Attachment #35624 for bug #61904

View | Details | Raw Unified | Return to bug 61904
Collapse All | Expand All




    return result;
}

/*
 * Takes care of inserting a search/bind result into the cache.
 */
static void uldap_cache_search(util_ldap_state_t *st, util_url_node_t * curl, 
                               const char *filter, const char **binddn, 
                               const char *bindpw, const char **vals, 
                               int numvals, int negative) {
    util_search_node_t *search_nodep;   /* Cached search node */
    util_search_node_t the_search_node;
    const char* user = binddn == NULL ? "<no-match>" : *binddn;

    // TODO: only cache negative if requested.

    if (curl) {
        LDAP_CACHE_LOCK();
        the_search_node.username = filter;
        the_search_node.dn = user;
        the_search_node.bindpw = bindpw;
        the_search_node.lastbind = apr_time_now();
        the_search_node.vals = vals;
        the_search_node.numvals = numvals;
        the_search_node.negative = negative;

        /* Search again to make sure that another thread didn't ready insert
         * this node into the cache before we got here. If it does exist then
         * update the lastbind
         */
        search_nodep = util_ald_cache_fetch(curl->search_cache,
                                            &the_search_node);
        if ((search_nodep == NULL) ||
            (strcmp(user, search_nodep->dn) != 0)) {

            /* Nothing in cache, insert new entry */
            util_ald_cache_insert(curl->search_cache, &the_search_node);
        }
        else if ((!search_nodep->bindpw) ||
            (strcmp(bindpw, search_nodep->bindpw) != 0) || (search_nodep->negative != negative)) {

            /* Entry in cache is invalid, remove it and insert new one */
            util_ald_cache_remove(curl->search_cache, search_nodep);
            util_ald_cache_insert(curl->search_cache, &the_search_node);
        }
        else {
            /* Cache entry is valid, update lastbind */
            search_nodep->lastbind = the_search_node.lastbind;
        }
        LDAP_CACHE_UNLOCK();
    }

}



static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
                                   const char *url, const char *basedn,

                     && (search_nodep->bindpw[0] != '\0')
                     && (strcmp(search_nodep->bindpw, bindpw) == 0))
            {
                if(search_nodep->negative != 0) {
                    LDAP_CACHE_UNLOCK();
                    ldc->reason = "Authentication skipped (negative cached)";
                    return LDAP_NO_SUCH_OBJECT;
                }
                /* ...and entry is valid */
                *binddn = apr_pstrdup(r->pool, search_nodep->dn);
                if (attrs) {

        else
            ldc->reason = "User is not unique (search found two "
                          "or more matches)";
        /*
         * potentially cache the negative result.
         */
        uldap_cache_search(st, curl, filter, NULL, bindpw, NULL, 0, 1);
        ldap_msgfree(res);
        return LDAP_NO_SUCH_OBJECT;
    }

    /* failure? if so - return */
    if (result != LDAP_SUCCESS) {
        ldc->reason = "ldap_simple_bind() to check user credentials failed";
        /*
         * potentially cache the negative result.
         */
        uldap_cache_search(st, curl, filter, binddn, bindpw, NULL, 0, 1);
        ldap_msgfree(res);
        uldap_connection_unbind(ldc);
        return result;

    /*
     * Add the new username to the search cache.
     */
    uldap_cache_search(st, curl, filter, binddn, bindpw, vals, numvals, 0);
        LDAP_CACHE_LOCK();
        the_search_node.username = filter;
        the_search_node.dn = *binddn;
        the_search_node.bindpw = bindpw;
        the_search_node.lastbind = apr_time_now();
        the_search_node.vals = vals;
        the_search_node.numvals = numvals;

        /* Search again to make sure that another thread didn't ready insert
         * this node into the cache before we got here. If it does exist then
         * update the lastbind
         */
        search_nodep = util_ald_cache_fetch(curl->search_cache,
                                            &the_search_node);
        if ((search_nodep == NULL) ||
            (strcmp(*binddn, search_nodep->dn) != 0)) {

            /* Nothing in cache, insert new entry */
            util_ald_cache_insert(curl->search_cache, &the_search_node);
        }
        else if ((!search_nodep->bindpw) ||
            (strcmp(bindpw, search_nodep->bindpw) != 0)) {

            /* Entry in cache is invalid, remove it and insert new one */
            util_ald_cache_remove(curl->search_cache, search_nodep);
            util_ald_cache_insert(curl->search_cache, &the_search_node);
        }
        else {
            /* Cache entry is valid, update lastbind */
            search_nodep->lastbind = the_search_node.lastbind;
        }
        LDAP_CACHE_UNLOCK();
    }
    ldap_msgfree(res);

    ldc->reason = "Authentication successful";

Lines 190-195 Link Here

(-)httpd-2.4.29.orig/modules/ldap/util_ldap_cache.c (-1 / +4 lines)
190	newnode->bindpw = NULL;	190	newnode->bindpw = NULL;
191	}	191	}
192	newnode->lastbind = node->lastbind;	192	newnode->lastbind = node->lastbind;
		193	newnode->negative = node->negative;
193		194
194	}	195	}
195	return (void *)newnode;	196	return (void *)newnode;
Lines 227-236 Link Here
227	"<td nowrap>%s</td>"	228	"<td nowrap>%s</td>"
228	"<td nowrap>%s</td>"	229	"<td nowrap>%s</td>"
229	"<td nowrap>%s</td>"	230	"<td nowrap>%s</td>"
		231	"<td nowrap>%s</td>"
230	"</tr>",	232	"</tr>",
231	node->username,	233	node->username,
232	node->dn,	234	node->dn,
233	date_str);	235	date_str,
		236	node->negative ? "Yes" : "No");
234	}	237	}
235		238
236	/* ------------------------------------------------------------------ */	239	/* ------------------------------------------------------------------ */

Lines 117-122 Link Here

(-)httpd-2.4.29.orig/modules/ldap/util_ldap_cache.h (+1 lines)
117	apr_time_t lastbind; /* Time of last successful bind */	117	apr_time_t lastbind; /* Time of last successful bind */
118	const char *vals; / Values of queried attributes */	118	const char *vals; / Values of queried attributes */
119	int numvals; /* Number of queried attributes */	119	int numvals; /* Number of queried attributes */
		120	int negative; /* negative cache */
120	} util_search_node_t;	121	} util_search_node_t;
121		122
122	/*	123	/*

Lines 769-774 Link Here

(-)httpd-2.4.29.orig/modules/ldap/util_ldap_cache_mgr.c (+1 lines)
769	"<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>LDAP Filter</b></font></td>"	769	"<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>LDAP Filter</b></font></td>"
770	"<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>User Name</b></font></td>"	770	"<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>User Name</b></font></td>"
771	"<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Last Bind</b></font></td>"	771	"<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Last Bind</b></font></td>"
		772	"<td><font size='-1' face='Arial,Helvetica' color='#ffffff'><b>Negative</b></font></td>"
772	"</tr>\n", r	773	"</tr>\n", r
773	);	774	);
774	if (n) {	775	if (n) {

Return to bug 61904

Lines 1642-1647 Link Here

(-)httpd-2.4.29.orig/modules/ldap/util_ldap.c (-34 / +66 lines)
1642	return result;	1642	return result;
1643	}	1643	}
1644		1644
		1645	/*
		1646	* Takes care of inserting a search/bind result into the cache.
		1647	*/
		1648	static void uldap_cache_search(util_ldap_state_t st, util_url_node_t curl,
		1649	const char filter, const char *binddn,
		1650	const char bindpw, const char *vals,
		1651	int numvals, int negative) {
		1652	util_search_node_t search_nodep; / Cached search node */
		1653	util_search_node_t the_search_node;
		1654	const char* user = binddn == NULL ? "<no-match>" : *binddn;
		1655
		1656	// TODO: only cache negative if requested.
		1657
		1658	if (curl) {
		1659	LDAP_CACHE_LOCK();
		1660	the_search_node.username = filter;
		1661	the_search_node.dn = user;
		1662	the_search_node.bindpw = bindpw;
		1663	the_search_node.lastbind = apr_time_now();
		1664	the_search_node.vals = vals;
		1665	the_search_node.numvals = numvals;
		1666	the_search_node.negative = negative;
		1667
		1668	/* Search again to make sure that another thread didn't ready insert
		1669	* this node into the cache before we got here. If it does exist then
		1670	* update the lastbind
		1671	*/
		1672	search_nodep = util_ald_cache_fetch(curl->search_cache,
		1673	&the_search_node);
		1674	if ((search_nodep == NULL) \|\|
		1675	(strcmp(user, search_nodep->dn) != 0)) {
		1676
		1677	/* Nothing in cache, insert new entry */
		1678	util_ald_cache_insert(curl->search_cache, &the_search_node);
		1679	}
		1680	else if ((!search_nodep->bindpw) \|\|
		1681	(strcmp(bindpw, search_nodep->bindpw) != 0) \|\| (search_nodep->negative != negative)) {
		1682
		1683	/* Entry in cache is invalid, remove it and insert new one */
		1684	util_ald_cache_remove(curl->search_cache, search_nodep);
		1685	util_ald_cache_insert(curl->search_cache, &the_search_node);
		1686	}
		1687	else {
		1688	/* Cache entry is valid, update lastbind */
		1689	search_nodep->lastbind = the_search_node.lastbind;
		1690	}
		1691	LDAP_CACHE_UNLOCK();
		1692	}
		1693
		1694	}
		1695
		1696
1645		1697
1646	static int uldap_cache_checkuserid(request_rec r, util_ldap_connection_t ldc,	1698	static int uldap_cache_checkuserid(request_rec r, util_ldap_connection_t ldc,
1647	const char url, const char basedn,	1699	const char url, const char basedn,
Lines 1700-1705 Link Here
1700	&& (search_nodep->bindpw[0] != '\0')	1752	&& (search_nodep->bindpw[0] != '\0')
1701	&& (strcmp(search_nodep->bindpw, bindpw) == 0))	1753	&& (strcmp(search_nodep->bindpw, bindpw) == 0))
1702	{	1754	{
		1755	if(search_nodep->negative != 0) {
		1756	LDAP_CACHE_UNLOCK();
		1757	ldc->reason = "Authentication skipped (negative cached)";
		1758	return LDAP_NO_SUCH_OBJECT;
		1759	}
1703	/* ...and entry is valid */	1760	/* ...and entry is valid */
1704	*binddn = apr_pstrdup(r->pool, search_nodep->dn);	1761	*binddn = apr_pstrdup(r->pool, search_nodep->dn);
1705	if (attrs) {	1762	if (attrs) {
Lines 1780-1785 Link Here
1780	else	1837	else
1781	ldc->reason = "User is not unique (search found two "	1838	ldc->reason = "User is not unique (search found two "
1782	"or more matches)";	1839	"or more matches)";
		1840	/*
		1841	* potentially cache the negative result.
		1842	*/
		1843	uldap_cache_search(st, curl, filter, NULL, bindpw, NULL, 0, 1);
1783	ldap_msgfree(res);	1844	ldap_msgfree(res);
1784	return LDAP_NO_SUCH_OBJECT;	1845	return LDAP_NO_SUCH_OBJECT;
1785	}	1846	}
Lines 1829-1834 Link Here
1829	/* failure? if so - return */	1890	/* failure? if so - return */
1830	if (result != LDAP_SUCCESS) {	1891	if (result != LDAP_SUCCESS) {
1831	ldc->reason = "ldap_simple_bind() to check user credentials failed";	1892	ldc->reason = "ldap_simple_bind() to check user credentials failed";
		1893	/*
		1894	* potentially cache the negative result.
		1895	*/
		1896	uldap_cache_search(st, curl, filter, binddn, bindpw, NULL, 0, 1);
1832	ldap_msgfree(res);	1897	ldap_msgfree(res);
1833	uldap_connection_unbind(ldc);	1898	uldap_connection_unbind(ldc);
1834	return result;	1899	return result;
Lines 1873-1912 Link Here
1873	/*	1938	/*
1874	* Add the new username to the search cache.	1939	* Add the new username to the search cache.
1875	*/	1940	*/
1876	if (curl) {	1941	uldap_cache_search(st, curl, filter, binddn, bindpw, vals, numvals, 0);
1877	LDAP_CACHE_LOCK();
1878	the_search_node.username = filter;
1879	the_search_node.dn = *binddn;
1880	the_search_node.bindpw = bindpw;
1881	the_search_node.lastbind = apr_time_now();
1882	the_search_node.vals = vals;
1883	the_search_node.numvals = numvals;
1884
1885	/* Search again to make sure that another thread didn't ready insert
1886	* this node into the cache before we got here. If it does exist then
1887	* update the lastbind
1888	*/
1889	search_nodep = util_ald_cache_fetch(curl->search_cache,
1890	&the_search_node);
1891	if ((search_nodep == NULL) \|\|
1892	(strcmp(*binddn, search_nodep->dn) != 0)) {
1893
1894	/* Nothing in cache, insert new entry */
1895	util_ald_cache_insert(curl->search_cache, &the_search_node);
1896	}
1897	else if ((!search_nodep->bindpw) \|\|
1898	(strcmp(bindpw, search_nodep->bindpw) != 0)) {
1899
1900	/* Entry in cache is invalid, remove it and insert new one */
1901	util_ald_cache_remove(curl->search_cache, search_nodep);
1902	util_ald_cache_insert(curl->search_cache, &the_search_node);
1903	}
1904	else {
1905	/* Cache entry is valid, update lastbind */
1906	search_nodep->lastbind = the_search_node.lastbind;
1907	}
1908	LDAP_CACHE_UNLOCK();
1909	}
1910	ldap_msgfree(res);	1942	ldap_msgfree(res);
1911		1943
1912	ldc->reason = "Authentication successful";	1944	ldc->reason = "Authentication successful";