|
Lines 161-166
Link Here
|
| 161 |
|
161 |
|
| 162 |
|
162 |
|
| 163 |
/* |
163 |
/* |
|
|
164 |
* |
| 165 |
* Read per directory module config, and substitute for variables in binddn and bindpw |
| 166 |
* This is just a wrapper around the call to |
| 167 |
* ap_get_module_config(r->per_dir_config, &auth_ldap_module); |
| 168 |
* |
| 169 |
* If the binddn and bindpw set by the AuthLDAPBindDN and AuthLDAPBindPassword directives |
| 170 |
* contain $USER and $PASSWORD then substitute these with the browser supplied user/pass, |
| 171 |
* otherwise just return the mod_auth_ldap_config_t. |
| 172 |
* |
| 173 |
*/ |
| 174 |
#define BIND_USER "$USER" |
| 175 |
#define BIND_PASSWD "$PASSWORD" |
| 176 |
static mod_auth_ldap_config_t *auth_ldap_get_per_dir_module_config(request_rec *r) |
| 177 |
{ |
| 178 |
const char *sent_pw; |
| 179 |
int bad_sent_pw = 0; |
| 180 |
|
| 181 |
char *bind_user; /* set to start of BIND_USER if binddn requires username subst */ |
| 182 |
|
| 183 |
int doSubst = 0; /* set to true if we have values to substitute */ |
| 184 |
|
| 185 |
mod_auth_ldap_config_t *s = |
| 186 |
(mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); |
| 187 |
|
| 188 |
/* check client sent a username and a password */ |
| 189 |
if ( ! r->user ) { |
| 190 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
| 191 |
"[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" |
| 192 |
" : Client sent no username", |
| 193 |
getpid()); |
| 194 |
/* Substitute for client supplied USER in binddn if directory configured for BIND_USER |
| 195 |
* eg. if "AuthLDAPBindDN uid=$USER,ou=people,l=lon,c=gb,o=dis" |
| 196 |
* send binddn to "uid=<user>,ou=people,l=lon,c=gb,o=dis" |
| 197 |
*/ |
| 198 |
} else { |
| 199 |
if ((s->binddn) && ((bind_user = strstr(s->binddn, BIND_USER)) !=NULL)) { |
| 200 |
char *attr; |
| 201 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
| 202 |
"[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" |
| 203 |
": binddn %s", |
| 204 |
getpid(), s->binddn); |
| 205 |
attr = apr_pstrndup(r->pool, s->binddn, bind_user - s->binddn); |
| 206 |
s->binddn = apr_pstrcat(r->pool, attr, r->user, bind_user + strlen(BIND_USER), NULL ); |
| 207 |
doSubst++; |
| 208 |
} |
| 209 |
} |
| 210 |
|
| 211 |
if ((bad_sent_pw = ap_get_basic_auth_pw(r, &sent_pw))) { |
| 212 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
| 213 |
"[%d] auth_ldap_get_per_dir_module_config() auth_ldap authenticate: " |
| 214 |
"ap_get_basic_auth_pw() returns %d", getpid(), bad_sent_pw); |
| 215 |
|
| 216 |
/* set bindpw to client suppled password if directory configured for bindpw |
| 217 |
to BIND_PASSWD */ |
| 218 |
} else { |
| 219 |
if ( s->bindpw && strcmp(s->bindpw, BIND_PASSWD) ==0) { |
| 220 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
| 221 |
"[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" |
| 222 |
": bindpw USER SUPPLIED", |
| 223 |
getpid()); |
| 224 |
s->bindpw = (char *)sent_pw; |
| 225 |
doSubst++; |
| 226 |
} |
| 227 |
} |
| 228 |
|
| 229 |
if (doSubst) { |
| 230 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
| 231 |
"[%d] auth_ldap_get_per_dir_module_config() : SUBST", |
| 232 |
getpid()); |
| 233 |
|
| 234 |
ap_set_module_config(r->per_dir_config, &auth_ldap_module, s); |
| 235 |
} |
| 236 |
|
| 237 |
return s; |
| 238 |
} |
| 239 |
|
| 240 |
/* |
| 164 |
* Build the search filter, or at least as much of the search filter that |
241 |
* Build the search filter, or at least as much of the search filter that |
| 165 |
* will fit in the buffer. We don't worry about the buffer not being able |
242 |
* will fit in the buffer. We don't worry about the buffer not being able |
| 166 |
* to hold the entire filter. If the buffer wasn't big enough to hold the |
243 |
* to hold the entire filter. If the buffer wasn't big enough to hold the |
|
Lines 269-275
Link Here
|
| 269 |
const char **vals = NULL; |
346 |
const char **vals = NULL; |
| 270 |
char filtbuf[FILTER_LENGTH]; |
347 |
char filtbuf[FILTER_LENGTH]; |
| 271 |
mod_auth_ldap_config_t *sec = |
348 |
mod_auth_ldap_config_t *sec = |
| 272 |
(mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); |
349 |
(mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); |
| 273 |
|
350 |
|
| 274 |
util_ldap_connection_t *ldc = NULL; |
351 |
util_ldap_connection_t *ldc = NULL; |
| 275 |
const char *sent_pw; |
352 |
const char *sent_pw; |
|
Lines 409-416
Link Here
|
| 409 |
(mod_auth_ldap_request_t *)ap_get_module_config(r->request_config, |
486 |
(mod_auth_ldap_request_t *)ap_get_module_config(r->request_config, |
| 410 |
&auth_ldap_module); |
487 |
&auth_ldap_module); |
| 411 |
mod_auth_ldap_config_t *sec = |
488 |
mod_auth_ldap_config_t *sec = |
| 412 |
(mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, |
489 |
(mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); |
| 413 |
&auth_ldap_module); |
|
|
| 414 |
|
490 |
|
| 415 |
util_ldap_connection_t *ldc = NULL; |
491 |
util_ldap_connection_t *ldc = NULL; |
| 416 |
int m = r->method_number; |
492 |
int m = r->method_number; |