VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-03 16:33:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
26,860 Commits 62 Branches 304 Tags
a0274a45d0e7b55c29f06024fce701e23353ae9c
Commit Graph

259 Commits

Author SHA1 Message Date
Christophe Jaillet
ecde985c4e Fix strange indent. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1633031 13f79535-47bb-0310-9956-ffa450edef68
 2014-10-20 04:37:06 +00:00
Eric Covener
a29cb3fa4d In 2.4.10, AuthLDAPBindDN might not be used for some LDAP searches, causing 
LDAP authz failures if AuthLDAPBindDN was able to search through more of
LDAP than web users.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1613682 13f79535-47bb-0310-9956-ffa450edef68
 2014-07-26 16:59:50 +00:00
Eric Covener
2eaa646655 make LDAPConnectionPoolTTL more conservative, use r->request_time rather than 
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1607960 13f79535-47bb-0310-9956-ffa450edef68
 2014-07-05 00:06:15 +00:00
Eric Covener
650526b07a Don't use a hardcoded cn=* in case the subgroup has no CN. 
Submitted By: David Hawes <dhawes vt.edu>
Committed By: Eric Covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1528143 13f79535-47bb-0310-9956-ffa450edef68
 2013-10-01 16:41:37 +00:00
Jean-Frederic Clere
3fbdbdfe9c arrange previous fix. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1526499 13f79535-47bb-0310-9956-ffa450edef68
 2013-09-26 14:03:31 +00:00
Jeff Trawick
c833f4352b Follow-up to r1526436: Fix compilation error 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1526473 13f79535-47bb-0310-9956-ffa450edef68
 2013-09-26 13:11:15 +00:00
Jean-Frederic Clere
29a0aff51e Fix for PR 54626. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1526436 13f79535-47bb-0310-9956-ffa450edef68
 2013-09-26 09:56:41 +00:00
Eric Covener
751b6e7b44 revert comments in r1521973, may be more misleadin then good. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1522021 13f79535-47bb-0310-9956-ffa450edef68
 2013-09-11 20:24:40 +00:00
Eric Covener
7ae58cc772 comments only, before I task switch. 
Subgroup checking is cached, but very inefficient for large groups.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1521973 13f79535-47bb-0310-9956-ffa450edef68
 2013-09-11 18:22:18 +00:00
Eric Covener
ccd82e50ee "LDAPReferrals off" does not disable LDAPReferrals feature. Default OpenLDAP value for LDAP_OPT_REFERRALS is ON and the current code does not set it to OFF even when there is "LDAPReferrals off" directive in the config file. 
Changes LDAPReferrals to tri-state:

- "on" - default. Calls apr_ldap_set_option to set referrals on.
- "off" - Calls apr_ldap_set_option to turn referrals off.
- "default" - Does not call apr_ldap_set_option at all.


The default remains ON.  If "default" and SDK defaults to ON, no rebind callback 
is used.

Submitted By: Jan Kaluza <kaluze AT redhat.com>
Committed By: covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1517388 13f79535-47bb-0310-9956-ffa450edef68
 2013-08-25 22:42:29 +00:00
Eric Covener
db3fd786f6 remove nested retry loop, uldap_connection_open retries. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510086 13f79535-47bb-0310-9956-ffa450edef68
 2013-08-04 01:24:25 +00:00
Eric Covener
ea3ec244ff add TRACE5 messages around each LDAP retry 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510085 13f79535-47bb-0310-9956-ffa450edef68
 2013-08-04 01:23:41 +00:00
Eric Covener
c2f72868e5 retry during a timeout in uldap_cache_checkuserid(), like other paths that check 
server down and TIMEOUT together.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510084 13f79535-47bb-0310-9956-ffa450edef68
 2013-08-04 01:02:57 +00:00
Eric Covener
9d2e831663 don't retry if uldap_connection_open() fails, because it has already 
retried internally


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510083 13f79535-47bb-0310-9956-ffa450edef68
 2013-08-04 01:00:28 +00:00
Christophe Jaillet
5b59b08a35 Unlikely potential memory leak. 
Point 12 of PR 54936

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1504276 13f79535-47bb-0310-9956-ffa450edef68
 2013-07-17 20:51:18 +00:00
Eric Covener
8d7c3860fe re-try LDAP connections in a few authz paths. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496207 13f79535-47bb-0310-9956-ffa450edef68
 2013-06-24 20:40:05 +00:00
Eric Covener
b62a407779 Drop severity of "LDAP: Setting referrals to ON" from DEBUG to TRACE4 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496178 13f79535-47bb-0310-9956-ffa450edef68
 2013-06-24 19:44:38 +00:00
Eric Covener
f12c832f5c uldap_simple_bind was subsequently rewritten to use the op_timeout with ldap_result() 
which is portable, which means LDAPTimeout is used for bind & search regardless of
this LDAP options availability.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496177 13f79535-47bb-0310-9956-ffa450edef68
 2013-06-24 19:42:15 +00:00
Eric Covener
4e9b551354 prevent excessive delays retrying new connections that timed out. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496176 13f79535-47bb-0310-9956-ffa450edef68
 2013-06-24 19:40:24 +00:00
Eric Covener
70366501e4 PR54587: LDAP connections used for authn were not respecting 
LDAPConnectionPoolTimeout due to confusion over what "bound" means.

Added some LDAP trace at TRACE5 to track how LDAP connections are
reused and rebound.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1452551 13f79535-47bb-0310-9956-ffa450edef68
 2013-03-04 21:54:24 +00:00
Christophe Jaillet
b22505292e No need to clear memory that is fully initialized just the line after. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1419719 13f79535-47bb-0310-9956-ffa450edef68
 2012-12-10 20:19:20 +00:00
Stefan Fritsch
d5b414c34d CVE-2012-3499 
add missing html escaping


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418752 13f79535-47bb-0310-9956-ffa450edef68
 2012-12-08 20:32:00 +00:00
Christophe Jaillet
b5eb633605 No need it apr_pcalloc here, the memory is fully initialized the line just after 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1398040 13f79535-47bb-0310-9956-ffa450edef68
 2012-10-14 09:07:02 +00:00
Jeff Trawick
9d937659e3 make LDAPSharedCacheFile relative to DefaultRuntimeDir 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1371684 13f79535-47bb-0310-9956-ffa450edef68
 2012-08-10 12:23:41 +00:00
Guenter Knauf
7814748ab3 NetWare build tweaks. 
Make more use of internal makefile macros;
axed now obsolete include paths.
Submitted by: normw gknw net.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1371177 13f79535-47bb-0310-9956-ffa450edef68
 2012-08-09 12:11:09 +00:00
Jeff Trawick
9361c458e6 bytes is not a unit of filename 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1369568 13f79535-47bb-0310-9956-ffa450edef68
 2012-08-05 12:59:20 +00:00
Stefan Fritsch
92e366007c Add lots of unique tags to error log messages 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209766 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 23:02:04 +00:00
Stefan Fritsch
bc84971437 Fix segfault with Solaris LDAP SDK when enabling ldaps. 
Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).

This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.

PR: 42682


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209601 13f79535-47bb-0310-9956-ffa450edef68
 2011-12-02 17:44:09 +00:00
Stefan Fritsch
1951a037bf More cleanup: Expand tabs and some more indentation fixes 
No functional change


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174929 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-23 18:08:42 +00:00
Jim Jagielski
427c85bd23 Cleanup effort in prep for GA push: 
Trim trailing whitespace... no func change



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174751 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-23 13:39:32 +00:00
Jim Jagielski
103f776c25 Cleanup effort in prep for GA push: 
Trim trailing whitespace... no func change



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1174748 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-23 13:38:09 +00:00
Eric Covener
93e479669b no termination of the loop in 1166823. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166839 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-08 18:26:54 +00:00
Eric Covener
81097d5190 mod_ldap: Optional function uldap_ssl_supported(r) always returned false 
if called from a virtual host with mod_ldap directives in it.  Did not
affect mod_authnz_ldap's usage of mod_ldap.  [Eric Covener]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166823 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-08 17:37:46 +00:00
Eric Covener
c2236c7cbf The default timeout value of 10s lives in two places, the per-server config 
and in this initialization. Drop the latter and check to see if a timeout
is requested in the per-server config.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166662 13f79535-47bb-0310-9956-ffa450edef68
 2011-09-08 12:53:06 +00:00
Eric Covener
5124ad1b62 s/lderrno/uldap_ld_errno, but keep it internal. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157678 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-14 22:19:09 +00:00
Eric Covener
ead0bcf35c add a static method to retrieve the LDAP errno, and call from a 
few other paths that have us returning LDAP_OTHER (since
only 'server down' is retryable, we want to work hard to get
it returned when appropriate)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157677 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-14 22:03:02 +00:00
Stefan Fritsch
f19641462b Compare value instead of string pointer 
Remove unused label
Remove unused var


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157357 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-13 09:14:33 +00:00
Eric Covener
a68a8e4918 Accept LDAP_OPT_CONNECT_TIMEOUT as an alternative to LDAP_OPT_NETWORK_TIMEOUT. 
An alternative on at least some IBM client libraries:

  http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc/progref281.htm#opttimeout



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157111 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-12 13:56:54 +00:00
Eric Covener
f5b63175fc mod_ldap: remove hard-coded loops of 10 retries w/o delay with a configurable 
number of retries (LDAPRetries, default 3) and configurable delay between 
retries (LDAPRetryDelay, no delay by default).

The LDAP connection is re-initted every other retry, instead of
on the fifth retry -- this was a much more recent addition then
the basic looping behavior.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1156790 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-11 20:05:18 +00:00
Eric Covener
293bffa871 Try to obtain the specific LDAP error code returned during a failed 
ldap_simple_bind(). 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1156001 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-10 02:06:52 +00:00
Stefan Fritsch
2d0c55080a Enable ldap modules in 'all' and 'most' selections if ldap is compiled into 
apr-util


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1154114 13f79535-47bb-0310-9956-ffa450edef68
 2011-08-05 08:01:31 +00:00
Rainer Jung
5ae1ca60bc Bring part some parts of r1142938 which were removed 
by the big ldap revert r1150179.

Original commit log:

Use APR_ADDTO instead of APR_SETVAR or direct
variable assignment.

...


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1150231 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 22:24:55 +00:00
Stefan Fritsch
602791140b Revert r1129808: 
Incorporate the ap_ldap incomplete API, as there is no interest or effort
    at APR to make this a complete abstraction, and it was voted 'off the island'
    with APR 2.0.  This will allow httpd 2.3 to build against either apr-2.0
    or apr+util 1.x.

This also reverts part of r1142938, which needs to be re-done.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150172 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:29:42 +00:00
Stefan Fritsch
9674eb32cb Revert r1129886: 
Shift declaration logic of LDAP_DECLARE to ap_ldap.h from util_ldap.h



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150169 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:21:02 +00:00
Stefan Fritsch
6e1307b58e Revert r1129891: 
LDAP_DECLARE Header adjustment for nw/win32



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150168 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:19:55 +00:00
Stefan Fritsch
33bbd1f6da Revert r1129956: 
Fix include path relative to modules/ldap/



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150167 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:19:04 +00:00
Stefan Fritsch
97b5d740f8 Revert r1130186: 
PR51307: Fix ldap_rebind build error when ldap is enabled and APR is built without threads.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150166 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:18:15 +00:00
Stefan Fritsch
533704a7fa Revert r1131393: 
Several fixes for the ap_ldap build logic. This should fix compilation
    without --with-ldap.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150165 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:16:54 +00:00
Stefan Fritsch
2d42def875 Revert r1140069: 
Fix load order dependencies in LDAP code by switching to use of APR
    optional functions for the inter-module API...



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150164 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:10:49 +00:00
Stefan Fritsch
596a9f614b Revert r1141201: 
Fix compilation error due to missing LDAP_DECLARE definition



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150162 13f79535-47bb-0310-9956-ffa450edef68
 2011-07-23 17:08:43 +00:00