mod_authnz_ldap.c revision 17efe57eb8d88fa0d371f4ac4939dbbbe78fd09b
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "ap_provider.h"
#include "httpd.h"
#include "http_config.h"
#include "ap_provider.h"
#include "http_core.h"
#include "http_log.h"
#include "http_protocol.h"
#include "http_request.h"
#include "util_ldap.h"
#include "mod_auth.h"
#include "apr_strings.h"
#include "apr_xlate.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include "apr_lib.h"
/* for getpid() */
#include <unistd.h>
#endif
#include <ctype.h>
#if !APR_HAS_LDAP
#error mod_authnz_ldap requires APR-util to have LDAP support built in. To fix add --with-ldap to ./configure.
#endif
typedef struct {
#if APR_HAS_THREADS
#endif
/* These parameters are all derived from the AuthLDAPURL directive */
char *url; /* String representation of the URL */
char *host; /* Name of the LDAP server (or space separated list) */
int port; /* Port of the LDAP server */
char *basedn; /* Base DN to do all searches from */
char *attribute; /* Attribute to search for */
char **attributes; /* Array of all the attributes to return */
int scope; /* Scope of the search */
char *filter; /* Filter to further limit the search */
char *binddn; /* DN to bind to server (can be NULL) */
char *bindpw; /* Password to bind to server (can be NULL) */
int bind_authoritative; /* If true, will return errors when bind fails */
int user_is_dn; /* If true, connection->user is DN instead of userid */
char *remote_user_attribute; /* If set, connection->user is this attribute instead of userid */
int compare_dn_on_server; /* If true, will use server to do DN compare */
int have_ldap_url; /* Set if we have found an LDAP url */
apr_array_header_t *groupattr; /* List of Group attributes identifying user members. Default:"member uniqueMember" */
int group_attrib_is_dn; /* If true, the group attribute is the DN, otherwise,
it's the exact string passed by the HTTP client */
char **sgAttributes; /* Array of strings constructed (post-config) from subgroupattrs. Last entry is NULL. */
apr_array_header_t *subgroupclasses; /* List of object classes of sub-groups. Default:"groupOfNames groupOfUniqueNames" */
int maxNestingDepth; /* Maximum recursive nesting depth permitted during subgroup processing. Default: 10 */
int secure; /* True if SSL connections are requested */
char *authz_prefix; /* Prefix for environment variables added during authz */
int initial_bind_as_user; /* true if we should try to bind (to lookup DN) directly with the basic auth username */
const char *bind_subst; /* basic auth -> bind'able username substitution */
int search_as_user; /* true if authz searches should be done with the users credentials (when we did authn) */
int compare_as_user; /* true if authz compares should be done with the users credentials (when we did authn) */
typedef struct {
char *dn; /* The saved dn from a successful search */
char *user; /* The username provided by the client */
const char **vals; /* The additional values pulled during the DN search*/
char *password; /* if this module successfully authenticates, the basic auth password, else null */
enum auth_ldap_phase {
};
enum auth_ldap_optype {
};
/* maximum group elements supported */
#define GROUPATTR_MAX_ELTS 10
/* Derive a code page ID give a language name or ID */
{
int lang_len;
char *charset;
if (!language) /* our default codepage */
return apr_pstrdup(p, "ISO-8859-1");
else
if (!charset) {
}
if (charset) {
}
return charset;
}
{
char *lang;
if (lang_line) {
*lang = '\0';
break;
}
}
return convset;
}
}
return NULL;
}
static const char* authn_ldap_xlate_password(request_rec *r,
const char* sent_password)
{
char *outbuf;
/* Convert the password to UTF-8. */
&outbytes) == APR_SUCCESS)
return outbuf;
}
return sent_password;
}
/*
* Build the search filter, or at least as much of the search filter that
* will fit in the buffer. We don't worry about the buffer not being able
* to hold the entire filter. If the buffer wasn't big enough to hold the
* filter, ldap_search_s will complain, but the only situation where this
* is likely to happen is if the client sent a really, really long
* username, most likely as part of an attack.
*
* The search filter consists of the filter provided with the URL,
* combined with a filter made up of the attribute provided with the URL,
* and the actual username passed by the HTTP client. For example, assume
* that the LDAP URL is
*
* ldap://ldap.airius.com/ou=People, o=Airius?uid??(posixid=*)
*
* Further, assume that the userid passed by the client was `userj'. The
* search filter will be (&(posixid=*)(uid=userj)).
*/
#define FILTER_LENGTH MAX_STRING_LEN
static void authn_ldap_build_filter(char *filtbuf,
request_rec *r,
const char* sent_user,
const char* sent_filter,
{
char *p, *q, *filtbuf_end;
char *outbuf;
}
else
return;
if (sent_filter != NULL) {
}
else
if (charset_conversions) {
convset = get_conv_set(r);
}
if (convset) {
/* Convert the user name to UTF-8. This is only valid for LDAP v3 */
}
}
/*
* Create the first part of the filter, which consists of the
* config-supplied portions.
*/
/*
* Now add the client-supplied username to the filter, ensuring that any
* LDAP filter metachars are escaped.
*/
*p && q < filtbuf_end; ) {
if ( q + 3 >= filtbuf_end)
break; /* Don't write part of escape sequence if we can't write all of it */
*q++ = '\\';
switch ( *p++ )
{
case '*':
*q++ = '2';
*q++ = 'a';
break;
case '(':
*q++ = '2';
*q++ = '8';
break;
case ')':
*q++ = '2';
*q++ = '9';
break;
case '\\':
*q++ = '5';
*q++ = 'c';
break;
}
}
else
*q++ = *p++;
}
#else
*p && q < filtbuf_end; *q++ = *p++) {
*q++ = '\\';
if (q >= filtbuf_end) {
break;
}
}
}
#endif
*q = '\0';
/*
* Append the closing parens of the filter, unless doing so would
* overrun the buffer.
*/
if (q + 2 <= filtbuf_end)
}
static void *create_authnz_ldap_dir_config(apr_pool_t *p, char *d)
{
#if APR_HAS_THREADS
#endif
/*
sec->authz_enabled = 1;
*/
sizeof(struct mod_auth_ldap_groupattr_entry_t));
sizeof(struct mod_auth_ldap_groupattr_entry_t));
sec->have_ldap_url = 0;
sec->user_is_dn = 0;
sec->compare_dn_on_server = 0;
return sec;
}
{
return APR_SUCCESS;
}
int prefix_len;
int remote_user_attribute_set = 0;
apr_table_t *e = r->subprocess_env;
int i = 0;
while (sec->attributes[i]) {
int j = prefix_len;
while (str[j]) {
j++;
}
/* handle remote_user_attribute, if set */
if ((phase == LDAP_AUTHN) &&
}
i++;
}
}
return remote_user_attribute_set;
}
return result;
}
if (NULL != substituted) {
}
}
return result;
}
/* Some LDAP servers restrict who can search or compare, and the hard-coded ID
* might be good for the DN lookup but not for later operations.
*/
static util_ldap_connection_t *get_connection_for_authz(request_rec *r, enum auth_ldap_optype type) {
/* If the per-request config isn't set, we didn't authenticate this user, and leave the default credentials */
}
}
/*
* Authentication Phase
* --------------------
*
* This phase authenticates the credentials the user has sent with
* the request (ie the username and password are checked). This is done
* by making an attempt to bind to the LDAP server using this user's
* DN and the supplied password.
*
*/
const char *password)
{
int failures = 0;
char filtbuf[FILTER_LENGTH];
int result = 0;
int remote_user_attribute_set = 0;
const char *utfpassword;
/*
if (!sec->enabled) {
return AUTH_USER_NOT_FOUND;
}
*/
/*
* Basic sanity checks before any LDAP operations even happen.
*/
if (!sec->have_ldap_url) {
return AUTH_GENERAL_ERROR;
}
/* There is a good AuthLDAPURL, right? */
if (sec->initial_bind_as_user) {
}
}
else {
return AUTH_GENERAL_ERROR;
}
/* Get the password that the client sent */
return AUTH_GENERAL_ERROR;
}
return AUTH_GENERAL_ERROR;
}
/* build the username filter */
/* convert password to utf-8 */
/* do the user search */
/* sanity check - if server is down, retry it up to 5 times */
if (AP_LDAP_IS_SERVER_DOWN(result)) {
if (failures++ <= 5) {
goto start_over;
}
}
/* handle bind failure */
if (result != LDAP_SUCCESS) {
if (!sec->bind_authoritative) {
"user %s authentication failed; URI %s [%s][%s] (not authoritative)",
return AUTH_USER_NOT_FOUND;
}
"user %s authentication failed; URI %s [%s][%s]",
#ifdef LDAP_SECURITY_ERROR
#else
#ifdef LDAP_INSUFFICIENT_ACCESS
#endif
#ifdef LDAP_INSUFFICIENT_RIGHTS
#endif
#endif
}
/* mark the user and DN */
if (sec->user_is_dn) {
}
/* add environment variables */
/* sanity check */
"REMOTE_USER was to be set with attribute '%s', "
"but this attribute was not requested for in the "
"LDAP query for the user. REMOTE_USER will fall "
"back to username or DN as appropriate.", getpid(),
}
return AUTH_GRANTED;
}
const char *require_args)
{
int result = 0;
const char *t;
char *w;
char filtbuf[FILTER_LENGTH];
if (!sec->have_ldap_url) {
return AUTHZ_DENIED;
}
}
else {
return AUTHZ_DENIED;
}
/*
* If we have been authenticated by some other module than mod_authnz_ldap,
* the req structure needed for authorization needs to be created
* and populated with the userid and DN of the account in LDAP
*/
/* Check that we have a userid to start with */
if (!r->user) {
"access to %s failed, reason: no authenticated user", r->uri);
return AUTHZ_DENIED;
}
"ldap authorize: Userid is blank, AuthType=%s",
r->ap_auth_type);
}
if(!req) {
"ldap authorize: Creating LDAP req structure");
sizeof(authn_ldap_request_t));
/* Build the username filter */
/* Search for the user DN */
/* Search failed, log error and return failure */
if(result != LDAP_SUCCESS) {
return AUTHZ_DENIED;
}
}
"require user: user's DN has not been defined; failing authorization",
getpid());
return AUTHZ_DENIED;
}
/*
* First do a whole-line compare, in case it's something like
* require user Babs Jensen
*/
switch(result) {
case LDAP_COMPARE_TRUE: {
"require user: authorization successful", getpid());
return AUTHZ_GRANTED;
}
default: {
"authorization failed [%s][%s]", getpid(),
}
}
/*
* Now break apart the line and compare each word on it
*/
t = require_args;
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
switch(result) {
case LDAP_COMPARE_TRUE: {
"require user: authorization successful", getpid());
return AUTHZ_GRANTED;
}
default: {
"require user: authorization failed [%s][%s]",
}
}
}
return AUTHZ_DENIED;
}
const char *require_args)
{
int result = 0;
const char *t;
char filtbuf[FILTER_LENGTH];
struct mod_auth_ldap_groupattr_entry_t *ent;
int i;
if (!sec->have_ldap_url) {
return AUTHZ_DENIED;
}
}
else {
return AUTHZ_DENIED;
}
/*
* If there are no elements in the group attribute array, the default should be
* member and uniquemember; populate the array now.
*/
struct mod_auth_ldap_groupattr_entry_t *grp;
#if APR_HAS_THREADS
#endif
#if APR_HAS_THREADS
#endif
}
/*
* If there are no elements in the sub group classes array, the default
* should be groupOfNames and groupOfUniqueNames; populate the array now.
*/
struct mod_auth_ldap_groupattr_entry_t *grp;
#if APR_HAS_THREADS
#endif
#if APR_HAS_THREADS
#endif
}
/*
* If we have been authenticated by some other module than mod_auth_ldap,
* the req structure needed for authorization needs to be created
* and populated with the userid and DN of the account in LDAP
*/
/* Check that we have a userid to start with */
if (!r->user) {
"access to %s failed, reason: no authenticated user", r->uri);
return AUTHZ_DENIED;
}
"ldap authorize: Userid is blank, AuthType=%s",
r->ap_auth_type);
}
if(!req) {
"ldap authorize: Creating LDAP req structure");
/* Build the username filter */
/* Search for the user DN */
/* Search failed, log error and return failure */
if(result != LDAP_SUCCESS) {
return AUTHZ_DENIED;
}
sizeof(authn_ldap_request_t));
}
if (sec->group_attrib_is_dn) {
"user's DN has not been defined; failing authorization for user %s",
return AUTHZ_DENIED;
}
}
else {
/* We weren't called in the authentication phase, so we didn't have a
* chance to set the user field. Do so now. */
}
}
t = require_args;
"testing for group membership in \"%s\"",
getpid(), t);
"testing for %s: %s (%s)", getpid(),
switch(result) {
case LDAP_COMPARE_TRUE: {
"authorization successful (attribute %s) [%s][%d - %s]",
return AUTHZ_GRANTED;
}
case LDAP_COMPARE_FALSE: {
/* nested groups need searches and compares, so grab a new handle */
"failed [%s][%d - %s], checking sub-groups",
0, sec->maxNestingDepth);
if(result == LDAP_COMPARE_TRUE) {
"authorisation successful (attribute %s) [%s][%d - %s]",
return AUTHZ_GRANTED;
}
else {
"authorisation failed [%s][%d - %s]",
}
break;
}
default: {
"authorization failed [%s][%d - %s]",
}
}
}
return AUTHZ_DENIED;
}
const char *require_args)
{
int result = 0;
const char *t;
char filtbuf[FILTER_LENGTH];
if (!sec->have_ldap_url) {
return AUTHZ_DENIED;
}
}
else {
return AUTHZ_DENIED;
}
/*
* If we have been authenticated by some other module than mod_auth_ldap,
* the req structure needed for authorization needs to be created
* and populated with the userid and DN of the account in LDAP
*/
/* Check that we have a userid to start with */
if (!r->user) {
"access to %s failed, reason: no authenticated user", r->uri);
return AUTHZ_DENIED;
}
"ldap authorize: Userid is blank, AuthType=%s",
r->ap_auth_type);
}
if(!req) {
"ldap authorize: Creating LDAP req structure");
/* Build the username filter */
/* Search for the user DN */
/* Search failed, log error and return failure */
if(result != LDAP_SUCCESS) {
return AUTHZ_DENIED;
}
sizeof(authn_ldap_request_t));
}
t = require_args;
"require dn: user's DN has not been defined; failing authorization",
getpid());
return AUTHZ_DENIED;
}
switch(result) {
case LDAP_COMPARE_TRUE: {
"require dn: authorization successful", getpid());
return AUTHZ_GRANTED;
}
default: {
"require dn \"%s\": LDAP error [%s][%s]",
}
}
return AUTHZ_DENIED;
}
const char *require_args)
{
int result = 0;
const char *t;
char *w, *value;
char filtbuf[FILTER_LENGTH];
if (!sec->have_ldap_url) {
return AUTHZ_DENIED;
}
}
else {
return AUTHZ_DENIED;
}
/*
* If we have been authenticated by some other module than mod_auth_ldap,
* the req structure needed for authorization needs to be created
* and populated with the userid and DN of the account in LDAP
*/
/* Check that we have a userid to start with */
if (!r->user) {
"access to %s failed, reason: no authenticated user", r->uri);
return AUTHZ_DENIED;
}
"ldap authorize: Userid is blank, AuthType=%s",
r->ap_auth_type);
}
if(!req) {
"ldap authorize: Creating LDAP req structure");
/* Build the username filter */
/* Search for the user DN */
/* Search failed, log error and return failure */
if(result != LDAP_SUCCESS) {
return AUTHZ_DENIED;
}
sizeof(authn_ldap_request_t));
}
"require ldap-attribute: user's DN has not been defined; failing authorization",
getpid());
return AUTHZ_DENIED;
}
t = require_args;
while (t[0]) {
switch(result) {
case LDAP_COMPARE_TRUE: {
"require attribute: authorization successful",
getpid());
return AUTHZ_GRANTED;
}
default: {
"require attribute: authorization failed [%s][%s]",
}
}
}
return AUTHZ_DENIED;
}
const char *require_args)
{
int result = 0;
const char *t;
char filtbuf[FILTER_LENGTH];
if (!sec->have_ldap_url) {
return AUTHZ_DENIED;
}
}
else {
return AUTHZ_DENIED;
}
/*
* If we have been authenticated by some other module than mod_auth_ldap,
* the req structure needed for authorization needs to be created
* and populated with the userid and DN of the account in LDAP
*/
/* Check that we have a userid to start with */
if (!r->user) {
"access to %s failed, reason: no authenticated user", r->uri);
return AUTHZ_DENIED;
}
"ldap authorize: Userid is blank, AuthType=%s",
r->ap_auth_type);
}
if(!req) {
"ldap authorize: Creating LDAP req structure");
/* Build the username filter */
/* Search for the user DN */
/* Search failed, log error and return failure */
if(result != LDAP_SUCCESS) {
return AUTHZ_DENIED;
}
sizeof(authn_ldap_request_t));
}
"require ldap-filter: user's DN has not been defined; failing authorization",
getpid());
return AUTHZ_DENIED;
}
t = require_args;
if (t[0]) {
getpid(), t);
/* Build the username filter */
/* Search for the user DN */
/* Make sure that the filtered search returned the correct user dn */
if (result == LDAP_SUCCESS) {
if (sec->compare_as_user) {
/* ldap-filter is the only authz that requires a search and a compare */
}
}
switch(result) {
case LDAP_COMPARE_TRUE: {
"require ldap-filter: authorization "
"successful", getpid());
return AUTHZ_GRANTED;
}
case LDAP_FILTER_ERROR: {
"require ldap-filter: %s authorization "
"failed [%s][%s]", getpid(),
break;
}
default: {
"require ldap-filter: authorization "
"failed [%s][%s]", getpid(),
}
}
}
return AUTHZ_DENIED;
}
/*
* Use the ldap url parsing routines to break up the ldap url into
* host and port.
*/
void *config,
const char *url,
const char *mode)
{
int rc;
if (rc != APR_SUCCESS) {
}
/* Set all the values, or at least some sane defaults */
}
else {
}
int i = 1;
i++;
}
i = 0;
i++;
}
}
else {
}
if (urld->lud_filter) {
/*
* Get rid of the surrounding parens; later on when generating the
* filter, they'll be put back.
*/
}
else {
}
}
else {
}
if (mode) {
}
}
}
else {
return "Invalid LDAP connection mode setting: must be one of NONE, "
}
}
/* "ldaps" indicates secure ldap connections desired
*/
{
}
else
{
}
cmd->server, "[%" APR_PID_T_FMT "] auth_ldap url parse: `%s', Host: %s, Port: %d, DN: %s, attrib: %s, scope: %s, filter: %s, connection mode: %s",
getpid(),
url,
);
return NULL;
}
{
}
}
}
}
else {
return "Unrecognized value for AuthLDAPAliasDereference directive";
}
return NULL;
}
static const char *mod_auth_ldap_add_subgroup_attribute(cmd_parms *cmd, void *config, const char *arg)
{
int i = 0;
for (i = 0; sec->sgAttributes[i]; i++) {
;
}
if (i == GROUPATTR_MAX_ELTS)
return "Too many AuthLDAPSubGroupAttribute values";
return NULL;
}
{
struct mod_auth_ldap_groupattr_entry_t *new;
return "Too many AuthLDAPSubGroupClass values";
return NULL;
}
void *config,
const char *max_depth)
{
return NULL;
}
{
struct mod_auth_ldap_groupattr_entry_t *new;
return "Too many AuthLDAPGroupAttribute directives";
return NULL;
}
{
(void *)arg);
return NULL;
}
{
if (!regexp) {
}
return NULL;
}
static const command_rec authnz_ldap_cmds[] =
{
"URL to define LDAP connection. This should be an RFC 2255 compliant\n"
"URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
"<ul>\n"
"<li>Host is the name of the LDAP server. Use a space separated list of hosts \n"
"to specify redundant servers.\n"
"<li>Port is optional, and specifies the port to connect to.\n"
"<li>basedn specifies the base DN to start searches from\n"
"<li>Attrib specifies what attribute to search for in the directory. If not "
"provided, it defaults to <b>uid</b>.\n"
"<li>Scope is the scope of the search, and can be either <b>sub</b> or "
"<b>one</b>. If not provided, the default is <b>sub</b>.\n"
"<li>Filter is a filter to use in the search. If not provided, "
"defaults to <b>(objectClass=*)</b>.\n"
"</ul>\n"
"Searches are performed using the attribute and the filter combined. "
"For example, assume that the\n"
"LDAP URL is <b>ldap://ldap.airius.com/ou=People, o=Airius?uid?sub?(posixid=*)</b>. "
"Searches will\n"
"be done using the filter <b>(&((posixid=*))(uid=<i>username</i>))</b>, "
"where <i>username</i>\n"
"is the user name passed by the HTTP client. The search will be a subtree "
"search on the branch <b>ou=People, o=Airius</b>."),
"DN to use to bind to LDAP server. If not provided, will do an anonymous bind."),
"Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
"Set to 'on' to return failures when user-specific bind fails - defaults to on."),
"Set to 'on' to set the REMOTE_USER environment variable to be the full "
"DN of the remote user. By default, this is set to off, meaning that "
"the REMOTE_USER variable will contain whatever value the remote user sent."),
"Override the user supplied username and place the "
"contents of this attribute in the REMOTE_USER "
"environment variable."),
"Set to 'on' to force auth_ldap to do DN compares (for the \"require dn\" "
"directive) using the server, and set it 'off' to do the compares locally "
"(at the expense of possible false matches). See the documentation for "
"a complete description of this option."),
AP_INIT_ITERATE("AuthLDAPSubGroupAttribute", mod_auth_ldap_add_subgroup_attribute, NULL, OR_AUTHCFG,
"Attribute labels used to define sub-group (or nested group) membership in groups - "
"defaults to member and uniqueMember"),
"LDAP objectClass values used to identify sub-group instances - "
"defaults to groupOfNames and groupOfUniqueNames"),
"Maximum subgroup nesting depth to be evaluated - defaults to 10 (top-level group = 0)"),
"A list of attribute labels used to identify the user members of groups - defaults to "
"member and uniquemember"),
"If set to 'on', auth_ldap uses the DN that is retrieved from the server for"
"subsequent group comparisons. If set to 'off', auth_ldap uses the string"
"provided by the client directly. Defaults to 'on'."),
"Determines how aliases are handled during a search. Can be one of the"
"values \"never\", \"searching\", \"finding\", or \"always\". "
"Defaults to always."),
"Character set conversion configuration file. If omitted, character set"
"conversion is disabled."),
"The prefix to add to environment variables set during "
"Set to 'on' to perform the initial DN lookup with the basic auth credentials "
"instead of anonymous or hard-coded credentials"),
"The regex and substitution to determine a username that can bind based on an HTTP basic auth username"),
"Set to 'on' to perform authorization-based searches with the users credentials, when this module"
" has also performed authentication. Does not affect nested groups lookup."),
"Set to 'on' to perform authorization-based compares with the users credentials, when this module"
" has also performed authentication. Does not affect nested groups lookups."),
{NULL}
};
static int authnz_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
{
ap_configfile_t *f;
char l[MAX_STRING_LEN];
/*
authn_ldap_config_t *sec = (authn_ldap_config_t *)
ap_get_module_config(s->module_config,
&authnz_ldap_module);
if (sec->secure)
{
if (!util_ldap_ssl_supported(s))
{
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
"LDAP: SSL connections (ldaps://) not supported by utilLDAP");
return(!OK);
}
}
*/
/* make sure that mod_ldap (util_ldap) is loaded */
"Module mod_ldap missing. Mod_ldap (aka. util_ldap) "
"must be loaded in order for mod_authnz_ldap to function properly");
return HTTP_INTERNAL_SERVER_ERROR;
}
if (!charset_confname) {
return OK;
}
if (!charset_confname) {
"Invalid charset conversion config path %s",
(const char *)ap_get_module_config(s->module_config,
return HTTP_INTERNAL_SERVER_ERROR;
}
!= APR_SUCCESS) {
"could not open charset conversion config file %s.",
return HTTP_INTERNAL_SERVER_ERROR;
}
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
const char *ll = l;
char *lang;
if (l[0] == '#') {
continue;
}
if (ll[0]) {
}
}
ap_cfg_closefile(f);
if (to_charset == NULL) {
"could not find the UTF-8 charset in the file %s.",
return HTTP_INTERNAL_SERVER_ERROR;
}
return OK;
}
static const authn_provider authn_ldap_provider =
{
};
static const authz_provider authz_ldapuser_provider =
{
};
static const authz_provider authz_ldapgroup_provider =
{
};
static const authz_provider authz_ldapdn_provider =
{
};
static const authz_provider authz_ldapattribute_provider =
{
};
static const authz_provider authz_ldapfilter_provider =
{
};
static void ImportULDAPOptFn(void)
{
}
static void register_hooks(apr_pool_t *p)
{
/* Register authn provider */
/* Register authz providers */
}
{
create_authnz_ldap_dir_config, /* dir config creater */
NULL, /* dir merger --- default is to override */
NULL, /* server config */
NULL, /* merge server config */
authnz_ldap_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};