Lines 187-192
Link Here
|
187 |
util_ldap_connection_t *ldc = param; |
187 |
util_ldap_connection_t *ldc = param; |
188 |
|
188 |
|
189 |
if (ldc) { |
189 |
if (ldc) { |
|
|
190 |
/* Release the xref info for this connection. No more referral rebinds required. */ |
191 |
apr_ldap_xref_remove(ldc->ldap); |
190 |
|
192 |
|
191 |
/* unbind and disconnect from the LDAP server */ |
193 |
/* unbind and disconnect from the LDAP server */ |
192 |
uldap_connection_unbind(ldc); |
194 |
uldap_connection_unbind(ldc); |
Lines 208-219
Link Here
|
208 |
} |
210 |
} |
209 |
|
211 |
|
210 |
static int uldap_connection_init(request_rec *r, |
212 |
static int uldap_connection_init(request_rec *r, |
211 |
util_ldap_connection_t *ldc ) |
213 |
util_ldap_connection_t *ldc) |
212 |
{ |
214 |
{ |
213 |
int rc = 0; |
215 |
int rc = 0; |
214 |
int version = LDAP_VERSION3; |
216 |
int version = LDAP_VERSION3; |
215 |
apr_ldap_err_t *result = NULL; |
217 |
apr_ldap_err_t *result = NULL; |
|
|
218 |
#ifdef LDAP_OPT_NETWORK_TIMEOUT |
216 |
struct timeval timeOut = {10,0}; /* 10 second connection timeout */ |
219 |
struct timeval timeOut = {10,0}; /* 10 second connection timeout */ |
|
|
220 |
#endif |
217 |
util_ldap_state_t *st = |
221 |
util_ldap_state_t *st = |
218 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
222 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
219 |
&ldap_module); |
223 |
&ldap_module); |
Lines 230-236
Link Here
|
230 |
APR_LDAP_NONE, |
234 |
APR_LDAP_NONE, |
231 |
&(result)); |
235 |
&(result)); |
232 |
|
236 |
|
233 |
|
|
|
234 |
if (result != NULL && result->rc) { |
237 |
if (result != NULL && result->rc) { |
235 |
ldc->reason = result->reason; |
238 |
ldc->reason = result->reason; |
236 |
} |
239 |
} |
Lines 247-252
Link Here
|
247 |
return(result->rc); |
250 |
return(result->rc); |
248 |
} |
251 |
} |
249 |
|
252 |
|
|
|
253 |
/* Now that we have an ldap struct, add it to the referral xref list for rebinds. */ |
254 |
rc = apr_ldap_xref_add(ldc->pool, ldc->ldap, ldc->binddn, ldc->bindpw); |
255 |
if (rc != APR_SUCCESS) { |
256 |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, |
257 |
"LDAP: Unable to construct cross reference entry. Out of memory?"); |
258 |
uldap_connection_unbind(ldc); |
259 |
ldc->reason = "LDAP: Unable to construct cross reference entry."; |
260 |
return(rc); |
261 |
} |
262 |
|
250 |
/* always default to LDAP V3 */ |
263 |
/* always default to LDAP V3 */ |
251 |
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); |
264 |
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); |
252 |
|
265 |
|
Lines 275-280
Link Here
|
275 |
/* Set the alias dereferencing option */ |
288 |
/* Set the alias dereferencing option */ |
276 |
ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref)); |
289 |
ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref)); |
277 |
|
290 |
|
|
|
291 |
/* Set options for rebind and referrals. */ |
292 |
/* Should we chase referrals? */ |
293 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
294 |
"LDAP: Setting referrals to %s.", |
295 |
(ldc->ChaseReferrals ? "On" : "Off")); |
296 |
result->rc = ldap_set_option(ldc->ldap, |
297 |
LDAP_OPT_REFERRALS, |
298 |
(void *)(ldc->ChaseReferrals ? LDAP_OPT_ON : LDAP_OPT_OFF)); |
299 |
if (result->rc != LDAP_SUCCESS) { |
300 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
301 |
"Unable to set LDAP_OPT_REFERRALS option to %s: %d.", |
302 |
(ldc->ChaseReferrals ? "On" : "Off"), |
303 |
result->rc); |
304 |
result->reason = "Unable to set LDAP_OPT_REFERRALS."; |
305 |
uldap_connection_unbind(ldc); |
306 |
return(result->rc); |
307 |
} |
308 |
|
309 |
#if APR_HAS_TIVOLI_LDAPSDK |
310 |
/* This is not supported by current versions of OpenLDAP, OpenLDAP defaults to 5. */ |
311 |
if (ldc->ChaseReferrals) { |
312 |
/* Referral hop limit - only if referrals are enabled */ |
313 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
314 |
"Setting referral hop limit to %d.", |
315 |
ldc->ReferralHopLimit); |
316 |
result->rc = ldap_set_option(ldc->ldap, |
317 |
LDAP_OPT_REFHOPLIMIT, |
318 |
(void *)&ldc->ReferralHopLimit); |
319 |
if (result->rc != LDAP_SUCCESS) { |
320 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
321 |
"Unable to set LDAP_OPT_REFHOPLIMIT option to %d: %d.", |
322 |
ldc->ReferralHopLimit, |
323 |
result->rc); |
324 |
result->reason = "Unable to set LDAP_OPT_REFHOPLIMIT."; |
325 |
uldap_connection_unbind(ldc); |
326 |
return(result->rc); |
327 |
} |
328 |
} |
329 |
#endif |
330 |
|
331 |
/* set the rebind callback function for use when chasing referrals */ |
332 |
/* LDAP_set_rebind_proc returns void, so no post-call check. */ |
333 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, |
334 |
"LDAP: Setting rebind callback function."); |
335 |
apr_ldap_set_rebind_callback(ldc->ldap); |
336 |
|
278 |
/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */ |
337 |
/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */ |
279 |
#ifdef APR_LDAP_OPT_VERIFY_CERT |
338 |
#ifdef APR_LDAP_OPT_VERIFY_CERT |
280 |
apr_ldap_set_option(ldc->pool, ldc->ldap, |
339 |
apr_ldap_set_option(ldc->pool, ldc->ldap, |
Lines 456-463
Link Here
|
456 |
util_ldap_state_t *st = |
515 |
util_ldap_state_t *st = |
457 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
516 |
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, |
458 |
&ldap_module); |
517 |
&ldap_module); |
|
|
518 |
util_ldap_config_t *dc = |
519 |
(util_ldap_config_t *) ap_get_module_config(r->per_dir_config, &ldap_module); |
459 |
|
520 |
|
460 |
|
|
|
461 |
#if APR_HAS_THREADS |
521 |
#if APR_HAS_THREADS |
462 |
/* mutex lock this function */ |
522 |
/* mutex lock this function */ |
463 |
apr_thread_mutex_lock(st->mutex); |
523 |
apr_thread_mutex_lock(st->mutex); |
Lines 527-533
Link Here
|
527 |
/* artificially disable cache */ |
587 |
/* artificially disable cache */ |
528 |
/* l = NULL; */ |
588 |
/* l = NULL; */ |
529 |
|
589 |
|
530 |
/* If no connection what found after the second search, we |
590 |
/* If no connection was found after the second search, we |
531 |
* must create one. |
591 |
* must create one. |
532 |
*/ |
592 |
*/ |
533 |
if (!l) { |
593 |
if (!l) { |
Lines 550-555
Link Here
|
550 |
l->deref = deref; |
610 |
l->deref = deref; |
551 |
util_ldap_strdup((char**)&(l->binddn), binddn); |
611 |
util_ldap_strdup((char**)&(l->binddn), binddn); |
552 |
util_ldap_strdup((char**)&(l->bindpw), bindpw); |
612 |
util_ldap_strdup((char**)&(l->bindpw), bindpw); |
|
|
613 |
l->ChaseReferrals = dc->ChaseReferrals; |
614 |
l->ReferralHopLimit = dc->ReferralHopLimit; |
553 |
|
615 |
|
554 |
/* The security mode after parsing the URL will always be either |
616 |
/* The security mode after parsing the URL will always be either |
555 |
* APR_LDAP_NONE (ldap://) or APR_LDAP_SSL (ldaps://). |
617 |
* APR_LDAP_NONE (ldap://) or APR_LDAP_SSL (ldaps://). |
Lines 1748-1756
Link Here
|
1748 |
void *dummy, |
1810 |
void *dummy, |
1749 |
const char *ttl) |
1811 |
const char *ttl) |
1750 |
{ |
1812 |
{ |
|
|
1813 |
#ifdef LDAP_OPT_NETWORK_TIMEOUT |
1751 |
util_ldap_state_t *st = |
1814 |
util_ldap_state_t *st = |
1752 |
(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, |
1815 |
(util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, |
1753 |
&ldap_module); |
1816 |
&ldap_module); |
|
|
1817 |
#endif |
1754 |
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); |
1818 |
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); |
1755 |
|
1819 |
|
1756 |
if (err != NULL) { |
1820 |
if (err != NULL) { |
Lines 1772-1778
Link Here
|
1772 |
return NULL; |
1836 |
return NULL; |
1773 |
} |
1837 |
} |
1774 |
|
1838 |
|
|
|
1839 |
static const char *util_ldap_set_chase_referrals(cmd_parms *cmd, |
1840 |
void *config, |
1841 |
int mode) |
1842 |
{ |
1843 |
util_ldap_config_t *dc = config; |
1775 |
|
1844 |
|
|
|
1845 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, |
1846 |
"LDAP: Setting refferal chasing %s", |
1847 |
mode?"ON":"OFF"); |
1848 |
|
1849 |
dc->ChaseReferrals = mode; |
1850 |
|
1851 |
return(NULL); |
1852 |
} |
1853 |
|
1854 |
static const char *util_ldap_set_referral_hop_limit(cmd_parms *cmd, |
1855 |
void *config, |
1856 |
const char *hop_limit) |
1857 |
{ |
1858 |
util_ldap_config_t *dc = config; |
1859 |
|
1860 |
dc->ReferralHopLimit = atol(hop_limit); |
1861 |
|
1862 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, |
1863 |
"LDAP: Limit chased referrals to maximum of %d hops.", |
1864 |
dc->ReferralHopLimit); |
1865 |
|
1866 |
return NULL; |
1867 |
} |
1868 |
|
1869 |
static void *util_ldap_create_dir_config(apr_pool_t *p, char *d) { |
1870 |
util_ldap_config_t *dc = |
1871 |
(util_ldap_config_t *) apr_pcalloc(p,sizeof(util_ldap_config_t)); |
1872 |
|
1873 |
dc->ChaseReferrals = 1; /* default is to turn referral chasing on. */ |
1874 |
dc->ReferralHopLimit = 5; /* default is to chase a max of 5 hops. */ |
1875 |
|
1876 |
return dc; |
1877 |
} |
1878 |
|
1879 |
|
1776 |
static void *util_ldap_create_config(apr_pool_t *p, server_rec *s) |
1880 |
static void *util_ldap_create_config(apr_pool_t *p, server_rec *s) |
1777 |
{ |
1881 |
{ |
1778 |
util_ldap_state_t *st = |
1882 |
util_ldap_state_t *st = |
Lines 1801-1806
Link Here
|
1801 |
st->connectionTimeout = 10; |
1905 |
st->connectionTimeout = 10; |
1802 |
st->verify_svr_cert = 1; |
1906 |
st->verify_svr_cert = 1; |
1803 |
|
1907 |
|
|
|
1908 |
#if APR_HAS_THREADS |
1909 |
apr_ldap_init_xref_lock (p); |
1910 |
#endif |
1911 |
|
1804 |
return st; |
1912 |
return st; |
1805 |
} |
1913 |
} |
1806 |
|
1914 |
|
Lines 2096-2102
Link Here
|
2096 |
NULL, RSRC_CONF, |
2204 |
NULL, RSRC_CONF, |
2097 |
"Specify the LDAP socket connection timeout in seconds " |
2205 |
"Specify the LDAP socket connection timeout in seconds " |
2098 |
"(default: 10)"), |
2206 |
"(default: 10)"), |
|
|
2207 |
AP_INIT_FLAG("LDAPReferrals", util_ldap_set_chase_referrals, |
2208 |
NULL, OR_AUTHCFG, |
2209 |
"Choose whether referrals are chased ['ON'|'OFF']. Default 'ON'"), |
2099 |
|
2210 |
|
|
|
2211 |
AP_INIT_TAKE1("LDAPReferralHopLimit", util_ldap_set_referral_hop_limit, |
2212 |
NULL, OR_AUTHCFG, |
2213 |
"Limit the number of referral hops that LDAP can follow. " |
2214 |
"(Integer value, default=5)"), |
2215 |
|
2100 |
{NULL} |
2216 |
{NULL} |
2101 |
}; |
2217 |
}; |
2102 |
|
2218 |
|
Lines 2120-2126
Link Here
|
2120 |
|
2236 |
|
2121 |
module AP_MODULE_DECLARE_DATA ldap_module = { |
2237 |
module AP_MODULE_DECLARE_DATA ldap_module = { |
2122 |
STANDARD20_MODULE_STUFF, |
2238 |
STANDARD20_MODULE_STUFF, |
2123 |
NULL, /* create dir config */ |
2239 |
util_ldap_create_dir_config, /* create dir config */ |
2124 |
NULL, /* merge dir config */ |
2240 |
NULL, /* merge dir config */ |
2125 |
util_ldap_create_config, /* create server config */ |
2241 |
util_ldap_create_config, /* create server config */ |
2126 |
util_ldap_merge_config, /* merge server config */ |
2242 |
util_ldap_merge_config, /* merge server config */ |