Your message dated Fri, 22 Apr 2011 13:43:54 +0200
with message-id <BANLkTi=cksrahotyvmpsybgku8fb5ri...@mail.gmail.com>
and subject line Closed some time ago
has caused the Debian Bug report #618872,
regarding Wildcard regression in mod_vhost_ldap 2.0.6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
618872: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618872
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libapache2-mod-vhost-ldap
Version: 2.0.6-1
Tags: patch
Severity: serious
The commit “Fix wildcard search” [1] in mod_vhost_ldap 2.0.6 is incorrect,
and actually breaks wildcard searches. The code was correct originally
[2], and has been in production use on servers at MIT for two years. But
now it looks for records that literally have ‘\*’ in the hostname instead
of ‘*’, and of course it doesn’t find one.
(Are you sure you haven’t been accidentally testing with records that have
literal backslashes in the hostname, e.g. ‘\*.example.com’? Or perhaps
someone was trying out the patch for wildcard hostnames without my prior
patch that properly escapes LDAP queries [3]?)
I verified the regression from 2.0.5 on a real server, and successfully
tested the patch below on top of 2.0.6. The patch is also available in my
Git repository git://andersk.mit.edu/mod-vhost-ldap.git in the branch
“wildcard”. This branch also has a spelling fix for the example
configuration file.
[1]
http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=a6842df
[2] http://bugs.debian.org/470093
http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=a529b3b
[3] http://bugs.debian.org/469930
http://git.debian.org/?p=users/ondrej/mod-vhost-ldap.git;a=commitdiff;h=303e7b4
-- 8< --
From 188f008c3b074a8352e814024a13b1710427893a Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <ande...@mit.edu>
Date: Sat, 19 Mar 2011 03:52:56 -0400
Subject: [PATCH] Revert incorrect “fix” of wildcard search
It is wrong to add extra backslashes before *, because escaping is
already done by ldap_bv2escaped_filter_value. The extra backslash
made lookups fail.
This partially reverts commit fb5409ad77a245ed0ae746d198b394b580b4de3e.
Signed-off-by: Anders Kaseorg <ande...@mit.edu>
---
mod_vhost_ldap.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/mod_vhost_ldap.c b/mod_vhost_ldap.c
index 24b74b9..b6bee2a 100644
--- a/mod_vhost_ldap.c
+++ b/mod_vhost_ldap.c
@@ -538,11 +538,11 @@ fallback:
if (result == LDAP_NO_SUCH_OBJECT) {
if (conf->wildcard == MVL_ENABLED) {
- if (strcmp(hostname, "\\*") != 0) {
- if (strncmp(hostname, "\\*.", 3) == 0)
- hostname += 3;
+ if (strcmp(hostname, "*") != 0) {
+ if (strncmp(hostname, "*.", 2) == 0)
+ hostname += 2;
hostname += strcspn(hostname, ".");
- hostname = apr_pstrcat(r->pool, "\\*", hostname, NULL);
+ hostname = apr_pstrcat(r->pool, "*", hostname, NULL);
ap_log_rerror(APLOG_MARK, APLOG_NOTICE|APLOG_NOERRNO, 0, r,
"[mod_vhost_ldap.c] translate: "
"virtual host not found, trying wildcard %s",
--
1.7.4.1
--- End Message ---
--- Begin Message ---
Version: 2.0.7-1
--
Ondřej Surý <ond...@sury.org>
--- End Message ---
