ldap/servers/slapd/ldaputil.c | 37 ++++++++++++++++++++++---------------
1 file changed, 22 insertions(+), 15 deletions(-)
New commits:
commit f43ed1ddaa9bcbf1308b2ecbe9044e2058776d2c
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Jun 29 13:46:45 2012 -0400
Ticket 399 - slapi_ldap_bind() doesn't check bind results
Bug Description: There are two issues here. One, we were not calling
ldap_parse_result()
for SIMPLE binds. Two, we were overwriting the error code, with
the
function result code.
Fix Description: Always call ldap_parse_result, and use a separate error code
variable to
preserve the actual result code from the bind operation.
https://fedorahosted.org/389/ticket/399
Reviewed by: nhosoi(Thanks Noriko!)
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index fd4e93f..aaca1af 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -995,6 +995,7 @@ slapi_ldap_bind(
)
{
int rc = LDAP_SUCCESS;
+ int err;
LDAPControl **clientctrls = NULL;
int secure = 0;
struct berval bvcreds = {0, NULL};
@@ -1115,21 +1116,27 @@ slapi_ldap_bind(
mech ? mech : "SIMPLE");
goto done;
}
- /* if we got here, we were able to read success result */
- /* Get the controls sent by the server if requested */
- if (returnedctrls) {
- if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL,
- NULL, returnedctrls,
- 0)) != LDAP_SUCCESS) {
- slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
- "Error: could not bind id "
- "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
- bindid ? bindid : "(anon)",
- mech ? mech : "SIMPLE",
- rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
- goto done;
- }
- }
+ /* if we got here, we were able to read success result */
+ /* Get the controls sent by the server if requested */
+ if ((rc = ldap_parse_result(ld, result, &err, NULL, NULL,
+ NULL, returnedctrls, 0)) != LDAP_SUCCESS) {
+ slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+ "Error: could not parse bind result: error %d (%s) errno %d
(%s)\n",
+ rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
+ goto done;
+ }
+
+ /* check the result code from the bind operation */
+ if(err){
+ rc = err;
+ slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+ "Error: could not bind id "
+ "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
+ bindid ? bindid : "(anon)",
+ mech ? mech : "SIMPLE",
+ rc, ldap_err2string(rc), errno,
slapd_system_strerror(errno));
+ goto done;
+ }
/* parse the bind result and get the ldap error code */
if ((rc = ldap_parse_sasl_bind_result(ld, result, &servercredp,