httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1005537 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/aaa/mod_authnz_ldap.c
Date Thu, 07 Oct 2010 17:28:46 GMT
Author: sf
Date: Thu Oct  7 17:28:46 2010
New Revision: 1005537

URL: http://svn.apache.org/viewvc?rev=1005537&view=rev
Log:
backport r902654 from trunk:

mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the password to
UTF-8.

PR: 45318
Adapted patch from Johannes Mueller

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1005537&r1=1005536&r2=1005537&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu Oct  7 17:28:46 2010
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.17
 
+  *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
+     password to UTF-8. PR 45318.
+     [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
+
   *) core: check symlink ownership if both FollowSymlinks and
      SymlinksIfOwnerMatch are set [Nick Kew]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1005537&r1=1005536&r2=1005537&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Oct  7 17:28:46 2010
@@ -102,12 +102,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      +1: trawick, wrowe
      niq: +1 to the 2.2.x patch, but why r951900 and r987379 in trunk patches?
 
-   * mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the password to
-     UTF-8.
-     Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=902654
-     2.2 patch: trunk patch works
-     +1: sf, rpluem, wrowe
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c?rev=1005537&r1=1005536&r2=1005537&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/branches/2.2.x/modules/aaa/mod_authnz_ldap.c Thu Oct  7 17:28:46 2010
@@ -154,6 +154,29 @@ static apr_xlate_t* get_conv_set (reques
 }
 
 
+static const char* authn_ldap_xlate_password(request_rec *r,
+                                             const char* sent_password)
+{
+    apr_xlate_t *convset = NULL;
+    apr_size_t inbytes;
+    apr_size_t outbytes;
+    char *outbuf;
+
+    if (charset_conversions && (convset = get_conv_set(r)) ) {
+        inbytes = strlen(sent_password);
+        outbytes = (inbytes+1)*3;
+        outbuf = apr_pcalloc(r->pool, outbytes);
+
+        /* Convert the password to UTF-8. */
+        if (apr_xlate_conv_buffer(convset, sent_password, &inbytes, outbuf,
+                                  &outbytes) == APR_SUCCESS)
+            return outbuf;
+    }
+
+    return sent_password;
+}
+
+
 /*
  * Build the search filter, or at least as much of the search filter that
  * will fit in the buffer. We don't worry about the buffer not being able
@@ -344,6 +367,7 @@ static authn_status authn_ldap_check_pas
     int result = 0;
     int remote_user_attribute_set = 0;
     const char *dn = NULL;
+    const char *utfpassword;
 
     authn_ldap_request_t *req =
         (authn_ldap_request_t *)apr_pcalloc(r->pool, sizeof(authn_ldap_request_t));
@@ -397,9 +421,13 @@ start_over:
     /* build the username filter */
     authn_ldap_build_filter(filtbuf, r, user, NULL, sec);
 
+    /* convert password to utf-8 */
+    utfpassword = authn_ldap_xlate_password(r, password);
+
     /* do the user search */
     result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope,
-                                         sec->attributes, filtbuf, password, &dn,
&vals);
+                                         sec->attributes, filtbuf, utfpassword,
+                                         &dn, &vals);
     util_ldap_connection_close(ldc);
 
     /* sanity check - if server is down, retry it up to 5 times */



Mime
View raw message