From: Nick Porter <nick@portercomputing.co.uk>
Date: Fri, 25 Aug 2023 14:13:27 +0000 (+0100)
Subject: SASL bind doesn't use the DN
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5834572ac74196b0ead99d2d0546a3e9abd90bff;p=thirdparty%2Ffreeradius-server.git

SASL bind doesn't use the DN
---

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index e6e478a8635..923acdc970d 100644
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -501,7 +501,6 @@ typedef struct {
 typedef struct {
 	fr_ldap_connection_t	*c;			//!< to bind.  Only used when binding as admin user.
 	char const		*mechs;			//!< SASL mechanisms to run
-	char const		*dn;			//!< to bind as.
 	char const		*identity;		//!< of the user.
 	char const		*password;		//!< of the user, may be NULL if no password is specified.
 	char const		*proxy;			//!< Proxy identity, may be NULL in which case identity is used.
@@ -908,7 +907,6 @@ int		fr_ldap_sasl_bind_auth_send(fr_ldap_sasl_ctx_t *sasl_ctx,
 int		fr_ldap_sasl_bind_auth_async(request_t *request,
 					     fr_ldap_thread_t *thread,
 					     char const *mechs,
-					     char const *dn,
 					     char const *identity,
 					     char const *password,
 					     char const *proxy, char const *realm);
diff --git a/src/lib/ldap/sasl.c b/src/lib/ldap/sasl.c
index 073f7afbce3..8faa355ca9f 100644
--- a/src/lib/ldap/sasl.c
+++ b/src/lib/ldap/sasl.c
@@ -487,7 +487,6 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(rlm_rcode_t *p_result,
  * @param[in] request		this bind relates to.
  * @param[in] thread		whose connection the bind should be performed on.
  * @param[in] mechs		SASL mechanisms to use.
- * @param[in] dn		DN to bind as.
  * @param[in] identity		Identity to bind with.
  * @param[in] password		Password to bind with.
  * @param[in] proxy		Identity to proxy.
@@ -496,7 +495,7 @@ static unlang_action_t ldap_async_sasl_bind_auth_results(rlm_rcode_t *p_result,
  *	- 0 on success.
  *	- -1 on failure.
 */
-int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs, char const *dn,
+int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, char const *mechs,
 				 char const *identity, char const *password, char const *proxy, char const *realm)
 {
 	fr_ldap_bind_auth_ctx_t *bind_auth_ctx;
@@ -528,7 +527,6 @@ int fr_ldap_sasl_bind_auth_async(request_t *request, fr_ldap_thread_t *thread, c
 	talloc_set_destructor(bind_auth_ctx->sasl_ctx, _sasl_ctx_free);
 	*bind_auth_ctx->sasl_ctx = (fr_ldap_sasl_ctx_t) {
 		.mechs = mechs,
-		.dn = dn,
 		.identity = identity,
 		.password = password,
 		.proxy = proxy,
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 7131dba3c95..a7bc9ebfeec 100644
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1164,7 +1164,7 @@ static unlang_action_t mod_authenticate_resume(rlm_rcode_t *p_result, UNUSED int
 #ifdef WITH_SASL
 		ldap_auth_call_env_t *call_env = auth_ctx->call_env;
 		if (fr_ldap_sasl_bind_auth_async(request, auth_ctx->thread, call_env->user_sasl_mech.vb_strvalue,
-						 auth_ctx->dn, call_env->user_sasl_authname.vb_strvalue,
+						 call_env->user_sasl_authname.vb_strvalue,
 						 auth_ctx->password, call_env->user_sasl_proxy.vb_strvalue,
 						 call_env->user_sasl_realm.vb_strvalue) < 0) goto fail;
 #else