir_len; return conf; } @@ -185,6 +238,9 @@ { int result; apr_ldap_url_desc_t *urld; +#if (APR_MAJOR_VERSION >= 1) + apr_ldap_err_t *result_err; +#endif mod_vhost_ldap_config_t *conf = (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config, @@ -193,22 +249,29 @@ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, "[mod_vhost_ldap.c] url parse: `%s'", url); - + +#if (APR_MAJOR_VERSION >= 1) /* for apache >= 2.2 */ + result = apr_ldap_url_parse(cmd->pool, url, &(urld), &(result_err)); + if (result != LDAP_SUCCESS) { + return result_err->reason; + } +#else result = apr_ldap_url_parse(url, &(urld)); if (result != LDAP_SUCCESS) { switch (result) { - case LDAP_URL_ERR_NOTLDAP: - return "LDAP URL does not begin with ldap://"; - case LDAP_URL_ERR_NODN: - return "LDAP URL does not have a DN"; - case LDAP_URL_ERR_BADSCOPE: - return "LDAP URL has an invalid scope"; - case LDAP_URL_ERR_MEM: - return "Out of memory parsing LDAP URL"; - default: - return "Could not parse LDAP URL"; + case LDAP_URL_ERR_NOTLDAP: + return "LDAP URL does not begin with ldap://"; + case LDAP_URL_ERR_NODN: + return "LDAP URL does not have a DN"; + case LDAP_URL_ERR_BADSCOPE: + return "LDAP URL has an invalid scope"; + case LDAP_URL_ERR_MEM: + return "Out of memory parsing LDAP URL"; + default: + return "Could not parse LDAP URL"; } } +#endif conf->url = apr_pstrdup(cmd->pool, url); ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, @@ -278,7 +341,9 @@ } conf->have_ldap_url = 1; +#if (APR_MAJOR_VERSION < 1) /* free only required for older apr */ apr_ldap_free_urldesc(urld); +#endif return NULL; } @@ -351,6 +416,23 @@ return NULL; } +static const char *mod_vhost_ldap_set_openbasedir(cmd_parms *cmd, void *dummy, const char *dir) +{ + mod_vhost_ldap_config_t *conf = (mod_vhost_ldap_config_t *)ap_get_module_config( + cmd->server->module_config, &vhost_ldap_module); + int n = strlen(dir); + if (dir[n - 1] == ':') { + conf->openbasedir = apr_pstrdup(cmd->pool, dir); + conf->openbasedir_len = n; + } else { + conf->openbasedir = apr_pcalloc(cmd->pool, n + 2); + strcpy(conf->openbasedir, dir); + conf->openbasedir[n] = ':'; + conf->openbasedir_len = n + 1; + } + return NULL; +} + command_rec mod_vhost_ldap_cmds[] = { AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF, "URL to define LDAP connection. This should be an RFC 2255 compliant\n" @@ -362,7 +444,7 @@ "
  • basedn specifies the base DN to start searches from\n" "\n"), - AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF, + AP_INIT_TAKE1("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF, "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."), AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF, @@ -381,6 +463,10 @@ "is not found in LDAP database. This option can be used to display" "\"virtual host not found\" type of page."), + AP_INIT_TAKE1("VhostLDAPOpenBasedir", mod_vhost_ldap_set_openbasedir, NULL, RSRC_CONF, + "Sets the shared part of openbasedir restriction. When an openbasedir is set in" + "the ldap entry this setting will be added."), + {NULL} }; @@ -501,9 +587,24 @@ else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) { reqc->gid = apr_pstrdup(r->pool, vals[i]); } + else if (strcasecmp (attributes[i], "apacheRedirectTo") == 0) { + reqc->redirect = apr_pstrdup(r->pool, vals[i]); + } + else if (strcasecmp (attributes[i], "apacheExpire") == 0) { + reqc->expire = vals[i] ? atoi(vals[i]) : -1; + } +#ifdef WITH_PHP_OPENBASEDIR + else if (strcasecmp (attributes[i], "apacheOpenBasedir") == 0) { + reqc->openbasedir = apr_pstrdup(r->pool, vals[i]); + } +#endif i++; } } + + if (reqc->expire >= 0 && reqc->expire*24*3600 < time(0)) { // this vhost is expired + return DECLINED; + } ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, "[mod_vhost_ldap.c]: loaded from ldap: " @@ -552,6 +653,35 @@ core->ap_document_root = apr_pstrdup(top->pool, reqc->docroot); + // set a redirect url + if (reqc->redirect && ap_is_url (reqc->redirect)) { + /* include QUERY_STRING if any */ + if (r->args) { + reqc->redirect = apr_pstrcat(r->pool, reqc->redirect, "?", r->args, NULL); + } + apr_table_setn(r->headers_out, "Location", reqc->redirect); + return HTTP_MOVED_PERMANENTLY; + } + +#ifdef WITH_PHP_OPENBASEDIR + // set openbasedir + if (reqc->openbasedir) { + php_conf_rec *php_config = (php_conf_rec *)ap_get_module_config(r->per_dir_config, &php5_module); + if (php_config) { + php_dir_entry entry; + entry.value_len = conf->openbasedir_len + strlen(reqc->openbasedir) + 1; + entry.value = emalloc(entry.value_len); + strcpy(entry.value, conf->openbasedir); + strcat(entry.value, reqc->openbasedir); + entry.status = ZEND_INI_SYSTEM; + zend_hash_update(&php_config->config, "open_basedir" , sizeof("open_basedir"), &entry, sizeof(entry), NULL); + } else { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c] openbasedir: could not get php config." ); + } + } +#endif + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, "[mod_vhost_ldap.c]: translated to %s", r->filename); @@ -608,6 +738,9 @@ #ifdef HAVE_UNIX_SUEXEC ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE); #endif +#if (APR_MAJOR_VERSION >= 1) + ap_hook_optional_fn_retrieve(ImportULDAPOptFn,NULL,NULL,APR_HOOK_MIDDLE); +#endif } module AP_MODULE_DECLARE_DATA vhost_ldap_module = { Only in mod_vhost_ldap: mod_vhost_ldap.la Only in mod_vhost_ldap: mod_vhost_ldap.lo Only in mod_vhost_ldap: mod_vhost_ldap.o diff -ur /home/bart/development/sources/mod-vhost-ldap-1.0.0/mod_vhost_ldap.schema mod_vhost_ldap/mod_vhost_ldap.schema --- /home/bart/development/sources/mod-vhost-ldap-1.0.0/mod_vhost_ldap.schema 2005-08-30 15:34:32.000000000 +0200 +++ mod_vhost_ldap/mod_vhost_ldap.schema 2006-05-07 15:05:08.000000000 +0200 @@ -38,12 +38,12 @@ SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.14287.1.1.6 NAME 'apacheScriptAlias' - SUP name - DESC 'mod_cfg_ldap: Apache ScriptAlias' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} - SINGLE-VALUE ) + SUP name + DESC 'mod_cfg_ldap: Apache ScriptAlias' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.8387.1.1.7 NAME 'apacheSuexecUid' SUP name @@ -61,8 +61,38 @@ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE ) +attributetype ( 1.3.6.1.4.1.8387.1.1.9 NAME 'apacheRedirectTo' + SUP name + DESC 'mod_vhost_ldap: Apache redirect vhost to' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.10 NAME 'apacheOpenBasedir' + SUP name + DESC 'mod_vhost_ldap: The php openbase dir to restrict this vhost to' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.11 NAME 'apacheExpire' + DESC 'mod_vhost_ldap: On which day does this vhost expire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.12 NAME 'apacheAccountName' + SUP name + DESC 'mod_vhost_ldap: For accounting purposes, the name of the account this vhost belongs to' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + objectclass ( 1.3.6.1.4.1.8387.1.2.1 NAME 'apacheConfig' SUP 'top' MUST ( apacheServerName $ apacheDocumentRoot ) - MAY ( apacheServerAlias $ apacheServerAdmin $ apacheScriptAlias $ - apacheSuexecUid $ apacheSuexecGid ) ) + MAY ( apacheServerAlias $ apacheServerAdmin $ apacheScriptAlias $ + apacheSuexecUid $ apacheSuexecGid $ apacheOpenBasedir $ + apacheRedirectTo $ apacheExpire ) ) Only in mod_vhost_ldap: mod_vhost_ldap.slo Only in mod_vhost_ldap: .project Only in mod_vhost_ldap: .svn diff -ur /home/bart/development/sources/mod-vhost-ldap-1.0.0/VERSION mod_vhost_ldap/VERSION --- /home/bart/development/sources/mod-vhost-ldap-1.0.0/VERSION 2006-01-20 16:20:01.000000000 +0100 +++ mod_vhost_ldap/VERSION 2006-04-21 14:27:05.000000000 +0200 @@ -1 +1 @@ -1.0.0 +1.0.1 diff -ur /home/bart/development/sources/mod-vhost-ldap-1.0.0/vhost_ldap.conf mod_vhost_ldap/vhost_ldap.conf --- /home/bart/development/sources/mod-vhost-ldap-1.0.0/vhost_ldap.conf 2005-09-09 09:49:36.000000000 +0200 +++ mod_vhost_ldap/vhost_ldap.conf 2006-05-07 14:27:56.000000000 +0200 @@ -14,4 +14,5 @@ VhostLDAPUrl "ldap://127.0.0.1/ou=vhosts,ou=web,dc=localhost" VhostLdapBindDN "cn=admin,dc=localhost" VhostLDAPBindPassword "changeme" + VhostLDAPOpenBasedir "/tmp:/usr/share/php:/usr/share/pear:/var/lib/php5"