httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c
Date Tue, 02 Nov 2004 00:08:21 GMT
bnicholes    2004/11/01 16:08:21

  Modified:    modules/aaa NWGNUauthnzldap mod_authnz_ldap.c
  Log:
  Allow mod_authnz_ldap authorization functionality to be used without requiring the user
to also be authenticated through mod_authnz_ldap. This allows other authentication modules
to take advantage of LDAP authorization only [PR 28253]
  
  Submitted by: Jari Ahonen [jah progress.com]
  Reviewed by: Brad Nicholes
  
  Revision  Changes    Path
  1.2       +1 -0      httpd-2.0/modules/aaa/NWGNUauthnzldap
  
  Index: NWGNUauthnzldap
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/NWGNUauthnzldap,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- NWGNUauthnzldap	17 Aug 2004 23:33:07 -0000	1.1
  +++ NWGNUauthnzldap	2 Nov 2004 00:08:21 -0000	1.2
  @@ -206,6 +206,7 @@
   	util_ldap_connection_find \
   	util_ldap_connection_close \
   	util_ldap_cache_checkuserid \
  +	util_ldap_cache_getuserdn \
   	util_ldap_cache_compare \
   	util_ldap_cache_comparedn \
   	@$(APR)/aprlib.imp \
  
  
  
  1.6       +44 -0     httpd-2.0/modules/aaa/mod_authnz_ldap.c
  
  Index: mod_authnz_ldap.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_authnz_ldap.c,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- mod_authnz_ldap.c	12 Oct 2004 12:27:18 -0000	1.5
  +++ mod_authnz_ldap.c	2 Nov 2004 00:08:21 -0000	1.6
  @@ -469,6 +469,12 @@
       char *w;
       int method_restricted = 0;
   
  +    char filtbuf[FILTER_LENGTH];
  +    const char *dn = NULL;
  +    const char **vals = NULL;
  +    const char *type = ap_auth_type(r);
  +    char *tmpuser;
  +
   /*
       if (!sec->enabled) {
           return DECLINED;
  @@ -515,6 +521,44 @@
           ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
                         "[%d] auth_ldap authorise: no requirements array", getpid());
           return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
  +    }
  +
  +    /*
  +     * If we have been authenticated by some other module than mod_auth_ldap,
  +     * the req structure needed for authorization needs to be created
  +     * and populated with the userid and DN of the account in LDAP
  +     */
  +
  +    /* Check that we have a userid to start with */
  +    if ((!r->user) || (strlen(r->user) == 0)) {
  +        ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r,
  +            "ldap authorize: Userid is blank, AuthType=%s",
  +            r->ap_auth_type);
  +    }
  +
  +    if(!req) {
  +        ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
  +            "ldap authorize: Creating LDAP req structure");
  +
  +        /* Build the username filter */
  +        authn_ldap_build_filter(filtbuf, r, r->user, sec);
  +
  +        /* Search for the user DN */
  +        result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn,
  +             sec->scope, sec->attributes, filtbuf, &dn, &vals);
  +
  +        /* Search failed, log error and return failure */
  +        if(result != LDAP_SUCCESS) {
  +            ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
  +                "auth_ldap authorise: User DN not found, %s", ldc->reason);
  +            return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
  +        }
  +
  +        req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
  +            sizeof(authn_ldap_request_t));
  +        ap_set_module_config(r->request_config, &authnz_ldap_module, req);
  +        req->dn = apr_pstrdup(r->pool, dn);
  +        req->user = r->user;
       }
   
       /* Loop through the requirements array until there's no elements
  
  
  

Mime
View raw message