[Fedora-directory-commits] mod_admserv mod_admserv.c,1.31,1.32

Nathan Kinder (nkinder) fedora-directory-commits at redhat.com
Fri Jul 6 18:06:23 UTC 2007 

Author: nkinder

Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13246/mod_admserv

Modified Files:
	mod_admserv.c 
Log Message:
Resolves: 247283
Summary: Fixed multiple problems with CGIs used by Admin Server Console.



Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- mod_admserv.c	22 Jun 2007 22:37:46 -0000	1.31
+++ mod_admserv.c	6 Jul 2007 18:06:19 -0000	1.32
@@ -772,15 +772,17 @@
 }
 
 static int
-buildUGInfo(char** errorInfo, const server_rec *s) {
+buildUGInfo(char** errorInfo, const request_rec *r) {
     AdmldapInfo info = NULL;
+    server_rec *s = r->server;
     int  error = 0;
     char  path[PATH_MAX];
     char *userGroupLdapURL = NULL;
     char *userGroupBindDN = NULL;
     char *userGroupBindPW = NULL;
     char *dirInfoRef = NULL;
-	int retval = FALSE;
+    int retval = FALSE;
+    char *siedn = NULL;
 
     *errorInfo = (char*)"";
 
@@ -792,26 +794,40 @@
 		goto done;
     }
 
-    if (!(info = admldapBuildInfo(configdir, &error))) {
+    if (!(info = admldapBuildInfoOnly(configdir, &error))) {
         ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
                      "buildUGInfo(): unable to create AdmldapInfo (error code = %d)",
                      error);
         goto done;
     }
 
+    /* Temporarily override the siedn.  This needs to be
+     * done to get a valid LDAP handle.
+     */
+    siedn = admldapGetSIEDN(info);
+
+    admldapSetSIEDN(info, apr_table_get(r->notes, RQ_NOTES_USERDN));
+    admSetCachedSIEPWD(apr_table_get(r->notes, RQ_NOTES_USERPW));
+
+
     if (admldapGetSecurity(info)) {
         sslinit(info, configdir);
-        if (admldapBuildInfoSSL(info, &error)) {
-        } else {
-            char *host = admldapGetHost(info);
-            ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
-                         "buildUGInfo(): unable to initialize TLS connection to LDAP host %s port %d: %d",
-                         host, admldapGetPort(info), error);
-            PL_strfree(host);
-			goto done;
-        }
     }
 
+    if (!admldapBuildInfoSSL(info, &error)) {
+        char *host = admldapGetHost(info);
+        ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s,
+                     "buildUGInfo(): unable to initialize TLS connection to LDAP host %s port %d: %d",
+                     host, admldapGetPort(info), error);
+        PL_strfree(host);
+        goto done;
+    }
+
+    /* We need to reset the siedn before we call
+     * admldapGetLocalUserDirectory below.
+     */
+    admldapSetSIEDN(info, siedn);
+
     userGroupServer.host   = NULL;
     userGroupServer.port   = 0;
     userGroupServer.secure = 0;
@@ -839,7 +855,7 @@
 			goto done;
         }
     }
-   
+
     if (!extractLdapServerData(&userGroupServer, userGroupLdapURL, s)) {
         *errorInfo = (char*)"unable to extract User/Group LDAP info";
 		goto done;
@@ -849,6 +865,7 @@
 	retval = TRUE; /* made it here, so success */
 
 done:
+        PL_strfree(siedn);
 	PL_strfree(userGroupLdapURL);
 	PL_strfree(userGroupBindDN);
 	PL_strfree(userGroupBindPW);
@@ -2211,19 +2228,12 @@
   
     destroyAdmldap(info);
     info = NULL;
-    /* DT 5/18/98 Change for new User/Group stuff */
-  
-    /* Populate U/G Info */
   
+    /* Initialize the UG host to NULL.  This will cause the
+     * UG info to be loaded the first time a user authenticates.
+     */
     userGroupServer.host   = NULL;
   
-    if (buildUGInfo(&errorInfo, base_server) != TRUE) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,
-                     "mod_admserv_post_config(): unable to build user/group LDAP server info: %s",
-                     errorInfo);
-        return DONE;
-    }
-  
     /* Register the admin server tasks */
     task_register_server(ADMIN_SERVER_ID, registryServer.admservSieDN);
 
@@ -2418,6 +2428,8 @@
 
 static int userauth(request_rec *r)
 {
+    char *dummy = NULL;
+
     if (strcmp(r->handler, "user-auth"))
         return DECLINED;
 
@@ -2425,6 +2437,11 @@
     if (r->method_number != M_GET)
         return DECLINED;
 
+    /* If U/G Info is not available, try to get it */
+    if (!(userGroupServer.host)) {
+        buildUGInfo(&dummy, r);
+    }
+
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "userauth, bind %s",
                  apr_table_get(r->notes, RQ_NOTES_USERDN));
 
@@ -2614,7 +2631,7 @@
 
     /* If U/G Info is not available, try to get it */
     if (!(userGroupServer.host)) {
-        buildUGInfo(&dummy, r->server);
+        buildUGInfo(&dummy, r);
     }
 
     if (userGroupServer.host) {

More information about the Fedora-directory-commits mailing list