Ticket 399 - slapi_ldap_bind() doesn't check bind results

Bug Description: There are two issues here. One, we were not calling ldap_parse_result() for SIMPLE binds. Two, we were overwriting the error code, with the function result code. Fix Description: Always call ldap_parse_result, and use a separate error code variable to preserve the actual result code from the bind operation. https://fedorahosted.org/389/ticket/399 Reviewed by: nhosoi(Thanks Noriko!)
leto · Jun 29, 2012 · f43ed1d · f43ed1d
1 parent a97f705
commit f43ed1d
Showing 1 changed file with 22 additions and 15 deletions.
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
@@ -995,6 +995,7 @@ slapi_ldap_bind(
 )
 {
     int rc = LDAP_SUCCESS;
+    int err;
     LDAPControl **clientctrls = NULL;
     int secure = 0;
     struct berval bvcreds = {0, NULL};
@@ -1115,21 +1116,27 @@ slapi_ldap_bind(
 				mech ? mech : "SIMPLE");
 		goto done;
 	    }
-	    /* if we got here, we were able to read success result */
-	    /* Get the controls sent by the server if requested */
-	    if (returnedctrls) {
-                if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL,
-					    NULL, returnedctrls,
-					    0)) != LDAP_SUCCESS) {
-		    slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
-				    "Error: could not bind id "
-				    "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
-				    bindid ? bindid : "(anon)",
-				    mech ? mech : "SIMPLE",
-				    rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
-		    goto done;
-		}
-	    }
+        /* if we got here, we were able to read success result */
+        /* Get the controls sent by the server if requested */
+        if ((rc = ldap_parse_result(ld, result, &err, NULL, NULL,
+                      NULL, returnedctrls, 0)) != LDAP_SUCCESS) {
+            slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+                "Error: could not parse bind result: error %d (%s) errno %d (%s)\n",
+                rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
+            goto done;
+        }
+
+        /* check the result code from the bind operation */
+        if(err){
+            rc = err;
+            slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+                            "Error: could not bind id "
+                            "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
+                            bindid ? bindid : "(anon)",
+                            mech ? mech : "SIMPLE",
+                            rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
+            goto done;
+        }
 
 	    /* parse the bind result and get the ldap error code */
 	    if ((rc = ldap_parse_sasl_bind_result(ld, result, &servercredp,