From 0d7fe7ffd7d972e3b557f60128a6b761ec0f610f Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Sun, 24 Jan 2010 21:52:29 +0000 Subject: [PATCH] mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the password to UTF-8. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit PR: 45318 Adapted patch from Johannes Müller git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@902654 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/aaa/mod_authnz_ldap.c | 30 +++++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 4a43633863..42cf2d4bdf 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.3.6 + *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the + password to UTF-8. PR 45318. + [Johannes Müller , Stefan Fritsch] + *) ab: Fix calculation of requests per second in HTML output. PR 48594. [Stefan Fritsch] diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index 28e0bb537e..8addb11e8c 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -154,6 +154,29 @@ static apr_xlate_t* get_conv_set (request_rec *r) } +static const char* authn_ldap_xlate_password(request_rec *r, + const char* sent_password) +{ + apr_xlate_t *convset = NULL; + apr_size_t inbytes; + apr_size_t outbytes; + char *outbuf; + + if (charset_conversions && (convset = get_conv_set(r)) ) { + inbytes = strlen(sent_password); + outbytes = (inbytes+1)*3; + outbuf = apr_pcalloc(r->pool, outbytes); + + /* Convert the password to UTF-8. */ + if (apr_xlate_conv_buffer(convset, sent_password, &inbytes, outbuf, + &outbytes) == APR_SUCCESS) + return outbuf; + } + + return sent_password; +} + + /* * Build the search filter, or at least as much of the search filter that * will fit in the buffer. We don't worry about the buffer not being able @@ -342,6 +365,7 @@ static authn_status authn_ldap_check_password(request_rec *r, const char *user, int result = 0; int remote_user_attribute_set = 0; const char *dn = NULL; + const char *utfpassword; authn_ldap_request_t *req = (authn_ldap_request_t *)apr_pcalloc(r->pool, sizeof(authn_ldap_request_t)); @@ -395,9 +419,13 @@ start_over: /* build the username filter */ authn_ldap_build_filter(filtbuf, r, user, NULL, sec); + /* convert password to utf-8 */ + utfpassword = authn_ldap_xlate_password(r, password); + /* do the user search */ result = util_ldap_cache_checkuserid(r, ldc, sec->url, sec->basedn, sec->scope, - sec->attributes, filtbuf, password, &dn, &vals); + sec->attributes, filtbuf, utfpassword, + &dn, &vals); util_ldap_connection_close(ldc); /* sanity check - if server is down, retry it up to 5 times */ -- 2.40.0