|
Lines 187-192
Link Here
|
| 187 |
util_ldap_connection_t *ldc = param; |
187 |
util_ldap_connection_t *ldc = param; |
| 188 |
|
188 |
|
| 189 |
if (ldc) { |
189 |
if (ldc) { |
|
|
190 |
/* Release the xref info for this connection. No more referral rebinds required. */ |
| 191 |
apr_ldap_xref_remove(ldc->ldap); |
| 190 |
|
192 |
|
| 191 |
/* unbind and disconnect from the LDAP server */ |
193 |
/* unbind and disconnect from the LDAP server */ |
| 192 |
uldap_connection_unbind(ldc); |
194 |
uldap_connection_unbind(ldc); |
|
Lines 208-219
Link Here
|
| 208 |
} |
210 |
} |
| 209 |
|
211 |
|
| 210 |
static int uldap_connection_init(request_rec *r, |
212 |
static int uldap_connection_init(request_rec *r, |
| 211 |
util_ldap_connection_t *ldc ) |
213 |
util_ldap_connection_t *ldc) |
| 212 |
{ |
214 |
{ |
| 213 |
int rc = 0; |
215 |
int rc = 0; |
| 214 |
int version = LDAP_VERSION3; |
216 |
int version = LDAP_VERSION3; |
| 215 |
apr_ldap_err_t *result = NULL; |
217 |
apr_ldap_err_t *result = NULL; |
|
|
218 |
#ifdef LDAP_OPT_NETWORK_TIMEOUT |
| 216 |
struct timeval timeOut = {10,0}; /* 10 second connection timeout */ |
219 |
struct timeval timeOut = {10,0}; /* 10 second connection timeout */ |
|
|
220 |
#endif |
| 217 |
util_ldap_state_t *st = |
221 |
util_ldap_state_t *st = |
| 218 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
222 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
| 219 |
&ldap_module); |
223 |
&ldap_module); |
|
Lines 230-236
Link Here
|
| 230 |
APR_LDAP_NONE, |
234 |
APR_LDAP_NONE, |
| 231 |
&(result)); |
235 |
&(result)); |
| 232 |
|
236 |
|
| 233 |
|
|
|
| 234 |
if (result != NULL && result->rc) { |
237 |
if (result != NULL && result->rc) { |
| 235 |
ldc->reason = result->reason; |
238 |
ldc->reason = result->reason; |
| 236 |
} |
239 |
} |
|
Lines 247-252
Link Here
|
| 247 |
return(result->rc); |
250 |
return(result->rc); |
| 248 |
} |
251 |
} |
| 249 |
|
252 |
|
|
|
253 |
/* Now that we have an ldap struct, add it to the referral xref list for rebinds. */ |
| 254 |
rc = apr_ldap_xref_add(ldc->pool, ldc->ldap, ldc->binddn, ldc->bindpw); |
| 255 |
if (rc != APR_SUCCESS) { |
| 256 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, |
| 257 |
"LDAP: Unable to construct cross reference entry. Out of memory?"); |
| 258 |
uldap_connection_unbind(ldc); |
| 259 |
ldc->reason = "LDAP: Unable to construct cross reference entry."; |
| 260 |
return(rc); |
| 261 |
} |
| 262 |
|
| 250 |
/* always default to LDAP V3 */ |
263 |
/* always default to LDAP V3 */ |
| 251 |
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); |
264 |
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); |
| 252 |
|
265 |
|
|
Lines 275-280
Link Here
|
| 275 |
/* Set the alias dereferencing option */ |
288 |
/* Set the alias dereferencing option */ |
| 276 |
ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref)); |
289 |
ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref)); |
| 277 |
|
290 |
|
|
|
291 |
/* Set options for rebind and referrals. */ |
| 292 |
/* Should we chase referrals? */ |
| 293 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 294 |
"LDAP: Setting referrals to %s.", |
| 295 |
(ldc->ChaseReferrals ? "On" : "Off")); |
| 296 |
result->rc = ldap_set_option(ldc->ldap, |
| 297 |
LDAP_OPT_REFERRALS, |
| 298 |
(void *)(ldc->ChaseReferrals ? LDAP_OPT_ON : LDAP_OPT_OFF)); |
| 299 |
if (result->rc != LDAP_SUCCESS) { |
| 300 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 301 |
"Unable to set LDAP_OPT_REFERRALS option to %s: %d.", |
| 302 |
(ldc->ChaseReferrals ? "On" : "Off"), |
| 303 |
result->rc); |
| 304 |
result->reason = "Unable to set LDAP_OPT_REFERRALS."; |
| 305 |
uldap_connection_unbind(ldc); |
| 306 |
return(result->rc); |
| 307 |
} |
| 308 |
|
| 309 |
#if APR_HAS_TIVOLI_LDAPSDK |
| 310 |
/* This is not supported by current versions of OpenLDAP, OpenLDAP defaults to 5. */ |
| 311 |
if (ldc->ChaseReferrals) { |
| 312 |
/* Referral hop limit - only if referrals are enabled */ |
| 313 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 314 |
"Setting referral hop limit to %d.", |
| 315 |
ldc->ReferralHopLimit); |
| 316 |
result->rc = ldap_set_option(ldc->ldap, |
| 317 |
LDAP_OPT_REFHOPLIMIT, |
| 318 |
(void *)&ldc->ReferralHopLimit); |
| 319 |
if (result->rc != LDAP_SUCCESS) { |
| 320 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 321 |
"Unable to set LDAP_OPT_REFHOPLIMIT option to %d: %d.", |
| 322 |
ldc->ReferralHopLimit, |
| 323 |
result->rc); |
| 324 |
result->reason = "Unable to set LDAP_OPT_REFHOPLIMIT."; |
| 325 |
uldap_connection_unbind(ldc); |
| 326 |
return(result->rc); |
| 327 |
} |
| 328 |
} |
| 329 |
#endif |
| 330 |
|
| 331 |
/* set the rebind callback function for use when chasing referrals */ |
| 332 |
/* LDAP_set_rebind_proc returns void, so no post-call check. */ |
| 333 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
| 334 |
"LDAP: Setting rebind callback function."); |
| 335 |
apr_ldap_set_rebind_callback(ldc->ldap); |
| 336 |
|
| 278 |
/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */ |
337 |
/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */ |
| 279 |
#ifdef APR_LDAP_OPT_VERIFY_CERT |
338 |
#ifdef APR_LDAP_OPT_VERIFY_CERT |
| 280 |
apr_ldap_set_option(ldc->pool, ldc->ldap, |
339 |
apr_ldap_set_option(ldc->pool, ldc->ldap, |
|
Lines 456-463
Link Here
|
| 456 |
util_ldap_state_t *st = |
515 |
util_ldap_state_t *st = |
| 457 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
516 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
| 458 |
&ldap_module); |
517 |
&ldap_module); |
|
|
518 |
util_ldap_config_t *dc = |
| 519 |
(util_ldap_config_t *) ap_get_module_config(r->per_dir_config, &ldap_module); |
| 459 |
|
520 |
|
| 460 |
|
|
|
| 461 |
#if APR_HAS_THREADS |
521 |
#if APR_HAS_THREADS |
| 462 |
/* mutex lock this function */ |
522 |
/* mutex lock this function */ |
| 463 |
apr_thread_mutex_lock(st->mutex); |
523 |
apr_thread_mutex_lock(st->mutex); |
|
Lines 527-533
Link Here
|
| 527 |
/* artificially disable cache */ |
587 |
/* artificially disable cache */ |
| 528 |
/* l = NULL; */ |
588 |
/* l = NULL; */ |
| 529 |
|
589 |
|
| 530 |
/* If no connection what found after the second search, we |
590 |
/* If no connection was found after the second search, we |
| 531 |
* must create one. |
591 |
* must create one. |
| 532 |
*/ |
592 |
*/ |
| 533 |
if (!l) { |
593 |
if (!l) { |
|
Lines 550-555
Link Here
|
| 550 |
l->deref = deref; |
610 |
l->deref = deref; |
| 551 |
util_ldap_strdup((char**)&(l->binddn), binddn); |
611 |
util_ldap_strdup((char**)&(l->binddn), binddn); |
| 552 |
util_ldap_strdup((char**)&(l->bindpw), bindpw); |
612 |
util_ldap_strdup((char**)&(l->bindpw), bindpw); |
|
|
613 |
l->ChaseReferrals = dc->ChaseReferrals; |
| 614 |
l->ReferralHopLimit = dc->ReferralHopLimit; |
| 553 |
|
615 |
|
| 554 |
/* The security mode after parsing the URL will always be either |
616 |
/* The security mode after parsing the URL will always be either |
| 555 |
* APR_LDAP_NONE (ldap://) or APR_LDAP_SSL (ldaps://). |
617 |
* APR_LDAP_NONE (ldap://) or APR_LDAP_SSL (ldaps://). |
|
Lines 1748-1756
Link Here
|
| 1748 |
void *dummy, |
1810 |
void *dummy, |
| 1749 |
const char *ttl) |
1811 |
const char *ttl) |
| 1750 |
{ |
1812 |
{ |
|
|
1813 |
#ifdef LDAP_OPT_NETWORK_TIMEOUT |
| 1751 |
util_ldap_state_t *st = |
1814 |
util_ldap_state_t *st = |
| 1752 |
(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, |
1815 |
(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, |
| 1753 |
&ldap_module); |
1816 |
&ldap_module); |
|
|
1817 |
#endif |
| 1754 |
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); |
1818 |
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); |
| 1755 |
|
1819 |
|
| 1756 |
if (err != NULL) { |
1820 |
if (err != NULL) { |
|
Lines 1772-1778
Link Here
|
| 1772 |
return NULL; |
1836 |
return NULL; |
| 1773 |
} |
1837 |
} |
| 1774 |
|
1838 |
|
|
|
1839 |
static const char *util_ldap_set_chase_referrals(cmd_parms *cmd, |
| 1840 |
void *config, |
| 1841 |
int mode) |
| 1842 |
{ |
| 1843 |
util_ldap_config_t *dc = config; |
| 1775 |
|
1844 |
|
|
|
1845 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, |
| 1846 |
"LDAP: Setting refferal chasing %s", |
| 1847 |
mode?"ON":"OFF"); |
| 1848 |
|
| 1849 |
dc->ChaseReferrals = mode; |
| 1850 |
|
| 1851 |
return(NULL); |
| 1852 |
} |
| 1853 |
|
| 1854 |
static const char *util_ldap_set_referral_hop_limit(cmd_parms *cmd, |
| 1855 |
void *config, |
| 1856 |
const char *hop_limit) |
| 1857 |
{ |
| 1858 |
util_ldap_config_t *dc = config; |
| 1859 |
|
| 1860 |
dc->ReferralHopLimit = atol(hop_limit); |
| 1861 |
|
| 1862 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, |
| 1863 |
"LDAP: Limit chased referrals to maximum of %d hops.", |
| 1864 |
dc->ReferralHopLimit); |
| 1865 |
|
| 1866 |
return NULL; |
| 1867 |
} |
| 1868 |
|
| 1869 |
static void *util_ldap_create_dir_config(apr_pool_t *p, char *d) { |
| 1870 |
util_ldap_config_t *dc = |
| 1871 |
(util_ldap_config_t *) apr_pcalloc(p,sizeof(util_ldap_config_t)); |
| 1872 |
|
| 1873 |
dc->ChaseReferrals = 1; /* default is to turn referral chasing on. */ |
| 1874 |
dc->ReferralHopLimit = 5; /* default is to chase a max of 5 hops. */ |
| 1875 |
|
| 1876 |
return dc; |
| 1877 |
} |
| 1878 |
|
| 1879 |
|
| 1776 |
static void *util_ldap_create_config(apr_pool_t *p, server_rec *s) |
1880 |
static void *util_ldap_create_config(apr_pool_t *p, server_rec *s) |
| 1777 |
{ |
1881 |
{ |
| 1778 |
util_ldap_state_t *st = |
1882 |
util_ldap_state_t *st = |
|
Lines 1801-1806
Link Here
|
| 1801 |
st->connectionTimeout = 10; |
1905 |
st->connectionTimeout = 10; |
| 1802 |
st->verify_svr_cert = 1; |
1906 |
st->verify_svr_cert = 1; |
| 1803 |
|
1907 |
|
|
|
1908 |
#if APR_HAS_THREADS |
| 1909 |
apr_ldap_init_xref_lock (p); |
| 1910 |
#endif |
| 1911 |
|
| 1804 |
return st; |
1912 |
return st; |
| 1805 |
} |
1913 |
} |
| 1806 |
|
1914 |
|
|
Lines 2096-2102
Link Here
|
| 2096 |
NULL, RSRC_CONF, |
2204 |
NULL, RSRC_CONF, |
| 2097 |
"Specify the LDAP socket connection timeout in seconds " |
2205 |
"Specify the LDAP socket connection timeout in seconds " |
| 2098 |
"(default: 10)"), |
2206 |
"(default: 10)"), |
|
|
2207 |
AP_INIT_FLAG("LDAPReferrals", util_ldap_set_chase_referrals, |
| 2208 |
NULL, OR_AUTHCFG, |
| 2209 |
"Choose whether referrals are chased ['ON'|'OFF']. Default 'ON'"), |
| 2099 |
|
2210 |
|
|
|
2211 |
AP_INIT_TAKE1("LDAPReferralHopLimit", util_ldap_set_referral_hop_limit, |
| 2212 |
NULL, OR_AUTHCFG, |
| 2213 |
"Limit the number of referral hops that LDAP can follow. " |
| 2214 |
"(Integer value, default=5)"), |
| 2215 |
|
| 2100 |
{NULL} |
2216 |
{NULL} |
| 2101 |
}; |
2217 |
}; |
| 2102 |
|
2218 |
|
|
Lines 2120-2126
Link Here
|
| 2120 |
|
2236 |
|
| 2121 |
module AP_MODULE_DECLARE_DATA ldap_module = { |
2237 |
module AP_MODULE_DECLARE_DATA ldap_module = { |
| 2122 |
STANDARD20_MODULE_STUFF, |
2238 |
STANDARD20_MODULE_STUFF, |
| 2123 |
NULL, /* create dir config */ |
2239 |
util_ldap_create_dir_config, /* create dir config */ |
| 2124 |
NULL, /* merge dir config */ |
2240 |
NULL, /* merge dir config */ |
| 2125 |
util_ldap_create_config, /* create server config */ |
2241 |
util_ldap_create_config, /* create server config */ |
| 2126 |
util_ldap_merge_config, /* merge server config */ |
2242 |
util_ldap_merge_config, /* merge server config */ |