httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject cvs commit: httpd-2.0/modules/experimental util_ldap.c
Date Mon, 26 Apr 2004 22:04:59 GMT
bnicholes    2004/04/26 15:04:59

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/experimental Tag: APACHE_2_0_BRANCH util_ldap.c
  Log:
  Backport the util_ldap patch that updates the bind credentials so that util_ldap will properly
reuse the cached ldap connections.
  
  Reviewed by: bnicholes, minfrin, trawick
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.274 +5 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.273
  retrieving revision 1.988.2.274
  diff -u -r1.988.2.273 -r1.988.2.274
  --- CHANGES	26 Apr 2004 15:58:30 -0000	1.988.2.273
  +++ CHANGES	26 Apr 2004 22:04:58 -0000	1.988.2.274
  @@ -1,5 +1,10 @@
   Changes with Apache 2.0.50
   
  +  *) Update the bind credentials for the cached LDAP connection to 
  +     reflect the last bind.  This prevents util_ldap from creating 
  +     unnecessary connections rather than reusing cached connections.
  +     [Brad Nicholes]
  +     
     *) mod_isapi: GetServerVariable returned improperly terminated header 
        fields given "ALL_HTTP" or "ALL_RAW".  PR 20656.
        [Jesse Pelton <jsp pkc.com>]
  
  
  
  1.751.2.842 +1 -11     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.841
  retrieving revision 1.751.2.842
  diff -u -r1.751.2.841 -r1.751.2.842
  --- STATUS	26 Apr 2004 19:03:40 -0000	1.751.2.841
  +++ STATUS	26 Apr 2004 22:04:58 -0000	1.751.2.842
  @@ -167,16 +167,6 @@
            modules/mappers/mod_rewrite.c: r1.255
          +1: nd, trawick
   
  -    *) Update the ldc->binddn and ldc->bindpw associated with the LDAP 
  -       connection to match the authenticating user DN and password after
  -       ldap_simple_bind_s() is called to authenticate the user.  Otherwise 
  -       the next time that this connection is reused, it will indicate that 
  -       it is bound to the original user DN specified by ldc->binddn when in 
  -       fact it is bound to a completely different user DN who may not have 
  -       sufficient rights to complete the requested search.
  -         modules/experimental/util_ldap.c: r1.22, r1.24
  -       +1: bnicholes, minfrin, trawick
  -    
       *) (re-)add support for RewriteRules in <Proxy> containers. PR 27985
            modules/mappers/mod_rewrite.c: r1.254
          +1: nd, trawick
  
  
  
  No                   revision
  No                   revision
  1.6.2.13  +69 -32    httpd-2.0/modules/experimental/util_ldap.c
  
  Index: util_ldap.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/experimental/util_ldap.c,v
  retrieving revision 1.6.2.12
  retrieving revision 1.6.2.13
  diff -u -r1.6.2.12 -r1.6.2.13
  --- util_ldap.c	12 Apr 2004 21:17:42 -0000	1.6.2.12
  +++ util_ldap.c	26 Apr 2004 22:04:59 -0000	1.6.2.13
  @@ -88,6 +88,20 @@
                             "\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
   #endif
   
  +
  +static void util_ldap_strdup (char **str, const char *newstr)
  +{
  +    if (*str) {
  +        free(*str);
  +        *str = NULL;
  +    }
  +
  +    if (newstr) {
  +        *str = calloc(1, strlen(newstr)+1);
  +        strcpy (*str, newstr);
  +    }
  +}
  +
   /*
    * Status Handler
    * --------------
  @@ -179,25 +193,36 @@
   {
       util_ldap_connection_t *ldc = param;
   
  -    /* unbinding from the LDAP server */
  -    if (ldc->ldap) {
  -        ldap_unbind_s(ldc->ldap);
  -        ldc->bound = 0;
  -        ldc->ldap = NULL;
  -    }
  +    if (ldc) {
  +
  +        /* unbinding from the LDAP server */
  +        if (ldc->ldap) {
  +            ldap_unbind_s(ldc->ldap);
  +            ldc->bound = 0;
  +            ldc->ldap = NULL;
  +        }
  +
  +        if (ldc->bindpw) {
  +            free((void*)ldc->bindpw);
  +        }
  +    
  +        if (ldc->binddn) {
  +            free((void*)ldc->binddn);
  +        }
   
  -    /* release the lock we were using.  The lock should have
  -       already been released in the close connection call.  
  -       But just in case it wasn't, we first try to get the lock
  -       before unlocking it to avoid unlocking an unheld lock. 
  -       Unlocking an unheld lock causes problems on NetWare.  The
  -       other option would be to assume that close connection did
  -       its job. */
  +        /* release the lock we were using.  The lock should have
  +           already been released in the close connection call.  
  +           But just in case it wasn't, we first try to get the lock
  +           before unlocking it to avoid unlocking an unheld lock. 
  +           Unlocking an unheld lock causes problems on NetWare.  The
  +           other option would be to assume that close connection did
  +           its job. */
   #if APR_HAS_THREADS
  -    apr_thread_mutex_trylock(ldc->lock);
  -    apr_thread_mutex_unlock(ldc->lock);
  +        apr_thread_mutex_trylock(ldc->lock);
  +        apr_thread_mutex_unlock(ldc->lock);
   #endif
   
  +    }
       return APR_SUCCESS;
   }
   
  @@ -290,11 +315,6 @@
           /* always default to LDAP V3 */
           ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
   
  -
  -        /* add the cleanup to the pool */
  -        apr_pool_cleanup_register(ldc->pool, ldc,
  -                                  util_ldap_connection_destroy,
  -                                  apr_pool_cleanup_null);
       }
   
   
  @@ -395,8 +415,8 @@
   
                   /* the bind credentials have changed */
                   l->bound = 0;
  -                l->binddn = apr_pstrdup(st->pool, binddn);
  -                l->bindpw = apr_pstrdup(st->pool, bindpw);
  +                util_ldap_strdup((char**)&(l->binddn), binddn);
  +                util_ldap_strdup((char**)&(l->bindpw), bindpw);
                   break;
               }
   #if APR_HAS_THREADS
  @@ -434,10 +454,15 @@
           l->host = apr_pstrdup(st->pool, host);
           l->port = port;
           l->deref = deref;
  -        l->binddn = apr_pstrdup(st->pool, binddn);
  -        l->bindpw = apr_pstrdup(st->pool, bindpw);
  +        util_ldap_strdup((char**)&(l->binddn), binddn);
  +        util_ldap_strdup((char**)&(l->bindpw), bindpw);
           l->secure = secure;
   
  +        /* add the cleanup to the pool */
  +        apr_pool_cleanup_register(l->pool, l,
  +                                  util_ldap_connection_destroy,
  +                                  apr_pool_cleanup_null);
  +
           if (p) {
               p->next = l;
           }
  @@ -817,7 +842,7 @@
   
       /* Grab the dn, copy it into the pool, and free it again */
       dn = ldap_get_dn(ldc->ldap, entry);
  -    *binddn = apr_pstrdup(st->pool, dn);
  +    *binddn = apr_pstrdup(r->pool, dn);
       ldap_memfree(dn);
   
       /* 
  @@ -852,6 +877,18 @@
           ldap_msgfree(res);
           return result;
       }
  +    else {
  +        /*
  +         * Since we just bound the connection to the authenticating user id, update the
  +         * ldc->binddn and ldc->bindpw to reflect the change and also to allow the
next 
  +         * call to util_ldap_connection_open() to handle the connection reuse appropriately.
  +         * Otherwise the next time that this connection is reused, it will indicate that
  +         * it is bound to the original user id specified ldc->binddn when in fact it
is 
  +         * bound to a completely different user id.
  +         */
  +        util_ldap_strdup((char**)&(ldc->binddn), *binddn);
  +        util_ldap_strdup((char**)&(ldc->bindpw), bindpw);
  +    }
   
       /*
        * Get values for the provided attributes.
  @@ -881,17 +918,17 @@
       /* 		
        * Add the new username to the search cache.
        */
  -    LDAP_CACHE_WRLOCK();
  -    the_search_node.username = filter;
  -    the_search_node.dn = *binddn;
  -    the_search_node.bindpw = bindpw;
  -    the_search_node.lastbind = apr_time_now();
  -    the_search_node.vals = vals;
       if (curl) {
  +        LDAP_CACHE_WRLOCK();
  +        the_search_node.username = filter;
  +        the_search_node.dn = *binddn;
  +        the_search_node.bindpw = bindpw;
  +        the_search_node.lastbind = apr_time_now();
  +        the_search_node.vals = vals;
           util_ald_cache_insert(curl->search_cache, &the_search_node);
  +        LDAP_CACHE_UNLOCK();
       }
       ldap_msgfree(res);
  -    LDAP_CACHE_UNLOCK();
   
       ldc->reason = "Authentication successful";
       return LDAP_SUCCESS;
  
  
  

Mime
View raw message