View | Details | Raw Unified | Return to bug 26538
Collapse All | Expand All

(-)modules/ldap/util_ldap.c (-3 / +11 lines)
Lines 275-280 Link Here
275
    /* Set the alias dereferencing option */
275
    /* Set the alias dereferencing option */
276
    ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
276
    ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
277
277
278
    /* Set follow referrals */
279
    ldap_set_option(ldc->ldap, LDAP_OPT_REFERRALS, ((ldc->follow_referrals == 0) ? (void *)LDAP_OPT_OFF : (void *)LDAP_OPT_ON));
280
278
/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
281
/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
279
#ifdef APR_LDAP_OPT_VERIFY_CERT
282
#ifdef APR_LDAP_OPT_VERIFY_CERT
280
    apr_ldap_set_option(ldc->pool, ldc->ldap,
283
    apr_ldap_set_option(ldc->pool, ldc->ldap,
Lines 448-454 Link Here
448
            uldap_connection_find(request_rec *r,
451
            uldap_connection_find(request_rec *r,
449
                                  const char *host, int port,
452
                                  const char *host, int port,
450
                                  const char *binddn, const char *bindpw,
453
                                  const char *binddn, const char *bindpw,
451
                                  deref_options deref, int secure)
454
                                  deref_options deref, int follow_referrals,
455
                                  int secure)
452
{
456
{
453
    struct util_ldap_connection_t *l, *p; /* To traverse the linked list */
457
    struct util_ldap_connection_t *l, *p; /* To traverse the linked list */
454
    int secureflag = secure;
458
    int secureflag = secure;
Lines 479-485 Link Here
479
                                             && !strcmp(l->binddn, binddn)))
483
                                             && !strcmp(l->binddn, binddn)))
480
            && ((!l->bindpw && !bindpw) || (l->bindpw && bindpw
484
            && ((!l->bindpw && !bindpw) || (l->bindpw && bindpw
481
                                             && !strcmp(l->bindpw, bindpw)))
485
                                             && !strcmp(l->bindpw, bindpw)))
482
            && (l->deref == deref) && (l->secure == secureflag)
486
            && (l->deref == deref) && (l->follow_referrals == follow_referrals)
487
            && (l->secure == secureflag)
483
            && !compare_client_certs(st->client_certs, l->client_certs))
488
            && !compare_client_certs(st->client_certs, l->client_certs))
484
        {
489
        {
485
            break;
490
            break;
Lines 504-510 Link Here
504
509
505
#endif
510
#endif
506
            if ((l->port == port) && (strcmp(l->host, host) == 0) &&
511
            if ((l->port == port) && (strcmp(l->host, host) == 0) &&
507
                (l->deref == deref) && (l->secure == secureflag) &&
512
                (l->deref == deref) &&
513
                (l->follow_referrals == follow_referrals) &&
514
                (l->secure == secureflag) &&
508
                !compare_client_certs(st->client_certs, l->client_certs))
515
                !compare_client_certs(st->client_certs, l->client_certs))
509
            {
516
            {
510
                /* the bind credentials have changed */
517
                /* the bind credentials have changed */
Lines 548-553 Link Here
548
        l->host = apr_pstrdup(st->pool, host);
555
        l->host = apr_pstrdup(st->pool, host);
549
        l->port = port;
556
        l->port = port;
550
        l->deref = deref;
557
        l->deref = deref;
558
        l->follow_referrals = follow_referrals;
551
        util_ldap_strdup((char**)&(l->binddn), binddn);
559
        util_ldap_strdup((char**)&(l->binddn), binddn);
552
        util_ldap_strdup((char**)&(l->bindpw), bindpw);
560
        util_ldap_strdup((char**)&(l->bindpw), bindpw);
553
561
(-)modules/aaa/mod_authnz_ldap.c (-6 / +13 lines)
Lines 61-66 Link Here
61
    char *binddn;                   /* DN to bind to server (can be NULL) */
61
    char *binddn;                   /* DN to bind to server (can be NULL) */
62
    char *bindpw;                   /* Password to bind to server (can be NULL) */
62
    char *bindpw;                   /* Password to bind to server (can be NULL) */
63
63
64
    int follow_referrals;           /* If true, referrals will be followed */
64
    int user_is_dn;                 /* If true, connection->user is DN instead of userid */
65
    int user_is_dn;                 /* If true, connection->user is DN instead of userid */
65
    char *remote_user_attribute;    /* If set, connection->user is this attribute instead of userid */
66
    char *remote_user_attribute;    /* If set, connection->user is this attribute instead of userid */
66
    int compare_dn_on_server;       /* If true, will use server to do DN compare */
67
    int compare_dn_on_server;       /* If true, will use server to do DN compare */
Lines 292-297 Link Here
292
    sec->binddn = NULL;
293
    sec->binddn = NULL;
293
    sec->bindpw = NULL;
294
    sec->bindpw = NULL;
294
    sec->deref = always;
295
    sec->deref = always;
296
    sec->follow_referrals = 1;
295
    sec->group_attrib_is_dn = 1;
297
    sec->group_attrib_is_dn = 1;
296
    sec->secure = -1;   /*Initialize to unset*/
298
    sec->secure = -1;   /*Initialize to unset*/
297
299
Lines 357-363 Link Here
357
    if (sec->host) {
359
    if (sec->host) {
358
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
360
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
359
                                       sec->binddn, sec->bindpw, sec->deref,
361
                                       sec->binddn, sec->bindpw, sec->deref,
360
                                       sec->secure);
362
                                       sec->follow_referrals, sec->secure);
361
    }
363
    }
362
    else {
364
    else {
363
        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
365
        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
Lines 495-501 Link Here
495
    if (sec->host) {
497
    if (sec->host) {
496
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
498
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
497
                                       sec->binddn, sec->bindpw, sec->deref,
499
                                       sec->binddn, sec->bindpw, sec->deref,
498
                                       sec->secure);
500
                                       sec->follow_referrals, sec->secure);
499
        apr_pool_cleanup_register(r->pool, ldc,
501
        apr_pool_cleanup_register(r->pool, ldc,
500
                                  authnz_ldap_cleanup_connection_close,
502
                                  authnz_ldap_cleanup_connection_close,
501
                                  apr_pool_cleanup_null);
503
                                  apr_pool_cleanup_null);
Lines 625-631 Link Here
625
    if (sec->host) {
627
    if (sec->host) {
626
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
628
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
627
                                       sec->binddn, sec->bindpw, sec->deref,
629
                                       sec->binddn, sec->bindpw, sec->deref,
628
                                       sec->secure);
630
                                       sec->follow_referrals, sec->secure);
629
        apr_pool_cleanup_register(r->pool, ldc,
631
        apr_pool_cleanup_register(r->pool, ldc,
630
                                  authnz_ldap_cleanup_connection_close,
632
                                  authnz_ldap_cleanup_connection_close,
631
                                  apr_pool_cleanup_null);
633
                                  apr_pool_cleanup_null);
Lines 773-779 Link Here
773
    if (sec->host) {
775
    if (sec->host) {
774
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
776
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
775
                                       sec->binddn, sec->bindpw, sec->deref,
777
                                       sec->binddn, sec->bindpw, sec->deref,
776
                                       sec->secure);
778
                                       sec->follow_referrals, sec->secure);
777
        apr_pool_cleanup_register(r->pool, ldc,
779
        apr_pool_cleanup_register(r->pool, ldc,
778
                                  authnz_ldap_cleanup_connection_close,
780
                                  authnz_ldap_cleanup_connection_close,
779
                                  apr_pool_cleanup_null);
781
                                  apr_pool_cleanup_null);
Lines 880-886 Link Here
880
    if (sec->host) {
882
    if (sec->host) {
881
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
883
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
882
                                       sec->binddn, sec->bindpw, sec->deref,
884
                                       sec->binddn, sec->bindpw, sec->deref,
883
                                       sec->secure);
885
                                       sec->follow_referrals, sec->secure);
884
        apr_pool_cleanup_register(r->pool, ldc,
886
        apr_pool_cleanup_register(r->pool, ldc,
885
                                  authnz_ldap_cleanup_connection_close,
887
                                  authnz_ldap_cleanup_connection_close,
886
                                  apr_pool_cleanup_null);
888
                                  apr_pool_cleanup_null);
Lines 992-998 Link Here
992
    if (sec->host) {
994
    if (sec->host) {
993
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
995
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
994
                                       sec->binddn, sec->bindpw, sec->deref,
996
                                       sec->binddn, sec->bindpw, sec->deref,
995
                                       sec->secure);
997
                                       sec->follow_referrals, sec->secure);
996
        apr_pool_cleanup_register(r->pool, ldc,
998
        apr_pool_cleanup_register(r->pool, ldc,
997
                                  authnz_ldap_cleanup_connection_close,
999
                                  authnz_ldap_cleanup_connection_close,
998
                                  apr_pool_cleanup_null);
1000
                                  apr_pool_cleanup_null);
Lines 1335-1340 Link Here
1335
                 "subsequent group comparisons. If set to 'off', auth_ldap uses the string"
1337
                 "subsequent group comparisons. If set to 'off', auth_ldap uses the string"
1336
                 "provided by the client directly. Defaults to 'on'."),
1338
                 "provided by the client directly. Defaults to 'on'."),
1337
1339
1340
    AP_INIT_FLAG("AuthLDAPFollowReferrals", ap_set_flag_slot,
1341
                  (void *)APR_OFFSETOF(authn_ldap_config_t, follow_referrals), OR_AUTHCFG,
1342
                  "Set to 'on' to cause auth_ldap to follow referrals. Set it to 'off'"
1343
                  "to prevent referrals from being followed.  Defaults to 'on'."),
1344
1338
    AP_INIT_TAKE1("AuthLDAPDereferenceAliases", mod_auth_ldap_set_deref, NULL, OR_AUTHCFG,
1345
    AP_INIT_TAKE1("AuthLDAPDereferenceAliases", mod_auth_ldap_set_deref, NULL, OR_AUTHCFG,
1339
                  "Determines how aliases are handled during a search. Can bo one of the"
1346
                  "Determines how aliases are handled during a search. Can bo one of the"
1340
                  "values \"never\", \"searching\", \"finding\", or \"always\". "
1347
                  "values \"never\", \"searching\", \"finding\", or \"always\". "
(-)include/util_ldap.h (-1 / +3 lines)
Lines 97-102 Link Here
97
    const char *binddn;                 /* DN to bind to server (can be NULL) */
97
    const char *binddn;                 /* DN to bind to server (can be NULL) */
98
    const char *bindpw;                 /* Password to bind to server (can be NULL) */
98
    const char *bindpw;                 /* Password to bind to server (can be NULL) */
99
99
100
    int follow_referrals;               /* If true, referrals will be followed */
100
    int secure;                         /* SSL/TLS mode of the connection */
101
    int secure;                         /* SSL/TLS mode of the connection */
101
    apr_array_header_t *client_certs;   /* Client certificates on this connection */
102
    apr_array_header_t *client_certs;   /* Client certificates on this connection */
102
103
Lines 196-201 Link Here
196
 * @param binddn The DN to bind with
197
 * @param binddn The DN to bind with
197
 * @param bindpw The password to bind with
198
 * @param bindpw The password to bind with
198
 * @param deref The dereferencing behavior
199
 * @param deref The dereferencing behavior
200
 * @param follow_referrals Referral following behavior
199
 * @param secure use SSL on the connection 
201
 * @param secure use SSL on the connection 
200
 * @tip Once a connection is found and returned, a lock will be acquired to
202
 * @tip Once a connection is found and returned, a lock will be acquired to
201
 *      lock that particular connection, so that another thread does not try and
203
 *      lock that particular connection, so that another thread does not try and
Lines 206-212 Link Here
206
 *                                                           int netscapessl, int starttls)
208
 *                                                           int netscapessl, int starttls)
207
 */
209
 */
208
APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t *,uldap_connection_find,(request_rec *r, const char *host, int port,
210
APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t *,uldap_connection_find,(request_rec *r, const char *host, int port,
209
                                                  const char *binddn, const char *bindpw, deref_options deref,
211
									const char *binddn, const char *bindpw, deref_options deref, int follow_referrals, 
210
                                                  int secure));
212
                                                  int secure));
211
213
212
/**
214
/**

Return to bug 26538