Landing of mod_ldap - the LDAP cache and connection pooling module.

include $(top_srcdir)/build/special.mk

dnl modules enabled in this directory by default

APACHE_MODPATH_INIT(ldap)

ldap_objects="util_ldap.lo util_ldap_cache.lo util_ldap_cache_mgr.lo"

APACHE_MODULE(ldap, LDAP caching and connection pooling services, $ldap_objects, , no)

APACHE_MODPATH_FINISH

/* ====================================================================

 * The Apache Software License, Version 1.1

 *

 * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights

 * reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. The end-user documentation included with the redistribution,

 *    if any, must include the following acknowledgment:

 *       "This product includes software developed by the

 *        Apache Software Foundation (http://www.apache.org/)."

 *    Alternately, this acknowledgment may appear in the software itself,

 *    if and wherever such third-party acknowledgments normally appear.

 *

 * 4. The names "Apache" and "Apache Software Foundation" must

 *    not be used to endorse or promote products derived from this

 *    software without prior written permission. For written

 *    permission, please contact apache@apache.org.

 *

 * 5. Products derived from this software may not be called "Apache",

 *    nor may "Apache" appear in their name, without prior written

 *    permission of the Apache Software Foundation.

 *

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 * ====================================================================

 *

 * This software consists of voluntary contributions made by many

 * individuals on behalf of the Apache Software Foundation.  For more

 * information on the Apache Software Foundation, please see

 * <http://www.apache.org/>.

 */

/*

 * util_ldap_cache.c: LDAP cache things

 * 

 * Original code from auth_ldap module for Apache v1.3:

 * Copyright 1998, 1999 Enbridge Pipelines Inc. 

 * Copyright 1999-2001 Dave Carrigan

 */

#include <apr_ldap.h>

#include "util_ldap.h"

#include "util_ldap_cache.h"

#ifdef APU_HAS_LDAP

/* ------------------------------------------------------------------ */

unsigned long util_ldap_url_node_hash(void *n)

{

    util_url_node_t *node = (util_url_node_t *)n;

    return util_ald_hash_string(1, node->url);

}

int util_ldap_url_node_compare(void *a, void *b)

{

    util_url_node_t *na = (util_url_node_t *)a;

    util_url_node_t *nb = (util_url_node_t *)b;

    return(strcmp(na->url, nb->url) == 0);

}

void *util_ldap_url_node_copy(void *c)

{

    util_url_node_t *n = (util_url_node_t *)c;

    util_url_node_t *node = (util_url_node_t *)util_ald_alloc(sizeof(util_url_node_t));

    node->url = util_ald_strdup(n->url);

    node->search_cache = n->search_cache;

    node->compare_cache = n->compare_cache;

    node->dn_compare_cache = n->dn_compare_cache;

    return node;

}

void util_ldap_url_node_free(void *n)

{

    util_url_node_t *node = (util_url_node_t *)n;

    util_ald_free(node->url);

    util_ald_destroy_cache(node->search_cache);

    util_ald_destroy_cache(node->compare_cache);

    util_ald_destroy_cache(node->dn_compare_cache);

    util_ald_free(node);

}

/* ------------------------------------------------------------------ */

/* Cache functions for search nodes */

unsigned long util_ldap_search_node_hash(void *n)

{

    util_search_node_t *node = (util_search_node_t *)n;

    return util_ald_hash_string(1, ((util_search_node_t *)(node))->username);

}

int util_ldap_search_node_compare(void *a, void *b)

{

    return(strcmp(((util_search_node_t *)a)->username,

		  ((util_search_node_t *)b)->username) == 0);

}

void *util_ldap_search_node_copy(void *c)

{

    util_search_node_t *node = (util_search_node_t *)c;

    util_search_node_t *newnode = util_ald_alloc(sizeof(util_search_node_t));

    newnode->username = util_ald_strdup(node->username);

    newnode->dn = util_ald_strdup(node->dn);

    newnode->bindpw = util_ald_strdup(node->bindpw);

    newnode->lastbind = node->lastbind;

    return (void *)newnode;

}

void util_ldap_search_node_free(void *n)

{

    util_search_node_t *node = (util_search_node_t *)n;

    util_ald_free(node->username);

    util_ald_free(node->dn);

    util_ald_free(node->bindpw);

    util_ald_free(node);

}

/* ------------------------------------------------------------------ */

unsigned long util_ldap_compare_node_hash(void *n)

{

    util_compare_node_t *node = (util_compare_node_t *)n;

    return util_ald_hash_string(3, node->dn, node->attrib, node->value);

}

int util_ldap_compare_node_compare(void *a, void *b)

{

    util_compare_node_t *na = (util_compare_node_t *)a;

    util_compare_node_t *nb = (util_compare_node_t *)b;

    return (strcmp(na->dn, nb->dn) == 0 &&

	    strcmp(na->attrib, nb->attrib) == 0 &&

	    strcmp(na->value, nb->value) == 0);

}

void *util_ldap_compare_node_copy(void *c)

{

    util_compare_node_t *n = (util_compare_node_t *)c;

    util_compare_node_t *node = (util_compare_node_t *)util_ald_alloc(sizeof(util_compare_node_t));

    node->dn = util_ald_strdup(n->dn);

    node->attrib = util_ald_strdup(n->attrib);

    node->value = util_ald_strdup(n->value);

    node->lastcompare = n->lastcompare;

    return node;

}

void util_ldap_compare_node_free(void *n)

{

    util_compare_node_t *node = (util_compare_node_t *)n;

    util_ald_free(node->dn);

    util_ald_free(node->attrib);

    util_ald_free(node->value);

    util_ald_free(node);

}

/* ------------------------------------------------------------------ */

unsigned long util_ldap_dn_compare_node_hash(void *n)

{

    return util_ald_hash_string(1, ((util_dn_compare_node_t *)n)->reqdn);

}

int util_ldap_dn_compare_node_compare(void *a, void *b)

{

    return (strcmp(((util_dn_compare_node_t *)a)->reqdn,

		   ((util_dn_compare_node_t *)b)->reqdn) == 0);

}

void *util_ldap_dn_compare_node_copy(void *c)

{

    util_dn_compare_node_t *n = (util_dn_compare_node_t *)c;

    util_dn_compare_node_t *node = (util_dn_compare_node_t *)util_ald_alloc(sizeof(util_dn_compare_node_t));

    node->reqdn = util_ald_strdup(n->reqdn);

    node->dn = util_ald_strdup(n->dn);

    return node;

}

void util_ldap_dn_compare_node_free(void *n)

{

    util_dn_compare_node_t *node = (util_dn_compare_node_t *)n;

    util_ald_free(node->reqdn);

    util_ald_free(node->dn);

    util_ald_free(node);

}

/* ------------------------------------------------------------------ */

apr_status_t util_ldap_cache_child_kill(void *data);

apr_status_t util_ldap_cache_module_kill(void *data);

apr_status_t util_ldap_cache_module_kill(void *data)

{

#ifdef APU_HAS_LDAP_SHARED_CACHE

    if (util_ldap_shm != NULL) {

        apr_status_t result = apr_shm_destroy(util_ldap_shm);

        util_ldap_shm = NULL;

        return result;

    }

#endif

    return APR_SUCCESS;

}

apr_status_t util_ldap_cache_child_kill(void *data)

{

    /* Nothing to do */

    return APR_SUCCESS;

}

apr_status_t util_ldap_cache_init(apr_pool_t *pool, apr_size_t reqsize)

{

    apr_status_t result = APR_SUCCESS;

    apr_pool_cleanup_register(pool, NULL, util_ldap_cache_module_kill, util_ldap_cache_child_kill);

#ifdef APU_HAS_LDAP_SHARED_CACHE

    result = apr_shm_init(&util_ldap_shm, reqsize, "/tmp/ldap_cache", pool);

#endif

    util_ldap_cache = util_ald_create_cache(50,

				     util_ldap_url_node_hash,

				     util_ldap_url_node_compare,

				     util_ldap_url_node_copy,

				     util_ldap_url_node_free);

    return result;

}

#endif /* APU_HAS_LDAP */

/* ====================================================================

 * The Apache Software License, Version 1.1

 *

 * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights

 * reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. The end-user documentation included with the redistribution,

 *    if any, must include the following acknowledgment:

 *       "This product includes software developed by the

 *        Apache Software Foundation (http://www.apache.org/)."

 *    Alternately, this acknowledgment may appear in the software itself,

 *    if and wherever such third-party acknowledgments normally appear.

 *

 * 4. The names "Apache" and "Apache Software Foundation" must

 *    not be used to endorse or promote products derived from this

 *    software without prior written permission. For written

 *    permission, please contact apache@apache.org.

 *

 * 5. Products derived from this software may not be called "Apache",

 *    nor may "Apache" appear in their name, without prior written

 *    permission of the Apache Software Foundation.

 *

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF

 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 * ====================================================================

 *

 * This software consists of voluntary contributions made by many

 * individuals on behalf of the Apache Software Foundation.  For more

 * information on the Apache Software Foundation, please see

 * <http://www.apache.org/>.

 */

#ifndef APU_LDAP_CACHE_H

#define APU_LDAP_CACHE_H

/*

 * This switches LDAP support on or off.

 */

/* this whole thing disappears if LDAP is not enabled */

#ifdef APU_HAS_LDAP

/* FIXME */

#define APU_HAS_LDAP_SHARED_CACHE

/*

 * LDAP Cache Manager

 */

#ifdef APU_HAS_LDAP_SHARED_CACHE

#include <apr_shmem.h>

#endif

typedef struct util_cache_node_t {

    void *payload;		/* Pointer to the payload */

    time_t add_time;		/* Time node was added to cache */

    struct util_cache_node_t *next;

} util_cache_node_t;

typedef struct util_ald_cache_t {

    unsigned long size;		/* Size of cache array */

    unsigned long maxentries;	/* Maximum number of cache entries */

    unsigned long numentries;	/* Current number of cache entries */

    unsigned long fullmark;	/* Used to keep track of when cache becomes 3/4 full */

    time_t marktime;		/* Time that the cache became 3/4 full */

    unsigned long (*hash)(void *);  /* Func to hash the payload */

    int (*compare)(void *, void *); /* Func to compare two payloads */

    void * (*copy)(void *);	/* Func to alloc mem and copy payload to new mem */

    void (*free)(void *);		/* Func to free mem used by the payload */

    util_cache_node_t **nodes;

    unsigned long numpurges;	/* No. of times the cache has been purged */

    double avg_purgetime;		/* Average time to purge the cache */

    time_t last_purge;		/* Time of the last purge */

    unsigned long npurged;	/* Number of elements purged in last purge. This is not

				   obvious: it won't be 3/4 the size of the cache if 

				   there were a lot of expired entries. */

    unsigned long fetches;	/* Number of fetches */

    unsigned long hits;		/* Number of cache hits */

    unsigned long inserts;	/* Number of inserts */

    unsigned long removes;	/* Number of removes */

} util_ald_cache_t;

#ifdef APU_HAS_LDAP_SHARED_CACHE

apr_shmem_t *util_ldap_shm;

#endif

util_ald_cache_t *util_ldap_cache;

apr_lock_t *util_ldap_cache_lock;

#ifndef WIN32

#define ALD_MM_FILE_MODE ( S_IRUSR|S_IWUSR )

#else

#define ALD_MM_FILE_MODE ( _S_IREAD|_S_IWRITE )

#endif

/*

 * LDAP Cache

 */

/*

 * Maintain a cache of LDAP URLs that the server handles. Each node in

 * the cache contains the search cache for that URL, and a compare cache

 * for the URL. The compare cash is populated when doing require group

 * compares.

 */

typedef struct util_url_node_t {

    const char *url;

    util_ald_cache_t *search_cache;

    util_ald_cache_t *compare_cache;

    util_ald_cache_t *dn_compare_cache;

} util_url_node_t;

/*

 * We cache every successful search and bind operation, using the username 

 * as the key. Each node in the cache contains the returned DN, plus the 

 * password used to bind.

 */

typedef struct util_search_node_t {

    const char *username;		/* Cache key */

    const char *dn;			/* DN returned from search */

    const char *bindpw;		/* The most recently used bind password; 

				   NULL if the bind failed */

    apr_time_t lastbind;	/* Time of last successful bind */

} util_search_node_t;

/*

 * We cache every successful compare operation, using the DN, attrib, and

 * value as the key. 

 */

typedef struct util_compare_node_t {

    const char *dn;			/* DN, attrib and value combine to be the key */

    const char *attrib;			

    const char *value;

    apr_time_t lastcompare;

} util_compare_node_t;

/*

 * We cache every successful compare dn operation, using the dn in the require

 * statement and the dn fetched based on the client-provided username.

 */

typedef struct util_dn_compare_node_t {

    const char *reqdn;		/* The DN in the require dn statement */

    const char *dn;			/* The DN found in the search */

} util_dn_compare_node_t;

/*

 * Function prototypes for LDAP cache

 */

/* util_ldap_cache.c */

unsigned long util_ldap_url_node_hash(void *n);

int util_ldap_url_node_compare(void *a, void *b);

void *util_ldap_url_node_copy(void *c);

void util_ldap_url_node_free(void *n);

unsigned long util_ldap_search_node_hash(void *n);

int util_ldap_search_node_compare(void *a, void *b);

void *util_ldap_search_node_copy(void *c);

void util_ldap_search_node_free(void *n);

unsigned long util_ldap_compare_node_hash(void *n);

int util_ldap_compare_node_compare(void *a, void *b);

void *util_ldap_compare_node_copy(void *c);

void util_ldap_compare_node_free(void *n);

unsigned long util_ldap_dn_compare_node_hash(void *n);

int util_ldap_dn_compare_node_compare(void *a, void *b);

void *util_ldap_dn_compare_node_copy(void *c);

void util_ldap_dn_compare_node_free(void *n);

/* util_ldap_cache_mgr.c */

void util_ald_free(const void *ptr);

void *util_ald_alloc(int size);

const char *util_ald_strdup(const char *s);

unsigned long util_ald_hash_string(int nstr, ...);

void util_ald_cache_purge(util_ald_cache_t *cache);

util_url_node_t *util_ald_create_caches(util_ldap_state_t *s, const char *url);

util_ald_cache_t *util_ald_create_cache(unsigned long maxentries,

                                unsigned long (*hashfunc)(void *), 

                                int (*comparefunc)(void *, void *),

                                void * (*copyfunc)(void *),

                                void (*freefunc)(void *));

void util_ald_destroy_cache(util_ald_cache_t *cache);

void *util_ald_cache_fetch(util_ald_cache_t *cache, void *payload);

void util_ald_cache_insert(util_ald_cache_t *cache, void *payload);

void util_ald_cache_remove(util_ald_cache_t *cache, void *payload);

char *util_ald_cache_display_stats(apr_pool_t *p, util_ald_cache_t *cache,

                                 char *name);

#endif /* APU_HAS_LDAP */

#endif /* APU_LDAP_CACHE_H */