From: Matt Benjamin <mbenjamin@redhat.com>
Date: Fri, 5 Aug 2016 14:02:03 +0000 (-0400)
Subject: rgw ldap: enforce simple_bind w/LDAPv3
X-Git-Tag: v10.2.4~99^2~2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=68788fb898118c826b136b7cd7f60265a6dfef79;p=ceph.git

rgw ldap: enforce simple_bind w/LDAPv3

Found by Harald Klein <hklein@redhat.com>.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit 08d54291435e4d1cb5e02cda3951bc6e8510b0e2)
---

diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
index a427ec46745e1..925a1550d504a 100644
--- a/src/rgw/rgw_ldap.h
+++ b/src/rgw/rgw_ldap.h
@@ -70,14 +70,22 @@ namespace rgw {
 	(void) init();
 	return bind();
       }
+      return -EINVAL;
     }
 
     int simple_bind(const char *dn, const std::string& pwd) {
       LDAP* tldap;
       int ret = ldap_initialize(&tldap, uri.c_str());
-      ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
       if (ret == LDAP_SUCCESS) {
-	(void) ldap_unbind(tldap);
+	unsigned long ldap_ver = LDAP_VERSION3;
+	ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
+			      (void*) &ldap_ver);
+	if (ret == LDAP_SUCCESS) {
+	  ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
+	  if (ret == LDAP_SUCCESS) {
+	    (void) ldap_unbind(tldap);
+	  }
+	}
       }
       return ret; // OpenLDAP client error space
     }