httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1521973 - /httpd/httpd/trunk/modules/ldap/util_ldap.c
Date Wed, 11 Sep 2013 18:22:19 GMT
Author: covener
Date: Wed Sep 11 18:22:18 2013
New Revision: 1521973

URL: http://svn.apache.org/r1521973
Log:
comments only, before I task switch. 

Subgroup checking is cached, but very inefficient for large groups.

Modified:
    httpd/httpd/trunk/modules/ldap/util_ldap.c

Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=1521973&r1=1521972&r2=1521973&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Wed Sep 11 18:22:18 2013
@@ -1219,6 +1219,7 @@ static util_compare_subgroup_t* uldap_ge
 
     sgc_ents = (struct mod_auth_ldap_groupattr_entry_t *) subgroupclasses->elts;
 
+    /* XXX: attrs should not be required, they're just a secondary filtering */
     if (!subgroupAttrs) {
         return res;
     }
@@ -1242,6 +1243,7 @@ start_over:
     }
 
     /* try to do the search */
+    /* XXX: this filter should include the subgroup object classes! */
     result = ldap_search_ext_s(ldc->ldap, (char *)dn, LDAP_SCOPE_BASE,
                                (char *)"cn=*", subgroupAttrs, 0,
                                NULL, NULL, NULL, APR_LDAP_SIZELIMIT, &sga_res);
@@ -1295,12 +1297,17 @@ start_over:
                  */
                 while (values[val_index]) {
                     /* Check if this entry really is a group. */
+
+                    /* XXX: This has to be wrong, we're iterating over subgroup attributes,
+                     * but checking the objectClass of the subgroup.  This could have been
a filter.
+                     */ 
+
                     tmp_sgcIndex = 0;
                     result = LDAP_COMPARE_FALSE;
                     while ((tmp_sgcIndex < subgroupclasses->nelts)
                            && (result != LDAP_COMPARE_TRUE)) {
                         result = uldap_cache_compare(r, ldc, url,
-                                                     values[val_index],
+                                                     values[val_index], /* candidate subgroup
DN */
                                                      "objectClass",
                                                      sgc_ents[tmp_sgcIndex].name
                                                      );
@@ -1310,6 +1317,11 @@ start_over:
                         }
                     }
                     /* It's a group, so add it to the array.  */
+
+                    /* XXX: Hold on -- we never actually checked that the subgroup DN had
any "subgroupattrs" in it.
+                     * Maybe it's never actually been useful, IOW that objectClass is enough.
+                     */
+
                     if (result == LDAP_COMPARE_TRUE) {
                         char **newgrp = (char **) apr_array_push(subgroups);
                         *newgrp = apr_pstrdup(r->pool, values[val_index]);



Mime
View raw message