steffen: server/apache Makefile, 1.11, 1.12 kolab.patch, NONE, 1.1 mod_auth_ldap.patch, NONE, 1.1

cvs at intevation.de cvs at intevation.de
Wed Oct 13 03:55:31 CEST 2004 

Author: steffen

Update of /kolabrepository/server/apache
In directory doto:/tmp/cvs-serv7828/apache

Added Files:
	Makefile kolab.patch mod_auth_ldap.patch 
Log Message:
fix for issue306 (apache mod_auth_ldap uid/mail problem)


--- NEW FILE: kolab.patch ---
--- apache.spec.orig	2004-10-13 03:38:50.000000000 +0200
+++ apache.spec	2004-10-13 03:39:33.000000000 +0200
@@ -66,7 +66,7 @@ Class:        BASE
 Group:        Web
 License:      ASF
 Version:      %{V_apache}
-Release:      2.1.4
+Release:      2.1.4_kolab
 
 #   package options (suexec related)
 %option       with_suexec               yes
@@ -213,6 +213,7 @@ Patch1:       apache.patch.modowa
 Patch2:       http://www.hardened-php.net/hardened-php-%{V_mod_php}-%{V_mod_php_hardened}.patch.gz
 Patch3:       apache.patch.modssl
 Patch4:       apache.patch.php
+Patch5:       mod_auth_ldap.patch
 
 #   build information
 Prefix:       %{l_prefix}
@@ -553,6 +554,7 @@ AutoReqProv:  no
 %endif
 %if "%{with_mod_auth_ldap}" == "yes"
     %setup -q -T -D -a 14
+    %patch -p0 -P 5
 %endif
 %if "%{with_mod_auth_radius}" == "yes"
     %setup -q -T -D -a 15

--- NEW FILE: mod_auth_ldap.patch ---
diff -upr mod_auth_ldap.orig/mod_auth_ldap.c mod_auth_ldap/mod_auth_ldap.c
--- mod_auth_ldap.orig/mod_auth_ldap.c	2003-06-08 07:10:33.000000000 +0200
+++ mod_auth_ldap/mod_auth_ldap.c	2004-10-13 03:17:52.000000000 +0200
@@ -150,7 +150,8 @@ typedef struct _ldap_auth_config_rec
     char
         *ldap_server,
         *base_dn,
-        *uid_attr;
+        *uid_attr,
+        *uid_filter;
 
     char
         *user_dn;
@@ -187,6 +188,7 @@ static void *create_ldap_auth_dir_config
     cr->bind_dn=NULL;
     cr->bind_pass=NULL;
     cr->uid_attr=ap_pstrdup(p,"uid");
+    cr->uid_filter=ap_pstrdup(p,"(uid=%u)");
     cr->ldap_port=LDAP_PORT;
     cr->auth_ldapauthoritative=1; /* fortress is secure by default */
 
@@ -239,6 +241,13 @@ static const char *set_uid_attr(cmd_parm
     return (NULL);
 }
 
+static const char *set_uid_filter(cmd_parms *cmd,ldap_auth_config_rec *cr,
+                                char *arg)
+{
+    cr->uid_filter=ap_pstrdup(cmd->pool,arg);
+    return (NULL);
+}
+
 static const char *set_ldapauthoritative(cmd_parms *cmd,ldap_auth_config_rec 
                                 *cr,char *arg)
 {
@@ -292,6 +301,7 @@ static const command_rec ldap_auth_cmds[
     {"LDAP_Port",  set_ldap_port,  NULL,OR_AUTHCFG,TAKE1,"LDAP port"},
     {"Base_DN",    set_base_dn,    NULL,OR_AUTHCFG,TAKE1,"Base DN"},
     {"UID_Attr",   set_uid_attr,   NULL,OR_AUTHCFG,TAKE1,"uid"},
+    {"UID_Filter", set_uid_filter, NULL,OR_AUTHCFG,TAKE1,"Search Filter"},
     {"Bind_DN",    set_bind_dn,    NULL,OR_AUTHCFG,TAKE1,"Bind DN"},
     {"Bind_Pass",  set_bind_pass,  NULL,OR_AUTHCFG,TAKE1,"Bind Password"},
     {"AuthLDAPAuthoritative",set_ldapauthoritative,NULL,OR_AUTHCFG,TAKE1,
@@ -300,13 +310,52 @@ static const command_rec ldap_auth_cmds[
 };
 
 /*
+**  buildLdapFilter()
+**    return 0 on error, nonzero on success
+**
+**  Parameters:
+**  char    *szfilter   A pointer to a buffer for storing the filter
+**  size_t  *len        The size of szfilter
+**  char    *uid_filter LDAP filter to use with userid, e.g. "(|(uid=%u)(mail=%u))"
+**  char    *userid     the userid to replace %u with
+*/
+static int buildLdapFilter( char* szfilter, size_t len,
+			      char* uid_filter, char* userid )
+{
+  char* p1;
+  char* p2;
+  size_t s = 0;
+
+  szfilter[0] = 0;
+  p1 = uid_filter;
+  while( (p2=strstr(p1,"%u")) ) {
+	size_t d = p2-p1;
+	s += d;
+	s += strlen(userid);
+	if( s > len-1 ) {
+	  /* about to overflow, just be safe and abort */
+	  return 0;
+	}
+	strncat( szfilter, p1, d );
+	strcat( szfilter, userid );
+	p1 = p2+2;
+  }
+  if( s+strlen(p1) > len-1 ) {
+	  /* about to overflow, just be safe and abort */
+	  return 0;
+  }
+  strcat( szfilter, p1 );
+  return 1;
+}
+
+/*
 **  ldapFindUserDN()
 **    return the DN of the user 
 **
 **  Parameters:
 **  LDAP    *ld         valid handle to LDAP
 **  char    *base_dn    LDAP base Distinguised Name
-**  char    *uid_attrib LDAP uid attribute, e.g. "uid"
+**  char    *uid_filter LDAP filter to use with userid, e.g. "(|(uid=%u)(mail=%u))"
 **  char    *userid     the userid to check
 **  request_rect *r     needed for writing log in Win2K
 **  char    *bind_dn    Bind_DN, can be NULL
@@ -327,7 +376,7 @@ static const command_rec ldap_auth_cmds[
 **                                          mhttpd
 **      muquit at muquit.com    Mar-15-2001    bind with bind and pass if provided.
 */
-static char *ldapFindUserDN(LDAP *ld,char *base_dn,char *uid_attrib,
+static char *ldapFindUserDN(LDAP *ld,char *base_dn,char *uid_filter,
         char *userid,request_rec *r,char *bind_dn,char *bind_pass)
 {
     int
@@ -349,8 +398,12 @@ static char *ldapFindUserDN(LDAP *ld,cha
     entry=(LDAPMessage *) NULL;
     dn=(char *) NULL;
 
-    /* prepare filter with UidAttr. */
-    ap_snprintf(szfilter,sizeof(szfilter)-1,"(%s=%s)",uid_attrib,userid);
+    /* prepare filter with UidFilter. */
+    if( !buildLdapFilter( szfilter, sizeof(szfilter), uid_filter, userid ) ) {
+        ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
+                "[mod_auth_ldap.c] - Error: LDAP filter \"%s\" too long", uid_filter);
+	return(NULL);
+    }
 
 #ifdef DEBUG_LDAP
         ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
@@ -423,6 +476,8 @@ static char *ldapFindUserDN(LDAP *ld,cha
         /* note: ldap_err2string() returns pointer to a static space */
         ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
                 "[mod_auth_ldap.c] - Error: %s",ldap_err2string(rc));
+        ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
+                "[mod_auth_ldap.c] - Error: Filter was \"%s\"",szfilter);
         return (NULL);
     }
 
@@ -457,7 +512,7 @@ static char *ldapFindUserDN(LDAP *ld,cha
 
 #ifdef DEBUG_LDAP
         ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
-                "[mod_auth_ldap.c] - %s=%s Unknown in LDAP server",uid_attrib,userid);
+                "[mod_auth_ldap.c] - %s Unknown in LDAP server",szfilter);
 #endif /* DEBUG_LDAP */
 
         if (result != (LDAPMessage *) NULL)
@@ -689,13 +744,13 @@ static int ldap_authenticate_basic_user(
 
 
     /* now get the User DN */
-    dn=ldapFindUserDN(cr->ld,cr->base_dn,cr->uid_attr,c->user,r,
+    dn=ldapFindUserDN(cr->ld,cr->base_dn,cr->uid_filter,c->user,r,
             cr->bind_dn,cr->bind_pass);
     if (dn == (char *) NULL)
     {
 #ifdef DEBUG_LDAP
         ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
-                "[mod_auth_ldap.c] - ldapFindUserDN() didn't return any DN for user \"%s\" with attr \"%s\"",c->user,cr->uid_attr);
+                "[mod_auth_ldap.c] - ldapFindUserDN() didn't return any DN for user \"%s\" with filter \"%s\"",c->user,cr->uid_filter);
 #endif /* DEBUG_LDAP */
 
         /* pass control to lower modules if AuthLDAPAuthoritative=no */
Kun i mod_auth_ldap: mod_auth_ldap.c~

More information about the commits mailing list