Lines 1642-1647
Link Here
|
1642 |
return result; |
1642 |
return result; |
1643 |
} |
1643 |
} |
1644 |
|
1644 |
|
|
|
1645 |
/* |
1646 |
* Takes care of inserting a search/bind result into the cache. |
1647 |
*/ |
1648 |
static void uldap_cache_search(util_ldap_state_t *st, util_url_node_t * curl, |
1649 |
const char *filter, const char **binddn, |
1650 |
const char *bindpw, const char **vals, |
1651 |
int numvals, int negative) { |
1652 |
util_search_node_t *search_nodep; /* Cached search node */ |
1653 |
util_search_node_t the_search_node; |
1654 |
|
1655 |
// TODO: only cache negative if requested. |
1656 |
|
1657 |
if (curl) { |
1658 |
LDAP_CACHE_LOCK(); |
1659 |
the_search_node.username = filter; |
1660 |
the_search_node.dn = *binddn; |
1661 |
the_search_node.bindpw = bindpw; |
1662 |
the_search_node.lastbind = apr_time_now(); |
1663 |
the_search_node.vals = vals; |
1664 |
the_search_node.numvals = numvals; |
1665 |
the_search_node.negative = negative; |
1666 |
|
1667 |
/* Search again to make sure that another thread didn't ready insert |
1668 |
* this node into the cache before we got here. If it does exist then |
1669 |
* update the lastbind |
1670 |
*/ |
1671 |
search_nodep = util_ald_cache_fetch(curl->search_cache, |
1672 |
&the_search_node); |
1673 |
if ((search_nodep == NULL) || |
1674 |
(strcmp(*binddn, search_nodep->dn) != 0)) { |
1675 |
|
1676 |
/* Nothing in cache, insert new entry */ |
1677 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1678 |
} |
1679 |
else if ((!search_nodep->bindpw) || |
1680 |
(strcmp(bindpw, search_nodep->bindpw) != 0) || (search_nodep->negative != negative)) { |
1681 |
|
1682 |
/* Entry in cache is invalid, remove it and insert new one */ |
1683 |
util_ald_cache_remove(curl->search_cache, search_nodep); |
1684 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1685 |
} |
1686 |
else { |
1687 |
/* Cache entry is valid, update lastbind */ |
1688 |
search_nodep->lastbind = the_search_node.lastbind; |
1689 |
} |
1690 |
LDAP_CACHE_UNLOCK(); |
1691 |
} |
1692 |
|
1693 |
} |
1694 |
|
1695 |
|
1645 |
|
1696 |
|
1646 |
static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, |
1697 |
static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, |
1647 |
const char *url, const char *basedn, |
1698 |
const char *url, const char *basedn, |
Lines 1700-1705
Link Here
|
1700 |
&& (search_nodep->bindpw[0] != '\0') |
1751 |
&& (search_nodep->bindpw[0] != '\0') |
1701 |
&& (strcmp(search_nodep->bindpw, bindpw) == 0)) |
1752 |
&& (strcmp(search_nodep->bindpw, bindpw) == 0)) |
1702 |
{ |
1753 |
{ |
|
|
1754 |
if(search_nodep->negative != 0) { |
1755 |
LDAP_CACHE_UNLOCK(); |
1756 |
ldc->reason = "Authentication skipped (negative cached)"; |
1757 |
return LDAP_NO_SUCH_OBJECT; |
1758 |
} |
1703 |
/* ...and entry is valid */ |
1759 |
/* ...and entry is valid */ |
1704 |
*binddn = apr_pstrdup(r->pool, search_nodep->dn); |
1760 |
*binddn = apr_pstrdup(r->pool, search_nodep->dn); |
1705 |
if (attrs) { |
1761 |
if (attrs) { |
Lines 1780-1785
Link Here
|
1780 |
else |
1836 |
else |
1781 |
ldc->reason = "User is not unique (search found two " |
1837 |
ldc->reason = "User is not unique (search found two " |
1782 |
"or more matches)"; |
1838 |
"or more matches)"; |
|
|
1839 |
/* |
1840 |
* potentially cache the negative result. |
1841 |
*/ |
1842 |
uldap_cache_search(st, curl, filter, binddn, bindpw, NULL, 0, 1); |
1783 |
ldap_msgfree(res); |
1843 |
ldap_msgfree(res); |
1784 |
return LDAP_NO_SUCH_OBJECT; |
1844 |
return LDAP_NO_SUCH_OBJECT; |
1785 |
} |
1845 |
} |
Lines 1829-1834
Link Here
|
1829 |
/* failure? if so - return */ |
1889 |
/* failure? if so - return */ |
1830 |
if (result != LDAP_SUCCESS) { |
1890 |
if (result != LDAP_SUCCESS) { |
1831 |
ldc->reason = "ldap_simple_bind() to check user credentials failed"; |
1891 |
ldc->reason = "ldap_simple_bind() to check user credentials failed"; |
|
|
1892 |
/* |
1893 |
* potentially cache the negative result. |
1894 |
*/ |
1895 |
uldap_cache_search(st, curl, filter, binddn, bindpw, NULL, 0, 1); |
1832 |
ldap_msgfree(res); |
1896 |
ldap_msgfree(res); |
1833 |
uldap_connection_unbind(ldc); |
1897 |
uldap_connection_unbind(ldc); |
1834 |
return result; |
1898 |
return result; |
Lines 1873-1912
Link Here
|
1873 |
/* |
1937 |
/* |
1874 |
* Add the new username to the search cache. |
1938 |
* Add the new username to the search cache. |
1875 |
*/ |
1939 |
*/ |
1876 |
if (curl) { |
1940 |
uldap_cache_search(st, curl, filter, binddn, bindpw, vals, numvals, 0); |
1877 |
LDAP_CACHE_LOCK(); |
|
|
1878 |
the_search_node.username = filter; |
1879 |
the_search_node.dn = *binddn; |
1880 |
the_search_node.bindpw = bindpw; |
1881 |
the_search_node.lastbind = apr_time_now(); |
1882 |
the_search_node.vals = vals; |
1883 |
the_search_node.numvals = numvals; |
1884 |
|
1885 |
/* Search again to make sure that another thread didn't ready insert |
1886 |
* this node into the cache before we got here. If it does exist then |
1887 |
* update the lastbind |
1888 |
*/ |
1889 |
search_nodep = util_ald_cache_fetch(curl->search_cache, |
1890 |
&the_search_node); |
1891 |
if ((search_nodep == NULL) || |
1892 |
(strcmp(*binddn, search_nodep->dn) != 0)) { |
1893 |
|
1894 |
/* Nothing in cache, insert new entry */ |
1895 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1896 |
} |
1897 |
else if ((!search_nodep->bindpw) || |
1898 |
(strcmp(bindpw, search_nodep->bindpw) != 0)) { |
1899 |
|
1900 |
/* Entry in cache is invalid, remove it and insert new one */ |
1901 |
util_ald_cache_remove(curl->search_cache, search_nodep); |
1902 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1903 |
} |
1904 |
else { |
1905 |
/* Cache entry is valid, update lastbind */ |
1906 |
search_nodep->lastbind = the_search_node.lastbind; |
1907 |
} |
1908 |
LDAP_CACHE_UNLOCK(); |
1909 |
} |
1910 |
ldap_msgfree(res); |
1941 |
ldap_msgfree(res); |
1911 |
|
1942 |
|
1912 |
ldc->reason = "Authentication successful"; |
1943 |
ldc->reason = "Authentication successful"; |