APACHE 2.0 STATUS: -*-text-*-
-Last modified at [$Date: 2004/04/26 19:03:40 $]
+Last modified at [$Date: 2004/04/26 22:04:58 $]
Release:
modules/mappers/mod_rewrite.c: r1.255
+1: nd, trawick
- *) Update the ldc->binddn and ldc->bindpw associated with the LDAP
- connection to match the authenticating user DN and password after
- ldap_simple_bind_s() is called to authenticate the user. Otherwise
- the next time that this connection is reused, it will indicate that
- it is bound to the original user DN specified by ldc->binddn when in
- fact it is bound to a completely different user DN who may not have
- sufficient rights to complete the requested search.
- modules/experimental/util_ldap.c: r1.22, r1.24
- +1: bnicholes, minfrin, trawick
-
*) (re-)add support for RewriteRules in <Proxy> containers. PR 27985
modules/mappers/mod_rewrite.c: r1.254
+1: nd, trawick
"\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
#endif
+
+static void util_ldap_strdup (char **str, const char *newstr)
+{
+ if (*str) {
+ free(*str);
+ *str = NULL;
+ }
+
+ if (newstr) {
+ *str = calloc(1, strlen(newstr)+1);
+ strcpy (*str, newstr);
+ }
+}
+
/*
* Status Handler
* --------------
{
util_ldap_connection_t *ldc = param;
- /* unbinding from the LDAP server */
- if (ldc->ldap) {
- ldap_unbind_s(ldc->ldap);
- ldc->bound = 0;
- ldc->ldap = NULL;
- }
+ if (ldc) {
+
+ /* unbinding from the LDAP server */
+ if (ldc->ldap) {
+ ldap_unbind_s(ldc->ldap);
+ ldc->bound = 0;
+ ldc->ldap = NULL;
+ }
+
+ if (ldc->bindpw) {
+ free((void*)ldc->bindpw);
+ }
+
+ if (ldc->binddn) {
+ free((void*)ldc->binddn);
+ }
- /* release the lock we were using. The lock should have
- already been released in the close connection call.
- But just in case it wasn't, we first try to get the lock
- before unlocking it to avoid unlocking an unheld lock.
- Unlocking an unheld lock causes problems on NetWare. The
- other option would be to assume that close connection did
- its job. */
+ /* release the lock we were using. The lock should have
+ already been released in the close connection call.
+ But just in case it wasn't, we first try to get the lock
+ before unlocking it to avoid unlocking an unheld lock.
+ Unlocking an unheld lock causes problems on NetWare. The
+ other option would be to assume that close connection did
+ its job. */
#if APR_HAS_THREADS
- apr_thread_mutex_trylock(ldc->lock);
- apr_thread_mutex_unlock(ldc->lock);
+ apr_thread_mutex_trylock(ldc->lock);
+ apr_thread_mutex_unlock(ldc->lock);
#endif
+ }
return APR_SUCCESS;
}
/* always default to LDAP V3 */
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
-
- /* add the cleanup to the pool */
- apr_pool_cleanup_register(ldc->pool, ldc,
- util_ldap_connection_destroy,
- apr_pool_cleanup_null);
}
/* the bind credentials have changed */
l->bound = 0;
- l->binddn = apr_pstrdup(st->pool, binddn);
- l->bindpw = apr_pstrdup(st->pool, bindpw);
+ util_ldap_strdup((char**)&(l->binddn), binddn);
+ util_ldap_strdup((char**)&(l->bindpw), bindpw);
break;
}
#if APR_HAS_THREADS
l->host = apr_pstrdup(st->pool, host);
l->port = port;
l->deref = deref;
- l->binddn = apr_pstrdup(st->pool, binddn);
- l->bindpw = apr_pstrdup(st->pool, bindpw);
+ util_ldap_strdup((char**)&(l->binddn), binddn);
+ util_ldap_strdup((char**)&(l->bindpw), bindpw);
l->secure = secure;
+ /* add the cleanup to the pool */
+ apr_pool_cleanup_register(l->pool, l,
+ util_ldap_connection_destroy,
+ apr_pool_cleanup_null);
+
if (p) {
p->next = l;
}
/* Grab the dn, copy it into the pool, and free it again */
dn = ldap_get_dn(ldc->ldap, entry);
- *binddn = apr_pstrdup(st->pool, dn);
+ *binddn = apr_pstrdup(r->pool, dn);
ldap_memfree(dn);
/*
ldap_msgfree(res);
return result;
}
+ else {
+ /*
+ * Since we just bound the connection to the authenticating user id, update the
+ * ldc->binddn and ldc->bindpw to reflect the change and also to allow the next
+ * call to util_ldap_connection_open() to handle the connection reuse appropriately.
+ * Otherwise the next time that this connection is reused, it will indicate that
+ * it is bound to the original user id specified ldc->binddn when in fact it is
+ * bound to a completely different user id.
+ */
+ util_ldap_strdup((char**)&(ldc->binddn), *binddn);
+ util_ldap_strdup((char**)&(ldc->bindpw), bindpw);
+ }
/*
* Get values for the provided attributes.
/*
* Add the new username to the search cache.
*/
- LDAP_CACHE_WRLOCK();
- the_search_node.username = filter;
- the_search_node.dn = *binddn;
- the_search_node.bindpw = bindpw;
- the_search_node.lastbind = apr_time_now();
- the_search_node.vals = vals;
if (curl) {
+ LDAP_CACHE_WRLOCK();
+ the_search_node.username = filter;
+ the_search_node.dn = *binddn;
+ the_search_node.bindpw = bindpw;
+ the_search_node.lastbind = apr_time_now();
+ the_search_node.vals = vals;
util_ald_cache_insert(curl->search_cache, &the_search_node);
+ LDAP_CACHE_UNLOCK();
}
ldap_msgfree(res);
- LDAP_CACHE_UNLOCK();
ldc->reason = "Authentication successful";
return LDAP_SUCCESS;
projects / thirdparty / apache / httpd.git / commitdiff
