On Mon, Nov 20, 2023 at 4:21 PM Ruediger Pluem wrote:
>
> On 11/20/23 4:05 PM, Yann Ylavic wrote:
> > On Mon, Nov 20, 2023 at 3:46 PM Yann Ylavic wrote:
> >>
> >> On Mon, Nov 20, 2023 at 2:33 PM Yann Ylavic wrote:
> >>>
> >>> On Mon, Nov 20, 2023 at 1:57 PM Graham Leggett via dev
> >>> wrote:
On 11/20/23 4:19 PM, Graham Leggett via dev wrote:
> On 20 Nov 2023, at 15:10, Ruediger Pluem wrote:
>
>> Revisiting this again. I guess the below patch should fix it.
>> I assume that only the checking on req != NULL is relevant.
>> r->user and req->dn do not matter. But we should set
On 11/20/23 4:05 PM, Yann Ylavic wrote:
> On Mon, Nov 20, 2023 at 3:46 PM Yann Ylavic wrote:
>>
>> On Mon, Nov 20, 2023 at 2:33 PM Yann Ylavic wrote:
>>>
>>> On Mon, Nov 20, 2023 at 1:57 PM Graham Leggett via dev
>>> wrote:
On 20 Nov 2023, at 12:26, Ruediger Pluem wrote:
On 20 Nov 2023, at 15:10, Ruediger Pluem wrote:
> Revisiting this again. I guess the below patch should fix it.
> I assume that only the checking on req != NULL is relevant.
> r->user and req->dn do not matter. But we should set req->dn to dn
> if util_ldap_cache_getuserdn found one.
>
> BTW:
On 11/20/23 3:46 PM, Yann Ylavic wrote:
> On Mon, Nov 20, 2023 at 2:33 PM Yann Ylavic wrote:
>>
>> On Mon, Nov 20, 2023 at 1:57 PM Graham Leggett via dev
>> wrote:
>>>
>>> On 20 Nov 2023, at 12:26, Ruediger Pluem wrote:
>>>
>>> Or we need to ensure that authn_ldap_build_filter is NULL safe
On Mon, Nov 20, 2023 at 3:46 PM Yann Ylavic wrote:
>
> On Mon, Nov 20, 2023 at 2:33 PM Yann Ylavic wrote:
> >
> > On Mon, Nov 20, 2023 at 1:57 PM Graham Leggett via dev
> > wrote:
> > >
> > > On 20 Nov 2023, at 12:26, Ruediger Pluem wrote:
> > >
> > > Or we need to ensure that
On Mon, Nov 20, 2023 at 2:33 PM Yann Ylavic wrote:
>
> On Mon, Nov 20, 2023 at 1:57 PM Graham Leggett via dev
> wrote:
> >
> > On 20 Nov 2023, at 12:26, Ruediger Pluem wrote:
> >
> > Or we need to ensure that authn_ldap_build_filter is NULL safe and returns
> > in a sensible way if user ==
On Mon, Nov 20, 2023 at 1:57 PM Graham Leggett via dev
wrote:
>
> On 20 Nov 2023, at 12:26, Ruediger Pluem wrote:
>
> Or we need to ensure that authn_ldap_build_filter is NULL safe and returns in
> a sensible way if user == NULL.
>
>
> This is the option we need I think - it’s possible that
On 20 Nov 2023, at 12:26, Ruediger Pluem wrote:
> Or we need to ensure that authn_ldap_build_filter is NULL safe and returns in
> a sensible way if user == NULL.
This is the option we need I think - it’s possible that ldapsearch could be
used without a user.
Regards,
Graham
—
On 11/20/23 1:07 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Mon Nov 20 12:07:11 2023
> New Revision: 1913977
>
> URL: http://svn.apache.org/viewvc?rev=1913977=rev
> Log:
> mod_authnz_ldap: Follow up to r1913962: r->user not used in
> ldapsearch_check_authorization().
>
>
>
On 20 Nov 2023, at 12:10, Yann Ylavic wrote:
>> Fine, but if r->user is NULL here we'll segfault (NULL dereference) in
>> "if (!*r->user)" here.
>
> Probably an unfortunate copy/paste in trunk only (not in your backport
> patch3), fixed in r1913977.
Thanks for this - it’s been making my head
On Mon, Nov 20, 2023 at 12:05 PM Yann Ylavic wrote:
>
> On Mon, Nov 20, 2023 at 11:54 AM Graham Leggett via dev
> wrote:
> >
> > On 20 Nov 2023, at 10:44, Yann Ylavic wrote:
> >
> > >> URL: http://svn.apache.org/viewvc?rev=1913962=rev
> > >> Log:
> > >> Apply earlier fix to the ldapsearch case:
On Mon, Nov 20, 2023 at 11:54 AM Graham Leggett via dev
wrote:
>
> On 20 Nov 2023, at 10:44, Yann Ylavic wrote:
>
> >> URL: http://svn.apache.org/viewvc?rev=1913962=rev
> >> Log:
> >> Apply earlier fix to the ldapsearch case:
> >>
> >> Arrange for backend LDAP connections to be returned
> >> to
On 20 Nov 2023, at 09:32, Ruediger Pluem wrote:
>> -if (sec->host) {
>> +if (!sec->host) {
>> +ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01738)
>
> This log message had the number 02636 before.
I’ve fixed these.
They don’t appear to affect the ldapsearch backport
On 20 Nov 2023, at 10:44, Yann Ylavic wrote:
>> URL: http://svn.apache.org/viewvc?rev=1913962=rev
>> Log:
>> Apply earlier fix to the ldapsearch case:
>>
>> Arrange for backend LDAP connections to be returned
>> to the pool by a fixup hook rather than staying locked
>> until the end of (a
On Sun, Nov 19, 2023 at 11:45 AM wrote:
>
> Author: minfrin
> Date: Sun Nov 19 10:45:05 2023
> New Revision: 1913962
>
> URL: http://svn.apache.org/viewvc?rev=1913962=rev
> Log:
> Apply earlier fix to the ldapsearch case:
>
> Arrange for backend LDAP connections to be returned
> to the pool by a
On 11/19/23 11:45 AM, minf...@apache.org wrote:
> Author: minfrin
> Date: Sun Nov 19 10:45:05 2023
> New Revision: 1913962
>
> URL: http://svn.apache.org/viewvc?rev=1913962=rev
> Log:
> Apply earlier fix to the ldapsearch case:
>
> Arrange for backend LDAP connections to be returned
> to the
17 matches
Mail list logo