From: William A. Rowe Jr Date: Thu, 9 Jul 2015 14:51:57 +0000 (+0000) Subject: mod_ldap: Fix unexpected return codes from LDAP lib being coerced X-Git-Tag: 2.4.16~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78014b330053ddac1f2f9eef50471cbbfd4161ef;p=thirdparty%2Fapache%2Fhttpd.git mod_ldap: Fix unexpected return codes from LDAP lib being coerced into LDAP_NO_SUCH_ATTRIBUTE + some new tracing. trunk patch: http://svn.apache.org/r1687980 http://svn.apache.org/r1689694 http://svn.apache.org/r1689698 Backports: 1687980, 1689694, 1689698 Submitted by: covener Reviewied by: covener, wrowe, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1690114 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 63f64e8178f..62a4702f16c 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,9 @@ Changes with Apache 2.4.16 *) core: Avoid a possible truncation of the faulty header included in the HTML response when LimitRequestFieldSize is reached. [Yann Ylavic] + *) mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead + of an error during a compare operation. [Eric Covener] + Changes with Apache 2.4.15 *) mod_ext_filter, mod_charset_lite: Avoid inadvertent filtering of protocol diff --git a/STATUS b/STATUS index 3d558d0e46c..c387ac65b81 100644 --- a/STATUS +++ b/STATUS @@ -108,14 +108,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_ldap: Fix unexpected return codes from LDAP lib being coerced - into LDAP_NO_SUCH_ATTRIBUTE + some new tracing. - - trunk patch: http://svn.apache.org/r1687980 - http://svn.apache.org/r1689694 - http://svn.apache.org/r1689698 - 2.4.x patch: http://people.apache.org/~covener/patches/httpd-2.4.x-ldap-retcode.diff - +1: covener, wrowe, ylavic PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index d9359b2ffa4..156e131d2cd 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -1096,13 +1096,19 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc, ldc->reason = "Comparison no such attribute (cached)"; } else { - ldc->reason = "Comparison undefined (cached)"; + ldc->reason = apr_psprintf(r->pool, + "Comparison undefined: (%d): %s (adding to cache)", + result, ldap_err2string(result)); } /* record the result code to return with the reason... */ result = compare_nodep->result; /* and unlock this read lock */ LDAP_CACHE_UNLOCK(); + + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, + "ldap_compare_s(%pp, %s, %s, %s) = %s (cached)", + ldc->ldap, dn, attrib, value, ldap_err2string(result)); return result; } } @@ -1186,19 +1192,26 @@ start_over: } LDAP_CACHE_UNLOCK(); } + if (LDAP_COMPARE_TRUE == result) { ldc->reason = "Comparison true (adding to cache)"; - return LDAP_COMPARE_TRUE; } else if (LDAP_COMPARE_FALSE == result) { ldc->reason = "Comparison false (adding to cache)"; - return LDAP_COMPARE_FALSE; } - else { + else if (LDAP_NO_SUCH_ATTRIBUTE == result) { ldc->reason = "Comparison no such attribute (adding to cache)"; - return LDAP_NO_SUCH_ATTRIBUTE; + } + else { + ldc->reason = apr_psprintf(r->pool, + "Comparison undefined: (%d): %s (adding to cache)", + result, ldap_err2string(result)); } } + + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, + "ldap_compare_s(%pp, %s, %s, %s) = %s", + ldc->ldap, dn, attrib, value, ldap_err2string(result)); return result; }