Blame SOURCES/0018-Also-extract-policy-controls-on-BIND-failure.patch

09a3f6
From e5a7c13c7aa70ebe59764761020fc509dd0ec33a Mon Sep 17 00:00:00 2001
09a3f6
From: Arthur de Jong <arthur@arthurdejong.org>
09a3f6
Date: Sun, 4 May 2014 23:16:03 +0200
09a3f6
Subject: [PATCH 18/23] Also extract policy controls on BIND failure
09a3f6
09a3f6
This ensures that controls returned by an LDAP server as part of a
09a3f6
failed BIND operation are also returned. This makes it possible to
09a3f6
distinguish between a wrong password and an expired password.
09a3f6
09a3f6
This also only logs the BIND operation result on DEBUG level (the error
09a3f6
is logged later on).
09a3f6
09a3f6
(cherry picked from commit ca36a50143eb38c9040c2567172b9bfb9dba1838)
09a3f6
---
09a3f6
 nslcd/myldap.c | 19 +++++++++----------
09a3f6
 1 file changed, 9 insertions(+), 10 deletions(-)
09a3f6
09a3f6
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
09a3f6
index 9f6b4b0..e33296f 100644
09a3f6
--- a/nslcd/myldap.c
09a3f6
+++ b/nslcd/myldap.c
09a3f6
@@ -565,7 +565,7 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri)
09a3f6
       ldap_msgfree(result);
09a3f6
     return LDAP_TIMEOUT;
09a3f6
   }
09a3f6
-  /* parse the result from the bind operation (frees result, get controls) */
09a3f6
+  /* parse the result from the bind operation (frees result, gets controls) */
09a3f6
   responsectrls = NULL;
09a3f6
   parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, &responsectrls, 1);
09a3f6
   if (parserc != LDAP_SUCCESS)
09a3f6
@@ -575,20 +575,19 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri)
09a3f6
       ldap_controls_free(responsectrls);
09a3f6
     return parserc;
09a3f6
   }
09a3f6
-  if (rc != LDAP_SUCCESS)
09a3f6
-  {
09a3f6
-    myldap_err(LOG_ERR, ld, rc, "ldap_parse_result() failed");
09a3f6
-    if (responsectrls != NULL)
09a3f6
-      ldap_controls_free(responsectrls);
09a3f6
-    return rc;
09a3f6
-  }
09a3f6
-  /* check the returned controls */
09a3f6
+  /* handle any returned controls */
09a3f6
   if (responsectrls != NULL)
09a3f6
   {
09a3f6
     handle_ppasswd_controls(session, ld, responsectrls);
09a3f6
-    /* free controls */
09a3f6
     ldap_controls_free(responsectrls);
09a3f6
   }
09a3f6
+  /* return the result of the BIND operation */
09a3f6
+  if (rc != LDAP_SUCCESS)
09a3f6
+  {
09a3f6
+    myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result");
09a3f6
+    return rc;
09a3f6
+  }
09a3f6
+  /* check the returned controls */
09a3f6
   return LDAP_SUCCESS;
09a3f6
 }
09a3f6
 #endif /* no SASL, so no ppolicy */
09a3f6
-- 
09a3f6
2.20.1
09a3f6