diff options
author | Arthur de Jong <arthur@arthurdejong.org> | 2014-05-04 23:16:03 +0200 |
---|---|---|
committer | Arthur de Jong <arthur@arthurdejong.org> | 2014-05-04 23:28:34 +0200 |
commit | ca36a50143eb38c9040c2567172b9bfb9dba1838 (patch) | |
tree | 194bb18097d60f2f3d7e7dc7652e2e6bfe1e3f71 | |
parent | d6163e23de9dfe4490c9b06d52e91dc0eb71aec9 (diff) |
Also extract policy controls on BIND failure
This ensures that controls returned by an LDAP server as part of a
failed BIND operation are also returned. This makes it possible to
distinguish between a wrong password and an expired password.
This also only logs the BIND operation result on DEBUG level (the error
is logged later on).
-rw-r--r-- | nslcd/myldap.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/nslcd/myldap.c b/nslcd/myldap.c index 53f5b97..78968ae 100644 --- a/nslcd/myldap.c +++ b/nslcd/myldap.c @@ -566,7 +566,7 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri) ldap_msgfree(result); return LDAP_TIMEOUT; } - /* parse the result from the bind operation (frees result, get controls) */ + /* parse the result from the bind operation (frees result, gets controls) */ responsectrls = NULL; parserc = ldap_parse_result(ld, result, &rc, NULL, NULL, NULL, &responsectrls, 1); if (parserc != LDAP_SUCCESS) @@ -576,20 +576,19 @@ static int do_ppolicy_bind(MYLDAP_SESSION *session, LDAP *ld, const char *uri) ldap_controls_free(responsectrls); return parserc; } - if (rc != LDAP_SUCCESS) - { - myldap_err(LOG_ERR, ld, rc, "ldap_parse_result() failed"); - if (responsectrls != NULL) - ldap_controls_free(responsectrls); - return rc; - } - /* check the returned controls */ + /* handle any returned controls */ if (responsectrls != NULL) { handle_ppasswd_controls(session, ld, responsectrls); - /* free controls */ ldap_controls_free(responsectrls); } + /* return the result of the BIND operation */ + if (rc != LDAP_SUCCESS) + { + myldap_err(LOG_DEBUG, ld, rc, "ldap_parse_result() result"); + return rc; + } + /* check the returned controls */ return LDAP_SUCCESS; } #endif /* no SASL, so no ppolicy */ |