[rs-commit] r25 - in /mod_ca/trunk: ChangeLog mod_ca_ldap.c

[rs-commit at redwax.eu]

Author: minfrin at redwax.eu
Date: Sun Mar 31 00:23:21 2019
New Revision: 25

Log:
Distinguish between a certificate not found error and an LDAP error 
so we don't print "Success" next to a failure.

Modified:
    mod_ca/trunk/ChangeLog
    mod_ca/trunk/mod_ca_ldap.c

Modified: mod_ca/trunk/ChangeLog
==============================================================================
--- mod_ca/trunk/ChangeLog	(original)
+++ mod_ca/trunk/ChangeLog	Sun Mar 31 00:23:21 2019
@@ -1,5 +1,8 @@
 
 Changes with v0.2.0
+
+ *) Distinguish between a certificate not found error and an LDAP error
+    so we don't print "Success" next to a failure. [Graham Leggett]
 
  *) Add a workaround for https://github.com/openssl/openssl/issues/8618
     that causes PKCS7 DER encoded objects to not be decoded correctly.

Modified: mod_ca/trunk/mod_ca_ldap.c
==============================================================================
--- mod_ca/trunk/mod_ca_ldap.c	(original)
+++ mod_ca/trunk/mod_ca_ldap.c	Sun Mar 31 00:23:21 2019
@@ -697,9 +697,15 @@
         break;
     }
 
-    if (result != LDAP_SUCCESS || !l->dn) {
+    if (result != LDAP_SUCCESS) {
         ap_log_rerror(
                 APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(XXXXX) "mod_ca_ldap authn: LDAP search for filter '%s' at base '%s' failed: %s (%s)", filter, conf->basedn, l->ldc->reason, ldap_err2string(result));
+        apr_pool_destroy(l->pool);
+        return HTTP_FORBIDDEN;
+    }
+    else if (!l->dn) {
+        ap_log_rerror(
+                APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(XXXXX) "mod_ca_ldap authn: LDAP search for filter '%s' at base '%s' did not return a valid entry: %s", filter, conf->basedn, l->ldc->reason);
         apr_pool_destroy(l->pool);
         return HTTP_FORBIDDEN;
     }