Attachment #21247 for bug #42561

View | Details | Raw Unified | Return to bug 42561
Collapse All | Expand All




    int required_ldap = 0;

    char filtbuf[FILTER_LENGTH];
    int remote_user_attribute_set = 0;
    const char *dn = NULL;
    const char **vals = NULL;


        ap_set_module_config(r->request_config, &authnz_ldap_module, req);
        req->dn = apr_pstrdup(r->pool, dn);
        req->user = r->user;
        if (sec->user_is_dn) {
            r->user = req->dn;
        }
    
        /* add environment variables */
        if (sec->attributes && vals) {
            apr_table_t *e = r->subprocess_env;
            int i = 0;
            while (sec->attributes[i]) {
                char *str = apr_pstrcat(r->pool, AUTHZ_PREFIX, sec->attributes[i], NULL);
                int j = sizeof(AUTHZ_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
                while (str[j]) {
                    str[j] = apr_toupper(str[j]);
                    j++;
                }
                apr_table_setn(e, str, vals[i]);
    
                /* handle remote_user_attribute, if set */
                if (sec->remote_user_attribute && 
                    !strcmp(sec->remote_user_attribute, sec->attributes[i])) {
                    r->user = (char *)apr_pstrdup(r->pool, vals[i]);
                    remote_user_attribute_set = 1;
                }
                i++;
            }
        }

        /* sanity check */
        if (sec->remote_user_attribute && !remote_user_attribute_set) {
            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
                      "[%" APR_PID_T_FMT "] auth_ldap authenticate: "
                      "REMOTE_USER was to be set with attribute '%s', "
                      "but this attribute was not requested for in the "
                      "LDAP query for the user. REMOTE_USER will fall "
                      "back to username or DN as appropriate.", getpid(),
                      sec->remote_user_attribute);
        }
    }

    /* Loop through the requirements array until there's no elements

Lines 41-46 Link Here

(-)mod_auth.h (+1 lines)
41	#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"	41	#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
42		42
43	#define AUTHN_PREFIX "AUTHENTICATE_"	43	#define AUTHN_PREFIX "AUTHENTICATE_"
		44	#define AUTHZ_PREFIX "AUTHORIZE_"
44		45
45	typedef enum {	46	typedef enum {
46	AUTH_DENIED,	47	AUTH_DENIED,

Return to bug 42561

Lines 514-519 Link Here

(-)mod_authnz_ldap.c (+38 lines)
514	int required_ldap = 0;	514	int required_ldap = 0;
515		515
516	char filtbuf[FILTER_LENGTH];	516	char filtbuf[FILTER_LENGTH];
		517	int remote_user_attribute_set = 0;
517	const char *dn = NULL;	518	const char *dn = NULL;
518	const char **vals = NULL;	519	const char **vals = NULL;
519		520
Lines 601-606 Link Here
601	ap_set_module_config(r->request_config, &authnz_ldap_module, req);	602	ap_set_module_config(r->request_config, &authnz_ldap_module, req);
602	req->dn = apr_pstrdup(r->pool, dn);	603	req->dn = apr_pstrdup(r->pool, dn);
603	req->user = r->user;	604	req->user = r->user;
		605	if (sec->user_is_dn) {
		606	r->user = req->dn;
		607	}
		608
		609	/* add environment variables */
		610	if (sec->attributes && vals) {
		611	apr_table_t *e = r->subprocess_env;
		612	int i = 0;
		613	while (sec->attributes[i]) {
		614	char *str = apr_pstrcat(r->pool, AUTHZ_PREFIX, sec->attributes[i], NULL);
		615	int j = sizeof(AUTHZ_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
		616	while (str[j]) {
		617	str[j] = apr_toupper(str[j]);
		618	j++;
		619	}
		620	apr_table_setn(e, str, vals[i]);
		621
		622	/* handle remote_user_attribute, if set */
		623	if (sec->remote_user_attribute &&
		624	!strcmp(sec->remote_user_attribute, sec->attributes[i])) {
		625	r->user = (char *)apr_pstrdup(r->pool, vals[i]);
		626	remote_user_attribute_set = 1;
		627	}
		628	i++;
		629	}
		630	}
		631
		632	/* sanity check */
		633	if (sec->remote_user_attribute && !remote_user_attribute_set) {
		634	ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
		635	"[%" APR_PID_T_FMT "] auth_ldap authenticate: "
		636	"REMOTE_USER was to be set with attribute '%s', "
		637	"but this attribute was not requested for in the "
		638	"LDAP query for the user. REMOTE_USER will fall "
		639	"back to username or DN as appropriate.", getpid(),
		640	sec->remote_user_attribute);
		641	}
604	}	642	}
605		643
606	/* Loop through the requirements array until there's no elements	644	/* Loop through the requirements array until there's no elements