Make sure attributes from ldapsearch are passed into the environment. Make sure

the distinguished name is duplicated before being used.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914091 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 2 insertions, 3 deletions

diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 29f04e2bb0..6295618f58 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -1453,18 +1453,17 @@ static authz_status ldapsearch_check_authorization(request_rec *r,
     t = require;
 
     if (t[0]) {
-        const char **vals;
 
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02630)
                       "auth_ldap authorize: checking filter %s", t);
 
         /* Search for the user DN */
         result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn,
-             sec->scope, sec->attributes, t, &dn, &vals);
+             sec->scope, sec->attributes, t, &dn, &(req->vals));
 
         /* Make sure that the filtered search returned a single dn */
         if (result == LDAP_SUCCESS && dn) {
-            req->dn = dn;
+            req->dn = apr_pstrdup(r->pool, dn);
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02631)
                           "auth_ldap authorize: require ldap-search: "
                           "authorization successful");