mod_ldap: Use the LDAP API directly to implement the rebind callback
for modern versions of OpenLDAP, avoiding the overhead of the apr-util
implementation.
* modules/ldap/util_ldap.c:
Define USE_APR_LDAP_REBIND if a modern version of OpenLDAP is used.
(uldap_rebind_proc): New function.
(uldap_rebind_init, uldap_rebind_add): Define, using either the
callback or the (bad) APR-util versions.
(uldap_connection_unbind): Clear the rebind pool to remove rebind
references prior to destroying the LDAP *.
Omit for !USE_APR_LDAP_REBIND.
(uldap_connection_init): Use new wrappers, only create the rebind
pool if USE_APR_LDAP_REBIND.
* include/util_ldap.h: Don't include apr_ldap_rebind.h here.
PR: 64414
Github: closes#124
Reviewed by: jorton, covener, ylavic (by inspection)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1910853 13f79535-47bb-0310-9956-ffa450edef68
LDAPConnectionPoolTTL should accept negative values in order to allow
connections of any age to be reused. Up to now, a negative value was handled
as an error when parsing the configuration file. PR 66421.
Reviewed By: jailletc36, covener, rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1908027 13f79535-47bb-0310-9956-ffa450edef68
*) Easy patches: synch 2.4.x and trunk
- mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
- mod_ldap: log and abort locking errors.
- mod_ldap: style fix for r1831165
- mod_ldap: build break fix for r1831165
--> These 3 commits are preparation work for backporting r1856735
- mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
- mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
- mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
(r1856490 has been backported in r1870261)
- mod_rewrite: Save a few cycles.
- mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
- core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
trunk patch:
https://svn.apache.org/r1817063https://svn.apache.org/r1831165https://svn.apache.org/r1831171https://svn.apache.org/r1831172https://svn.apache.org/r1849590https://svn.apache.org/r1849630https://svn.apache.org/r1856491https://svn.apache.org/r1883421https://svn.apache.org/r1889327https://svn.apache.org/r1891200
2.4.x patch: svn merge -c 1817063,1831165,1831171,1831172,1849590,1849630,1856491,1883421,1889327,1891200 ^/httpd/httpd/trunk .
+1: jailletc36, covener, jim
icing: I have trouble running the svn merge due to conflicts in CHANGES and
the infamous log tags. Do you have a patch or a PR to use for checking?
covener: on faith
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1892510 13f79535-47bb-0310-9956-ffa450edef68
Easy patches: synch 2.4.x and trunk
- core: Re-introduce check for sufficient PCRE version.
- core: Fix doc string for QualifyRedirectURL
- mod_proxy: really return an error message on invalid "flusher" value.
- mod_http2: Remove extra and un-needed ""
- mod_ldap: fix a (unlikely) memory leak
- ab: fix a typo
- suexec: Report error string after failure from setgid/initgroups or setuid
- mod_session_crypto: be less specific and don't echo passphrase
- mod_proxy_html: Fix proxy_html_conf.bufsz to have correct type, as
it is used with ap_set_int_slot.
- mod_md: update duplicated APLOGNOs.
Submitted by: fuankg, trawick, ylavic, jailletc36, jorton, jailletc36, jorton, covener, jorton, ylavic
Reviewed by: jailletc36, jim, ylavic
Backported by: jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1879490 13f79535-47bb-0310-9956-ffa450edef68
core: Avoid a compiler warning when NO_LINGCLOSE is used (-Wunreachable-code).
Also, check c->aborted before apr_socket_shutdown() because it is set earlier,
and there is no point in calling shutdown() before close().
mod_ldap: fix format warnings.
Submitted by: ylavic
Reviewed by: jailletc36, jim, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1832491 13f79535-47bb-0310-9956-ffa450edef68
10 years after r567503 , fix this properly.
The lock is created in post_config, so we can't copy it
around in a merge_server_config() callback.
Submitted by: covener
Reviewed by: covener, rpluem, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1824872 13f79535-47bb-0310-9956-ffa450edef68
PR61891: looping over mostly full LDAP cache
*) mod_ldap: Fix a case where a full LDAP cache would continually fail to
purge old entries and log AH01323. PR61891.
Submitted By: Hendrik Harms <hendrik.harms gmail.com>
Committed By: covener
Reviewed By: covener, jim, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1820800 13f79535-47bb-0310-9956-ffa450edef68
compilation on win32 (haven't worked out the clean patch
to apr/build/fixwin32mak.pl for this, yet).
This caused no issues in the 2.4.20 package, and does not
block a release.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1738140 13f79535-47bb-0310-9956-ffa450edef68
Going forwards, keep win32 build in svn once a tree is stable.
Visual Studio 2010 users cannot convert our .dsp files, and
ddk toolchain users couldn't either.
Applies the same logic as r1100294 on the 2.2.x branch.
Until the cmake build schema is entirely mature, these files
are needed for command-line builds of the 2.4 tree, and are
expected to change very little until the EOL of 2.4 branch.
The .dsp source files are not directly usable for any shipping
version of MSVC/Visual Studio (post-Visual Studio 97 release),
while the .mak exports of these projects are usable on any flavor
of the MS nmake build environment. The .dsp source files are
retained for those users wishing to import these projects into
the modern vcproj/sln file format.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1736270 13f79535-47bb-0310-9956-ffa450edef68
Fix some spurious ident spotted by sparse
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting + some minor style issues
Remove useless line
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Fix some spurious ident spotted by sparse
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Submitted by: jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701772 13f79535-47bb-0310-9956-ffa450edef68
r1643672, r1496178 from trunk
* Synch with trunk:
- Add missing APLOGNO.
- mod_deflate: don't require <limits.h> by using APR_INT32_MAX instead of INT_MAX.
- Move two variable assignments off the fast path.
- Fix curly braces style. Remove useless empty lines
- tab vs space
- Removed tabs.
- dump fcgi headers with trace8 instead of debug+compile-time flag.
- Drop severity of "LDAP: Setting referrals to ON" from DEBUG to TRACE4
Submitted by: jailletc36, ylavic, minfrin, fuankg, covener
Reviewed by: jailletc36, minfrin, ylavic
Backported by: jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661845 13f79535-47bb-0310-9956-ffa450edef68
In 2.4.10, AuthLDAPBindDN might not be used for some LDAP searches, causing
LDAP authz failures if AuthLDAPBindDN was able to search through more of
LDAP than web users.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1631119 13f79535-47bb-0310-9956-ffa450edef68
PR54587: LDAP connections used for authn were not respecting
LDAPConnectionPoolTimeout due to confusion over what "bound" means.
Added some LDAP trace at TRACE5 to track how LDAP connections are
reused and rebound.
make LDAPConnectionPoolTTL more conservative, use r->request_time rather than
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.
Submitted by: covener
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610396 13f79535-47bb-0310-9956-ffa450edef68
Add a few AP_DEBUG_ASSERT()s for the benefit of clang
style tweak
No need to clear memory that is fully initialized just the line after.
Avoid unnecessary %s substitution
Avoid processing some files twice if APR_INCLUDEDIR and
APU_INCLUDEDIR containin the same path but differing in
doubled slashes.
Fixed position of the NEED_ENHANCED_ESCAPES define.
This define should be outside of the else case so that it
gets also defined if we cross-compile for Win32 or OS2.
Submitted by: sf, trawick, jailletc36, jailletc36, sf, fuankg
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1439391 13f79535-47bb-0310-9956-ffa450edef68
various mods: host and URI escaping:
Be sure to escape potential troubled strings
add missing html escaping
Submitted by: jim, sf
Reviewed by: covener, minfrin, sf
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1418941 13f79535-47bb-0310-9956-ffa450edef68
* support/suexec.c: Add gcc format-string attributes to logging
functions.
(main): Always print uid/gid as unsigned long, and cast to avoid
warnings (which somewhat defeats the point of the format string
attrs, but is necessary since the size of gid/uid varies).
remove an unnecessary check in a nest loop of ap_create_environment()
s/;;/;/
No need to test for NULL before calling apr_pstrdup.
No need it apr_pcalloc here, the memory is fully initialized the line just after
cppCheck: unreadVariable - 'serviceFlag' is not used in the function, so remove it
Remove unused code. "Next week" hasn't happened in the last 10 years or so.
log client error at level debug, log broken Host header value
remove some more old unused code
remove obsolete comment from 1.3 days
Submitted by: jorton, pqf, jailletc36, jailletc36, jailletc36, jailletc36, sf, sf, sf, sf
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1416581 13f79535-47bb-0310-9956-ffa450edef68
changes.
The trunk patches for these all have some configuration breakage
as 2.4.x interprets the individual directive or API parameter as
relative to ServerRoot whereas trunk interprets everything
relative to DefaultRuntimeDir.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1373168 13f79535-47bb-0310-9956-ffa450edef68
mod_lbmethod_heartbeat, mod_heartmonitor: Respect DefaultRuntimeDir/
DEFAULT_REL_RUNTIMEDIR for the heartbeat storage file.
core: Respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR for the
scoreboard (ScoreBoardFile).
The Pidfile directive and ap_log_pid()/ap_remove_pid()/ap_read_pid()
now respect DefaultRuntimeDir
Mutex directive: finish support of DefaultRuntimeDir
a partial conversion was made in r1299718, but I'm not
sure when that change is effective
mod_socache_shmcb and mod_socache_dbm: finish support of
DefaultRuntimeDir
a partial conversion was made in r1299718, affecting cases
where no filename was specified
mod_slotmem_plain: make the "filename" key relative to
DefaultRuntimeDir if not absolute
mod_slotmem_plain does not externalize or check the full path
in any way, so this change is just for consistency with other
modules which build paths to run-time artifacts.
make LDAPSharedCacheFile relative to DefaultRuntimeDir
Submitted by: trawick
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1373105 13f79535-47bb-0310-9956-ffa450edef68
Fix segfault with Solaris LDAP SDK when enabling ldaps.
Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).
This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.
PR: 42682
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1209604 13f79535-47bb-0310-9956-ffa450edef68
if called from a virtual host with mod_ldap directives in it. Did not
affect mod_authnz_ldap's usage of mod_ldap. [Eric Covener]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166823 13f79535-47bb-0310-9956-ffa450edef68
few other paths that have us returning LDAP_OTHER (since
only 'server down' is retryable, we want to work hard to get
it returned when appropriate)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157677 13f79535-47bb-0310-9956-ffa450edef68
number of retries (LDAPRetries, default 3) and configurable delay between
retries (LDAPRetryDelay, no delay by default).
The LDAP connection is re-initted every other retry, instead of
on the fifth retry -- this was a much more recent addition then
the basic looping behavior.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1156790 13f79535-47bb-0310-9956-ffa450edef68
by the big ldap revert r1150179.
Original commit log:
Use APR_ADDTO instead of APR_SETVAR or direct
variable assignment.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1150231 13f79535-47bb-0310-9956-ffa450edef68
Incorporate the ap_ldap incomplete API, as there is no interest or effort
at APR to make this a complete abstraction, and it was voted 'off the island'
with APR 2.0. This will allow httpd 2.3 to build against either apr-2.0
or apr+util 1.x.
This also reverts part of r1142938, which needs to be re-done.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150172 13f79535-47bb-0310-9956-ffa450edef68
