check validity of idassert-bind line (ITS#5863)

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index c7771b006252c2a0545be0feeeb10d902074fae6..ac59a3e61d7a85963f84b21f0ec142c4bbf31f1e 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -2206,7 +2206,9 @@ ldap_back_proxy_authz_bind(
                 * so that referral chasing is attempted using the right
                 * identity */
                LDAP_BACK_CONN_ISBOUND_SET( lc );
-               ber_bvreplace( &lc->lc_bound_ndn, binddn );
+               if ( !BER_BVISNULL( binddn ) ) {
+                       ber_bvreplace( &lc->lc_bound_ndn, binddn );
+               }
 
                if ( !BER_BVISNULL( &lc->lc_cred ) ) {
                        memset( lc->lc_cred.bv_val, 0,
@@ -2214,8 +2216,10 @@ ldap_back_proxy_authz_bind(
                }
 
                if ( LDAP_BACK_SAVECRED( li ) ) {
-                       ber_bvreplace( &lc->lc_cred, bindcred );
-                       ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+                       if ( !BER_BVISNULL( bindcred ) ) {
+                               ber_bvreplace( &lc->lc_cred, bindcred );
+                               ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+                       }
 
                } else {
                        lc->lc_cred.bv_len = 0;

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 8800821ddd311990484f7ccff5ec918f4af0998b..6abd02a3208930ec0136c209fe1c195913263c33 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -743,6 +743,19 @@ slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si )
                        return 1;
                }
        }
+
+       if ( si->si_bc.sb_method == LDAP_AUTH_SIMPLE ) {
+               if ( BER_BVISNULL( &si->si_bc.sb_binddn )
+                       || BER_BVISNULL( &si->si_bc.sb_cred ) )
+               {
+                       snprintf( c->cr_msg, sizeof( c->cr_msg ),
+                               "\"idassert-bind <args>\": "
+                               "SIMPLE needs \"binddn\" and \"credentials\"" );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+                       return 1;
+               }
+       }
+
        bindconf_tls_defaults( &si->si_bc );
 
        return 0;