www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Fix segfault with Solaris LDAP SDK when enabling ldaps.

Browse Source 
Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).

This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.

PR: 42682


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209601 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2011-12-02 17:44:09 +00:00
parent 4a98590e80
commit bc84971437
1 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
modules/ldap/util_ldap.c
View File

@@ -262,6 +262,23 @@ static int uldap_connection_init(request_rec *r,
util_ldap_state_t *st = util_ldap_state_t *st =
(util_ldap_state_t *)ap_get_module_config(r->server->module_config, (util_ldap_state_t *)ap_get_module_config(r->server->module_config,
&ldap_module); &ldap_module);
int have_client_certs = !apr_is_empty_array(ldc->client_certs);
#if !APR_HAS_SOLARIS_LDAPSDK
/*
* Normally we enable SSL/TLS with apr_ldap_set_option(), except
* with Solaris LDAP, where this is broken.
*/
int secure = APR_LDAP_NONE;
#else
/*
* With Solaris LDAP, we enable TSL via the secure argument
* to apr_ldap_init(). This requires a fix from apr-util >= 1.4.0.
*
* Just in case client certificates ever get supported, we
* handle those as with the other LDAP SDKs.
*/
int secure = have_client_certs ? APR_LDAP_NONE : ldc->secure;
#endif
/* Since the host will include a port if the default port is not used, /* Since the host will include a port if the default port is not used,
* always specify the default ports for the port parameter. This will * always specify the default ports for the port parameter. This will
@@ -272,8 +289,7 @@ static int uldap_connection_init(request_rec *r,
apr_ldap_init(r->pool, &(ldc->ldap), apr_ldap_init(r->pool, &(ldc->ldap),
ldc->host, ldc->host,
APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT, APR_LDAP_SSL == ldc->secure ? LDAPS_PORT : LDAP_PORT,
APR_LDAP_NONE, secure, &(result));
&(result));
if (NULL == result) { if (NULL == result) {
/* something really bad happened */ /* something really bad happened */
@@ -318,7 +334,7 @@ static int uldap_connection_init(request_rec *r,
ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
/* set client certificates */ /* set client certificates */
if (!apr_is_empty_array(ldc->client_certs)) { if (have_client_certs) {
apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT, apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
ldc->client_certs, &(result)); ldc->client_certs, &(result));
if (LDAP_SUCCESS != result->rc) { if (LDAP_SUCCESS != result->rc) {
@@ -329,7 +345,12 @@ static int uldap_connection_init(request_rec *r,
} }
/* switch on SSL/TLS */ /* switch on SSL/TLS */
if (APR_LDAP_NONE != ldc->secure) { if (APR_LDAP_NONE != ldc->secure
#if APR_HAS_SOLARIS_LDAPSDK
/* See comments near apr_ldap_init() above */
&& have_client_certs
#endif
) {
apr_ldap_set_option(r->pool, ldc->ldap, apr_ldap_set_option(r->pool, ldc->ldap,
APR_LDAP_OPT_TLS, &ldc->secure, &(result)); APR_LDAP_OPT_TLS, &ldc->secure, &(result));
if (LDAP_SUCCESS != result->rc) { if (LDAP_SUCCESS != result->rc) {