Fix anonymous binds when SASL is not used.
authorMahlon E. Smith <mahlon@martini.nu>
Mon, 11 Jan 2016 12:28:23 -0800
changeset 84 ef002a0b0867
parent 83 23127a91eedf
child 85 7eb0c972e515
Fix anonymous binds when SASL is not used. Reported by Landry Breuil <landry@rhaalovely.net>.
shelldap
--- a/shelldap	Tue Dec 08 00:55:48 2015 -0800
+++ b/shelldap	Mon Jan 11 12:28:23 2016 -0800
@@ -581,32 +581,33 @@
 		}
 	}
 
-	eval 'use Authen::SASL';
+	undef $@; eval 'use Authen::SASL';
 	my ( $sasl, $sasl_conn );
-	my $has_sasl = ! defined( $@ );
-
-	if ( $has_sasl && $conf->{'sasl'} ) {
+	my $has_sasl = ! $@;
+	my $use_sasl = $has_sasl && $conf->{'sasl'};
+
+	die "SASL requested, but library is not installed.  Please install Authen::SASL and try again.\n" if $conf->{'sasl'} && ! $has_sasl;
+
+	if ( $use_sasl ) {
 		my $serv = $conf->{'server'};
 		$serv =~ s!^ldap[si]?://!!;
 		$sasl = Authen::SASL->new( mechanism => $conf->{'sasl'} );
-		$sasl_conn = $sasl->client_new('ldap', $serv);
+		$sasl_conn = $sasl->client_new( 'ldap', $serv );
 	}
-	
+
 	# bind with sasl
 	#
-	if ( $has_sasl && $sasl_conn ) {
-		$rv = $ldap->bind(
-			$conf->{'binddn'},
+	if ( $sasl_conn ) {
+		$rv = $ldap->bind( $conf->{'binddn'},
 			password => $conf->{'bindpass'},
-			sasl => $sasl_conn
+			sasl     => $sasl_conn
 		);
 	}
 
 	# simple bind as an authenticated dn
 	#
 	elsif ( $conf->{'binddn'} ) {
-		$rv = $ldap->bind(
-			$conf->{'binddn'},
+		$rv = $ldap->bind( $conf->{'binddn'},
 			password => $conf->{'bindpass'}
 		);
 	}
@@ -614,19 +615,19 @@
 	# bind anonymously
 	#
 	else {
-		$rv = $ldap->bind(sasl => $sasl_conn);
+		$rv = $sasl_conn ? $ldap->bind( sasl => $sasl_conn ) : $ldap->bind();
 	}
 
 	my $err = $rv->error();
 	$self->debug(
 		"Bind as " .
-		( $conf->{'binddn'} ? $conf->{'binddn'} : 'anonymous' ) .
-		" to " . $conf->{'server'} . ": $err\n"
+			( $conf->{'binddn'} ? $conf->{'binddn'} : 'anonymous' ) .
+			" to " . $conf->{'server'} . ": $err\n"
 	);
 
 	if ( $rv->code() ) {
 		$err .= " (try the --tls flag?)" if $err =~ /confidentiality required/i;
-		$err .= "\n" . $sasl->error() if $sasl;
+		$err .= "\n" . $sasl->error if $sasl_conn && defined( $sasl->error );
 		die "LDAP bind error: $err\n";
 	}