httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r151083 - in httpd/httpd/trunk/modules: aaa/mod_authnz_ldap.c ldap/util_ldap.c
Date Thu, 03 Feb 2005 00:03:39 GMT
Author: bnicholes
Date: Wed Feb  2 16:03:37 2005
New Revision: 151083

URL: http://svn.apache.org/viewcvs?view=rev&rev=151083
Log:
Allow AuthLDAPURL to override the default connection type with an option second parameter
of NONE, SSL or TLS | STARTTLS

Modified:
    httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
    httpd/httpd/trunk/modules/ldap/util_ldap.c

Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c?view=diff&r1=151082&r2=151083
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c Wed Feb  2 16:03:37 2005
@@ -291,7 +291,7 @@
     sec->frontpage_hack = 0;
 */
 
-    sec->secure = 0;
+    sec->secure = -1;   /*Initialize to unset*/
 
     sec->user_is_dn = 0;
     sec->compare_dn_on_server = 0;
@@ -803,7 +803,8 @@
  */
 static const char *mod_auth_ldap_parse_url(cmd_parms *cmd, 
                                     void *config,
-                                    const char *url)
+                                    const char *url,
+                                    const char *mode)
 {
     int rc;
     apr_ldap_url_desc_t *urld;
@@ -885,24 +886,40 @@
         sec->filter = "objectclass=*";
     }
 
+    if (mode) {
+        if (0 == strcasecmp("NONE", mode)) {
+            sec->secure = APR_LDAP_NONE;
+        }
+        else if (0 == strcasecmp("SSL", mode)) {
+            sec->secure = APR_LDAP_SSL;
+        }
+        else if (0 == strcasecmp("TLS", mode) || 0 == strcasecmp("STARTTLS", mode)) {
+            sec->secure = APR_LDAP_STARTTLS;
+        }
+        else {
+            return "Invalid LDAP connection mode setting: must be one of NONE, "
+                   "SSL, or TLS/STARTTLS";
+        }
+    }
+
       /* "ldaps" indicates secure ldap connections desired
       */
     if (strncasecmp(url, "ldaps", 5) == 0)
     {
-        sec->secure = 1;
+        sec->secure = APR_LDAP_SSL;
         sec->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
         ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
                      "LDAP: auth_ldap using SSL connections");
     }
     else
     {
-        sec->secure = 0;
         sec->port = urld->lud_port? urld->lud_port : LDAP_PORT;
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, 
                      "LDAP: auth_ldap not using SSL connections");
     }
 
     sec->have_ldap_url = 1;
+
     return NULL;
 }
 
@@ -952,7 +969,7 @@
 
 static const command_rec authnz_ldap_cmds[] =
 {
-    AP_INIT_TAKE1("AuthLDAPURL", mod_auth_ldap_parse_url, NULL, OR_AUTHCFG, 
+    AP_INIT_TAKE12("AuthLDAPURL", mod_auth_ldap_parse_url, NULL, OR_AUTHCFG, 
                   "URL to define LDAP connection. This should be an RFC 2255 complaint\n"
                   "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
                   "<ul>\n"

Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ldap/util_ldap.c?view=diff&r1=151082&r2=151083
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Wed Feb  2 16:03:37 2005
@@ -274,7 +274,7 @@
                       &(result));
 
 
-        if (result != NULL) {
+        if (result != NULL && result->rc) {
             ldc->reason = result->reason;
         }
 
@@ -412,6 +412,7 @@
                                        const char *binddn, const char *bindpw,
                                        deref_options deref, int secure) {
     struct util_ldap_connection_t *l, *p; /* To traverse the linked list */
+    int secureflag = secure;
 
     util_ldap_state_t *st = 
         (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
@@ -426,6 +427,10 @@
     apr_thread_mutex_lock(st->mutex);
 #endif
 
+    if (secure < APR_LDAP_NONE) {
+        secureflag = st->secure;
+    }
+
     /* Search for an exact connection match in the list that is not
      * being used.
      */
@@ -436,7 +441,7 @@
         if ((l->port == port) && (strcmp(l->host, host) == 0) && 
             ((!l->binddn && !binddn) || (l->binddn && binddn &&
!strcmp(l->binddn, binddn))) && 
             ((!l->bindpw && !bindpw) || (l->bindpw && bindpw &&
!strcmp(l->bindpw, bindpw))) && 
-            (l->deref == deref) && (l->secure == secure) &&
+            (l->deref == deref) && (l->secure == secureflag) &&
             !compare_client_certs(st->client_certs, l->client_certs)) {
 
             break;
@@ -461,7 +466,7 @@
 
 #endif
             if ((l->port == port) && (strcmp(l->host, host) == 0) &&

-                (l->deref == deref) && (l->secure == secure) &&
+                (l->deref == deref) && (l->secure == secureflag) &&
                 !compare_client_certs(st->client_certs, l->client_certs)) {
 
                 /* the bind credentials have changed */
@@ -513,9 +518,7 @@
          * If the security setting is NONE, override it to the security
          * setting optionally supplied by the admin using LDAPTrustedMode
          */
-        l->secure = (APR_LDAP_NONE == secure) ?
-                     st->secure :
-                     secure;
+        l->secure = secureflag;
 
         /* save away a copy of the client cert list that is presently valid */
         l->client_certs = apr_array_copy_hdr(l->pool, st->client_certs);



Mime
View raw message