httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r230895 - /httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
Date Mon, 08 Aug 2005 21:23:25 GMT
Author: jim
Date: Mon Aug  8 14:23:22 2005
New Revision: 230895

URL: http://svn.apache.org/viewcvs?rev=230895&view=rev
Log:
Ensure that req->dn is valid for the util_ldap_cache_compare() call.
Esp make sure not null.

Modified:
    httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c

Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c?rev=230895&r1=230894&r2=230895&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c Mon Aug  8 14:23:22 2005
@@ -707,6 +707,13 @@
             }
         }
         else if (strcmp(w, "ldap-attribute") == 0) {
+            if (req->dn == NULL || strlen(req->dn) == 0) {
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                              "[%d] auth_ldap authorise: "
+                              "require ldap-attribute: user's DN has not been defined; failing
authorisation", 
+                              getpid());
+                return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+            }
             while (t[0]) {
                 w = ap_getword(r->pool, &t, '=');
                 value = ap_getword_conf(r->pool, &t);
@@ -735,6 +742,13 @@
             }
         }
         else if (strcmp(w, "ldap-filter") == 0) {
+            if (req->dn == NULL || strlen(req->dn) == 0) {
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                              "[%d] auth_ldap authorise: "
+                              "require ldap-filter: user's DN has not been defined; failing
authorisation", 
+                              getpid());
+                return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+            }
             if (t[0]) {
                 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                               "[%d] auth_ldap authorise: checking filter %s", 



Mime
View raw message