From: Eric Covener Date: Mon, 10 Nov 2014 22:43:53 +0000 (+0000) Subject: Resolve rashes with LDAP authz and non-LDAP authn since r1608202. X-Git-Tag: 2.5.0-alpha~3725 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=25c47738cfd95a7e75d3ac1c75239cf954b8da61;p=apache Resolve rashes with LDAP authz and non-LDAP authn since r1608202. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1637990 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7a97aa90bf..47c7d34a6f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + + *) mod_authnz_ldap: Resolve rashes with LDAP authz and non-LDAP authn since + r1608202. [Eric Covener] *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes. PR 57167 [Edward Lu ] diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index d0f223dc38..2a0a7c686c 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -731,11 +731,15 @@ static authz_status ldapuser_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_COMPARE); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_COMPARE); + else { + ldc = get_connection_for_authz(r, LDAP_COMPARE); + } + /* * If we have been authenticated by some other module than mod_authnz_ldap, @@ -855,11 +859,14 @@ static authz_status ldapgroup_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_COMPARE); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_COMPARE); + else { + ldc = get_connection_for_authz(r, LDAP_COMPARE); + } /* * If there are no elements in the group attribute array, the default should be @@ -1065,11 +1072,14 @@ static authz_status ldapdn_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */ if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */ + else { + ldc = get_connection_for_authz(r, LDAP_SEARCH); /* comparedn is a search */ + } require = ap_expr_str_exec(r, expr, &err); if (err) { @@ -1162,11 +1172,14 @@ static authz_status ldapattribute_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_COMPARE); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_COMPARE); + else { + ldc = get_connection_for_authz(r, LDAP_COMPARE); + } if (req->dn == NULL || strlen(req->dn) == 0) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01733) @@ -1268,11 +1281,14 @@ static authz_status ldapfilter_check_authorization(request_rec *r, if (!req) { authz_status rv = AUTHZ_DENIED; req = build_request_config(r); + ldc = get_connection_for_authz(r, LDAP_SEARCH); if (AUTHZ_GRANTED != (rv = get_dn_for_nonldap_authn(r, ldc))) { return rv; } } - ldc = get_connection_for_authz(r, LDAP_SEARCH); + else { + ldc = get_connection_for_authz(r, LDAP_SEARCH); + } if (req->dn == NULL || strlen(req->dn) == 0) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01742)