diff options
author | Nathan Kinder <nkinder@redhat.com> | 2010-09-08 10:31:22 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2010-09-08 10:31:22 -0700 |
commit | eed34c50e31a1b62a8185096cdbc3d7763125f3a (patch) | |
tree | 0602f2e0537ad821a74d17b8381475d25329e31e | |
parent | cd99e197f22f7a26fae930d72b507a92e06313a8 (diff) | |
download | ds-eed34c50e31a1b62a8185096cdbc3d7763125f3a.tar.gz ds-eed34c50e31a1b62a8185096cdbc3d7763125f3a.tar.xz ds-eed34c50e31a1b62a8185096cdbc3d7763125f3a.zip |
Bug 630096 - (cov#11778) check return value of ldap_parse_result
We were not checking the return value of ldap_parse_result in the
windows_check_user_password() function. The old code was a bit
unclear about setting rc when we encountered errors from
ldap_result(). It also was calling ldap_parse_result() even if
ldap_result() encountered an error. I fixed this code to be a
bit more straightforward.
-rw-r--r-- | ldap/servers/plugins/replication/windows_connection.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c index f337b944..8685f3c6 100644 --- a/ldap/servers/plugins/replication/windows_connection.c +++ b/ldap/servers/plugins/replication/windows_connection.c @@ -1808,7 +1808,8 @@ bind_and_check_pwp(Repl_Connection *conn, char * binddn, char *password) } /* Attempt to bind as a user to AD in order to see if we posess the - * most current password. Returns the LDAP return code of the bind. */ + * most current password. Returns 0 if the bind was successful, + * non-zero otherwise. */ int windows_check_user_password(Repl_Connection *conn, Slapi_DN *sdn, char *password) { @@ -1816,6 +1817,7 @@ windows_check_user_password(Repl_Connection *conn, Slapi_DN *sdn, char *password LDAPMessage *res = NULL; int rc = 0; int msgid = 0; + int parse_rc = 0; /* If we're already connected, this will just return success */ windows_conn_connect(conn); @@ -1839,8 +1841,19 @@ windows_check_user_password(Repl_Connection *conn, Slapi_DN *sdn, char *password "Error: timeout reading " "bind response for [%s]\n", binddn ? binddn : "(anon)"); + rc = -1; + } else { + parse_rc = ldap_parse_result( conn->ld, res, &rc, NULL, NULL, NULL, NULL, 1 /* Free res */); + if (parse_rc != LDAP_SUCCESS) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "Error: unable to parse " + "bind result for [%s]: " + "error %d\n", + binddn ? binddn : "(anon)", + parse_rc); + rc = -1; + } } - ldap_parse_result( conn->ld, res, &rc, NULL, NULL, NULL, NULL, 1 /* Free res */); /* rebind as the DN specified in the sync agreement */ bind_and_check_pwp(conn, conn->binddn, conn->plain); |