rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

drop use of apr_ldap_rebind (r1878890, #1847585)

Browse Source
This commit is contained in:
Joe Orton 2021-02-23 16:50:29 +00:00
parent 2c9507d609
commit 04961f1633
3 changed files with 120 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
httpd-2.4.46-r1878890.patch Normal file
View File

@ -0,0 +1,116 @@
# ./pullrev.sh 1878890
http://svn.apache.org/viewvc?view=revision&revision=1878890
--- httpd-2.4.46/include/util_ldap.h.r1878890
+++ httpd-2.4.46/include/util_ldap.h
@@ -32,7 +32,6 @@
#if APR_MAJOR_VERSION < 2
/* The LDAP API is currently only present in APR 1.x */
#include "apr_ldap.h"
-#include "apr_ldap_rebind.h"
#else
#define APR_HAS_LDAP 0
#endif
--- httpd-2.4.46/modules/ldap/util_ldap.c.r1878890
+++ httpd-2.4.46/modules/ldap/util_ldap.c
@@ -140,6 +140,38 @@
return OK;
}
+/* For OpenLDAP with the 3-arg version of ldap_set_rebind_proc(), use
+ * a simpler rebind callback than the implementation in APR-util.
+ * Testing for API version >= 3001 appears safe although OpenLDAP
+ * 2.1.x (API version = 2004) also has the 3-arg API. */
+#if APR_HAS_OPENLDAP_LDAPSDK && defined(LDAP_API_VERSION) && LDAP_API_VERSION >= 3001
+
+#define uldap_rebind_init(p) APR_SUCCESS /* noop */
+
+static int uldap_rebind_proc(LDAP *ld, const char *url, ber_tag_t request,
+ ber_int_t msgid, void *params)
+{
+ util_ldap_connection_t *ldc = params;
+
+ return ldap_bind_s(ld, ldc->binddn, ldc->bindpw, LDAP_AUTH_SIMPLE);
+}
+
+static apr_status_t uldap_rebind_add(util_ldap_connection_t *ldc)
+{
+ ldap_set_rebind_proc(ldc->ldap, uldap_rebind_proc, ldc);
+ return APR_SUCCESS;
+}
+
+#else /* !APR_HAS_OPENLDAP_LDAPSDK */
+
+#define USE_APR_LDAP_REBIND
+#include <apr_ldap_rebind.h>
+
+#define uldap_rebind_init(p) apr_ldap_rebind_init(p)
+#define uldap_rebind_add(ldc) apr_ldap_rebind_add((ldc)->rebind_pool, \
+ (ldc)->ldap, (ldc)->binddn, \
+ (ldc)->bindpw)
+#endif
/* ------------------------------------------------------------------ */
@@ -181,6 +213,13 @@
util_ldap_connection_t *ldc = param;
if (ldc) {
+#ifdef USE_APR_LDAP_REBIND
+ /* forget the rebind info for this conn */
+ if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
+ apr_pool_clear(ldc->rebind_pool);
+ }
+#endif
+
if (ldc->ldap) {
if (ldc->r) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp unbind", ldc);
@@ -189,12 +228,6 @@
ldc->ldap = NULL;
}
ldc->bound = 0;
-
- /* forget the rebind info for this conn */
- if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
- apr_ldap_rebind_remove(ldc->ldap);
- apr_pool_clear(ldc->rebind_pool);
- }
}
return APR_SUCCESS;
@@ -330,7 +363,7 @@
if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
/* Now that we have an ldap struct, add it to the referral list for rebinds. */
- rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw);
+ rc = uldap_rebind_add(ldc);
if (rc != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rc, r->server, APLOGNO(01277)
"LDAP: Unable to add rebind cross reference entry. Out of memory?");
@@ -855,6 +888,7 @@
/* whether or not to keep this connection in the pool when it's returned */
l->keep = (st->connection_pool_ttl == 0) ? 0 : 1;
+#ifdef USE_APR_LDAP_REBIND
if (l->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
if (apr_pool_create(&(l->rebind_pool), l->pool) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, APLOGNO(01286)
@@ -865,6 +899,7 @@
return NULL;
}
}
+#endif
if (p) {
p->next = l;
@@ -3051,7 +3086,7 @@
}
/* Initialize the rebind callback's cross reference list. */
- apr_ldap_rebind_init (p);
+ (void) uldap_rebind_init(p);
#ifdef AP_LDAP_OPT_DEBUG
if (st->debug_level > 0) {

3
httpd.spec
View File

@ -88,6 +88,7 @@ Patch45: httpd-2.4.43-logjournal.patch
# Bug fixes # Bug fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1397243 # https://bugzilla.redhat.com/show_bug.cgi?id=1397243
Patch60: httpd-2.4.43-enable-sslv3.patch Patch60: httpd-2.4.43-enable-sslv3.patch
Patch61: httpd-2.4.46-r1878890.patch
Patch62: httpd-2.4.43-r1870095+.patch Patch62: httpd-2.4.43-r1870095+.patch
Patch63: httpd-2.4.46-htcacheclean-dont-break.patch Patch63: httpd-2.4.46-htcacheclean-dont-break.patch
@ -240,6 +241,7 @@ written in the Lua programming language.
%patch45 -p1 -b .logjournal %patch45 -p1 -b .logjournal
%patch60 -p1 -b .enable-sslv3 %patch60 -p1 -b .enable-sslv3
%patch61 -p1 -b .r1878890
%patch62 -p1 -b .r1870095 %patch62 -p1 -b .r1870095
%patch63 -p1 -b .htcacheclean-dont-break %patch63 -p1 -b .htcacheclean-dont-break
@ -781,6 +783,7 @@ exit $rv
%changelog %changelog
* Tue Feb 23 2021 Joe Orton <jorton@redhat.com> - 2.4.46-10 * Tue Feb 23 2021 Joe Orton <jorton@redhat.com> - 2.4.46-10
- add Conflicts: with mod_nss - add Conflicts: with mod_nss
- drop use of apr_ldap_rebind (r1878890, #1847585)
* Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9 * Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9
- Resolves: #1914182 - RFE: CustomLog should be able to use journald - Resolves: #1914182 - RFE: CustomLog should be able to use journald

2
pullrev.sh
View File

@ -7,7 +7,7 @@ fi
repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk" repo="https://svn.apache.org/repos/asf/httpd/httpd/trunk"
#repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x" #repo="https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x"
ver=2.4.43 ver=2.4.46
prefix="httpd-${ver}" prefix="httpd-${ver}"
suffix="${SUFFIX:-r$1${2:++}}" suffix="${SUFFIX:-r$1${2:++}}"
fn="${prefix}-${suffix}.patch" fn="${prefix}-${suffix}.patch"