ASF Bugzilla – Attachment 12826 Details for
Bug 31352
RFE, Bind to LDAP server with browser supplier user/pass
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch, user browser supplied user/pass for binddn/bindpw
Apache2-mod_auth_ldap-patch.txt (text/plain), 4.10 KB, created by
Simon Klyne
on 2004-09-22 00:18:52 UTC
(
hide
)
Description:
Patch, user browser supplied user/pass for binddn/bindpw
Filename:
MIME Type:
Creator:
Simon Klyne
Created:
2004-09-22 00:18:52 UTC
Size:
4.10 KB
patch
obsolete
>--- httpd-2.0.51/modules/experimental/mod_auth_ldap.c-dist 2004-05-22 01:39:41.000000000 +0200 >+++ httpd-2.0.51/modules/experimental/mod_auth_ldap.c 2004-09-21 23:40:53.728681000 +0200 >@@ -161,6 +161,83 @@ > > > /* >+ * >+ * Read per directory module config, and substitute for variables in binddn and bindpw >+ * This is just a wrapper around the call to >+ * ap_get_module_config(r->per_dir_config, &auth_ldap_module); >+ * >+ * If the binddn and bindpw set by the AuthLDAPBindDN and AuthLDAPBindPassword directives >+ * contain $USER and $PASSWORD then substitute these with the browser supplied user/pass, >+ * otherwise just return the mod_auth_ldap_config_t. >+ * >+ */ >+#define BIND_USER "$USER" >+#define BIND_PASSWD "$PASSWORD" >+static mod_auth_ldap_config_t *auth_ldap_get_per_dir_module_config(request_rec *r) >+{ >+ const char *sent_pw; >+ int bad_sent_pw = 0; >+ >+ char *bind_user; /* set to start of BIND_USER if binddn requires username subst */ >+ >+ int doSubst = 0; /* set to true if we have values to substitute */ >+ >+ mod_auth_ldap_config_t *s = >+ (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); >+ >+ /* check client sent a username and a password */ >+ if ( ! r->user ) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" >+ " : Client sent no username", >+ getpid()); >+ /* Substitute for client supplied USER in binddn if directory configured for BIND_USER >+ * eg. if "AuthLDAPBindDN uid=$USER,ou=people,l=lon,c=gb,o=dis" >+ * send binddn to "uid=<user>,ou=people,l=lon,c=gb,o=dis" >+ */ >+ } else { >+ if ((s->binddn) && ((bind_user = strstr(s->binddn, BIND_USER)) !=NULL)) { >+ char *attr; >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" >+ ": binddn %s", >+ getpid(), s->binddn); >+ attr = apr_pstrndup(r->pool, s->binddn, bind_user - s->binddn); >+ s->binddn = apr_pstrcat(r->pool, attr, r->user, bind_user + strlen(BIND_USER), NULL ); >+ doSubst++; >+ } >+ } >+ >+ if ((bad_sent_pw = ap_get_basic_auth_pw(r, &sent_pw))) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap_get_per_dir_module_config() auth_ldap authenticate: " >+ "ap_get_basic_auth_pw() returns %d", getpid(), bad_sent_pw); >+ >+ /* set bindpw to client suppled password if directory configured for bindpw >+ to BIND_PASSWD */ >+ } else { >+ if ( s->bindpw && strcmp(s->bindpw, BIND_PASSWD) ==0) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap authenticate: auth_ldap_get_per_dir_module_config()" >+ ": bindpw USER SUPPLIED", >+ getpid()); >+ s->bindpw = (char *)sent_pw; >+ doSubst++; >+ } >+ } >+ >+ if (doSubst) { >+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, >+ "[%d] auth_ldap_get_per_dir_module_config() : SUBST", >+ getpid()); >+ >+ ap_set_module_config(r->per_dir_config, &auth_ldap_module, s); >+ } >+ >+ return s; >+} >+ >+/* > * Build the search filter, or at least as much of the search filter that > * will fit in the buffer. We don't worry about the buffer not being able > * to hold the entire filter. If the buffer wasn't big enough to hold the >@@ -269,7 +346,7 @@ > const char **vals = NULL; > char filtbuf[FILTER_LENGTH]; > mod_auth_ldap_config_t *sec = >- (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module); >+ (mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); > > util_ldap_connection_t *ldc = NULL; > const char *sent_pw; >@@ -409,8 +486,7 @@ > (mod_auth_ldap_request_t *)ap_get_module_config(r->request_config, > &auth_ldap_module); > mod_auth_ldap_config_t *sec = >- (mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, >- &auth_ldap_module); >+ (mod_auth_ldap_config_t *)auth_ldap_get_per_dir_module_config(r); > > util_ldap_connection_t *ldc = NULL; > int m = r->method_number;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 31352
: 12826