diff options
Diffstat (limited to 'daemon/ldap.c')
-rw-r--r-- | daemon/ldap.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/daemon/ldap.c b/daemon/ldap.c index c513ea7..b6da6d4 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -250,7 +250,7 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf, const char* t; ASSERT(ctx && buf && user && str); - + /* TODO: We need to be escaping the user and realm properly */ /* This starts a new block to join */ ha_bufcpy(buf, ""); @@ -376,6 +376,8 @@ static const char* find_cleartext_password(ha_buffer_t* buf, const char** pws) static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha1) { ASSERT(buf && bv && ha1); + size_t len; + void* d; /* Raw binary */ if(bv->bv_len == MD5_LEN) @@ -387,9 +389,10 @@ static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha /* Hex encoded */ else if(bv->bv_len == (MD5_LEN * 2)) { - void* d = ha_bufdechex(buf, bv->bv_val, MD5_LEN); + len = MD5_LEN; + d = ha_bufdechex(buf, bv->bv_val, &len); - if(d) + if(d && len == MD5_LEN) { memcpy(ha1, d, MD5_LEN); return HA_OK; @@ -399,9 +402,10 @@ static int parse_ldap_ha1(ha_buffer_t* buf, struct berval* bv, unsigned char* ha /* B64 Encoded */ else { - void* d = ha_bufdec64(buf, bv->bv_val, MD5_LEN); + len = MD5_LEN; + d = ha_bufdec64(buf, bv->bv_val, &len); - if(d) + if(d && len == MD5_LEN) { memcpy(ha1, ha_bufdata(buf), MD5_LEN); return HA_OK; @@ -550,7 +554,7 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx) if(ctx->pool[i]) { ld = ctx->pool[i]; - ctx->pool[i]; + ctx->pool[i] = NULL; return ld; } } @@ -578,10 +582,9 @@ static LDAP* get_ldap_connection(ldap_context_t* ctx) ldap_unbind_s(ld); return NULL; } - - ctx->pool_mark++; } + ctx->pool_mark++; return ld; } @@ -885,7 +888,7 @@ static int basic_ldap_response(ldap_context_t* ctx, const char* header, } /* It worked! */ - resp->code = HA_SERVER_ACCEPT; + found = 1; } @@ -897,7 +900,7 @@ static int basic_ldap_response(ldap_context_t* ctx, const char* header, ret = validate_ldap_ha1(ctx, ld, entry, buf, basic.user, basic.password); if(ret == HA_OK) - resp->code = HA_SERVER_ACCEPT; + found = 1; else ha_messagex(LOG_WARNING, "invalid or unrecognized password for user: %s", basic.user); @@ -912,8 +915,9 @@ finally: if(results) ldap_msgfree(results); - if(resp->code == HA_SERVER_ACCEPT) + if(found && ret != HA_ERROR) { + resp->code = HA_SERVER_ACCEPT; resp->detail = basic.user; /* We put this connection into the successful connections */ @@ -1232,7 +1236,7 @@ int ldap_inithand(ha_context_t* context) } /* Check for mandatory configuration */ - if(!ctx->servers || (!ctx->dnmap || !ctx->filter)) + if(!ctx->servers || !(ctx->dnmap || ctx->filter)) { ha_messagex(LOG_ERR, "Digest LDAP configuration incomplete. " "Must have LDAPServers and either LDAPFilter or LDAPDNMap."); @@ -1305,7 +1309,7 @@ void ldap_destroy(ha_context_t* context) int ldap_process(ha_context_t* context, ha_request_t* req, ha_response_t* resp, ha_buffer_t* buf) { - ldap_context_t* ctx = (ldap_context_t*)context; + ldap_context_t* ctx = (ldap_context_t*)context->data; time_t t = time(NULL); const char* header = NULL; int ret; |