Date: Wed, 21 Sep 2005 14:37:31 GMT From: Dmitriy Kirhlarov <dimma@higis.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/86416: apache <=2.0.54. mod_ldap can't work with ldap-server over SSL Message-ID: <200509211437.j8LEbVGu045992@www.freebsd.org> Resent-Message-ID: <200509211440.j8LEe6St029063@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 86416 >Category: ports >Synopsis: apache <=2.0.54. mod_ldap can't work with ldap-server over SSL >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 21 14:40:05 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Dmitriy Kirhlarov >Release: 5.4-RELEASE-p5 >Organization: Oilspace >Environment: FreeBSD clh0.cluster 5.4-RELEASE-p5 FreeBSD 5.4-RELEASE-p5 #2: Fri Aug 5 22:34:00 MSD 2005 root@clh0.cluster:/usr/obj/usr/src/sys/clh i386 >Description: Apache can't understand CAcert format and can't switch on SSL support for LDAP. >How-To-Repeat: compile apache from ports with -DWITH_LDAP_MODULES -DWITH_AUTH_MODULES -DWITH_SSL_MODULES params include in httpd.conf LDAPTrustedCA LDAPTrustedCAType and in .htaccess AuthLDAPURL ldaps://... parameters. When apache started you get in error log: [notice] LDAP: Built with OpenLDAP LDAP SDK [notice] LDAP: SSL support unavailable after that your authorization work over plain ldap. It's bug described with patch: http://issues.apache.org/bugzilla/show_bug.cgi?id=36563 But little bug not gone Wnen your use DER or BASE64 type CAcert. In both situation you must use LDAPTrustedCAType BASE64_FILE Configure your log-files with *debug* level _before_ configure mod_ldap in httpd .conf for verbose description in error log. >Fix: --- patch-modules-experimental-util_ldap_cache.c begins here --- --- modules/experimental/util_ldap_cache.c.orig Wed Sep 21 12:17:53 2005 +++ modules/experimental/util_ldap_cache.c Wed Sep 21 12:14:26 2005 @@ -158,18 +158,22 @@ /* copy vals */ if (node->vals) { - int k = 0; + int k = node->numvals; int i = 0; - while (node->vals[k++]); if (!(newnode->vals = util_ald_alloc(cache, sizeof(char *) * (k+1)))) { util_ldap_search_node_free(cache, newnode); return NULL; } - while (node->vals[i]) { - if (!(newnode->vals[i] = util_ald_strdup(cache, node->vals[i]))) { - util_ldap_search_node_free(cache, newnode); - return NULL; + newnode->numvals = node->numvals; + for (;k;k--) { + if (node->vals[i]) { + if (!(newnode->vals[i] = util_ald_strdup(cache, node->vals[i]))) { + util_ldap_search_node_free(cache, newnode); + return NULL; + } } + else + newnode->vals[i] = NULL; i++; } } @@ -199,9 +203,13 @@ { int i = 0; util_search_node_t *node = (util_search_node_t *)n; + int k = node->numvals; + if (node->vals) { - while (node->vals[i]) { - util_ald_free(cache, node->vals[i++]); + for (;k;k--,i++) { + if (node->vals[i]) { + util_ald_free(cache, node->vals[i]); + } } util_ald_free(cache, node->vals); } --- patch-modules-experimental-util_ldap_cache.c ends here --- --- patch-modules-experimental-util_ldap_cache.h begins here --- --- modules/experimental/util_ldap_cache.h.orig Wed Sep 21 12:32:57 2005 +++ modules/experimental/util_ldap_cache.h Wed Sep 21 12:14:26 2005 @@ -110,6 +110,7 @@ NULL if the bind failed */ apr_time_t lastbind; /* Time of last successful bind */ const char **vals; /* Values of queried attributes */ + int numvals; /* Number of queried attributes */ } util_search_node_t; /* --- patch-modules-experimental-util_ldap_cache.h ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509211437.j8LEbVGu045992>