|
 |
09a3f6 |
From e5a7c13c7aa70ebe59764761020fc509dd0ec33a Mon Sep 17 00:00:00 2001
|
|
|
09a3f6 |
From: Arthur de Jong <arthur@arthurdejong.org>
|
|
|
09a3f6 |
Date: Sun, 4 May 2014 23:16:03 +0200
|
|
|
09a3f6 |
Subject: [PATCH 18/23] Also extract policy controls on BIND failure
|
|
|
09a3f6 |
|
|
|
09a3f6 |
This ensures that controls returned by an LDAP server as part of a
|
|
|
09a3f6 |
failed BIND operation are also returned. This makes it possible to
|
|
|
09a3f6 |
distinguish between a wrong password and an expired password.
|
|
|
09a3f6 |
|
|
|
09a3f6 |
This also only logs the BIND operation result on DEBUG level (the error
|
|
|
09a3f6 |
is logged later on).
|
|
|
09a3f6 |
|
|
|
09a3f6 |
(cherry picked from commit ca36a50143eb38c9040c2567172b9bfb9dba1838)
|
|
|
09a3f6 |
---
|
|
|
09a3f6 |
nslcd/myldap.c | 19 +++++++++----------
|
|
|
09a3f6 |
1 file changed, 9 insertions(+), 10 deletions(-)
|
|
|
09a3f6 |
|
|
|
09a3f6 |
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
|
|
|
09a3f6 |
index 9f6b4b0..e33296f 100644
|
|
|
09a3f6 |
--- a/nslcd/myldap.c
|
|
|
09a3f6 |
+++ b/nslcd/myldap.c
|
|
|
09a3f6 |
@@ -565,7 +565,7 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri)
|
|
|
09a3f6 |
ldap_msgfree(result);
|
|
|
09a3f6 |
return LDAP_TIMEOUT;
|
|
|
09a3f6 |
}
|
|
|
09a3f6 |
- /* parse the result from the bind operation (frees result, get controls) */
|
|
|
09a3f6 |
+ /* parse the result from the bind operation (frees result, gets controls) */
|
|
|
09a3f6 |
responsectrls = NULL;
|
|
|
09a3f6 |
parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, &responsectrls, 1);
|
|
|
09a3f6 |
if (parserc != LDAP_SUCCESS)
|
|
|
09a3f6 |
@@ -575,20 +575,19 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri)
|
|
|
09a3f6 |
ldap_controls_free(responsectrls);
|
|
|
09a3f6 |
return parserc;
|
|
|
09a3f6 |
}
|
|
|
09a3f6 |
- if (rc != LDAP_SUCCESS)
|
|
|
09a3f6 |
- {
|
|
|
09a3f6 |
- myldap_err(LOG_ERR, ld, rc, "ldap_parse_result() failed");
|
|
|
09a3f6 |
- if (responsectrls != NULL)
|
|
|
09a3f6 |
- ldap_controls_free(responsectrls);
|
|
|
09a3f6 |
- return rc;
|
|
|
09a3f6 |
- }
|
|
|
09a3f6 |
- /* check the returned controls */
|
|
|
09a3f6 |
+ /* handle any returned controls */
|
|
|
09a3f6 |
if (responsectrls != NULL)
|
|
|
09a3f6 |
{
|
|
|
09a3f6 |
handle_ppasswd_controls(session, ld, responsectrls);
|
|
|
09a3f6 |
- /* free controls */
|
|
|
09a3f6 |
ldap_controls_free(responsectrls);
|
|
|
09a3f6 |
}
|
|
|
09a3f6 |
+ /* return the result of the BIND operation */
|
|
|
09a3f6 |
+ if (rc != LDAP_SUCCESS)
|
|
|
09a3f6 |
+ {
|
|
|
09a3f6 |
+ myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result");
|
|
|
09a3f6 |
+ return rc;
|
|
|
09a3f6 |
+ }
|
|
|
09a3f6 |
+ /* check the returned controls */
|
|
|
09a3f6 |
return LDAP_SUCCESS;
|
|
|
09a3f6 |
}
|
|
|
09a3f6 |
#endif /* no SASL, so no ppolicy */
|
|
|
09a3f6 |
--
|
|
|
09a3f6 |
2.20.1
|
|
|
09a3f6 |
|