mainnika/nginx-auth-ldap
1
0
Fork 0
mirror of https://github.com/mainnika/nginx-auth-ldap.git synced 2026-06-12 18:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #65 from pweiskircher/master

Browse Source 
Authentication timeout and segmentation fault fix on multiple, concurrent requests being processed at the same time
This commit is contained in:
Valery
2015-01-19 18:07:01 +03:00
parent 7de94294e6 95d64f0797
commit b365771d2a
1 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ngx_http_auth_ldap_module.c
+15 -13
View File
@@ -1036,6 +1036,12 @@ ngx_http_auth_ldap_get_connection(ngx_http_auth_ldap_ctx_t *ctx)
ngx_queue_t *q; ngx_queue_t *q;
ngx_http_auth_ldap_connection_t *c; ngx_http_auth_ldap_connection_t *c;
/*
* If we already have a connection, just say we got them one.
*/
if (ctx->c != NULL)
return 1;
server = ctx->server; server = ctx->server;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ctx->r->connection->log, 0, "http_auth_ldap: Wants a free connection to \"%V\"", ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ctx->r->connection->log, 0, "http_auth_ldap: Wants a free connection to \"%V\"",
@@ -1098,8 +1104,6 @@ ngx_http_auth_ldap_reply_connection(ngx_http_auth_ldap_connection_t *c, int erro
ctx->error_msg.data = NULL; ctx->error_msg.data = NULL;
} }
ngx_http_auth_ldap_return_connection(c);
ngx_http_auth_ldap_wake_request(ctx->r); ngx_http_auth_ldap_wake_request(ctx->r);
} }
@@ -1616,7 +1620,15 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
return NGX_ERROR; return NGX_ERROR;
} }
if (!ctx->replied && ctx->phase != PHASE_START) { /*
* If we are not starting up a request (ctx->phase != PHASE_START) and we actually already
* sent a request (ctx->iteration > 0) and didn't receive a reply yet (!ctx->replied) we
* ask to be called again at a later time when we hopefully have received a reply.
*
* It is quite possible that we reach this if while not having sent a request yet (ctx->iteration == 0) -
* this happens when we are trying to get an LDAP connection but all of them are busy right now.
*/
if (ctx->iteration > 0 && !ctx->replied && ctx->phase != PHASE_START) {
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: The LDAP operation did not finish yet"); ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http_auth_ldap: The LDAP operation did not finish yet");
return NGX_AGAIN; return NGX_AGAIN;
} }
@@ -1986,16 +1998,6 @@ ngx_http_auth_ldap_check_bind(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *c
ctx->c->state = STATE_BINDING; ctx->c->state = STATE_BINDING;
ctx->iteration++; ctx->iteration++;
// added by prune - 20140227
// we have to rebind THIS SAME connection as admin user or the next search could be
// made as non privileged user
// see https://github.com/kvspb/nginx-auth-ldap/issues/36
// this is quick and dirty patch
int rebind_msgid;
cred.bv_val = (char *) ctx->server->bind_dn_passwd.data;
cred.bv_len = ctx->server->bind_dn_passwd.len;
rc = ldap_sasl_bind(ctx->c->ld,(const char *) ctx->server->bind_dn.data, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &rebind_msgid);
return NGX_AGAIN; return NGX_AGAIN;
} }