Resolve rashes with LDAP authz and non-LDAP authn since r1608202.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1637990 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 7a97aa90bf4164cfb31ffac4838f7445ae882701..47c7d34a6f36ecbf3e116a48dbd768a5ac62d023 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
+
+  *) mod_authnz_ldap: Resolve rashes with LDAP authz and non-LDAP authn since 
+     r1608202. [Eric Covener]
  
   *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
      PR 57167 [Edward Lu <Chaosed0 gmail.com>]

diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index d0f223dc380bf764f819203896aa5f3604a4ba2e..2a0a7c686ca7e018bf1ac8d0a72c9a7a1c752111 100644 (file)
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -731,11 +731,15 @@ static authz_status ldapuser_check_authorization(request_rec *r,
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { 
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    }
+
 
     /*
      * If we have been authenticated by some other module than mod_authnz_ldap,
@@ -855,11 +859,14 @@ static authz_status ldapgroup_check_authorization(request_rec *r,
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    }
 
     /*
      * If there are no elements in the group attribute array, the default should be
@@ -1065,11 +1072,14 @@ static authz_status ldapdn_check_authorization(request_rec *r,
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */
+    }
 
     require = ap_expr_str_exec(r, expr, &err);
     if (err) {
@@ -1162,11 +1172,14 @@ static authz_status ldapattribute_check_authorization(request_rec *r,
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_COMPARE);
+    }
 
     if (req->dn == NULL || strlen(req->dn) == 0) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01733)
@@ -1268,11 +1281,14 @@ static authz_status ldapfilter_check_authorization(request_rec *r,
     if (!req) {
         authz_status rv = AUTHZ_DENIED;
         req = build_request_config(r);
+        ldc = get_connection_for_authz(r, LDAP_SEARCH);
         if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) {
             return rv;
         }
     }
-    ldc = get_connection_for_authz(r, LDAP_SEARCH);
+    else { 
+        ldc = get_connection_for_authz(r, LDAP_SEARCH);
+    }
 
     if (req->dn == NULL || strlen(req->dn) == 0) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01742)