View | Details | Raw Unified | Return to bug 41962
Collapse All | Expand All

(-)httpd-2.0.52_orig/modules/experimental/mod_auth_ldap.c (-14 / +53 lines)
Lines 70-75 Link Here
70
    char *bindpw;			/* Password to bind to server (can be NULL) */
70
    char *bindpw;			/* Password to bind to server (can be NULL) */
71
71
72
    int frontpage_hack;			/* Hack for frontpage support */
72
    int frontpage_hack;			/* Hack for frontpage support */
73
    int ad_auth_by_bind;		/* Hack for active directory support */
74
    char *ad_bind_domain;		/* Active directory bind domain */
73
    int user_is_dn;			/* If true, connection->user is DN instead of userid */
75
    int user_is_dn;			/* If true, connection->user is DN instead of userid */
74
    int compare_dn_on_server;		/* If true, will use server to do DN compare */
76
    int compare_dn_on_server;		/* If true, will use server to do DN compare */
75
77
Lines 294-313 Link Here
294
start_over:
296
start_over:
295
297
296
    /* There is a good AuthLDAPURL, right? */
298
    /* There is a good AuthLDAPURL, right? */
297
    if (sec->host) {
299
    if (!sec->ad_auth_by_bind) {
298
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
300
        if (sec->host) {
299
                                       sec->binddn, sec->bindpw, sec->deref,
301
            ldc = util_ldap_connection_find(r, sec->host, sec->port,
300
                                       sec->secure);
302
                                           sec->binddn, sec->bindpw, sec->deref,
301
    }
303
                                           sec->secure);
302
    else {
304
        }
303
        ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, 
305
        else {
304
                      "[%d] auth_ldap authenticate: no sec->host - weird...?", getpid());
306
            ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, 
305
        return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
307
                          "[%d] auth_ldap authenticate: no sec->host - weird...?", getpid());
308
            return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
309
        }
310
        ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
311
		      "[%d] auth_ldap authenticate: using URL %s", getpid(), sec->url);
306
    }
312
    }
307
313
308
    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
309
		  "[%d] auth_ldap authenticate: using URL %s", getpid(), sec->url);
310
311
    /* Get the password that the client sent */
314
    /* Get the password that the client sent */
312
    if ((result = ap_get_basic_auth_pw(r, &sent_pw))) {
315
    if ((result = ap_get_basic_auth_pw(r, &sent_pw))) {
313
        ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
316
        ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
Lines 328-335 Link Here
328
    mod_auth_ldap_build_filter(filtbuf, r, sec);
331
    mod_auth_ldap_build_filter(filtbuf, r, sec);
329
332
330
    /* do the user search */
333
    /* do the user search */
331
    result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope,
334
    if (sec->ad_auth_by_bind) {
332
                                         sec->attributes, filtbuf, sent_pw, &dn, &vals);
335
        char *bb = apr_palloc(r->pool, strlen(sec->ad_bind_domain) + strlen(r->user) + 3);
336
        strcpy(bb, r->user);
337
        strcat(bb, "@");
338
        strcat(bb, sec->ad_bind_domain);
339
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
340
                                           bb, sent_pw, sec->deref,
341
                                           sec->secure);
342
        result = util_ldap_connection_open(r, ldc);
343
        ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
344
                          "[%d] AD authbybind to bind host [%s] with AD user [%s]",
345
                          getpid(), sec->host, bb);
346
        if (result == LDAP_SERVER_DOWN) {
347
            if (failures++ <= 5) {
348
                /*goto start_over;*/
349
            }
350
        }
351
        if (result == LDAP_SUCCESS) {
352
            ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
353
                              "[%d] auth_ldap active directory authenticate: accepting %s", getpid(), r->user);
354
            return OK;
355
        }
356
        return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
357
    }
358
    else {
359
        result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope,
360
                                             sec->attributes, filtbuf, sent_pw, &dn, &vals);
361
    }
333
    util_ldap_connection_close(ldc);
362
    util_ldap_connection_close(ldc);
334
363
335
    /* sanity check - if server is down, retry it up to 5 times */
364
    /* sanity check - if server is down, retry it up to 5 times */
Lines 690-695 Link Here
690
    sec->group_attrib_is_dn = 1;
719
    sec->group_attrib_is_dn = 1;
691
720
692
    sec->frontpage_hack = 0;
721
    sec->frontpage_hack = 0;
722
    sec->ad_auth_by_bind = 0;
723
    sec->ad_bind_domain = NULL;
693
    sec->secure = 0;
724
    sec->secure = 0;
694
725
695
    sec->user_is_dn = 0;
726
    sec->user_is_dn = 0;
Lines 938-943 Link Here
938
                 (void *)APR_OFFSETOF(mod_auth_ldap_config_t, frontpage_hack), OR_AUTHCFG,
969
                 (void *)APR_OFFSETOF(mod_auth_ldap_config_t, frontpage_hack), OR_AUTHCFG,
939
                 "Set to 'on' to support Microsoft FrontPage"),
970
                 "Set to 'on' to support Microsoft FrontPage"),
940
971
972
    AP_INIT_FLAG("AuthLDAPADAuthByBind", ap_set_flag_slot,
973
                 (void *)APR_OFFSETOF(mod_auth_ldap_config_t, ad_auth_by_bind), OR_AUTHCFG,
974
                 "Set to 'on' to support Microsoft Active Directory domain bind method"),
975
976
    AP_INIT_TAKE1("AuthLDAPADBindDomain", ap_set_string_slot,
977
                 (void *)APR_OFFSETOF(mod_auth_ldap_config_t, ad_bind_domain), OR_AUTHCFG,
978
                 "Set to Microsoft Active Directory domain bind domain"),
979
941
    AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF,
980
    AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF,
942
                  "Character set conversion configuration file. If omitted, character set"
981
                  "Character set conversion configuration file. If omitted, character set"
943
                  "conversion is disabled."),
982
                  "conversion is disabled."),

Return to bug 41962