Lines 161-166
Link Here
|
161 |
|
161 |
|
162 |
|
162 |
|
163 |
/* |
163 |
/* |
|
|
164 |
* |
165 |
* Read per directory module config, and substitute for variables in binddn and bindpw |
166 |
* This is just a wrapper around the call to |
167 |
* ap_get_module_config(r->per_dir_config, &auth_ldap_module); |
168 |
* |
169 |
* If the binddn and bindpw set by the AuthLDAPBindDN and AuthLDAPBindPassword directives |
170 |
* contain $USER and $PASSWORD then substitute these with the browser supplied user/pass, |
171 |
* otherwise just return the mod_auth_ldap_config_t. |
172 |
* |
173 |
*/ |
174 |
#define BIND_USER "$USER" |
175 |
#define BIND_PASSWD "$PASSWORD" |
176 |
static mod_auth_ldap_config_t *auth_ldap_get_per_dir_module_config(request_rec *r) |
177 |
{ |
178 |
const char *sent_pw; |
179 |
int bad_sent_pw = 0; |
180 |
|
181 |
char *bind_user; /* set to start of BIND_USER if binddn requires username subst */ |
182 |
|
183 |
int doSubst = 0; /* set to true if we have values to substitute */ |
184 |
|
185 |
mod_auth_ldap_config_t *s = |
186 |
(mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); |
187 |
|
188 |
/* check client sent a username and a password */ |
189 |
if ( ! r->user ) { |
190 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
191 |
"[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" |
192 |
" : Client sent no username", |
193 |
getpid()); |
194 |
/* Substitute for client supplied USER in binddn if directory configured for BIND_USER |
195 |
* eg. if "AuthLDAPBindDN uid=$USER,ou=people,l=lon,c=gb,o=dis" |
196 |
* send binddn to "uid=<user>,ou=people,l=lon,c=gb,o=dis" |
197 |
*/ |
198 |
} else { |
199 |
if ((s->binddn) && ((bind_user = strstr(s->binddn, BIND_USER)) !=NULL)) { |
200 |
char *attr; |
201 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
202 |
"[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" |
203 |
": binddn %s", |
204 |
getpid(), s->binddn); |
205 |
attr = apr_pstrndup(r->pool, s->binddn, bind_user - s->binddn); |
206 |
s->binddn = apr_pstrcat(r->pool, attr, r->user, bind_user + strlen(BIND_USER), NULL ); |
207 |
doSubst++; |
208 |
} |
209 |
} |
210 |
|
211 |
if ((bad_sent_pw = ap_get_basic_auth_pw(r, &sent_pw))) { |
212 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
213 |
"[%d] auth_ldap_get_per_dir_module_config() auth_ldap authenticate: " |
214 |
"ap_get_basic_auth_pw() returns %d", getpid(), bad_sent_pw); |
215 |
|
216 |
/* set bindpw to client suppled password if directory configured for bindpw |
217 |
to BIND_PASSWD */ |
218 |
} else { |
219 |
if ( s->bindpw && strcmp(s->bindpw, BIND_PASSWD) ==0) { |
220 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
221 |
"[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" |
222 |
": bindpw USER SUPPLIED", |
223 |
getpid()); |
224 |
s->bindpw = (char *)sent_pw; |
225 |
doSubst++; |
226 |
} |
227 |
} |
228 |
|
229 |
if (doSubst) { |
230 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, |
231 |
"[%d] auth_ldap_get_per_dir_module_config() : SUBST", |
232 |
getpid()); |
233 |
|
234 |
ap_set_module_config(r->per_dir_config, &auth_ldap_module, s); |
235 |
} |
236 |
|
237 |
return s; |
238 |
} |
239 |
|
240 |
/* |
164 |
* Build the search filter, or at least as much of the search filter that |
241 |
* Build the search filter, or at least as much of the search filter that |
165 |
* will fit in the buffer. We don't worry about the buffer not being able |
242 |
* will fit in the buffer. We don't worry about the buffer not being able |
166 |
* to hold the entire filter. If the buffer wasn't big enough to hold the |
243 |
* to hold the entire filter. If the buffer wasn't big enough to hold the |
Lines 269-275
Link Here
|
269 |
const char **vals = NULL; |
346 |
const char **vals = NULL; |
270 |
char filtbuf[FILTER_LENGTH]; |
347 |
char filtbuf[FILTER_LENGTH]; |
271 |
mod_auth_ldap_config_t *sec = |
348 |
mod_auth_ldap_config_t *sec = |
272 |
(mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); |
349 |
(mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); |
273 |
|
350 |
|
274 |
util_ldap_connection_t *ldc = NULL; |
351 |
util_ldap_connection_t *ldc = NULL; |
275 |
const char *sent_pw; |
352 |
const char *sent_pw; |
Lines 409-416
Link Here
|
409 |
(mod_auth_ldap_request_t *)ap_get_module_config(r->request_config, |
486 |
(mod_auth_ldap_request_t *)ap_get_module_config(r->request_config, |
410 |
&auth_ldap_module); |
487 |
&auth_ldap_module); |
411 |
mod_auth_ldap_config_t *sec = |
488 |
mod_auth_ldap_config_t *sec = |
412 |
(mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, |
489 |
(mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); |
413 |
&auth_ldap_module); |
|
|
414 |
|
490 |
|
415 |
util_ldap_connection_t *ldc = NULL; |
491 |
util_ldap_connection_t *ldc = NULL; |
416 |
int m = r->method_number; |
492 |
int m = r->method_number; |