From: Chris Darroch <chrisd@apache.org>
Date: Wed, 22 Oct 2008 20:11:07 +0000 (+0000)
Subject: Implement checks for NULL r->user as per r705361.
X-Git-Tag: 2.3.0~240
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=704feaaeb30c27f818897faf43bc8720a04add74;p=apache

Implement checks for NULL r->user as per r705361.

NOTE: If someone with an LDAP setup can ensure this compiles and works,
that would be great.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@707183 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 25229bb0cf..eedc2084e4 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -518,7 +518,13 @@ static authz_status ldapuser_check_authorization(request_rec *r,
      */
 
     /* Check that we have a userid to start with */
-    if ((!r->user) || (strlen(r->user) == 0)) {
+    if (!r->user) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+            "access to %s failed, reason: no authenticated user", r->uri);
+        return AUTHZ_DENIED;
+    }
+
+    if (!strlen(r->user)) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
             "ldap authorize: Userid is blank, AuthType=%s",
             r->ap_auth_type);
@@ -686,7 +692,13 @@ static authz_status ldapgroup_check_authorization(request_rec *r,
      */
 
     /* Check that we have a userid to start with */
-    if ((!r->user) || (strlen(r->user) == 0)) {
+    if (!r->user) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+            "access to %s failed, reason: no authenticated user", r->uri);
+        return AUTHZ_DENIED;
+    }
+
+    if (!strlen(r->user)) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
             "ldap authorize: Userid is blank, AuthType=%s",
             r->ap_auth_type);
@@ -843,7 +855,13 @@ static authz_status ldapdn_check_authorization(request_rec *r,
      */
 
     /* Check that we have a userid to start with */
-    if ((!r->user) || (strlen(r->user) == 0)) {
+    if (!r->user) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+            "access to %s failed, reason: no authenticated user", r->uri);
+        return AUTHZ_DENIED;
+    }
+
+    if (!strlen(r->user)) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
             "ldap authorize: Userid is blank, AuthType=%s",
             r->ap_auth_type);
@@ -951,7 +969,13 @@ static authz_status ldapattribute_check_authorization(request_rec *r,
      */
 
     /* Check that we have a userid to start with */
-    if ((!r->user) || (strlen(r->user) == 0)) {
+    if (!r->user) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+            "access to %s failed, reason: no authenticated user", r->uri);
+        return AUTHZ_DENIED;
+    }
+
+    if (!strlen(r->user)) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
             "ldap authorize: Userid is blank, AuthType=%s",
             r->ap_auth_type);
@@ -1064,7 +1088,13 @@ static authz_status ldapfilter_check_authorization(request_rec *r,
      */
 
     /* Check that we have a userid to start with */
-    if ((!r->user) || (strlen(r->user) == 0)) {
+    if (!r->user) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+            "access to %s failed, reason: no authenticated user", r->uri);
+        return AUTHZ_DENIED;
+    }
+
+    if (!strlen(r->user)) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
             "ldap authorize: Userid is blank, AuthType=%s",
             r->ap_auth_type);