From bc1c25214fa599698aadcb72f6765542b286a02a Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 29 Jun 2012 13:46:45 -0400
Subject: [PATCH] Ticket 399 - slapi_ldap_bind() doesn't check bind results

Bug Description:  There are two issues here.  One, we were not calling ldap_parse_result()
                  for SIMPLE binds.  Two, we were overwriting the error code, with the
                  function result code.

Fix Description:  Always call ldap_parse_result, and use a separate error code variable to
                  preserve the actual result code from the bind operation.

https://fedorahosted.org/389/ticket/399

Reviewed by: ?
---
 ldap/servers/slapd/ldaputil.c |   37 ++++++++++++++++++++++---------------
 1 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index fd4e93f..aaca1af 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -995,6 +995,7 @@ slapi_ldap_bind(
 )
 {
     int rc = LDAP_SUCCESS;
+    int err;
     LDAPControl **clientctrls = NULL;
     int secure = 0;
     struct berval bvcreds = {0, NULL};
@@ -1115,21 +1116,27 @@ slapi_ldap_bind(
 				mech ? mech : "SIMPLE");
 		goto done;
 	    }
-	    /* if we got here, we were able to read success result */
-	    /* Get the controls sent by the server if requested */
-	    if (returnedctrls) {
-                if ((rc = ldap_parse_result(ld, result, &rc, NULL, NULL,
-					    NULL, returnedctrls,
-					    0)) != LDAP_SUCCESS) {
-		    slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
-				    "Error: could not bind id "
-				    "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
-				    bindid ? bindid : "(anon)",
-				    mech ? mech : "SIMPLE",
-				    rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
-		    goto done;
-		}
-	    }
+        /* if we got here, we were able to read success result */
+        /* Get the controls sent by the server if requested */
+        if ((rc = ldap_parse_result(ld, result, &err, NULL, NULL,
+                      NULL, returnedctrls, 0)) != LDAP_SUCCESS) {
+            slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+                "Error: could not parse bind result: error %d (%s) errno %d (%s)\n",
+                rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
+            goto done;
+        }
+
+        /* check the result code from the bind operation */
+        if(err){
+            rc = err;
+            slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
+                            "Error: could not bind id "
+                            "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
+                            bindid ? bindid : "(anon)",
+                            mech ? mech : "SIMPLE",
+                            rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
+            goto done;
+        }
 
 	    /* parse the bind result and get the ldap error code */
 	    if ((rc = ldap_parse_sasl_bind_result(ld, result, &servercredp,
-- 
1.7.1