You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2001/08/29 01:16:12 UTC
cvs commit: httpd-2.0/modules/ldap util_ldap.c util_ldap_cache.c util_ldap_cache.h util_ldap_cache_mgr.c
minfrin 01/08/28 16:16:12
Modified: . CHANGES
include util_ldap.h
modules/aaa mod_auth_ldap.c
modules/ldap util_ldap.c util_ldap_cache.c util_ldap_cache.h
util_ldap_cache_mgr.c
Log:
Add specified user attributes to the environment when using
mod_auth_ldap. This allows you to use mod_include to embed specified
user attributes in a page like so:
Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
Revision Changes Path
1.341 +6 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.340
retrieving revision 1.341
diff -u -r1.340 -r1.341
--- CHANGES 2001/08/28 18:09:35 1.340
+++ CHANGES 2001/08/28 23:16:12 1.341
@@ -1,5 +1,11 @@
Changes with Apache 2.0.25-dev
+ *) Add specified user attributes to the environment when using
+ mod_auth_ldap. This allows you to use mod_include to embed specified
+ user attributes in a page like so:
+ Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
+ [Graham Leggett]
+
*) Fix a performance problem with the worker MPM. We now create
transaction pools once, and re-use them for each connection.
[Aaron Bannert <aa...@clove.org>]
1.3 +6 -4 httpd-2.0/include/util_ldap.h
Index: util_ldap.h
===================================================================
RCS file: /home/cvs/httpd-2.0/include/util_ldap.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- util_ldap.h 2001/08/18 19:18:12 1.2
+++ util_ldap.h 2001/08/28 23:16:12 1.3
@@ -232,19 +232,21 @@
* @param url The URL of the LDAP connection - used for deciding which cache to use.
* @param basedn The Base DN to search for the user in.
* @param scope LDAP scope of the search.
+ * @param attrs LDAP attributes to return in search.
* @param filter The user to search for in the form of an LDAP filter. This filter must return
* exactly one user for the check to be successful.
* @param bindpw The user password to bind as.
* @param binddn The DN of the user will be returned in this variable.
+ * @param retvals The values corresponding to the attributes requested in the attrs array.
* @tip The filter supplied will be searched for. If a single entry is returned, an attempt
* is made to bind as that user. If this bind succeeds, the user is not validated.
* @deffunc int util_ldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
- * char *url, const char *basedn, int scope,
- * char *filter, char *bindpw, char **binddn)
+ * char *url, const char *basedn, int scope, char **attrs,
+ * char *filter, char *bindpw, char **binddn, char ***retvals)
*/
int util_ldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
- const char *url, const char *basedn, int scope,
- const char *filter, const char *bindpw, const char **binddn);
+ const char *url, const char *basedn, int scope, char **attrs,
+ const char *filter, const char *bindpw, const char **binddn, const char ***retvals);
/* from apr_ldap_cache.c */
1.6 +35 -2 httpd-2.0/modules/aaa/mod_auth_ldap.c
Index: mod_auth_ldap.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_ldap.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- mod_auth_ldap.c 2001/08/22 15:40:28 1.5
+++ mod_auth_ldap.c 2001/08/28 23:16:12 1.6
@@ -68,6 +68,8 @@
/* for getpid() */
#include <unistd.h>
#endif
+#include <ctype.h>
+
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
@@ -90,6 +92,7 @@
int port; /* Port of the LDAP server */
char *basedn; /* Base DN to do all searches from */
char *attribute; /* Attribute to search for */
+ char **attributes; /* Array of all the attributes to return */
int scope; /* Scope of the search */
char *filter; /* Filter to further limit the search */
deref_options deref; /* how to handle alias dereferening */
@@ -202,6 +205,7 @@
*/
int mod_auth_ldap_check_user_id(request_rec *r)
{
+ const char **vals = NULL;
char filtbuf[FILTER_LENGTH];
mod_auth_ldap_config_t *sec =
(mod_auth_ldap_config_t *)ap_get_module_config(r->per_dir_config, &auth_ldap_module);
@@ -254,7 +258,8 @@
mod_auth_ldap_build_filter(filtbuf, r, sec);
/* do the user search */
- result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope, filtbuf, sent_pw, &dn);
+ result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope,
+ sec->attributes, filtbuf, sent_pw, &dn, &vals);
util_ldap_connection_close(ldc);
if (result != LDAP_SUCCESS) {
@@ -278,6 +283,24 @@
r->user = req->dn;
}
+ /* add environment variables */
+ if (sec->attributes && vals) {
+ apr_table_t *e = r->subprocess_env;
+ int i = 0;
+ while (sec->attributes[i]) {
+ char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL);
+ int j = 13;
+ while (str[j]) {
+ if (str[j] >= 'a' && str[j] <= 'z') {
+ str[j] = str[j] - ('a' - 'A');
+ }
+ j++;
+ }
+ apr_table_setn(e, str, vals[i]);
+ i++;
+ }
+ }
+
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r,
"[%d] auth_ldap authenticate: accepting %s", getpid(), r->user);
@@ -639,7 +662,17 @@
}
sec->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : "";
if (urld->lud_attrs && urld->lud_attrs[0]) {
- sec->attribute = apr_pstrdup(cmd->pool, urld->lud_attrs[0]);
+ int i = 1;
+ while (urld->lud_attrs[i]) {
+ i++;
+ }
+ sec->attributes = apr_pcalloc(cmd->pool, sizeof(char *) * (i+1));
+ i = 0;
+ while (urld->lud_attrs[i]) {
+ sec->attributes[i] = apr_pstrdup(cmd->pool, urld->lud_attrs[i]);
+ i++;
+ }
+ sec->attribute = sec->attributes[0];
}
else {
sec->attribute = "uid";
1.5 +31 -5 httpd-2.0/modules/ldap/util_ldap.c
Index: util_ldap.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ldap/util_ldap.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- util_ldap.c 2001/08/22 15:40:28 1.4
+++ util_ldap.c 2001/08/28 23:16:12 1.5
@@ -720,9 +720,11 @@
}
int util_ldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc,
- const char *url, const char *basedn, int scope,
- const char *filter, const char *bindpw, const char **binddn)
+ const char *url, const char *basedn, int scope, char **attrs,
+ const char *filter, const char *bindpw, const char **binddn,
+ const char ***retvals)
{
+ const char **vals = NULL;
int result = 0;
LDAPMessage *res, *entry;
char *dn;
@@ -738,7 +740,6 @@
(util_ldap_state_t *)ap_get_module_config(r->server->module_config,
&ldap_module);
-
/* read lock this function */
if (!util_ldap_cache_lock) {
apr_lock_create(&util_ldap_cache_lock, APR_READWRITE, APR_INTRAPROCESS, NULL, st->pool);
@@ -776,6 +777,7 @@
else {
/* ...and entry is valid */
*binddn = search_nodep->dn;
+ *retvals = search_nodep->vals;
apr_lock_release(util_ldap_cache_lock);
ldc->reason = "Authentication successful (cached)";
return LDAP_SUCCESS;
@@ -803,7 +805,7 @@
/* try do the search */
if ((result = ldap_search_ext_s(ldc->ldap,
basedn, scope,
- filter, NULL, 1,
+ filter, attrs, 0,
NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
ldc->reason = "ldap_search_ext_s() for user failed with server down";
goto start_over;
@@ -864,7 +866,29 @@
return result;
}
- ldap_msgfree(res);
+ /*
+ * Get values for the provided attributes.
+ */
+ if (attrs) {
+ int k = 0;
+ int i = 0;
+ while (attrs[k++]);
+ vals = apr_pcalloc(r->pool, sizeof(char *) * (k+1));
+ while (attrs[i]) {
+ char **values;
+ int j = 0;
+ char *str = NULL;
+ /* get values */
+ values = ldap_get_values(ldc->ldap, entry, attrs[i]);
+ while (values && values[j]) {
+ str = str ? apr_pstrcat(r->pool, str, "; ", values[j], NULL) : apr_pstrdup(r->pool, values[j]);
+ j++;
+ }
+ vals[i] = str;
+ i++;
+ }
+ *retvals = vals;
+ }
/*
* Add the new username to the search cache.
@@ -874,7 +898,9 @@
the_search_node.dn = *binddn;
the_search_node.bindpw = bindpw;
the_search_node.lastbind = apr_time_now();
+ the_search_node.vals = vals;
util_ald_cache_insert(curl->search_cache, &the_search_node);
+ ldap_msgfree(res);
apr_lock_release(util_ldap_cache_lock);
ldc->reason = "Authentication successful";
1.5 +40 -4 httpd-2.0/modules/ldap/util_ldap_cache.c
Index: util_ldap_cache.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ldap/util_ldap_cache.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- util_ldap_cache.c 2001/08/18 21:10:03 1.4
+++ util_ldap_cache.c 2001/08/28 23:16:12 1.5
@@ -127,16 +127,52 @@
{
util_search_node_t *node = (util_search_node_t *)c;
util_search_node_t *newnode = util_ald_alloc(sizeof(util_search_node_t));
- newnode->username = util_ald_strdup(node->username);
- newnode->dn = util_ald_strdup(node->dn);
- newnode->bindpw = util_ald_strdup(node->bindpw);
- newnode->lastbind = node->lastbind;
+
+ /* safety check */
+ if (newnode) {
+
+ /* copy vals */
+ if (node->vals) {
+ int k = 0;
+ int i = 0;
+ while (node->vals[k++]);
+ if (!(newnode->vals = util_ald_alloc(sizeof(char *) * (k+1)))) {
+ util_ldap_search_node_free(newnode);
+ return NULL;
+ }
+ while (node->vals[i]) {
+ if (!(newnode->vals[i] = util_ald_strdup(node->vals[i]))) {
+ util_ldap_search_node_free(newnode);
+ return NULL;
+ }
+ i++;
+ }
+ }
+ else {
+ newnode->vals = NULL;
+ }
+ if (!(newnode->username = util_ald_strdup(node->username)) ||
+ !(newnode->dn = util_ald_strdup(node->dn)) ||
+ !(newnode->bindpw = util_ald_strdup(node->bindpw)) ) {
+ util_ldap_search_node_free(newnode);
+ return NULL;
+ }
+ newnode->lastbind = node->lastbind;
+
+ }
return (void *)newnode;
}
void util_ldap_search_node_free(void *n)
{
+ int i = 0;
util_search_node_t *node = (util_search_node_t *)n;
+ if (node->vals) {
+ while (node->vals[i]) {
+ util_ald_free(node->vals[i++]);
+ }
+ util_ald_free(node->vals);
+ }
util_ald_free(node->username);
util_ald_free(node->dn);
util_ald_free(node->bindpw);
1.4 +4 -3 httpd-2.0/modules/ldap/util_ldap_cache.h
Index: util_ldap_cache.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ldap/util_ldap_cache.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- util_ldap_cache.h 2001/08/18 21:10:03 1.3
+++ util_ldap_cache.h 2001/08/28 23:16:12 1.4
@@ -139,9 +139,10 @@
typedef struct util_search_node_t {
const char *username; /* Cache key */
const char *dn; /* DN returned from search */
- const char *bindpw; /* The most recently used bind password;
- NULL if the bind failed */
- apr_time_t lastbind; /* Time of last successful bind */
+ const char *bindpw; /* The most recently used bind password;
+ NULL if the bind failed */
+ apr_time_t lastbind; /* Time of last successful bind */
+ const char **vals; /* Values of queried attributes */
} util_search_node_t;
/*
1.3 +9 -6 httpd-2.0/modules/ldap/util_ldap_cache_mgr.c
Index: util_ldap_cache_mgr.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ldap/util_ldap_cache_mgr.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- util_ldap_cache_mgr.c 2001/08/18 19:44:59 1.2
+++ util_ldap_cache_mgr.c 2001/08/28 23:16:12 1.3
@@ -116,12 +116,15 @@
{
#if APR_HAS_SHARED_MEMORY
if (util_ldap_shm) {
- apr_shm_free(util_ldap_shm, (void *)ptr);
+ if (ptr)
+ apr_shm_free(util_ldap_shm, (void *)ptr);
} else {
- free((void *)ptr);
+ if (ptr)
+ free((void *)ptr);
}
#else
- free((void *)ptr);
+ if (ptr)
+ free((void *)ptr);
#endif
}
@@ -129,12 +132,12 @@
{
#if APR_HAS_SHARED_MEMORY
if (util_ldap_shm) {
- return (void *)apr_shm_malloc(util_ldap_shm, size);
+ return (void *)apr_shm_calloc(util_ldap_shm, size);
} else {
- return (void *)malloc(size);
+ return (void *)calloc(sizeof(char), size);
}
#else
- return (void *)malloc(size);
+ return (void *)calloc(size);
#endif
}