Lines 514-519
Link Here
|
514 |
int required_ldap = 0; |
514 |
int required_ldap = 0; |
515 |
|
515 |
|
516 |
char filtbuf[FILTER_LENGTH]; |
516 |
char filtbuf[FILTER_LENGTH]; |
|
|
517 |
int remote_user_attribute_set = 0; |
517 |
const char *dn = NULL; |
518 |
const char *dn = NULL; |
518 |
const char **vals = NULL; |
519 |
const char **vals = NULL; |
519 |
|
520 |
|
Lines 601-606
Link Here
|
601 |
ap_set_module_config(r->request_config, &authnz_ldap_module, req); |
602 |
ap_set_module_config(r->request_config, &authnz_ldap_module, req); |
602 |
req->dn = apr_pstrdup(r->pool, dn); |
603 |
req->dn = apr_pstrdup(r->pool, dn); |
603 |
req->user = r->user; |
604 |
req->user = r->user; |
|
|
605 |
if (sec->user_is_dn) { |
606 |
r->user = req->dn; |
607 |
} |
608 |
|
609 |
/* add environment variables */ |
610 |
if (sec->attributes && vals) { |
611 |
apr_table_t *e = r->subprocess_env; |
612 |
int i = 0; |
613 |
while (sec->attributes[i]) { |
614 |
char *str = apr_pstrcat(r->pool, AUTHZ_PREFIX, sec->attributes[i], NULL); |
615 |
int j = sizeof(AUTHZ_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ |
616 |
while (str[j]) { |
617 |
str[j] = apr_toupper(str[j]); |
618 |
j++; |
619 |
} |
620 |
apr_table_setn(e, str, vals[i]); |
621 |
|
622 |
/* handle remote_user_attribute, if set */ |
623 |
if (sec->remote_user_attribute && |
624 |
!strcmp(sec->remote_user_attribute, sec->attributes[i])) { |
625 |
r->user = (char *)apr_pstrdup(r->pool, vals[i]); |
626 |
remote_user_attribute_set = 1; |
627 |
} |
628 |
i++; |
629 |
} |
630 |
} |
631 |
|
632 |
/* sanity check */ |
633 |
if (sec->remote_user_attribute && !remote_user_attribute_set) { |
634 |
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, |
635 |
"[%" APR_PID_T_FMT "] auth_ldap authenticate: " |
636 |
"REMOTE_USER was to be set with attribute '%s', " |
637 |
"but this attribute was not requested for in the " |
638 |
"LDAP query for the user. REMOTE_USER will fall " |
639 |
"back to username or DN as appropriate.", getpid(), |
640 |
sec->remote_user_attribute); |
641 |
} |
604 |
} |
642 |
} |
605 |
|
643 |
|
606 |
/* Loop through the requirements array until there's no elements |
644 |
/* Loop through the requirements array until there's no elements |