From 04961f16338adfe7aa842f716fc069040675cf5b Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Tue, 23 Feb 2021 16:50:29 +0000 Subject: [PATCH] drop use of apr_ldap_rebind (r1878890, #1847585) --- httpd-2.4.46-r1878890.patch | 116 ++++++++++++++++++++++++++++++++++++ httpd.spec | 3 + pullrev.sh | 2 +- 3 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 httpd-2.4.46-r1878890.patch diff --git a/httpd-2.4.46-r1878890.patch b/httpd-2.4.46-r1878890.patch new file mode 100644 index 0000000..b75d53e --- /dev/null +++ b/httpd-2.4.46-r1878890.patch @@ -0,0 +1,116 @@ +# ./pullrev.sh 1878890 + +http://svn.apache.org/viewvc?view=revision&revision=1878890 + +--- httpd-2.4.46/include/util_ldap.h.r1878890 ++++ httpd-2.4.46/include/util_ldap.h +@@ -32,7 +32,6 @@ + #if APR_MAJOR_VERSION < 2 + /* The LDAP API is currently only present in APR 1.x */ + #include "apr_ldap.h" +-#include "apr_ldap_rebind.h" + #else + #define APR_HAS_LDAP 0 + #endif +--- httpd-2.4.46/modules/ldap/util_ldap.c.r1878890 ++++ httpd-2.4.46/modules/ldap/util_ldap.c +@@ -140,6 +140,38 @@ + return OK; + } + ++/* For OpenLDAP with the 3-arg version of ldap_set_rebind_proc(), use ++ * a simpler rebind callback than the implementation in APR-util. ++ * Testing for API version >= 3001 appears safe although OpenLDAP ++ * 2.1.x (API version = 2004) also has the 3-arg API. */ ++#if APR_HAS_OPENLDAP_LDAPSDK && defined(LDAP_API_VERSION) && LDAP_API_VERSION >= 3001 ++ ++#define uldap_rebind_init(p) APR_SUCCESS /* noop */ ++ ++static int uldap_rebind_proc(LDAP *ld, const char *url, ber_tag_t request, ++ ber_int_t msgid, void *params) ++{ ++ util_ldap_connection_t *ldc = params; ++ ++ return ldap_bind_s(ld, ldc->binddn, ldc->bindpw, LDAP_AUTH_SIMPLE); ++} ++ ++static apr_status_t uldap_rebind_add(util_ldap_connection_t *ldc) ++{ ++ ldap_set_rebind_proc(ldc->ldap, uldap_rebind_proc, ldc); ++ return APR_SUCCESS; ++} ++ ++#else /* !APR_HAS_OPENLDAP_LDAPSDK */ ++ ++#define USE_APR_LDAP_REBIND ++#include ++ ++#define uldap_rebind_init(p) apr_ldap_rebind_init(p) ++#define uldap_rebind_add(ldc) apr_ldap_rebind_add((ldc)->rebind_pool, \ ++ (ldc)->ldap, (ldc)->binddn, \ ++ (ldc)->bindpw) ++#endif + + + /* ------------------------------------------------------------------ */ +@@ -181,6 +213,13 @@ + util_ldap_connection_t *ldc = param; + + if (ldc) { ++#ifdef USE_APR_LDAP_REBIND ++ /* forget the rebind info for this conn */ ++ if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { ++ apr_pool_clear(ldc->rebind_pool); ++ } ++#endif ++ + if (ldc->ldap) { + if (ldc->r) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp unbind", ldc); +@@ -189,12 +228,6 @@ + ldc->ldap = NULL; + } + ldc->bound = 0; +- +- /* forget the rebind info for this conn */ +- if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { +- apr_ldap_rebind_remove(ldc->ldap); +- apr_pool_clear(ldc->rebind_pool); +- } + } + + return APR_SUCCESS; +@@ -330,7 +363,7 @@ + + if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { + /* Now that we have an ldap struct, add it to the referral list for rebinds. */ +- rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw); ++ rc = uldap_rebind_add(ldc); + if (rc != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rc, r->server, APLOGNO(01277) + "LDAP: Unable to add rebind cross reference entry. Out of memory?"); +@@ -855,6 +888,7 @@ + /* whether or not to keep this connection in the pool when it's returned */ + l->keep = (st->connection_pool_ttl == 0) ? 0 : 1; + ++#ifdef USE_APR_LDAP_REBIND + if (l->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) { + if (apr_pool_create(&(l->rebind_pool), l->pool) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01286) +@@ -865,6 +899,7 @@ + return NULL; + } + } ++#endif + + if (p) { + p->next = l; +@@ -3051,7 +3086,7 @@ + } + + /* Initialize the rebind callback's cross reference list. */ +- apr_ldap_rebind_init (p); ++ (void) uldap_rebind_init(p); + + #ifdef AP_LDAP_OPT_DEBUG + if (st->debug_level > 0) { diff --git a/httpd.spec b/httpd.spec index f6e5c7a..233a247 100644 --- a/httpd.spec +++ b/httpd.spec @@ -88,6 +88,7 @@ Patch45: httpd-2.4.43-logjournal.patch # Bug fixes # https://bugzilla.redhat.com/show_bug.cgi?id=1397243 Patch60: httpd-2.4.43-enable-sslv3.patch +Patch61: httpd-2.4.46-r1878890.patch Patch62: httpd-2.4.43-r1870095+.patch Patch63: httpd-2.4.46-htcacheclean-dont-break.patch @@ -240,6 +241,7 @@ written in the Lua programming language. %patch45 -p1 -b .logjournal %patch60 -p1 -b .enable-sslv3 +%patch61 -p1 -b .r1878890 %patch62 -p1 -b .r1870095 %patch63 -p1 -b .htcacheclean-dont-break @@ -781,6 +783,7 @@ exit $rv %changelog * Tue Feb 23 2021 Joe Orton - 2.4.46-10 - add Conflicts: with mod_nss +- drop use of apr_ldap_rebind (r1878890, #1847585) * Mon Feb 01 2021 Lubos Uhliarik - 2.4.46-9 - Resolves: #1914182 - RFE: CustomLog should be able to use journald diff --git a/pullrev.sh b/pullrev.sh index ada0076..27bbcb3 100755 --- a/pullrev.sh +++ b/pullrev.sh @@ -7,7 +7,7 @@ fi repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk" #repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x" -ver=2.4.43 +ver=2.4.46 prefix="httpd-${ver}" suffix="${SUFFIX:-r$1${2:++}}" fn="${prefix}-${suffix}.patch"