#399 slapi_ldap_bind() doesn't check bind results
Closed: Fixed None Opened 6 years ago by nkinder.

The slapi_ldap_bind() function does not properly check the bind operation results. It currently only calls ldap_parse_result() if returnedctrls was passed in by the caller. We need to call ldap_parse_result() even if we don't need to get the returned controls, as it's how we get the LDAP response code for the BIND operation. With the current code, slapi_ldap_bind() will end up returning 0 for a failed BIND operation if returnedctrls is not passed in.


In both openldap and mozldap it is safe to pass a NULL for the serverctrls parameter to ldap_parse_result. So code that does this:
{{{
if (returnedctrls) {
if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL,
NULL, returnedctrls,
0)) != LDAP_SUCCESS) {
/ handle error /
}
}
}}}
can just do this instead
{{{
if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL,
NULL, returnedctrls,
0)) != LDAP_SUCCESS) {
/ handle error /
}
}}}
There is no need to check for returnedctrls == NULL.

Also note that the return value of ldap_parse_result() is the same as the errcodep parameter - it is the ldap error code returned by the server.

git merge ticket399
Updating a97f705..f43ed1d
Fast-forward
ldap/servers/slapd/ldaputil.c | 37 ++++++++++++++++++++++---------------
1 files changed, 22 insertions(+), 15 deletions(-)

git push origin master
Counting objects: 11, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 1.06 KiB, done.
Total 6 (delta 4), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
a97f705..f43ed1d master -> master

branch 389-ds-base-1.2.11
commit changeset:f43ed1d/389-ds-base
Author: Mark Reynolds mreynolds@redhat.com
Date: Fri Jun 29 13:46:45 2012 -0400

Added initial screened field value.

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.2.11.8

2 years ago

Login to comment on this ticket.

Metadata