httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1631119 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS modules/ldap/util_ldap.c
Date Sat, 11 Oct 2014 21:18:45 GMT
Author: covener
Date: Sat Oct 11 21:18:45 2014
New Revision: 1631119

URL: http://svn.apache.org/r1631119
Log:
Merge r1613682 from trunk:

In 2.4.10, AuthLDAPBindDN might not be used for some LDAP searches, causing 
LDAP authz failures if AuthLDAPBindDN was able to search through more of
LDAP than web users.



Modified:
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1631119&r1=1631118&r2=1631119&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sat Oct 11 21:18:45 2014
@@ -6,6 +6,10 @@ Changes with Apache 2.4.11
      mod_cache: Avoid a crash when Content-Type has an empty value.
      PR 56924.  [Mark Montague <mark catseye.org>, Jan Kaluza]
 
+  *) mod_ldap: In 2.4.10, some LDAP searches or comparisons might be done with
+     the wrong credentials when a backend connection is reused.
+     [Eric Covener]
+
   *) mod_macro: Add missing APLOGNO for some Warning log messages.
      [Christophe Jaillet]
 

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1631119&r1=1631118&r2=1631119&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sat Oct 11 21:18:45 2014
@@ -102,12 +102,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_ldap: 2.4.10 regression: Some authorization searches won't use AuthLDAPBindDN
-     which can lead to LDAP authz failurs if AuthLDAPBindDN had extra access. 
-     trunk patch: http://svn.apache.org/r1613682
-     2.4.x patch: trunk works + CHANGES referencing 2.4.10 regression
-     +1: covener, jim, rjung
-
    * mod_dav: set r->status_line in dav_error_response.
      It's used as argument in next ap_rvputs call. PR 55426.
      trunk patch: http://svn.apache.org/r1527509

Modified: httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c?rev=1631119&r1=1631118&r2=1631119&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c Sat Oct 11 21:18:45 2014
@@ -1824,7 +1824,7 @@ start_over:
          * combination, which might be reused unintentionally next time this
          * connection is used from the connection pool.
          */
-        ldc->must_rebind = 0;
+        ldc->must_rebind = 1;
         ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "LDC %pp used for authn, must be rebound",
ldc);
     }
 



Mime
View raw message