diff -ur lighttpd-1.4.13/src/http_auth.c lighttpd-1.4.13.new/src/http_auth.c
|
old
|
new
|
|
| 736 | 736 | |
| 737 | 737 | |
| 738 | 738 | /* build filter */ |
| 739 | | buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap |
| | 739 | buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap->ldap_filter_pre); |
| 740 | 740 | buffer_append_string_buffer(p->ldap_filter, username); |
| 741 | | buffer_append_string_buffer(p->ldap_filter, p->conf.ldap |
| | 741 | buffer_append_string_buffer(p->ldap_filter, p->conf.ldap->ldap_filter_post); |
| 742 | 742 | |
| 743 | 743 | |
| 744 | 744 | /* 2. */ |
| 745 | | if (p->conf.ldap |
| 746 | | LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap |
| | 745 | if (p->conf.ldap->ldap == NULL || |
| | 746 | LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { |
| 747 | 747 | if (auth_ldap_init(srv, &p->conf) != HANDLER_GO_ON) |
| 748 | 748 | return -1; |
| 749 | | if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap |
| | 749 | if (LDAP_SUCCESS != (ret = ldap_search_s(p->conf.ldap->ldap, p->conf.auth_ldap_basedn->ptr, LDAP_SCOPE_SUBTREE, p->ldap_filter->ptr, attrs, 0, &lm))) { |
| 750 | 750 | |
| 751 | 751 | log_error_write(srv, __FILE__, __LINE__, "sssb", |
| 752 | 752 | "ldap:", ldap_err2string(ret), "filter:", p->ldap_filter); |
| … |
… |
|
| 755 | 755 | } |
| 756 | 756 | } |
| 757 | 757 | |
| 758 | | if (NULL == (first = ldap_first_entry(p->conf.ldap |
| | 758 | if (NULL == (first = ldap_first_entry(p->conf.ldap->ldap, lm))) { |
| 759 | 759 | log_error_write(srv, __FILE__, __LINE__, "s", "ldap ..."); |
| 760 | 760 | |
| 761 | 761 | ldap_msgfree(lm); |
| … |
… |
|
| 763 | 763 | return -1; |
| 764 | 764 | } |
| 765 | 765 | |
| 766 | | if (NULL == (dn = ldap_get_dn(p->conf.ldap |
| | 766 | if (NULL == (dn = ldap_get_dn(p->conf.ldap->ldap, first))) { |
| 767 | 767 | log_error_write(srv, __FILE__, __LINE__, "s", "ldap ..."); |
| 768 | 768 | |
| 769 | 769 | ldap_msgfree(lm); |
diff -ur lighttpd-1.4.13/src/http_auth.h lighttpd-1.4.13.new/src/http_auth.h
|
old
|
new
|
|
| 17 | 17 | AUTH_BACKEND_HTDIGEST |
| 18 | 18 | } auth_backend_t; |
| 19 | 19 | |
| | 20 | #ifdef USE_LDAP |
| | 21 | typedef struct { |
| | 22 | LDAP *ldap; |
| | 23 | |
| | 24 | buffer *ldap_filter_pre; |
| | 25 | buffer *ldap_filter_post; |
| | 26 | } ldap_plugin_config; |
| | 27 | #endif |
| | 28 | |
| 20 | 29 | typedef struct { |
| 21 | 30 | /* auth */ |
| 22 | 31 | array *auth_require; |
| … |
… |
|
| 43 | 52 | auth_backend_t auth_backend; |
| 44 | 53 | |
| 45 | 54 | #ifdef USE_LDAP |
| 46 | | LDAP *ldap; |
| 47 | | |
| 48 | | buffer *ldap_filter_pre; |
| 49 | | buffer *ldap_filter_post; |
| | 55 | ldap_plugin_config *ldap; |
| 50 | 56 | #endif |
| 51 | 57 | } mod_auth_plugin_config; |
| 52 | 58 | |
| | 59 | |
| | 60 | |
| 53 | 61 | typedef struct { |
| 54 | 62 | PLUGIN_DATA; |
| 55 | 63 | buffer *tmp_buf; |
diff -ur lighttpd-1.4.13/src/mod_auth.c lighttpd-1.4.13.new/src/mod_auth.c
|
old
|
new
|
|
| 77 | 77 | buffer_free(s->auth_ldap_cafile); |
| 78 | 78 | |
| 79 | 79 | #ifdef USE_LDAP |
| 80 | | buffer_free(s->ldap |
| 81 | | buffer_free(s->ldap |
| | 80 | buffer_free(s->ldap->ldap_filter_pre); |
| | 81 | buffer_free(s->ldap->ldap_filter_post); |
| 82 | 82 | |
| 83 | | if (s->ldap) ldap_unbind_s(s->ldap); |
| | 83 | if (s->ldap->ldap) ldap_unbind_s(s->ldap->ldap); |
| | 84 | free (s->ldap); |
| 84 | 85 | #endif |
| 85 | 86 | |
| 86 | 87 | free(s); |
| … |
… |
|
| 115 | 116 | PATCH(auth_ldap_starttls); |
| 116 | 117 | #ifdef USE_LDAP |
| 117 | 118 | PATCH(ldap); |
| 118 | | PATCH(ldap_filter_pre); |
| 119 | | PATCH(ldap_filter_post); |
| 120 | 119 | #endif |
| 121 | 120 | |
| 122 | 121 | /* skip the first, the global context */ |
| … |
… |
|
| 149 | 148 | PATCH(auth_ldap_hostname); |
| 150 | 149 | #ifdef USE_LDAP |
| 151 | 150 | PATCH(ldap); |
| 152 | | PATCH(ldap_filter_pre); |
| 153 | | PATCH(ldap_filter_post); |
| 154 | 151 | #endif |
| 155 | 152 | } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.base-dn"))) { |
| 156 | 153 | PATCH(auth_ldap_basedn); |
| … |
… |
|
| 345 | 342 | s->auth_require = array_init(); |
| 346 | 343 | |
| 347 | 344 | #ifdef USE_LDAP |
| 348 | | s->ldap_filter_pre = buffer_init(); |
| 349 | | s->ldap_filter_post = buffer_init(); |
| 350 | | s->ldap = NULL; |
| | 345 | s->ldap = malloc (sizeof(ldap_plugin_config)); |
| | 346 | s->ldap->ldap_filter_pre = buffer_init(); |
| | 347 | s->ldap->ldap_filter_post = buffer_init(); |
| | 348 | s->ldap->ldap = NULL; |
| 351 | 349 | #endif |
| 352 | 350 | |
| 353 | 351 | cv[0].destination = s->auth_backend_conf; |
| … |
… |
|
| 573 | 571 | return HANDLER_ERROR; |
| 574 | 572 | } |
| 575 | 573 | |
| 576 | | buffer_copy_string_len(s->ldap |
| 577 | | buffer_copy_string(s->ldap |
| | 574 | buffer_copy_string_len(s->ldap->ldap_filter_pre, s->auth_ldap_filter->ptr, dollar - s->auth_ldap_filter->ptr); |
| | 575 | buffer_copy_string(s->ldap->ldap_filter_post, dollar+1); |
| 578 | 576 | } |
| 579 | 577 | |
| 580 | 578 | if (s->auth_ldap_hostname->used) { |
| 581 | | if (NULL == (s->ldap |
| | 579 | if (NULL == (s->ldap->ldap = ldap_init(s->auth_ldap_hostname->ptr, LDAP_PORT))) { |
| 582 | 580 | log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno)); |
| 583 | 581 | |
| 584 | 582 | return HANDLER_ERROR; |
| 585 | 583 | } |
| 586 | 584 | |
| 587 | 585 | ret = LDAP_VERSION3; |
| 588 | | if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(s->ldap |
| | 586 | if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(s->ldap->ldap, LDAP_OPT_PROTOCOL_VERSION, &ret))) { |
| 589 | 587 | log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret)); |
| 590 | 588 | |
| 591 | 589 | return HANDLER_ERROR; |
| … |
… |
|
| 604 | 602 | } |
| 605 | 603 | } |
| 606 | 604 | |
| 607 | | if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap |
| | 605 | if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap->ldap, NULL, NULL))) { |
| 608 | 606 | log_error_write(srv, __FILE__, __LINE__, "ss", "ldap startTLS failed:", ldap_err2string(ret)); |
| 609 | 607 | |
| 610 | 608 | return HANDLER_ERROR; |
| … |
… |
|
| 614 | 612 | |
| 615 | 613 | /* 1. */ |
| 616 | 614 | if (s->auth_ldap_binddn->used) { |
| 617 | | if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap |
| | 615 | if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap->ldap, s->auth_ldap_binddn->ptr, s->auth_ldap_bindpw->ptr))) { |
| 618 | 616 | log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret)); |
| 619 | 617 | |
| 620 | 618 | return HANDLER_ERROR; |
| 621 | 619 | } |
| 622 | 620 | } else { |
| 623 | | if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap |
| | 621 | if (LDAP_SUCCESS != (ret = ldap_simple_bind_s(s->ldap->ldap, NULL, NULL))) { |
| 624 | 622 | log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret)); |
| 625 | 623 | |
| 626 | 624 | return HANDLER_ERROR; |
