From e5a7c13c7aa70ebe59764761020fc509dd0ec33a Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Sun, 4 May 2014 23:16:03 +0200
Subject: [PATCH 18/23] Also extract policy controls on BIND failure
This ensures that controls returned by an LDAP server as part of a
failed BIND operation are also returned. This makes it possible to
distinguish between a wrong password and an expired password.
This also only logs the BIND operation result on DEBUG level (the error
is logged later on).
(cherry picked from commit ca36a50143eb38c9040c2567172b9bfb9dba1838)
---
nslcd/myldap.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/nslcd/myldap.c b/nslcd/myldap.c
index 9f6b4b0..e33296f 100644
--- a/nslcd/myldap.c
+++ b/nslcd/myldap.c
@@ -565,7 +565,7 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri)
ldap_msgfree(result);
return LDAP_TIMEOUT;
}
- /* parse the result from the bind operation (frees result, get controls) */
+ /* parse the result from the bind operation (frees result, gets controls) */
responsectrls = NULL;
parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, &responsectrls, 1);
if (parserc != LDAP_SUCCESS)
@@ -575,20 +575,19 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri)
ldap_controls_free(responsectrls);
return parserc;
}
- if (rc != LDAP_SUCCESS)
- {
- myldap_err(LOG_ERR, ld, rc, "ldap_parse_result() failed");
- if (responsectrls != NULL)
- ldap_controls_free(responsectrls);
- return rc;
- }
- /* check the returned controls */
+ /* handle any returned controls */
if (responsectrls != NULL)
{
handle_ppasswd_controls(session, ld, responsectrls);
- /* free controls */
ldap_controls_free(responsectrls);
}
+ /* return the result of the BIND operation */
+ if (rc != LDAP_SUCCESS)
+ {
+ myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result");
+ return rc;
+ }
+ /* check the returned controls */
return LDAP_SUCCESS;
}
#endif /* no SASL, so no ppolicy */
--
2.20.1