httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1637990 - in /httpd/httpd/trunk: CHANGES modules/aaa/mod_authnz_ldap.c
Date Mon, 10 Nov 2014 22:43:53 GMT
Author: covener
Date: Mon Nov 10 22:43:53 2014
New Revision: 1637990

URL: http://svn.apache.org/r1637990
Log:
Resolve rashes with LDAP authz and non-LDAP authn since r1608202.



Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1637990&r1=1637989&r2=1637990&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Nov 10 22:43:53 2014
@@ -1,5 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
+
+  *) mod_authnz_ldap: Resolve rashes with LDAP authz and non-LDAP authn since 
+     r1608202. [Eric Covener]
  
   *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
      PR 57167 [Edward Lu <Chaosed0 gmail.com>]

Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c?rev=1637990&r1=1637989&r2=1637990&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c Mon Nov 10 22:43:53 2014
@@ -731,11 +731,15 @@ static authz_status ldapuser_check_autho
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { 
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    }
+
 
     /*
      * If we have been authenticated by some other module than mod_authnz_ldap,
@@ -855,11 +859,14 @@ static authz_status ldapgroup_check_auth
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    }
 
     /*
      * If there are no elements in the group attribute array, the default should be
@@ -1065,11 +1072,14 @@ static authz_status ldapdn_check_authori
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */
+    }
 
     require = ap_expr_str_exec(r, expr, &err);
     if (err) {
@@ -1162,11 +1172,14 @@ static authz_status ldapattribute_check_
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    }
 
     if (req->dn == NULL || strlen(req->dn) == 0) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01733)
@@ -1268,11 +1281,14 @@ static authz_status ldapfilter_check_aut
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_SEARCH);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_SEARCH);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_SEARCH);
+    }
 
     if (req->dn == NULL || strlen(req->dn) == 0) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01742)



Mime
View raw message