Lines 1642-1647
Link Here
|
1642 |
return result; |
1642 |
return result; |
1643 |
} |
1643 |
} |
1644 |
|
1644 |
|
|
|
1645 |
/* |
1646 |
* Takes care of inserting a search/bind result into the cache. |
1647 |
*/ |
1648 |
static void uldap_cache_search(util_ldap_state_t *st, util_url_node_t * curl, |
1649 |
const char *filter, const char **binddn, |
1650 |
const char *bindpw, const char **vals, |
1651 |
int numvals, int negative) { |
1652 |
util_search_node_t *search_nodep; /* Cached search node */ |
1653 |
util_search_node_t the_search_node; |
1654 |
const char* user = binddn == NULL ? "<no-match>" : *binddn; |
1655 |
|
1656 |
// TODO: only cache negative if requested. |
1657 |
|
1658 |
if (curl) { |
1659 |
LDAP_CACHE_LOCK(); |
1660 |
the_search_node.username = filter; |
1661 |
the_search_node.dn = user; |
1662 |
the_search_node.bindpw = bindpw; |
1663 |
the_search_node.lastbind = apr_time_now(); |
1664 |
the_search_node.vals = vals; |
1665 |
the_search_node.numvals = numvals; |
1666 |
the_search_node.negative = negative; |
1667 |
|
1668 |
/* Search again to make sure that another thread didn't ready insert |
1669 |
* this node into the cache before we got here. If it does exist then |
1670 |
* update the lastbind |
1671 |
*/ |
1672 |
search_nodep = util_ald_cache_fetch(curl->search_cache, |
1673 |
&the_search_node); |
1674 |
if ((search_nodep == NULL) || |
1675 |
(strcmp(user, search_nodep->dn) != 0)) { |
1676 |
|
1677 |
/* Nothing in cache, insert new entry */ |
1678 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1679 |
} |
1680 |
else if ((!search_nodep->bindpw) || |
1681 |
(strcmp(bindpw, search_nodep->bindpw) != 0) || (search_nodep->negative != negative)) { |
1682 |
|
1683 |
/* Entry in cache is invalid, remove it and insert new one */ |
1684 |
util_ald_cache_remove(curl->search_cache, search_nodep); |
1685 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1686 |
} |
1687 |
else { |
1688 |
/* Cache entry is valid, update lastbind */ |
1689 |
search_nodep->lastbind = the_search_node.lastbind; |
1690 |
} |
1691 |
LDAP_CACHE_UNLOCK(); |
1692 |
} |
1693 |
|
1694 |
} |
1695 |
|
1696 |
|
1645 |
|
1697 |
|
1646 |
static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, |
1698 |
static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, |
1647 |
const char *url, const char *basedn, |
1699 |
const char *url, const char *basedn, |
Lines 1700-1705
Link Here
|
1700 |
&& (search_nodep->bindpw[0] != '\0') |
1752 |
&& (search_nodep->bindpw[0] != '\0') |
1701 |
&& (strcmp(search_nodep->bindpw, bindpw) == 0)) |
1753 |
&& (strcmp(search_nodep->bindpw, bindpw) == 0)) |
1702 |
{ |
1754 |
{ |
|
|
1755 |
if(search_nodep->negative != 0) { |
1756 |
LDAP_CACHE_UNLOCK(); |
1757 |
ldc->reason = "Authentication skipped (negative cached)"; |
1758 |
return LDAP_NO_SUCH_OBJECT; |
1759 |
} |
1703 |
/* ...and entry is valid */ |
1760 |
/* ...and entry is valid */ |
1704 |
*binddn = apr_pstrdup(r->pool, search_nodep->dn); |
1761 |
*binddn = apr_pstrdup(r->pool, search_nodep->dn); |
1705 |
if (attrs) { |
1762 |
if (attrs) { |
Lines 1780-1785
Link Here
|
1780 |
else |
1837 |
else |
1781 |
ldc->reason = "User is not unique (search found two " |
1838 |
ldc->reason = "User is not unique (search found two " |
1782 |
"or more matches)"; |
1839 |
"or more matches)"; |
|
|
1840 |
/* |
1841 |
* potentially cache the negative result. |
1842 |
*/ |
1843 |
uldap_cache_search(st, curl, filter, NULL, bindpw, NULL, 0, 1); |
1783 |
ldap_msgfree(res); |
1844 |
ldap_msgfree(res); |
1784 |
return LDAP_NO_SUCH_OBJECT; |
1845 |
return LDAP_NO_SUCH_OBJECT; |
1785 |
} |
1846 |
} |
Lines 1829-1834
Link Here
|
1829 |
/* failure? if so - return */ |
1890 |
/* failure? if so - return */ |
1830 |
if (result != LDAP_SUCCESS) { |
1891 |
if (result != LDAP_SUCCESS) { |
1831 |
ldc->reason = "ldap_simple_bind() to check user credentials failed"; |
1892 |
ldc->reason = "ldap_simple_bind() to check user credentials failed"; |
|
|
1893 |
/* |
1894 |
* potentially cache the negative result. |
1895 |
*/ |
1896 |
uldap_cache_search(st, curl, filter, binddn, bindpw, NULL, 0, 1); |
1832 |
ldap_msgfree(res); |
1897 |
ldap_msgfree(res); |
1833 |
uldap_connection_unbind(ldc); |
1898 |
uldap_connection_unbind(ldc); |
1834 |
return result; |
1899 |
return result; |
Lines 1873-1912
Link Here
|
1873 |
/* |
1938 |
/* |
1874 |
* Add the new username to the search cache. |
1939 |
* Add the new username to the search cache. |
1875 |
*/ |
1940 |
*/ |
1876 |
if (curl) { |
1941 |
uldap_cache_search(st, curl, filter, binddn, bindpw, vals, numvals, 0); |
1877 |
LDAP_CACHE_LOCK(); |
|
|
1878 |
the_search_node.username = filter; |
1879 |
the_search_node.dn = *binddn; |
1880 |
the_search_node.bindpw = bindpw; |
1881 |
the_search_node.lastbind = apr_time_now(); |
1882 |
the_search_node.vals = vals; |
1883 |
the_search_node.numvals = numvals; |
1884 |
|
1885 |
/* Search again to make sure that another thread didn't ready insert |
1886 |
* this node into the cache before we got here. If it does exist then |
1887 |
* update the lastbind |
1888 |
*/ |
1889 |
search_nodep = util_ald_cache_fetch(curl->search_cache, |
1890 |
&the_search_node); |
1891 |
if ((search_nodep == NULL) || |
1892 |
(strcmp(*binddn, search_nodep->dn) != 0)) { |
1893 |
|
1894 |
/* Nothing in cache, insert new entry */ |
1895 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1896 |
} |
1897 |
else if ((!search_nodep->bindpw) || |
1898 |
(strcmp(bindpw, search_nodep->bindpw) != 0)) { |
1899 |
|
1900 |
/* Entry in cache is invalid, remove it and insert new one */ |
1901 |
util_ald_cache_remove(curl->search_cache, search_nodep); |
1902 |
util_ald_cache_insert(curl->search_cache, &the_search_node); |
1903 |
} |
1904 |
else { |
1905 |
/* Cache entry is valid, update lastbind */ |
1906 |
search_nodep->lastbind = the_search_node.lastbind; |
1907 |
} |
1908 |
LDAP_CACHE_UNLOCK(); |
1909 |
} |
1910 |
ldap_msgfree(res); |
1942 |
ldap_msgfree(res); |
1911 |
|
1943 |
|
1912 |
ldc->reason = "Authentication successful"; |
1944 |
ldc->reason = "Authentication successful"; |