You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2005/08/08 23:23:25 UTC
svn commit: r230895 - /httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
Author: jim
Date: Mon Aug 8 14:23:22 2005
New Revision: 230895
URL: http://svn.apache.org/viewcvs?rev=230895&view=rev
Log:
Ensure that req->dn is valid for the util_ldap_cache_compare() call.
Esp make sure not null.
Modified:
httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c?rev=230895&r1=230894&r2=230895&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c Mon Aug 8 14:23:22 2005
@@ -707,6 +707,13 @@
}
}
else if (strcmp(w, "ldap-attribute") == 0) {
+ if (req->dn == NULL || strlen(req->dn) == 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[%d] auth_ldap authorise: "
+ "require ldap-attribute: user's DN has not been defined; failing authorisation",
+ getpid());
+ return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+ }
while (t[0]) {
w = ap_getword(r->pool, &t, '=');
value = ap_getword_conf(r->pool, &t);
@@ -735,6 +742,13 @@
}
}
else if (strcmp(w, "ldap-filter") == 0) {
+ if (req->dn == NULL || strlen(req->dn) == 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[%d] auth_ldap authorise: "
+ "require ldap-filter: user's DN has not been defined; failing authorisation",
+ getpid());
+ return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+ }
if (t[0]) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"[%d] auth_ldap authorise: checking filter %s",