Binary package hint: libapache-authnetldap-perl This bug effects both the libapache-authnetldap-perl and libapache-authznetldap-perl packages. The following to files incorrectly reference the perl module 'Apache2::Const' as just 'Apache': /usr/share/perl5/Apache/AuthNetLDAP.pm /usr/share/perl5/Apache/AuthzNetLDAP.pm I've pasted a patch for each below that corrects the bug, along with commenting out the DEBUG messages in AuthzNetLDAP.pm that cause excessive levels of logging. --- /usr/share/perl5/Apache/AuthNetLDAP.pm 2005-10-25 16:41:09.000000000 +1000 +++ AuthNetLDAP.pm 2006-10-18 08:51:08.000000000 +1000 @@ -24,13 +24,13 @@ # test for the version of mod_perl, and use the appropriate libraries BEGIN { if (MP2) { - require Apache::Const; - require Apache::Access; - require Apache::Connection; - require Apache::Log; - require Apache::RequestRec; - require Apache::RequestUtil; - Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK','DECLINED'); + require Apache2::Const; + require Apache2::Access; + require Apache2::Connection; + require Apache2::Log; + require Apache2::RequestRec; + require Apache2::RequestUtil; + Apache2::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK','DECLINED'); } else { require Apache::Constants; Apache::Constants->import('HTTP_UNAUTHORIZED','OK','DECLINED'); @@ -73,7 +73,7 @@ if ($password eq "") { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $user: no password supplied",$r->uri) : $r->log_reason("user $user: no password supplied",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } @@ -129,7 +129,7 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $user: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $user: LDAP Connection Failed: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } unless ($mesg->count()) @@ -139,11 +139,11 @@ # If user is not found in ldap database, check for the next auth handler before failing if (lc($allowaltauth) eq "yes") { - return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED; + return MP2 ? Apache2::Const::DECLINED : Apache::Constants::DECLINED; } else { - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } } @@ -157,18 +157,18 @@ $altfieldvalue =~ s/\s+$//; if ($altfieldvalue eq $password) { - return MP2 ? Apache::OK : Apache::Constants::OK; + return MP2 ? Apache2::Const::OK : Apache::Constants::OK; } else { # If user is not found in ldap database, check for the next auth handler before failing if (lc($allowaltauth) eq "yes") { - return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED; + return MP2 ? Apache2::Const::DECLINED : Apache::Constants::DECLINED; } else { - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } } } @@ -181,13 +181,13 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $user: failed bind: $error",$r->uri) : $r->log_reason("user $user: failed bind: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } my $error = $mesg->code(); my $dn = $entry->dn(); # MP2 ? $r->log_error("AUTHDEBUG user $dn:$password bind: $error",$r->uri) : $r->log_reason("AUTHDEBUG user $dn:$password bind: $error",$r->uri); - return MP2 ? Apache::OK : Apache::Constants::OK; + return MP2 ? Apache2::Const::OK : Apache::Constants::OK; } # Autoload methods go after =cut, and are processed by the autosplit program. --- /usr/share/perl5/Apache/AuthzNetLDAP.pm 2005-07-05 23:43:47.000000000 +1000 +++ AuthzNetLDAP.pm 2006-10-18 08:59:31.000000000 +1000 @@ -28,15 +28,15 @@ # test for the version of mod_perl, and use the appropriate libraries BEGIN { if (MP2) { - require Apache::Const; - require Apache::Access; - require Apache::Connection; - require Apache::Log; - require Apache::RequestRec; - require Apache::RequestUtil; + require Apache2::Const; + require Apache2::Access; + require Apache2::Connection; + require Apache2::Log; + require Apache2::RequestRec; + require Apache2::RequestUtil; require URI; require URI::ldap; - Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK', 'DECLINED'); + Apache2::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK', 'DECLINED'); } else { require Apache::Constants; require URI; @@ -63,7 +63,7 @@ my $requires = $r->requires; - return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED unless $requires; + return MP2 ? Apache2::Const::DECLINED : Apache::Constants::DECLINED unless $requires; my $username = MP2 ? $r->user : $r->connection->user; @@ -89,7 +89,7 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $username: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $username: LDAP Connection Failed: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } #first let's get the user's DN @@ -106,7 +106,7 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $username: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $username: LDAP Connection Failed: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } my $entry = $mesg->shift_entry(); @@ -121,32 +121,32 @@ my ($requirement,@rest) = split(/\s+/, $req->{requirement}); if (lc $requirement eq 'user') { - foreach (@rest) {return MP2 ? Apache::OK : Apache::Constants::OK if $username eq $_;} + foreach (@rest) {return MP2 ? Apache2::Const::OK : Apache::Constants::OK if $username eq $_;} } elsif (lc $requirement eq 'group') { my $temps = $req->{requirement}; - MP2 ? $r->log_error("DEBUG requirement is $temps",$r->uri) : $r->log_reason("DEBUG requirement is $temps",$r->uri); + # MP2 ? $r->log_error("DEBUG requirement is $temps",$r->uri) : $r->log_reason("DEBUG requirement is $temps",$r->uri); my ($foo,$group) = split(/"/,$req->{requirement}); my $isMember = Apache::AuthzNetLDAP::_getIsMember($ldap,$r,$group,$entry->dn()); - MP2 ? $r->log_error("user $username: group($group) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($group) DEBUG - isMember: $isMember",$r->uri); - return MP2 ? Apache::OK : Apache::Constants::OK if $isMember; + # MP2 ? $r->log_error("user $username: group($group) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($group) DEBUG - isMember: $isMember",$r->uri); + return MP2 ? Apache2::Const::OK : Apache::Constants::OK if $isMember; } elsif (lc $requirement eq 'ldap-url') { my ($foo,$url) = split (/ldap-url/,$req->{requirement}); my $isMember = Apache::AuthzNetLDAP::_checkURL($r,$ldap,$entry->dn(),$url); - MP2 ? $r->log_error("user $username: group($url) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($url) DEBUG - isMember: $isMember",$r->uri); - return MP2 ? Apache::OK : Apache::Constants::OK if $isMember; + # MP2 ? $r->log_error("user $username: group($url) DEBUG - isMember: $isMember",$r->uri) : $r->log_reason("user $username: group($url) DEBUG - isMember: $isMember",$r->uri); + return MP2 ? Apache2::Const::OK : Apache::Constants::OK if $isMember; } elsif (lc $requirement eq 'valid-user') { - return MP2 ? Apache::OK : Apache::Constants::OK; + return MP2 ? Apache2::Const::OK : Apache::Constants::OK; } } $r->note_basic_auth_failure; - MP2 ? $r->log_error("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri) : $r->log_reason("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + # MP2 ? $r->log_error("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri) : $r->log_reason("user $username: group (test) LDAP membership check failed with ismember: DEBUG REMOVE COMMENT",$r->uri); + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; @@ -157,7 +157,7 @@ my ($ldap,$r,$groupDN,$userDN) = @_; my $isMember = 0; - MP2 ? $r->log_error("DEBUG start _getIsMember $isMember",$r->uri) : $r->log_reason("DEBUG start _getIsMember $isMember",$r->uri); + # MP2 ? $r->log_error("DEBUG start _getIsMember $isMember",$r->uri) : $r->log_reason("DEBUG start _getIsMember $isMember",$r->uri); #if user is a member then this will compare to true and we're done my $mesg = $ldap->compare($groupDN,attr=>"uniquemember",value=>$userDN); @@ -173,7 +173,7 @@ if ($mesg->code() == 6) { $isMember = 1; - MP2 ? $r->log_error("DEBUG isMember after compare is $isMember",$r->uri) : $r->log_reason("DEBUG isMember after compare is $isMember",$r->uri); + # MP2 ? $r->log_error("DEBUG isMember after compare is $isMember",$r->uri) : $r->log_reason("DEBUG isMember after compare is $isMember",$r->uri); return $isMember; } @@ -207,7 +207,7 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } my $entry = $mesg->pop_entry(); @@ -237,7 +237,7 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } #if we find an entry it returns true @@ -281,7 +281,7 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($groupDN) LDAP search Failed: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } #if make it this far then you must be a member @@ -313,7 +313,7 @@ { $r->note_basic_auth_failure; MP2 ? $r->log_error("user $userDN: group ($urlval) LDAP search Failed: $error",$r->uri) : $r->log_reason("user $userDN: group ($urlval) LDAP search Failed: $error",$r->uri); - return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; + return MP2 ? Apache2::Const::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED; } #if we find an entry it returns true