View | Details | Raw Unified | Return to bug 26538
Collapse All | Expand All

(-)httpd-2.0.63-orig/include/util_ldap.h (+8 lines)
Lines 95-103 Link Here
95
95
96
    const char *reason;                 /* Reason for an error failure */
96
    const char *reason;                 /* Reason for an error failure */
97
97
98
    int ChaseReferrals;                 /* [on|off] (on=1, off=0, default = On)*/
99
    int ReferralHopLimit;               /* # of referral hops to follow (default = 5) */
100
98
    struct util_ldap_connection_t *next;
101
    struct util_ldap_connection_t *next;
99
} util_ldap_connection_t;
102
} util_ldap_connection_t;
100
103
104
typedef struct util_ldap_config_t {
105
    int ChaseReferrals;
106
    int ReferralHopLimit;
107
} util_ldap_config_t;
108
101
/* LDAP cache state information */ 
109
/* LDAP cache state information */ 
102
typedef struct util_ldap_state_t {
110
typedef struct util_ldap_state_t {
103
    apr_pool_t *pool;           /* pool from which this state is allocated */
111
    apr_pool_t *pool;           /* pool from which this state is allocated */
(-)httpd-2.0.63-orig/modules/experimental/util_ldap.c (-2 / +111 lines)
Lines 213-218 Link Here
213
    util_ldap_connection_t *ldc = param;
213
    util_ldap_connection_t *ldc = param;
214
214
215
    if (ldc) {
215
    if (ldc) {
216
        /* Release the rebind info for this connection. No more referral rebinds required. */
217
        apr_ldap_rebind_remove(ldc->ldap);
216
218
217
        /* unbind and disconnect from the LDAP server */
219
        /* unbind and disconnect from the LDAP server */
218
        util_ldap_connection_unbind(ldc);
220
        util_ldap_connection_unbind(ldc);
Lines 247-253 Link Here
247
    int failures = 0;
249
    int failures = 0;
248
    int version  = LDAP_VERSION3;
250
    int version  = LDAP_VERSION3;
249
    int rc = LDAP_SUCCESS;
251
    int rc = LDAP_SUCCESS;
252
#ifdef LDAP_OPT_NETWORK_TIMEOUT
250
    struct timeval timeOut = {10,0};    /* 10 second connection timeout */
253
    struct timeval timeOut = {10,0};    /* 10 second connection timeout */
254
#endif
251
255
252
    util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(
256
    util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(
253
                                r->server->module_config, &ldap_module);
257
                                r->server->module_config, &ldap_module);
Lines 318-323 Link Here
318
            return(-1);
322
            return(-1);
319
        }
323
        }
320
324
325
        /* Now that we have an ldap struct, add it to the referral list for rebinds. */
326
        rc = apr_ldap_rebind_add(ldc->pool, ldc->ldap, ldc->binddn, ldc->bindpw);
327
        if (rc != APR_SUCCESS) {
328
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
329
                         "LDAP: Unable to add rebind cross reference entry. Out of memory?");
330
            util_ldap_connection_unbind(ldc);
331
            ldc->reason = "LDAP: Unable to add rebind cross reference entry.";
332
            return(rc);
333
        }
334
321
        /* Set the alias dereferencing option */
335
        /* Set the alias dereferencing option */
322
        ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
336
        ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
323
337
Lines 337-344 Link Here
337
            }
351
            }
338
        }
352
        }
339
#endif
353
#endif
340
    }
341
354
355
        /* Set options for rebind and referrals. */
356
        /*   Should we chase referrals? */
357
        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
358
                     "LDAP: Setting referrals to %s.",
359
                     (ldc->ChaseReferrals ? "On" : "Off"));
360
        result = ldap_set_option(ldc->ldap, LDAP_OPT_REFERRALS,
361
                                 (void *)(ldc->ChaseReferrals ? LDAP_OPT_ON : LDAP_OPT_OFF));
362
        if (result != LDAP_SUCCESS) {
363
            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
364
                         "Unable to set LDAP_OPT_REFERRALS option to %s: %d.",
365
                         (ldc->ChaseReferrals ? "On" : "Off"),
366
                         result);
367
            util_ldap_connection_unbind(ldc);
368
            ldc->reason = "Unable to set LDAP_OPT_REFERRALS.";
369
            return(result);
370
        }
371
372
#if APR_HAS_TIVOLI_LDAPSDK
373
        /* This is not supported by current versions of OpenLDAP, OpenLDAP defaults to 5. */
374
        if (ldc->ChaseReferrals) {
375
            /* Referral hop limit - only if referrals are enabled */
376
            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
377
                         "Setting referral hop limit to %d.",
378
                         ldc->ReferralHopLimit);
379
            result = ldap_set_option(ldc->ldap, LDAP_OPT_REFHOPLIMIT,
380
                                     (void *)&ldc->ReferralHopLimit);
381
            if (result != LDAP_SUCCESS) {
382
                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
383
                             "Unable to set LDAP_OPT_REFHOPLIMIT option to %d: %d.",
384
                             ldc->ReferralHopLimit,
385
                             result);
386
                util_ldap_connection_unbind(ldc);
387
                ldc->reason = "Unable to set LDAP_OPT_REFHOPLIMIT.";
388
                return(result);
389
            }
390
        }
391
#endif
392
    }
342
393
343
    /* loop trying to bind up to 10 times if LDAP_SERVER_DOWN error is
394
    /* loop trying to bind up to 10 times if LDAP_SERVER_DOWN error is
344
     * returned.  Break out of the loop on Success or any other error.
395
     * returned.  Break out of the loop on Success or any other error.
Lines 391-396 Link Here
391
        (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
442
        (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
392
        &ldap_module);
443
        &ldap_module);
393
444
445
    util_ldap_config_t *dc =
446
        (util_ldap_config_t *) ap_get_module_config(r->per_dir_config, &ldap_module);
394
447
395
#if APR_HAS_THREADS
448
#if APR_HAS_THREADS
396
    /* mutex lock this function */
449
    /* mutex lock this function */
Lines 476-481 Link Here
476
        l->deref = deref;
529
        l->deref = deref;
477
        util_ldap_strdup((char**)&(l->binddn), binddn);
530
        util_ldap_strdup((char**)&(l->binddn), binddn);
478
        util_ldap_strdup((char**)&(l->bindpw), bindpw);
531
        util_ldap_strdup((char**)&(l->bindpw), bindpw);
532
533
        l->ChaseReferrals = dc->ChaseReferrals;
534
        l->ReferralHopLimit = dc->ReferralHopLimit;
535
479
        l->secure = secure;
536
        l->secure = secure;
480
537
481
        /* add the cleanup to the pool */
538
        /* add the cleanup to the pool */
Lines 1379-1384 Link Here
1379
    return NULL;
1436
    return NULL;
1380
}
1437
}
1381
1438
1439
static const char *util_ldap_set_chase_referrals(cmd_parms *cmd,
1440
                                                 void *config,
1441
                                                 int mode)
1442
{
1443
    util_ldap_config_t *dc =  config;
1444
 
1445
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
1446
                      "LDAP: Setting refferal chasing %s",
1447
                      mode?"ON":"OFF");
1448
1449
    dc->ChaseReferrals = mode;
1450
1451
    return(NULL);
1452
}
1453
1454
static const char *util_ldap_set_referral_hop_limit(cmd_parms *cmd,
1455
                                                    void *config,
1456
                                                    const char *hop_limit)
1457
{
1458
    util_ldap_config_t *dc =  config;
1459
1460
    dc->ReferralHopLimit = atol(hop_limit);
1461
1462
    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
1463
                 "LDAP: Limit chased referrals to maximum of %d hops.",
1464
                 dc->ReferralHopLimit);
1465
1466
    return NULL;
1467
}
1468
1469
static void *util_ldap_create_dir_config(apr_pool_t *p, char *d) {
1470
   util_ldap_config_t *dc =
1471
       (util_ldap_config_t *) apr_pcalloc(p,sizeof(util_ldap_config_t));
1472
1473
   dc->ChaseReferrals = 1;    /* default is to turn referral chasing on. */
1474
   dc->ReferralHopLimit = 5; /* default is to chase a max of 5 hops. */
1475
1476
   return dc;
1477
}
1478
1382
void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
1479
void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
1383
{
1480
{
1384
    util_ldap_state_t *st = 
1481
    util_ldap_state_t *st = 
Lines 1403-1408 Link Here
1403
    st->ssl_support = 0;
1500
    st->ssl_support = 0;
1404
    st->connectionTimeout = 10;
1501
    st->connectionTimeout = 10;
1405
1502
1503
    /* Initialize the rebind callback's cross reference list */
1504
    apr_ldap_rebind_init (p);
1505
1406
    return st;
1506
    return st;
1407
}
1507
}
1408
1508
Lines 1737-1742 Link Here
1737
                  "Specifies the LDAP socket connection timeout in seconds. "
1837
                  "Specifies the LDAP socket connection timeout in seconds. "
1738
                  "Default is 10 seconds. "),
1838
                  "Default is 10 seconds. "),
1739
1839
1840
    AP_INIT_FLAG("LDAPReferrals", util_ldap_set_chase_referrals,
1841
                  NULL, OR_AUTHCFG,
1842
                  "Choose whether referrals are chased ['ON'|'OFF'].  Default 'ON'"),
1843
 
1844
    AP_INIT_TAKE1("LDAPReferralHopLimit", util_ldap_set_referral_hop_limit,
1845
                  NULL, OR_AUTHCFG,
1846
                  "Limit the number of referral hops that LDAP can follow. "
1847
                  "(Integer value, default=5)"),
1848
1740
    {NULL}
1849
    {NULL}
1741
};
1850
};
1742
1851
Lines 1749-1755 Link Here
1749
1858
1750
module ldap_module = {
1859
module ldap_module = {
1751
   STANDARD20_MODULE_STUFF,
1860
   STANDARD20_MODULE_STUFF,
1752
   NULL,				/* dir config creater */
1861
   util_ldap_create_dir_config,         /* create dir config */
1753
   NULL,				/* dir merger --- default is to override */
1862
   NULL,				/* dir merger --- default is to override */
1754
   util_ldap_create_config,		/* server config */
1863
   util_ldap_create_config,		/* server config */
1755
   NULL,				/* merge server config */
1864
   NULL,				/* merge server config */

Return to bug 26538