[Fedora-directory-commits] mod_admserv mod_admserv.c,1.31,1.32
Nathan Kinder (nkinder)
fedora-directory-commits at redhat.com
Fri Jul 6 18:06:23 UTC 2007
Author: nkinder
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13246/mod_admserv
Modified Files:
mod_admserv.c
Log Message:
Resolves: 247283
Summary: Fixed multiple problems with CGIs used by Admin Server Console.
Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- mod_admserv.c 22 Jun 2007 22:37:46 -0000 1.31
+++ mod_admserv.c 6 Jul 2007 18:06:19 -0000 1.32
@@ -772,15 +772,17 @@
}
static int
-buildUGInfo(char** errorInfo, const server_rec *s) {
+buildUGInfo(char** errorInfo, const request_rec *r) {
AdmldapInfo info = NULL;
+ server_rec *s = r->server;
int error = 0;
char path[PATH_MAX];
char *userGroupLdapURL = NULL;
char *userGroupBindDN = NULL;
char *userGroupBindPW = NULL;
char *dirInfoRef = NULL;
- int retval = FALSE;
+ int retval = FALSE;
+ char *siedn = NULL;
*errorInfo = (char*)"";
@@ -792,26 +794,40 @@
goto done;
}
- if (!(info = admldapBuildInfo(configdir, &error))) {
+ if (!(info = admldapBuildInfoOnly(configdir, &error))) {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
"buildUGInfo(): unable to create AdmldapInfo (error code = %d)",
error);
goto done;
}
+ /* Temporarily override the siedn. This needs to be
+ * done to get a valid LDAP handle.
+ */
+ siedn = admldapGetSIEDN(info);
+
+ admldapSetSIEDN(info, apr_table_get(r->notes, RQ_NOTES_USERDN));
+ admSetCachedSIEPWD(apr_table_get(r->notes, RQ_NOTES_USERPW));
+
+
if (admldapGetSecurity(info)) {
sslinit(info, configdir);
- if (admldapBuildInfoSSL(info, &error)) {
- } else {
- char *host = admldapGetHost(info);
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
- "buildUGInfo(): unable to initialize TLS connection to LDAP host %s port %d: %d",
- host, admldapGetPort(info), error);
- PL_strfree(host);
- goto done;
- }
}
+ if (!admldapBuildInfoSSL(info, &error)) {
+ char *host = admldapGetHost(info);
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
+ "buildUGInfo(): unable to initialize TLS connection to LDAP host %s port %d: %d",
+ host, admldapGetPort(info), error);
+ PL_strfree(host);
+ goto done;
+ }
+
+ /* We need to reset the siedn before we call
+ * admldapGetLocalUserDirectory below.
+ */
+ admldapSetSIEDN(info, siedn);
+
userGroupServer.host = NULL;
userGroupServer.port = 0;
userGroupServer.secure = 0;
@@ -839,7 +855,7 @@
goto done;
}
}
-
+
if (!extractLdapServerData(&userGroupServer, userGroupLdapURL, s)) {
*errorInfo = (char*)"unable to extract User/Group LDAP info";
goto done;
@@ -849,6 +865,7 @@
retval = TRUE; /* made it here, so success */
done:
+ PL_strfree(siedn);
PL_strfree(userGroupLdapURL);
PL_strfree(userGroupBindDN);
PL_strfree(userGroupBindPW);
@@ -2211,19 +2228,12 @@
destroyAdmldap(info);
info = NULL;
- /* DT 5/18/98 Change for new User/Group stuff */
-
- /* Populate U/G Info */
+ /* Initialize the UG host to NULL. This will cause the
+ * UG info to be loaded the first time a user authenticates.
+ */
userGroupServer.host = NULL;
- if (buildUGInfo(&errorInfo, base_server) != TRUE) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,
- "mod_admserv_post_config(): unable to build user/group LDAP server info: %s",
- errorInfo);
- return DONE;
- }
-
/* Register the admin server tasks */
task_register_server(ADMIN_SERVER_ID, registryServer.admservSieDN);
@@ -2418,6 +2428,8 @@
static int userauth(request_rec *r)
{
+ char *dummy = NULL;
+
if (strcmp(r->handler, "user-auth"))
return DECLINED;
@@ -2425,6 +2437,11 @@
if (r->method_number != M_GET)
return DECLINED;
+ /* If U/G Info is not available, try to get it */
+ if (!(userGroupServer.host)) {
+ buildUGInfo(&dummy, r);
+ }
+
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "userauth, bind %s",
apr_table_get(r->notes, RQ_NOTES_USERDN));
@@ -2614,7 +2631,7 @@
/* If U/G Info is not available, try to get it */
if (!(userGroupServer.host)) {
- buildUGInfo(&dummy, r->server);
+ buildUGInfo(&dummy, r);
}
if (userGroupServer.host) {
More information about the Fedora-directory-commits
mailing list