mod_admserv/mod_admserv.c | 48 +++++++++-------------------------------------
1 file changed, 10 insertions(+), 38 deletions(-)
New commits:
commit af12b77e9ea90f355c6ed61c8e9dcd8a1616b757
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Jun 29 10:41:22 2012 -0400
Ticket 401 - Console login fails with anonymous access disabled
Bug Description: The code does an anonymous bind to see if the server is up and
running
before issuing the "real" bind. If anonymous binds are
not allowed,
then it is impossible to log into the console.
Fix Description: Remove the anonymous bind as it's not needed, and did a little
code cleanup.
https://fedorahosted.org/389/ticket/401
reviewed by: richm (Thanks Rich!)
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index bfe47e3..9eca803 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -2650,39 +2650,16 @@ authenticate_user(LdapServerData *data, char *baseDN, char *user,
const char *pw
"authenticate_user: begin auth user [%s] pw [%s] in [%s] for
[%s:%d]",
user, pw, baseDN, data->host, data->port);
- if (!(server = openLDAPConnection(data)))
+ if (!(server = openLDAPConnection(data))){
ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
"unable to open LDAPConnection to server [%s:%d]", data->host,
data->port);
-
- tries = 0;
- do {
- ldapError = admserv_ldap_auth_server(server, data);
- if (ldapError != LDAP_SERVER_DOWN && ldapError != LDAP_CONNECT_ERROR)
- break;
-
- closeLDAPConnection(server);
- if (!(server = openLDAPConnection(data))) {
- ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
- "unable to open LDAPConnection to server [%s:%d]", data->host,
data->port);
- return DECLINED;
- }
- } while (server != NULL && ++tries < 2);
-
- if (ldapError != LDAPU_SUCCESS)
- {
- closeLDAPConnection(server);
- ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
- "unable to bind to server [%s:%d] as [%s]",
- data->host, data->port,
- (data->bindDN && *data->bindDN) ? data->bindDN :
"(anonymous)"); /*i18n*/
return DECLINED;
}
/* The basic auth data may be either uid:pw or userDN:pw. The test for '='
* is hopefully adequate to detect a DN...
*/
- if (!strchr(user, '='))
- {
+ if (!strchr(user, '=')) {
/* not a DN, so resolve the DN from the uid */
tries = 0;
@@ -2701,20 +2678,17 @@ authenticate_user(LdapServerData *data, char *baseDN, char *user,
const char *pw
}
} while (server != NULL && ++tries < 2);
- if (ldapError != LDAPU_SUCCESS)
- {
+ if (ldapError != LDAPU_SUCCESS) {
closeLDAPConnection(server);
if ((ldapError == LDAP_CONNECT_ERROR) || (ldapError == LDAP_SERVER_DOWN))
return check_auth_users_cache(user, pw, r, 0); /* DS down. Use the cache,
ignoring entry expiration. */
return DECLINED; /* fall back to final check against admpw */
- }
+ }
uid = user;
- }
- else
- {
+ } else {
/* it's a DN */
userdn = user;
@@ -2722,12 +2696,11 @@ authenticate_user(LdapServerData *data, char *baseDN, char *user,
const char *pw
/* strip the leading "ldap:", if present */
- if (!STRNCASECMP(userdn, LDAP_PREFIX, LDAP_PREFIX_LENGTH))
- {
+ if (!STRNCASECMP(userdn, LDAP_PREFIX, LDAP_PREFIX_LENGTH)) {
if (strlen(userdn) > LDAP_PREFIX_LENGTH)
userdn += LDAP_PREFIX_LENGTH;
- }
- }
+ }
+ }
tries = 0;
do {
@@ -2744,15 +2717,14 @@ authenticate_user(LdapServerData *data, char *baseDN, char *user,
const char *pw
}
} while (server != NULL && ++tries < 2);
- if (ldapError != LDAP_SUCCESS)
- {
+ if (ldapError != LDAP_SUCCESS) {
closeLDAPConnection(server);
if ((ldapError == LDAP_CONNECT_ERROR) || (ldapError == LDAP_SERVER_DOWN))
return check_auth_users_cache(user, pw, r, 0); /* DS down. Look in the cache,
ignoring entry expiration. */
return DECLINED; /* fall back to final check against admpw */
- }
+ }
closeLDAPConnection(server);