From: Graham Leggett Date: Fri, 21 May 2004 20:02:39 +0000 (+0000) Subject: mod_ldap calls ldap_simple_bind_s() to validate the user X-Git-Tag: 2.0.50~91 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=463d94359c2fab5c0f0c08132bf6487878f0b509;p=thirdparty%2Fapache%2Fhttpd.git mod_ldap calls ldap_simple_bind_s() to validate the user credentials. If the bind fails, the connection is left in an unbound state. Make sure that the ldap connection record is updated to show that the connection is no longer bound. PR: Obtained from: Submitted by: Reviewed by: bnicholes, minfrin, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@103721 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index beda4338927..28459992fe0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,11 @@ Changes with Apache 2.0.50 + *) mod_ldap calls ldap_simple_bind_s() to validate the user + credentials. If the bind fails, the connection is left + in an unbound state. Make sure that the ldap connection + record is updated to show that the connection is no longer + bound. [Brad Nicholes] + *) Ensure that lines in the request which are too long are properly terminated before logging. [Tsurutani Naoki ] diff --git a/STATUS b/STATUS index ec72cefdc53..1983126f757 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2004/05/21 16:07:39 $] +Last modified at [$Date: 2004/05/21 20:02:20 $] Release: @@ -123,15 +123,6 @@ PATCHES TO BACKPORT FROM 2.1 PR: 13511 +1: jorton - *) mod_ldap calls ldap_simple_bind_s() to validate the user - credentials. If the bind fails, the connection is left - in an unbound state. Make sure that the ldap connection - record is updated to show that the connection is no longer - bound. - modules/experimental/util_ldap.c: r1.27 - +1: bnicholes, jim - +1: minfrin (confirmed fixes long standing timeout bug) - *) mod_ssl: Fix potential SEGV in 'shmcb' session cache. modules/ssl/ssl_scache_shmcb.c: r1.26 +1: madhum, jorton diff --git a/modules/experimental/util_ldap.c b/modules/experimental/util_ldap.c index 70dcf06919e..16b1ebae421 100644 --- a/modules/experimental/util_ldap.c +++ b/modules/experimental/util_ldap.c @@ -333,9 +333,6 @@ LDAP_DECLARE(int) util_ldap_connection_open(request_rec *r, break; } - ldc->bound = 1; - ldc->reason = "LDAP: connection open successful"; - /* free the handle if there was an error */ if (LDAP_SUCCESS != result) @@ -345,6 +342,10 @@ LDAP_DECLARE(int) util_ldap_connection_open(request_rec *r, ldc->bound = 0; ldc->reason = "LDAP: ldap_simple_bind_s() failed"; } + else { + ldc->bound = 1; + ldc->reason = "LDAP: connection open successful"; + } return(result); } @@ -875,6 +876,9 @@ start_over: if (result != LDAP_SUCCESS) { ldc->reason = "ldap_simple_bind_s() to check user credentials failed"; ldap_msgfree(res); + ldap_unbind_s(ldc->ldap); + ldc->ldap = NULL; + ldc->bound = 0; return result; } else {