[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon Fix ldap: ldap_sasl_bind_...

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/1f46597c5bca
branches:  trunk
changeset: 946402:1f46597c5bca
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Wed Nov 25 16:41:39 2020 +0000

description:
Fix ldap: ldap_sasl_bind_s() doens't like a NULL struct berval *, pass
a pointer to a zero'd struct instead.
While there use LDAP_SASL_SIMPLE instead of NULL for mechanism,
and check return of ldap_set_option().

diffstat:

 crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c |  20 ++++++++++++++------
 1 files changed, 14 insertions(+), 6 deletions(-)

diffs (46 lines):

diff -r 14639174e46f -r 1f46597c5bca crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 15:31:15 2020 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c Wed Nov 25 16:41:39 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_xauth.c,v 1.30 2018/05/19 20:14:56 maxv Exp $   */
+/*     $NetBSD: isakmp_xauth.c,v 1.31 2020/11/25 16:41:39 bouyer Exp $ */
 
 /* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
 
@@ -917,9 +917,15 @@
        }
 
        /* initialize the protocol version */
-       ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
-               &xauth_ldap_config.pver);
-
+       if ((res = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
+               &xauth_ldap_config.pver)) != LDAP_OPT_SUCCESS) {
+               plog(LLV_ERROR, LOCATION, NULL,
+                       "LDAP_OPT_PROTOCOL_VERSION %s failed: %s\n",
+                       xauth_ldap_config.pver,
+                       ldap_err2string(res));
+               goto ldap_end;
+       }
+               
        /* Enable TLS */
        if (xauth_ldap_config.tls) {
                res = ldap_start_tls_s(ld, NULL, NULL);
@@ -943,13 +949,15 @@
                cred.bv_val = xauth_ldap_config.bind_pw->v;
                cred.bv_len = strlen( cred.bv_val );
                res = ldap_sasl_bind_s(ld,
-                       xauth_ldap_config.bind_dn->v, NULL, &cred,
+                       xauth_ldap_config.bind_dn->v, LDAP_SASL_SIMPLE, &cred,
                        NULL, NULL, NULL);
        }
        else
        {
+               cred.bv_val = NULL;
+               cred.bv_len = 0;
                res = ldap_sasl_bind_s(ld,
-                       NULL, NULL, NULL,
+                       NULL, LDAP_SASL_SIMPLE, &cred,
                        NULL, NULL, NULL);
        }