From: Eric Covener Date: Mon, 10 Nov 2014 22:43:53 +0000 (+0000) Subject: Resolve rashes with LDAP authz and non-LDAP authn since r1608202. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=299d598779e03afb8d8cf7654ddffeea2c4bd3c2;p=thirdparty%2Fapache%2Fhttpd.git Resolve rashes with LDAP authz and non-LDAP authn since r1608202. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1637990 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7a97aa90bf4..47c7d34a6f3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + + *) mod_authnz_ldap: Resolve rashes with LDAP authz and non-LDAP authn since + r1608202. [Eric Covener] *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes. PR 57167 [Edward Lu ] diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index d0f223dc380..2a0a7c686ca 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -731,11 +731,15 @@ static authz_status ldapuser_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_COMPARE); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_COMPARE); + else { + ldc = get_connection_for_authz(r, LDAP_COMPARE); + } + /* * If we have been authenticated by some other module than mod_authnz_ldap, @@ -855,11 +859,14 @@ static authz_status ldapgroup_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_COMPARE); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_COMPARE); + else { + ldc = get_connection_for_authz(r, LDAP_COMPARE); + } /* * If there are no elements in the group attribute array, the default should be @@ -1065,11 +1072,14 @@ static authz_status ldapdn_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */ if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */ + else { + ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */ + } require = ap_expr_str_exec(r, expr, &err); if (err) { @@ -1162,11 +1172,14 @@ static authz_status ldapattribute_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_COMPARE); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_COMPARE); + else { + ldc = get_connection_for_authz(r, LDAP_COMPARE); + } if (req->dn == NULL || strlen(req->dn) == 0) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01733) @@ -1268,11 +1281,14 @@ static authz_status ldapfilter_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_SEARCH); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_SEARCH); + else { + ldc = get_connection_for_authz(r, LDAP_SEARCH); + } if (req->dn == NULL || strlen(req->dn) == 0) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01742)