View | Details | Raw Unified | Return to bug 48340
Collapse All | Expand All

(-)httpd-2.2.14-orig/modules/aaa/mod_authnz_ldap.c (-2 / +23 lines)
Lines 75-85 Link Here
75
                                        it's the exact string passed by the HTTP client */
75
                                        it's the exact string passed by the HTTP client */
76
76
77
    int secure;                     /* True if SSL connections are requested */
77
    int secure;                     /* True if SSL connections are requested */
78
    int bind_as_user;
78
} authn_ldap_config_t;
79
} authn_ldap_config_t;
79
80
80
typedef struct {
81
typedef struct {
81
    char *dn;                       /* The saved dn from a successful search */
82
    char *dn;                       /* The saved dn from a successful search */
82
    char *user;                     /* The username provided by the client */
83
    char *user;                     /* The username provided by the client */
84
    char *pass;			    /* The password provided, needed for binding as user */
83
} authn_ldap_request_t;
85
} authn_ldap_request_t;
84
86
85
/* maximum group elements supported */
87
/* maximum group elements supported */
Lines 308-313 Link Here
308
    sec->remote_user_attribute = NULL;
310
    sec->remote_user_attribute = NULL;
309
    sec->compare_dn_on_server = 0;
311
    sec->compare_dn_on_server = 0;
310
312
313
    sec->bind_as_user = 0;
314
311
    return sec;
315
    return sec;
312
}
316
}
313
317
Lines 364-370 Link Here
364
368
365
    /* There is a good AuthLDAPURL, right? */
369
    /* There is a good AuthLDAPURL, right? */
366
    if (sec->host) {
370
    if (sec->host) {
367
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
371
       	ldc = util_ldap_connection_find(r, sec->host, sec->port,
368
                                       sec->binddn, sec->bindpw, sec->deref,
372
                                       sec->binddn, sec->bindpw, sec->deref,
369
                                       sec->secure);
373
                                       sec->secure);
370
    }
374
    }
Lines 433-438 Link Here
433
    /* mark the user and DN */
437
    /* mark the user and DN */
434
    req->dn = apr_pstrdup(r->pool, dn);
438
    req->dn = apr_pstrdup(r->pool, dn);
435
    req->user = apr_pstrdup(r->pool, user);
439
    req->user = apr_pstrdup(r->pool, user);
440
    if (sec->bind_as_user) {
441
    	req->pass = apr_pstrdup(r->pool, password);
442
    }
436
    if (sec->user_is_dn) {
443
    if (sec->user_is_dn) {
437
        r->user = req->dn;
444
        r->user = req->dn;
438
    }
445
    }
Lines 551-559 Link Here
551
558
552
559
553
    if (sec->host) {
560
    if (sec->host) {
554
        ldc = util_ldap_connection_find(r, sec->host, sec->port,
561
	if(!sec->bind_as_user) {
562
	        ldc = util_ldap_connection_find(r, sec->host, sec->port,
555
                                       sec->binddn, sec->bindpw, sec->deref,
563
                                       sec->binddn, sec->bindpw, sec->deref,
556
                                       sec->secure);
564
                                       sec->secure);
565
	} else {
566
		ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
567
			"[%" APR_PID_T_FMT "] auth_ldap authorise: binding as user %s", getpid(), req->user);
568
		ldc = util_ldap_connection_find(r, sec->host, sec->port,
569
					req->dn, req->pass, sec->deref,
570
					sec->secure);
571
		memset(req->pass, 0, strlen(req->pass));
572
	}
557
        apr_pool_cleanup_register(r->pool, ldc,
573
        apr_pool_cleanup_register(r->pool, ldc,
558
                                  authnz_ldap_cleanup_connection_close,
574
                                  authnz_ldap_cleanup_connection_close,
559
                                  apr_pool_cleanup_null);
575
                                  apr_pool_cleanup_null);
Lines 1114-1119 Link Here
1114
    AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF,
1130
    AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF,
1115
                  "Character set conversion configuration file. If omitted, character set"
1131
                  "Character set conversion configuration file. If omitted, character set"
1116
                  "conversion is disabled."),
1132
                  "conversion is disabled."),
1133
   
1134
     AP_INIT_FLAG("AuthLDAPBindAsUser", ap_set_flag_slot,
1135
		  (void *)APR_OFFSETOF(authn_ldap_config_t, bind_as_user), OR_AUTHCFG,
1136
		  "Set to 'on' to use client provided credential to bind during the "
1137
		  "search phase instead of doing an anonymous bind"),
1117
1138
1118
    {NULL}
1139
    {NULL}
1119
};
1140
};

Return to bug 48340