steffen: server/apache Makefile, 1.11, 1.12 kolab.patch, NONE, 1.1 mod_auth_ldap.patch, NONE, 1.1
cvs at intevation.de
cvs at intevation.de
Wed Oct 13 03:55:31 CEST 2004
Author: steffen
Update of /kolabrepository/server/apache
In directory doto:/tmp/cvs-serv7828/apache
Added Files:
Makefile kolab.patch mod_auth_ldap.patch
Log Message:
fix for issue306 (apache mod_auth_ldap uid/mail problem)
--- NEW FILE: kolab.patch ---
--- apache.spec.orig 2004-10-13 03:38:50.000000000 +0200
+++ apache.spec 2004-10-13 03:39:33.000000000 +0200
@@ -66,7 +66,7 @@ Class: BASE
Group: Web
License: ASF
Version: %{V_apache}
-Release: 2.1.4
+Release: 2.1.4_kolab
# package options (suexec related)
%option with_suexec yes
@@ -213,6 +213,7 @@ Patch1: apache.patch.modowa
Patch2: http://www.hardened-php.net/hardened-php-%{V_mod_php}-%{V_mod_php_hardened}.patch.gz
Patch3: apache.patch.modssl
Patch4: apache.patch.php
+Patch5: mod_auth_ldap.patch
# build information
Prefix: %{l_prefix}
@@ -553,6 +554,7 @@ AutoReqProv: no
%endif
%if "%{with_mod_auth_ldap}" == "yes"
%setup -q -T -D -a 14
+ %patch -p0 -P 5
%endif
%if "%{with_mod_auth_radius}" == "yes"
%setup -q -T -D -a 15
--- NEW FILE: mod_auth_ldap.patch ---
diff -upr mod_auth_ldap.orig/mod_auth_ldap.c mod_auth_ldap/mod_auth_ldap.c
--- mod_auth_ldap.orig/mod_auth_ldap.c 2003-06-08 07:10:33.000000000 +0200
+++ mod_auth_ldap/mod_auth_ldap.c 2004-10-13 03:17:52.000000000 +0200
@@ -150,7 +150,8 @@ typedef struct _ldap_auth_config_rec
char
*ldap_server,
*base_dn,
- *uid_attr;
+ *uid_attr,
+ *uid_filter;
char
*user_dn;
@@ -187,6 +188,7 @@ static void *create_ldap_auth_dir_config
cr->bind_dn=NULL;
cr->bind_pass=NULL;
cr->uid_attr=ap_pstrdup(p,"uid");
+ cr->uid_filter=ap_pstrdup(p,"(uid=%u)");
cr->ldap_port=LDAP_PORT;
cr->auth_ldapauthoritative=1; /* fortress is secure by default */
@@ -239,6 +241,13 @@ static const char *set_uid_attr(cmd_parm
return (NULL);
}
+static const char *set_uid_filter(cmd_parms *cmd,ldap_auth_config_rec *cr,
+ char *arg)
+{
+ cr->uid_filter=ap_pstrdup(cmd->pool,arg);
+ return (NULL);
+}
+
static const char *set_ldapauthoritative(cmd_parms *cmd,ldap_auth_config_rec
*cr,char *arg)
{
@@ -292,6 +301,7 @@ static const command_rec ldap_auth_cmds[
{"LDAP_Port", set_ldap_port, NULL,OR_AUTHCFG,TAKE1,"LDAP port"},
{"Base_DN", set_base_dn, NULL,OR_AUTHCFG,TAKE1,"Base DN"},
{"UID_Attr", set_uid_attr, NULL,OR_AUTHCFG,TAKE1,"uid"},
+ {"UID_Filter", set_uid_filter, NULL,OR_AUTHCFG,TAKE1,"Search Filter"},
{"Bind_DN", set_bind_dn, NULL,OR_AUTHCFG,TAKE1,"Bind DN"},
{"Bind_Pass", set_bind_pass, NULL,OR_AUTHCFG,TAKE1,"Bind Password"},
{"AuthLDAPAuthoritative",set_ldapauthoritative,NULL,OR_AUTHCFG,TAKE1,
@@ -300,13 +310,52 @@ static const command_rec ldap_auth_cmds[
};
/*
+** buildLdapFilter()
+** return 0 on error, nonzero on success
+**
+** Parameters:
+** char *szfilter A pointer to a buffer for storing the filter
+** size_t *len The size of szfilter
+** char *uid_filter LDAP filter to use with userid, e.g. "(|(uid=%u)(mail=%u))"
+** char *userid the userid to replace %u with
+*/
+static int buildLdapFilter( char* szfilter, size_t len,
+ char* uid_filter, char* userid )
+{
+ char* p1;
+ char* p2;
+ size_t s = 0;
+
+ szfilter[0] = 0;
+ p1 = uid_filter;
+ while( (p2=strstr(p1,"%u")) ) {
+ size_t d = p2-p1;
+ s += d;
+ s += strlen(userid);
+ if( s > len-1 ) {
+ /* about to overflow, just be safe and abort */
+ return 0;
+ }
+ strncat( szfilter, p1, d );
+ strcat( szfilter, userid );
+ p1 = p2+2;
+ }
+ if( s+strlen(p1) > len-1 ) {
+ /* about to overflow, just be safe and abort */
+ return 0;
+ }
+ strcat( szfilter, p1 );
+ return 1;
+}
+
+/*
** ldapFindUserDN()
** return the DN of the user
**
** Parameters:
** LDAP *ld valid handle to LDAP
** char *base_dn LDAP base Distinguised Name
-** char *uid_attrib LDAP uid attribute, e.g. "uid"
+** char *uid_filter LDAP filter to use with userid, e.g. "(|(uid=%u)(mail=%u))"
** char *userid the userid to check
** request_rect *r needed for writing log in Win2K
** char *bind_dn Bind_DN, can be NULL
@@ -327,7 +376,7 @@ static const command_rec ldap_auth_cmds[
** mhttpd
** muquit at muquit.com Mar-15-2001 bind with bind and pass if provided.
*/
-static char *ldapFindUserDN(LDAP *ld,char *base_dn,char *uid_attrib,
+static char *ldapFindUserDN(LDAP *ld,char *base_dn,char *uid_filter,
char *userid,request_rec *r,char *bind_dn,char *bind_pass)
{
int
@@ -349,8 +398,12 @@ static char *ldapFindUserDN(LDAP *ld,cha
entry=(LDAPMessage *) NULL;
dn=(char *) NULL;
- /* prepare filter with UidAttr. */
- ap_snprintf(szfilter,sizeof(szfilter)-1,"(%s=%s)",uid_attrib,userid);
+ /* prepare filter with UidFilter. */
+ if( !buildLdapFilter( szfilter, sizeof(szfilter), uid_filter, userid ) ) {
+ ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
+ "[mod_auth_ldap.c] - Error: LDAP filter \"%s\" too long", uid_filter);
+ return(NULL);
+ }
#ifdef DEBUG_LDAP
ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
@@ -423,6 +476,8 @@ static char *ldapFindUserDN(LDAP *ld,cha
/* note: ldap_err2string() returns pointer to a static space */
ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
"[mod_auth_ldap.c] - Error: %s",ldap_err2string(rc));
+ ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
+ "[mod_auth_ldap.c] - Error: Filter was \"%s\"",szfilter);
return (NULL);
}
@@ -457,7 +512,7 @@ static char *ldapFindUserDN(LDAP *ld,cha
#ifdef DEBUG_LDAP
ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
- "[mod_auth_ldap.c] - %s=%s Unknown in LDAP server",uid_attrib,userid);
+ "[mod_auth_ldap.c] - %s Unknown in LDAP server",szfilter);
#endif /* DEBUG_LDAP */
if (result != (LDAPMessage *) NULL)
@@ -689,13 +744,13 @@ static int ldap_authenticate_basic_user(
/* now get the User DN */
- dn=ldapFindUserDN(cr->ld,cr->base_dn,cr->uid_attr,c->user,r,
+ dn=ldapFindUserDN(cr->ld,cr->base_dn,cr->uid_filter,c->user,r,
cr->bind_dn,cr->bind_pass);
if (dn == (char *) NULL)
{
#ifdef DEBUG_LDAP
ap_log_rerror(APLOG_MARK,APLOG_NOERRNO | APLOG_ERR,r,
- "[mod_auth_ldap.c] - ldapFindUserDN() didn't return any DN for user \"%s\" with attr \"%s\"",c->user,cr->uid_attr);
+ "[mod_auth_ldap.c] - ldapFindUserDN() didn't return any DN for user \"%s\" with filter \"%s\"",c->user,cr->uid_filter);
#endif /* DEBUG_LDAP */
/* pass control to lower modules if AuthLDAPAuthoritative=no */
Kun i mod_auth_ldap: mod_auth_ldap.c~
More information about the commits
mailing list