From d15490deb59ccd011faceb7a85ea6f3689803dd9 Mon Sep 17 00:00:00 2001
From: Marco Bettini <marco.bettini@open-xchange.com>
Date: Wed, 17 Jul 2024 12:25:22 +0000
Subject: [PATCH] auth: ldap - Replace deprecated ldap_result2error() with
 ldap_parse_result()

---
 src/auth/db-ldap.c     | 20 ++++++++++++++++----
 src/auth/passdb-ldap.c |  7 +++++--
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 36d572ab24..ca5ef03a73 100644
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -377,12 +377,20 @@ static int db_ldap_connect_finish(struct ldap_connection *conn, int ret)
 static void db_ldap_default_bind_finished(struct ldap_connection *conn,
 					  struct db_ldap_result *res)
 {
-	int ret;
-
 	i_assert(conn->pending_count == 0);
 	conn->default_bind_msgid = -1;
 
-	ret = ldap_result2error(conn->ld, res->msg, FALSE);
+	int result;
+	int ret = ldap_parse_result(conn->ld, res->msg, &result,
+				    NULL, NULL, NULL, NULL, FALSE);
+	/* ldap_parse_result() itself can fail client-side.
+	   In that case ret already contains our error code... */
+	if (ret == LDAP_SUCCESS) {
+		/* ... on the other hand, the result of a successful parsing
+		   can be itself a server-side error, whose error-code is
+		   stored in result. Pass it into ret and handle it as well. */
+		ret = result;
+	}
 	if (db_ldap_connect_finish(conn, ret) < 0) {
 		/* lost connection, close it */
 		db_ldap_conn_close(conn);
@@ -508,7 +516,11 @@ db_ldap_handle_request_result(struct ldap_connection *conn,
 		final_result = FALSE;
 	} else {
 		final_result = TRUE;
-		ret = ldap_result2error(conn->ld, res->msg, 0);
+		int result;
+		ret = ldap_parse_result(conn->ld, res->msg, &result,
+					NULL, NULL, NULL, NULL, FALSE);
+		if (ret == LDAP_SUCCESS)
+			ret = result;
 	}
 	/* LDAP_NO_SUCH_OBJECT is returned for nonexistent base */
 	if (ret != LDAP_SUCCESS && ret != LDAP_NO_SUCH_OBJECT &&
diff --git a/src/auth/passdb-ldap.c b/src/auth/passdb-ldap.c
index 4d13b7c77f..db2d94a9aa 100644
--- a/src/auth/passdb-ldap.c
+++ b/src/auth/passdb-ldap.c
@@ -142,12 +142,15 @@ ldap_auth_bind_callback(struct ldap_connection *conn,
 		(struct passdb_ldap_request *)ldap_request;
 	struct auth_request *auth_request = ldap_request->auth_request;
 	enum passdb_result passdb_result;
-	int ret;
 
 	passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
 
 	if (res != NULL) {
-		ret = ldap_result2error(conn->ld, res, 0);
+		int result;
+		int ret = ldap_parse_result(conn->ld, res, &result,
+					    NULL, NULL, NULL, NULL, FALSE);
+		if (ret == LDAP_SUCCESS)
+			ret = result;
 		if (ret == LDAP_SUCCESS)
 			passdb_result = PASSDB_RESULT_OK;
 		else if (ret == LDAP_INVALID_CREDENTIALS) {
-- 
2.47.3