2006-10-17 23:41:14 |
Andrew Radke |
description |
Binary package hint: libapache-authnetldap-perl
This bug effects both the libapache-authnetldap-perl and libapache-authznetldap-perl packages.
The following to files incorrectly reference the perl module 'Apache2::Const' as just 'Apache':
/usr/share/perl5/Apache/AuthNetLDAP.pm
/usr/share/perl5/Apache/AuthzNetLDAP.pm
I've pasted a patch for each below that corrects the bug, along with commenting out the DEBUG messages in AuthzNetLDAP.pm that cause excessive levels of logging.
--- /usr/share/perl5/Apache/AuthNetLDAP.pm 2005-10-25 16:41:09.000000000 +1000
+++ AuthNetLDAP.pm 2006-10-18 08:51:08.000000000 +1000
@@ -24,13 +24,13 @@
# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
if (MP2) {
- require Apache::Const;
- require Apache::Access;
- require Apache::Connection;
- require Apache::Log;
- require Apache::RequestRec;
- require Apache::RequestUtil;
- Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK','DECLINED');
+ require Apache2::Const;
+ require Apache2::Access;
+ require Apache2::Connection;
+ require Apache2::Log;
+ require Apache2::RequestRec;
+ require Apache2::RequestUtil;
+ Apache2::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK','DECLINED');
} else {
require Apache::Constants;
Apache::Constants->import('HTTP_UNAUTHORIZED','OK','DECLINED');
@@ -73,7 +73,7 @@
if ($password eq "") {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: no password supplied",$r->uri) : $r->log_reason("user $user: no password supplied",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
@@ -129,7 +129,7 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $user: LDAP Connection Failed: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
unless ($mesg->count())
@@ -139,11 +139,11 @@
# If user is not found in ldap database, check for the next auth handler before failing
if (lc($allowaltauth) eq "yes")
{
- return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED;
+ return MP2 ? Apache2::Const::DECLINED : Apache::Constants::DECLINED;
}
else
{
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
}
@@ -157,18 +157,18 @@
$altfieldvalue =~ s/\s+$//;
if ($altfieldvalue eq $password)
{
- return MP2 ? Apache::OK : Apache::Constants::OK;
+ return MP2 ? Apache2::Const::OK : Apache::Constants::OK;
}
else
{
# If user is not found in ldap database, check for the next auth handler before failing
if (lc($allowaltauth) eq "yes")
{
- return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED;
+ return MP2 ? Apache2::Const::DECLINED : Apache::Constants::DECLINED;
}
else
{
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
}
}
@@ -181,13 +181,13 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: failed bind: $error",$r->uri) : $r->log_reason("user $user: failed bind: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
my $error = $mesg->code();
my $dn = $entry->dn();
# MP2 ? $r->log_error("AUTHDEBUG user $dn:$password bind: $error",$r->uri) : $r->log_reason("AUTHDEBUG user $dn:$password bind: $error",$r->uri);
- return MP2 ? Apache::OK : Apache::Constants::OK;
+ return MP2 ? Apache2::Const::OK : Apache::Constants::OK;
}
# Autoload methods go after =cut, and are processed by the autosplit program.
--- /usr/share/perl5/Apache/AuthzNetLDAP.pm 2005-07-05 23:43:47.000000000 +1000
+++ AuthzNetLDAP.pm 2006-10-18 08:59:31.000000000 +1000
@@ -28,15 +28,15 @@
# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
if (MP2) {
- require Apache::Const;
- require Apache::Access;
- require Apache::Connection;
- require Apache::Log;
- require Apache::RequestRec;
- require Apache::RequestUtil;
+ require Apache2::Const;
+ require Apache2::Access;
+ require Apache2::Connection;
+ require Apache2::Log;
+ require Apache2::RequestRec;
+ require Apache2::RequestUtil;
require URI;
require URI::ldap;
- Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK', 'DECLINED');
+ Apache2::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK', 'DECLINED');
} else {
require Apache::Constants;
require URI;
@@ -63,7 +63,7 @@
my $requires = $r->requires;
- return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED unless $requires;
+ return MP2 ? Apache2::Const::DECLINED : Apache::Constants::DECLINED unless $requires;
my $username = MP2 ? $r->user : $r->connection->user;
@@ -89,7 +89,7 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $username: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $username: LDAP Connection Failed: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
#first let's get the user's DN
@@ -106,7 +106,7 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $username: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $username: LDAP Connection Failed: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
my $entry = $mesg->shift_entry();
@@ -121,32 +121,32 @@
my ($requirement,@rest) = split(/\s+/, $req->{requirement});
if (lc $requirement eq 'user')
{
- foreach (@rest) {return MP2 ? Apache::OK : Apache::Constants::OK if $username eq $_;}
+ foreach (@rest) {return MP2 ? Apache2::Const::OK : Apache::Constants::OK if $username eq $_;}
}
elsif (lc $requirement eq 'group')
{
my $temps = $req->{requirement};
- MP2 ? $r->log_error("DEBUG requirement is $temps",$r->uri) : $r->log_reason("DEBUG requirement is $temps",$r->uri);
+ # MP2 ? $r->log_error("DEBUG requirement is $temps",$r->uri) : $r->log_reason("DEBUG requirement is $temps",$r->uri);
my ($foo,$group) = split(/"/,$req->{requirement});
my $isMember = Apache::AuthzNetLDAP::_getIsMember($ldap,$r,$group,$entry->dn());
- MP2 ? $r->log_error("user $username: group($group) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($group) DEBUG - isMember: $isMember",$r->uri);
- return MP2 ? Apache::OK : Apache::Constants::OK if $isMember;
+ # MP2 ? $r->log_error("user $username: group($group) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($group) DEBUG - isMember: $isMember",$r->uri);
+ return MP2 ? Apache2::Const::OK : Apache::Constants::OK if $isMember;
}
elsif (lc $requirement eq 'ldap-url')
{
my ($foo,$url) = split (/ldap-url/,$req->{requirement});
my $isMember = Apache::AuthzNetLDAP::_checkURL($r,$ldap,$entry->dn(),$url);
- MP2 ? $r->log_error("user $username: group($url) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($url) DEBUG - isMember: $isMember",$r->uri);
- return MP2 ? Apache::OK : Apache::Constants::OK if $isMember;
+ # MP2 ? $r->log_error("user $username: group($url) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($url) DEBUG - isMember: $isMember",$r->uri);
+ return MP2 ? Apache2::Const::OK : Apache::Constants::OK if $isMember;
}
elsif (lc $requirement eq 'valid-user') {
- return MP2 ? Apache::OK : Apache::Constants::OK;
+ return MP2 ? Apache2::Const::OK : Apache::Constants::OK;
}
}
$r->note_basic_auth_failure;
- MP2 ? $r->log_error("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri) : $r->log_reason("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ # MP2 ? $r->log_error("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri) : $r->log_reason("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri);
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
@@ -157,7 +157,7 @@
my ($ldap,$r,$groupDN,$userDN) = @_;
my $isMember = 0;
- MP2 ? $r->log_error("DEBUG start _getIsMember $isMember",$r->uri) : $r->log_reason("DEBUG start _getIsMember $isMember",$r->uri);
+ # MP2 ? $r->log_error("DEBUG start _getIsMember $isMember",$r->uri) : $r->log_reason("DEBUG start _getIsMember $isMember",$r->uri);
#if user is a member then this will compare to true and we're done
my $mesg = $ldap->compare($groupDN,attr=>"uniquemember",value=>$userDN);
@@ -173,7 +173,7 @@
if ($mesg->code() == 6)
{
$isMember = 1;
- MP2 ? $r->log_error("DEBUG isMember after compare is $isMember",$r->uri) : $r->log_reason("DEBUG isMember after compare is $isMember",$r->uri);
+ # MP2 ? $r->log_error("DEBUG isMember after compare is $isMember",$r->uri) : $r->log_reason("DEBUG isMember after compare is $isMember",$r->uri);
return $isMember;
}
@@ -207,7 +207,7 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
my $entry = $mesg->pop_entry();
@@ -237,7 +237,7 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
#if we find an entry it returns true
@@ -281,7 +281,7 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
#if make it this far then you must be a member
@@ -313,7 +313,7 @@
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $userDN: group ($urlval) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($urlval) LDAP search Failed: $error",$r->uri);
- return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
+ return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
#if we find an entry it returns true
|
Binary package hint: libapache-authnetldap-perl
This bug effects both the libapache-authnetldap-perl and libapache-authznetldap-perl packages.
The following to files incorrectly reference the perl module 'Apache2::Const' as just 'Apache':
/usr/share/perl5/Apache/AuthNetLDAP.pm
/usr/share/perl5/Apache/AuthzNetLDAP.pm
I've attached a patch for each that corrects the bug, along with commenting out the DEBUG messages in AuthzNetLDAP.pm that cause excessive levels of logging. |
|