Fix parameter passing issue. closes bug #105

[freeradius.git] / src / modules / rlm_ldap / rlm_ldap.c
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c

index cb4343c..fabe118 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -391,6 +391,18 @@ static inline void ldap_release_conn(int i, ldap_instance *inst)
         pthread_mutex_unlock(&(conns[i].mutex));
  }
  
+#ifdef NOVELL
+static inline void ldap_release_apc_conn(int i, ldap_instance *inst)
+                                    
+{
+       LDAP_CONN *conns = inst->apc_conns;
+
+       DEBUG("  [%s] ldap_release_conn: Release Id: %d", inst->xlat_name, i);
+       conns[i].locked = 0;
+       pthread_mutex_unlock(&(conns[i].mutex));
+}
+#endif
+
  /*************************************************************************
   *
   *     Function: rlm_ldap_instantiate
@@ -1640,7 +1652,7 @@ static int ldap_authorize(void *instance, REQUEST * request)
                                 if ((vp_auth_opt = paircreate(auth_opt_attr, PW_TYPE_STRING)) == NULL){
                                         radlog(L_ERR, "  [%s] Could not allocate memory. Aborting.", inst->xlat_name);
                                         ldap_msgfree(result);
-                                       ldap_release_conn(conn_id, inst->conns);
+                                       ldap_release_conn(conn_id, inst);
                                 }
                                 strcpy(vp_auth_opt->vp_strvalue, auth_option[0]);
                                 vp_auth_opt->length = strlen(auth_option[0]);
@@ -1707,7 +1719,9 @@ static int ldap_authorize(void *instance, REQUEST * request)
         */
         if (debug_flag > 1) {
                if (!pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0) &&
-                  !pairfind(request->config_items, PW_USER_PASSWORD, 0)) {
+                  !pairfind(request->config_items, PW_USER_PASSWORD, 0) &&
+                  !pairfind(request->config_items, PW_PASSWORD_WITH_HEADER, 0) &&
+                  !pairfind(request->config_items, PW_CRYPT_PASSWORD, 0)) {
                        DEBUG("WARNING: No \"known good\" password was found in LDAP.  Are you sure that the user is configured correctly?");
                }
         }
@@ -1869,7 +1883,7 @@ static int ldap_authenticate(void *instance, REQUEST * request)
                 LDAP_CONN       *conn1;
                 int auth_state = -1;
                 char            *challenge = NULL;
-               int             challenge_len = MAX_CHALLENGE_LEN;
+               size_t          challenge_len = MAX_CHALLENGE_LEN;
                 char            *state = NULL;
  
                 dattr = dict_attrbyname("eDir-APC");
@@ -2143,7 +2157,7 @@ static int ldap_postauth(void *instance, REQUEST * request)
                                                 }
  
                                                 vp_apc->vp_strvalue[0] = '3';
-                                               ldap_release_conn(conn_id, inst->apc_conns);
+                                               ldap_release_apc_conn(conn_id, inst);
                                                 return RLM_MODULE_REJECT;
                                         }
                                         conn->bound = 1;
@@ -2160,11 +2174,11 @@ static int ldap_postauth(void *instance, REQUEST * request)
                                                 ldap_memfree((void *)error_msg);
                                         }
                                         vp_apc->vp_strvalue[0] = '3';
-                                       ldap_release_conn(conn_id, inst->apc_conns);
+                                       ldap_release_apc_conn(conn_id, inst);
                                         return RLM_MODULE_REJECT;
                                 }
                                 vp_apc->vp_strvalue[0] = '3';
-                               ldap_release_conn(conn_id, inst->apc_conns);
+                               ldap_release_apc_conn(conn_id, inst);
                                 return RLM_MODULE_OK;
                         }
         }
@@ -2476,6 +2490,14 @@ static LDAP *ldap_connect(void *instance, const char *dn, const char *password,
                 }
                 break;
  
+       case LDAP_CONSTRAINT_VIOLATION:
+               DEBUG("rlm_ldap: Bind failed with constraint violation");
+               *result = RLM_MODULE_REJECT;
+               if(err != NULL){
+                       ldap_get_option(ld, LDAP_OPT_ERROR_STRING, err);
+               }
+               break;
+
         default:
                 if (inst->is_url) {
                         radlog(L_ERR,"  [%s] %s bind to %s failed %s", inst->xlat_name,