Anders, sorry for that. I guess my testing was just wrong and since I received a complaint that the wildcard searches are hammering the LDAP search I assumed that there was indeed something wrong. I guess I should have done more testing before releasing the mvl with brown-paper-bag bug :-(.
I have just uploaded 2.0.7 with your fixes from wildcard branch. Thank you very much. Ondrej On Sat, Mar 19, 2011 at 09:13, Anders Kaseorg <ande...@mit.edu> wrote: > Package: libapache2-mod-vhost-ldap > Version: 2.0.6-1 > Tags: patch > Severity: serious > > The commit “Fix wildcard search” [1] in mod_vhost_ldap 2.0.6 is incorrect, > and actually breaks wildcard searches. The code was correct originally > [2], and has been in production use on servers at MIT for two years. But > now it looks for records that literally have ‘\*’ in the hostname instead > of ‘*’, and of course it doesn’t find one. > > (Are you sure you haven’t been accidentally testing with records that have > literal backslashes in the hostname, e.g. ‘\*.example.com’? Or perhaps > someone was trying out the patch for wildcard hostnames without my prior > patch that properly escapes LDAP queries [3]?) > > I verified the regression from 2.0.5 on a real server, and successfully > tested the patch below on top of 2.0.6. The patch is also available in my > Git repository git://andersk.mit.edu/mod-vhost-ldap.git in the branch > “wildcard”. This branch also has a spelling fix for the example > configuration file. > > [1] > http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=a6842df > [2] http://bugs.debian.org/470093 > > http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=a529b3b > [3] http://bugs.debian.org/469930 > > http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=303e7b4 > > -- 8< -- > From 188f008c3b074a8352e814024a13b1710427893a Mon Sep 17 00:00:00 2001 > From: Anders Kaseorg <ande...@mit.edu> > Date: Sat, 19 Mar 2011 03:52:56 -0400 > Subject: [PATCH] Revert incorrect “fix” of wildcard search > > It is wrong to add extra backslashes before *, because escaping is > already done by ldap_bv2escaped_filter_value. The extra backslash > made lookups fail. > > This partially reverts commit fb5409ad77a245ed0ae746d198b394b580b4de3e. > > Signed-off-by: Anders Kaseorg <ande...@mit.edu> > --- > mod_vhost_ldap.c | 8 ++++---- > 1 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/mod_vhost_ldap.c b/mod_vhost_ldap.c > index 24b74b9..b6bee2a 100644 > --- a/mod_vhost_ldap.c > +++ b/mod_vhost_ldap.c > @@ -538,11 +538,11 @@ fallback: > > if (result == LDAP_NO_SUCH_OBJECT) { > if (conf->wildcard == MVL_ENABLED) { > - if (strcmp(hostname, "\\*") != 0) { > - if (strncmp(hostname, "\\*.", 3) == 0) > - hostname += 3; > + if (strcmp(hostname, "*") != 0) { > + if (strncmp(hostname, "*.", 2) == 0) > + hostname += 2; > hostname += strcspn(hostname, "."); > - hostname = apr_pstrcat(r->pool, "\\*", hostname, NULL); > + hostname = apr_pstrcat(r->pool, "*", hostname, NULL); > ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r, > "[mod_vhost_ldap.c] translate: " > "virtual host not found, trying wildcard %s", > -- > 1.7.4.1 > > > > -- Ondřej Surý <ond...@sury.org> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
