Fix anonymous binds when SASL is not used.

Reported by Landry Breuil <landry@rhaalovely.net>. FossilOrigin-Name: 23f9ea8c4491a0e4548d318253e0358cf1a7218f2d5b604ff58a17c368fc3cc5
2016-01-11 20:28:22 +00:00 · 2016-01-11 20:28:22 +00:00 · 2c4f0e59c1
commit 2c4f0e59c1
parent f5d2977981
1 changed files with 16 additions and 15 deletions
--- a/23
+++ b/23
@ -581,22 +581,24 @@ You may try connecting insecurely, or install the module and try again.\n} if $@
 		}
 	}

-	eval 'use Authen::SASL';
+	undef $@; eval 'use Authen::SASL';
 	my ( $sasl, $sasl_conn );
-	my $has_sasl = ! defined( $@ );
+	my $has_sasl = ! $@;
+	my $use_sasl = $has_sasl && $conf->{'sasl'};

-	if ( $has_sasl && $conf->{'sasl'} ) {
+	die "SASL requested, but library is not installed.  Please install Authen::SASL and try again.\n" if $conf->{'sasl'} && ! $has_sasl;
+
+	if ( $use_sasl ) {
 		my $serv = $conf->{'server'};
 		$serv =~ s!^ldap[si]?://!!;
 		$sasl = Authen::SASL->new( mechanism => $conf->{'sasl'} );
-		$sasl_conn = $sasl->client_new('ldap', $serv);
+		$sasl_conn = $sasl->client_new( 'ldap', $serv );
 	}

 	# bind with sasl
 	#
-	if ( $has_sasl && $sasl_conn ) {
-		$rv = $ldap->bind(
-			$conf->{'binddn'},
+	if ( $sasl_conn ) {
+		$rv = $ldap->bind( $conf->{'binddn'},
 			password => $conf->{'bindpass'},
 			sasl     => $sasl_conn
 		);
@ -605,8 +607,7 @@ You may try connecting insecurely, or install the module and try again.\n} if $@
 	# simple bind as an authenticated dn
 	#
 	elsif ( $conf->{'binddn'} ) {
-		$rv = $ldap->bind(
-			$conf->{'binddn'},
+		$rv = $ldap->bind( $conf->{'binddn'},
 			password => $conf->{'bindpass'}
 		);
 	}
@ -614,7 +615,7 @@ You may try connecting insecurely, or install the module and try again.\n} if $@
 	# bind anonymously
 	#
 	else {
-		$rv = $ldap->bind(sasl => $sasl_conn);
+		$rv = $sasl_conn ? $ldap->bind( sasl => $sasl_conn ) : $ldap->bind();
 	}

 	my $err = $rv->error();
@ -626,7 +627,7 @@ You may try connecting insecurely, or install the module and try again.\n} if $@

 	if ( $rv->code() ) {
 		$err .= " (try the --tls flag?)" if $err =~ /confidentiality required/i;
-		$err .= "\n" . $sasl->error() if $sasl;
+		$err .= "\n" . $sasl->error if $sasl_conn && defined( $sasl->error );
 		die "LDAP bind error: $err\n";
 	}