From: Graham Leggett <minfrin@apache.org>
Date: Fri, 24 Nov 2023 17:01:43 +0000 (+0000)
Subject: Make sure attributes from ldapsearch are passed into the environment. Make sure
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc76ce4c43efb8c0c36a5990aeb0468a87458087;p=thirdparty%2Fapache%2Fhttpd.git

Make sure attributes from ldapsearch are passed into the environment. Make sure
the distinguished name is duplicated before being used.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914091 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 29f04e2bb05..6295618f580 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -1453,18 +1453,17 @@ static authz_status ldapsearch_check_authorization(request_rec *r,
     t = require;
 
     if (t[0]) {
-        const char **vals;
 
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02630)
                       "auth_ldap authorize: checking filter %s", t);
 
         /* Search for the user DN */
         result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn,
-             sec->scope, sec->attributes, t, &dn, &vals);
+             sec->scope, sec->attributes, t, &dn, &(req->vals));
 
         /* Make sure that the filtered search returned a single dn */
         if (result == LDAP_SUCCESS && dn) {
-            req->dn = dn;
+            req->dn = apr_pstrdup(r->pool, dn);
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02631)
                           "auth_ldap authorize: require ldap-search: "
                           "authorization successful");