[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Passing a valid result to ldap_first_entry? (ITS#984)
John Morrissey wrote:
> I write mod_ldap, an LDAP authentication module for ProFTPD
> (www.proftpd.net). I received a report from a user a few days ago; he had
> filed ITS #984 and Kurt responded that it's not proper to call
> ldap_first_entry() with a NULL second argument, a result which should be
> returned by the previous call to ldap_search*().
>
> Anyway, here's my code:
>
> LDAP *ld;
> LDAPMessage *result, *e;
>
> if (ldap_search_st(ld, prefix, ldap_search_scope, filter, ldap_attrs, 0,
> &ldap_querytimeout_tp, &result) == -1) {
> /* Handle a failed search */
> }
>
> if ((e = ldap_first_entry(ld, result)) == NULL) {
> /* Handle a failed ldap_first_entry() */
> }
Your code is basically correct; what Kurt meant in
http://www.openldap.org/its/index.cgi/Incoming?id=984;user=guest;selectid=984
is that you should not rely on ldap_first_entry to trap NULL res; you
should check it before you call ldap_first_entry. The point is that
synchronous searches do NOT return -1 in case of failure; they rather
return an error code OR LDAP_SUCCESS in case everything was fine.
Your code should read:
LDAPMessage *result = NULL, *e; /* you shouldn't rely
on ldap_seach_s*
clearing the value of
res in case of failure
... */
int rc;
rc = ldap_search_st(ld, prefix, ldap_search_scope, filter, ldap_attrs, 0,
&ldap_querytimeout_tp, &result);
if ( rc != LDAP_SUCCESS /* "paranoid" || res == NULL */ ) {
/* handle failure */
}
if ((e = ldap_first_entry(ld, result)) == NULL) {
/* Handle a failed ldap_first_entry() */
}
Bye, Pierangelo.