PR61891: looping over mostly full LDAP cache
*) mod_ldap: Fix a case where a full LDAP cache would continually fail to
purge old entries and log AH01323. PR61891.
Submitted By: Hendrik Harms <hendrik.harms gmail.com>
Committed By: covener
Reviewed By: covener, jim, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820800 13f79535-47bb-0310-9956-ffa450edef68
Fix some spurious ident spotted by sparse
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting + some minor style issues
Remove useless line
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Fix some spurious ident spotted by sparse
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Submitted by: jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701772 13f79535-47bb-0310-9956-ffa450edef68
r1643672, r1496178 from trunk
* Synch with trunk:
- Add missing APLOGNO.
- mod_deflate: don't require <limits.h> by using APR_INT32_MAX instead of INT_MAX.
- Move two variable assignments off the fast path.
- Fix curly braces style. Remove useless empty lines
- tab vs space
- Removed tabs.
- dump fcgi headers with trace8 instead of debug+compile-time flag.
- Drop severity of "LDAP: Setting referrals to ON" from DEBUG to TRACE4
Submitted by: jailletc36, ylavic, minfrin, fuankg, covener
Reviewed by: jailletc36, minfrin, ylavic
Backported by: jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661845 13f79535-47bb-0310-9956-ffa450edef68
In 2.4.10, AuthLDAPBindDN might not be used for some LDAP searches, causing
LDAP authz failures if AuthLDAPBindDN was able to search through more of
LDAP than web users.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1631119 13f79535-47bb-0310-9956-ffa450edef68
PR54587: LDAP connections used for authn were not respecting
LDAPConnectionPoolTimeout due to confusion over what "bound" means.
Added some LDAP trace at TRACE5 to track how LDAP connections are
reused and rebound.
make LDAPConnectionPoolTTL more conservative, use r->request_time rather than
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.
Submitted by: covener
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610396 13f79535-47bb-0310-9956-ffa450edef68
Add a few AP_DEBUG_ASSERT()s for the benefit of clang
style tweak
No need to clear memory that is fully initialized just the line after.
Avoid unnecessary %s substitution
Avoid processing some files twice if APR_INCLUDEDIR and
APU_INCLUDEDIR containin the same path but differing in
doubled slashes.
Fixed position of the NEED_ENHANCED_ESCAPES define.
This define should be outside of the else case so that it
gets also defined if we cross-compile for Win32 or OS2.
Submitted by: sf, trawick, jailletc36, jailletc36, sf, fuankg
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1439391 13f79535-47bb-0310-9956-ffa450edef68
* support/suexec.c: Add gcc format-string attributes to logging
functions.
(main): Always print uid/gid as unsigned long, and cast to avoid
warnings (which somewhat defeats the point of the format string
attrs, but is necessary since the size of gid/uid varies).
remove an unnecessary check in a nest loop of ap_create_environment()
s/;;/;/
No need to test for NULL before calling apr_pstrdup.
No need it apr_pcalloc here, the memory is fully initialized the line just after
cppCheck: unreadVariable - 'serviceFlag' is not used in the function, so remove it
Remove unused code. "Next week" hasn't happened in the last 10 years or so.
log client error at level debug, log broken Host header value
remove some more old unused code
remove obsolete comment from 1.3 days
Submitted by: jorton, pqf, jailletc36, jailletc36, jailletc36, jailletc36, sf, sf, sf, sf
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1416581 13f79535-47bb-0310-9956-ffa450edef68
changes.
The trunk patches for these all have some configuration breakage
as 2.4.x interprets the individual directive or API parameter as
relative to ServerRoot whereas trunk interprets everything
relative to DefaultRuntimeDir.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1373168 13f79535-47bb-0310-9956-ffa450edef68
mod_lbmethod_heartbeat, mod_heartmonitor: Respect DefaultRuntimeDir/
DEFAULT_REL_RUNTIMEDIR for the heartbeat storage file.
core: Respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR for the
scoreboard (ScoreBoardFile).
The Pidfile directive and ap_log_pid()/ap_remove_pid()/ap_read_pid()
now respect DefaultRuntimeDir
Mutex directive: finish support of DefaultRuntimeDir
a partial conversion was made in r1299718, but I'm not
sure when that change is effective
mod_socache_shmcb and mod_socache_dbm: finish support of
DefaultRuntimeDir
a partial conversion was made in r1299718, affecting cases
where no filename was specified
mod_slotmem_plain: make the "filename" key relative to
DefaultRuntimeDir if not absolute
mod_slotmem_plain does not externalize or check the full path
in any way, so this change is just for consistency with other
modules which build paths to run-time artifacts.
make LDAPSharedCacheFile relative to DefaultRuntimeDir
Submitted by: trawick
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1373105 13f79535-47bb-0310-9956-ffa450edef68
Fix segfault with Solaris LDAP SDK when enabling ldaps.
Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).
This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.
PR: 42682
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209604 13f79535-47bb-0310-9956-ffa450edef68
if called from a virtual host with mod_ldap directives in it. Did not
affect mod_authnz_ldap's usage of mod_ldap. [Eric Covener]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166823 13f79535-47bb-0310-9956-ffa450edef68
few other paths that have us returning LDAP_OTHER (since
only 'server down' is retryable, we want to work hard to get
it returned when appropriate)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157677 13f79535-47bb-0310-9956-ffa450edef68
number of retries (LDAPRetries, default 3) and configurable delay between
retries (LDAPRetryDelay, no delay by default).
The LDAP connection is re-initted every other retry, instead of
on the fifth retry -- this was a much more recent addition then
the basic looping behavior.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1156790 13f79535-47bb-0310-9956-ffa450edef68
Incorporate the ap_ldap incomplete API, as there is no interest or effort
at APR to make this a complete abstraction, and it was voted 'off the island'
with APR 2.0. This will allow httpd 2.3 to build against either apr-2.0
or apr+util 1.x.
This also reverts part of r1142938, which needs to be re-done.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150172 13f79535-47bb-0310-9956-ffa450edef68
optional functions for the inter-module API:
* modules/ldap/ldap_private.h: New file, containing "real" function
declarations, copied from...
* include/ap_ldap.h.in, include/ap_ldap_url.h,
include/ap_ldap_option.h, include/ap_ldap_init.h,
include/ap_ldap_rebind.h: ... here. All declarations changed to APR
optional function declarations.
* modules/ldap/util_ldap.c (util_ldap_register_hooks): Register all
the new optional functions.
* modules/aaa/mod_authnz_ldap.c (ImportULDAPOptFn): Pick up optional
function stub for ap_ldap_url_parse.
(mod_auth_ldap_parse_url): Use it here.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1140069 13f79535-47bb-0310-9956-ffa450edef68
at APR to make this a complete abstraction, and it was voted 'off the island'
with APR 2.0. This will allow httpd 2.3 to build against either apr-2.0
or apr+util 1.x.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1129808 13f79535-47bb-0310-9956-ffa450edef68
process as opposed to disabling caching completely. This allows to use
the non-shared-memory cache as a workaround for the shared memory cache
not being available during graceful restarts
PR: 48958
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1096577 13f79535-47bb-0310-9956-ffa450edef68
remove unnecessary uldap_connection_cleanup (nothing needed between unbind
and remove)
properly remove rebind callback info when credentials change
maintain a separate pool for the rebind callback storage so it can be cleared
when the connection is unbound.
(major bump for util_ldap function removal)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1081005 13f79535-47bb-0310-9956-ffa450edef68
if they were not active during server startup but got enabled later during a
graceful restart (in which case they need to do all work during a single
config run).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1070153 13f79535-47bb-0310-9956-ffa450edef68
