CVS commit: src/crypto/dist/ipsec-tools/src/racoon

Wed, 25 Nov 2020 08:41:47 -0800 

Module Name:    src
Committed By:   bouyer
Date:           Wed Nov 25 16:41:39 UTC 2020

Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon: isakmp_xauth.c

Log Message:
Fix ldap: ldap_sasl_bind_s() doens't like a NULL struct berval *, pass
a pointer to a zero'd struct instead.
While there use LDAP_SASL_SIMPLE instead of NULL for mechanism,
and check return of ldap_set_option().


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 \
    src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.30 src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.31
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.30	Sat May 19 20:14:56 2018
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c	Wed Nov 25 16:41:39 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_xauth.c,v 1.30 2018/05/19 20:14:56 maxv Exp $	*/
+/*	$NetBSD: isakmp_xauth.c,v 1.31 2020/11/25 16:41:39 bouyer Exp $	*/
 
 /* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
 
@@ -917,9 +917,15 @@ xauth_login_ldap(iph1, usr, pwd)
 	}
 
 	/* initialize the protocol version */
-	ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
-		&xauth_ldap_config.pver);
-
+	if ((res = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
+		&xauth_ldap_config.pver)) != LDAP_OPT_SUCCESS) {
+		plog(LLV_ERROR, LOCATION, NULL,
+			"LDAP_OPT_PROTOCOL_VERSION %s failed: %s\n",
+			xauth_ldap_config.pver,
+			ldap_err2string(res));
+		goto ldap_end;
+	}
+		
 	/* Enable TLS */
 	if (xauth_ldap_config.tls) {
 		res = ldap_start_tls_s(ld, NULL, NULL);
@@ -943,13 +949,15 @@ xauth_login_ldap(iph1, usr, pwd)
 		cred.bv_val = xauth_ldap_config.bind_pw->v;
 		cred.bv_len = strlen( cred.bv_val );
 		res = ldap_sasl_bind_s(ld,
-			xauth_ldap_config.bind_dn->v, NULL, &cred,
+			xauth_ldap_config.bind_dn->v, LDAP_SASL_SIMPLE, &cred,
 			NULL, NULL, NULL);
 	}
 	else
 	{
+		cred.bv_val = NULL;
+		cred.bv_len = 0;
 		res = ldap_sasl_bind_s(ld,
-			NULL, NULL, NULL,
+			NULL, LDAP_SASL_SIMPLE, &cred,
 			NULL, NULL, NULL);
 	}

Reply via email to