From: Jim Jagielski Date: Mon, 8 Aug 2005 21:23:22 +0000 (+0000) Subject: Ensure that req->dn is valid for the util_ldap_cache_compare() call. X-Git-Tag: 2.1.7~5^2~35 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c2c05e0aeec4183cc873abcf82422652ab076dc5;p=apache Ensure that req->dn is valid for the util_ldap_cache_compare() call. Esp make sure not null. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@230895 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index 1c0f2ca21d..e9d34cfafa 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -707,6 +707,13 @@ static int authz_ldap_check_user_access(request_rec *r) } } else if (strcmp(w, "ldap-attribute") == 0) { + if (req->dn == NULL || strlen(req->dn) == 0) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "[%d] auth_ldap authorise: " + "require ldap-attribute: user's DN has not been defined; failing authorisation", + getpid()); + return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + } while (t[0]) { w = ap_getword(r->pool, &t, '='); value = ap_getword_conf(r->pool, &t); @@ -735,6 +742,13 @@ static int authz_ldap_check_user_access(request_rec *r) } } else if (strcmp(w, "ldap-filter") == 0) { + if (req->dn == NULL || strlen(req->dn) == 0) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "[%d] auth_ldap authorise: " + "require ldap-filter: user's DN has not been defined; failing authorisation", + getpid()); + return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + } if (t[0]) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%d] auth_ldap authorise: checking filter %s",