From: Pierangelo Masarati Date: Sat, 20 Dec 2008 22:34:00 +0000 (+0000) Subject: check validity of idassert-bind line (ITS#5863) X-Git-Tag: ACLCHECK_0~1022 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=fb9128cdc8a9f142d77ec3b8024d5a2460f1bcf3;p=openldap check validity of idassert-bind line (ITS#5863) --- diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c index c7771b0062..ac59a3e61d 100644 --- a/servers/slapd/back-ldap/bind.c +++ b/servers/slapd/back-ldap/bind.c @@ -2206,7 +2206,9 @@ ldap_back_proxy_authz_bind( * so that referral chasing is attempted using the right * identity */ LDAP_BACK_CONN_ISBOUND_SET( lc ); - ber_bvreplace( &lc->lc_bound_ndn, binddn ); + if ( !BER_BVISNULL( binddn ) ) { + ber_bvreplace( &lc->lc_bound_ndn, binddn ); + } if ( !BER_BVISNULL( &lc->lc_cred ) ) { memset( lc->lc_cred.bv_val, 0, @@ -2214,8 +2216,10 @@ ldap_back_proxy_authz_bind( } if ( LDAP_BACK_SAVECRED( li ) ) { - ber_bvreplace( &lc->lc_cred, bindcred ); - ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc ); + if ( !BER_BVISNULL( bindcred ) ) { + ber_bvreplace( &lc->lc_cred, bindcred ); + ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc ); + } } else { lc->lc_cred.bv_len = 0; diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c index 8800821ddd..6abd02a320 100644 --- a/servers/slapd/back-ldap/config.c +++ b/servers/slapd/back-ldap/config.c @@ -743,6 +743,19 @@ slap_idassert_parse( ConfigArgs *c, slap_idassert_t *si ) return 1; } } + + if ( si->si_bc.sb_method == LDAP_AUTH_SIMPLE ) { + if ( BER_BVISNULL( &si->si_bc.sb_binddn ) + || BER_BVISNULL( &si->si_bc.sb_cred ) ) + { + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "\"idassert-bind \": " + "SIMPLE needs \"binddn\" and \"credentials\"" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 ); + return 1; + } + } + bindconf_tls_defaults( &si->si_bc ); return 0;