mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability

to authorize an authenticated user via a "require ldap-group X" directive where the user is not in group X, but is in a subgroup contained in X. PR 42891 [Paul J. Reder] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@560373 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2007-07-27 20:34:41 +00:00
parent 7081c4268a
commit cc4a706e61
7 changed files with 574 additions and 23 deletions
--- a/modules/ldap/util_ldap_cache.c
+++ b/modules/ldap/util_ldap_cache.c
@@ -259,12 +259,14 @@ void *util_ldap_compare_node_copy(util_ald_cache_t *cache, void *c)
    if (node) {
        if (!(node->dn = util_ald_strdup(cache, n->dn)) ||
            !(node->attrib = util_ald_strdup(cache, n->attrib)) ||
-            !(node->value = util_ald_strdup(cache, n->value))) {
+            !(node->value = util_ald_strdup(cache, n->value)) ||
+            ((n->subgroupList) && !(node->subgroupList = util_ald_sgl_dup(cache, n->subgroupList)))) {
            util_ldap_compare_node_free(cache, node);
            return NULL;
        }
        node->lastcompare = n->lastcompare;
        node->result = n->result;
+        node->sgl_processed = n->sgl_processed;
        return node;
    }
    else {
@@ -275,6 +277,8 @@ void *util_ldap_compare_node_copy(util_ald_cache_t *cache, void *c)
 void util_ldap_compare_node_free(util_ald_cache_t *cache, void *n)
 {
    util_compare_node_t *node = n;
+
+    util_ald_sgl_free(cache, &(node->subgroupList));
    util_ald_free(cache, node->dn);
    util_ald_free(cache, node->attrib);
    util_ald_free(cache, node->value);
@@ -286,6 +290,8 @@ void util_ldap_compare_node_display(request_rec *r, util_ald_cache_t *cache, voi
    util_compare_node_t *node = n;
    char date_str[APR_CTIME_LEN+1];
    char *cmp_result;
+    char *sub_groups_val;
+    char *sub_groups_checked;

    apr_ctime(date_str, node->lastcompare);

@@ -299,6 +305,20 @@ void util_ldap_compare_node_display(request_rec *r, util_ald_cache_t *cache, voi
        cmp_result = apr_itoa(r->pool, node->result);
    }

+    if(node->subgroupList) {
+        sub_groups_val = "Yes";
+    }
+    else {
+        sub_groups_val = "No";
+    }
+
+    if(node->sgl_processed) {
+        sub_groups_checked = "Yes";
+    }
+    else {
+        sub_groups_checked = "No";
+    }
+
    ap_rprintf(r,
               "<tr valign='top'>"
               "<td nowrap>%s</td>"
@@ -306,12 +326,16 @@ void util_ldap_compare_node_display(request_rec *r, util_ald_cache_t *cache, voi
               "<td nowrap>%s</td>"
               "<td nowrap>%s</td>"
               "<td nowrap>%s</td>"
+               "<td nowrap>%s</td>"
+               "<td nowrap>%s</td>"
               "</tr>",
               node->dn,
               node->attrib,
               node->value,
               date_str,
-               cmp_result);
+               cmp_result,
+               sub_groups_val,
+               sub_groups_checked);
 }

 /* ------------------------------------------------------------------ */