[patch] Patch, user browser supplied user/pass for binddn/bindpw

Apache2-mod_auth_ldap-patch.txt (text/plain), 4.10 KB, created by Simon Klyne on 2004-09-22 00:18:52 UTC

(hide)

Description: Patch, user browser supplied user/pass for binddn/bindpw

Filename:

MIME Type:

Creator: Simon Klyne

Created: 2004-09-22 00:18:52 UTC

Size: 4.10 KB

patch

obsolete

>--- httpd-2.0.51/modules/experimental/mod_auth_ldap.c-dist 2004-05-22 01:39:41.000000000 +0200 >+++ httpd-2.0.51/modules/experimental/mod_auth_ldap.c 2004-09-21 23:40:53.728681000 +0200 >@@ -161,6 +161,83 @@ > > > /* >+ * >+ * Read per directory module config, and substitute for variables in binddn and bindpw >+ * This is just a wrapper around the call to >+ * ap_get_module_config(r->per_dir_config, &auth_ldap_module); >+ * >+ * If the binddn and bindpw set by the AuthLDAPBindDN and AuthLDAPBindPassword directives >+ * contain $USER and $PASSWORD then substitute these with the browser supplied user/pass, >+ * otherwise just return the mod_auth_ldap_config_t. >+ * >+ */ >+#define BIND_USER "$USER" >+#define BIND_PASSWD "$PASSWORD" >+static mod_auth_ldap_config_t *auth_ldap_get_per_dir_module_config(request_rec *r) >+{ >+ const char *sent_pw; >+ int bad_sent_pw = 0; >+ >+ char *bind_user; /* set to start of BIND_USER if binddn requires username subst */ >+ >+ int doSubst = 0; /* set to true if we have values to substitute */ >+ >+ mod_auth_ldap_config_t *s = >+ (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); >+ >+ /* check client sent a username and a password */ >+ if ( ! r->user ) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" >+ " : Client sent no username", >+ getpid()); >+ /* Substitute for client supplied USER in binddn if directory configured for BIND_USER >+ * eg. if "AuthLDAPBindDN uid=$USER,ou=people,l=lon,c=gb,o=dis" >+ * send binddn to "uid=<user>,ou=people,l=lon,c=gb,o=dis" >+ */ >+ } else { >+ if ((s->binddn) && ((bind_user = strstr(s->binddn, BIND_USER)) !=NULL)) { >+ char *attr; >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" >+ ": binddn %s", >+ getpid(), s->binddn); >+ attr = apr_pstrndup(r->pool, s->binddn, bind_user - s->binddn); >+ s->binddn = apr_pstrcat(r->pool, attr, r->user, bind_user + strlen(BIND_USER), NULL ); >+ doSubst++; >+ } >+ } >+ >+ if ((bad_sent_pw = ap_get_basic_auth_pw(r, &sent_pw))) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap_get_per_dir_module_config() auth_ldap authenticate: " >+ "ap_get_basic_auth_pw() returns %d", getpid(), bad_sent_pw); >+ >+ /* set bindpw to client suppled password if directory configured for bindpw >+ to BIND_PASSWD */ >+ } else { >+ if ( s->bindpw && strcmp(s->bindpw, BIND_PASSWD) ==0) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" >+ ": bindpw USER SUPPLIED", >+ getpid()); >+ s->bindpw = (char *)sent_pw; >+ doSubst++; >+ } >+ } >+ >+ if (doSubst) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap_get_per_dir_module_config() : SUBST", >+ getpid()); >+ >+ ap_set_module_config(r->per_dir_config, &auth_ldap_module, s); >+ } >+ >+ return s; >+} >+ >+/* > * Build the search filter, or at least as much of the search filter that > * will fit in the buffer. We don't worry about the buffer not being able > * to hold the entire filter. If the buffer wasn't big enough to hold the >@@ -269,7 +346,7 @@ > const char **vals = NULL; > char filtbuf[FILTER_LENGTH]; > mod_auth_ldap_config_t *sec = >- (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); >+ (mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); > > util_ldap_connection_t *ldc = NULL; > const char *sent_pw; >@@ -409,8 +486,7 @@ > (mod_auth_ldap_request_t *)ap_get_module_config(r->request_config, > &auth_ldap_module); > mod_auth_ldap_config_t *sec = >- (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, >- &auth_ldap_module); >+ (mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); > > util_ldap_connection_t *ldc = NULL; > int m = r->method_number; View Attachment As Diff View Attachment As Raw

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]