Hi, all:
In reading OpenLDAP code related to SASL binding, I found the following snippet: ======================================== int ldap_sasl_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *mechanism, struct berval *cred, LDAPControl **sctrls, LDAPControl **cctrls, int *msgidp ) { ... if( mechanism == LDAP_SASL_SIMPLE ) { /* simple bind */ rc = ber_printf( ber, "{it{istON}" /*}*/, id, LDAP_REQ_BIND, ld->ld_version, dn, LDAP_AUTH_SIMPLE, cred ); } else if ( cred == NULL || cred->bv_val == NULL ) { /* SASL bind w/o credentials */ rc = ber_printf( ber, "{it{ist{sN}N}" /*}*/, id, LDAP_REQ_BIND, ld->ld_version, dn, LDAP_AUTH_SASL, mechanism );
} else { /* SASL bind w/ credentials */ rc = ber_printf( ber, "{it{ist{sON}N}" /*}*/, id, LDAP_REQ_BIND, ld->ld_version, dn, LDAP_AUTH_SASL, mechanism, cred ); } ... } ======================================== Just wanna know that if I remove the condition "|| cred->bv_val == NULL" in the "else if" brance, what will happen?
Anyone can tell me why this condition was added? What bug did it fix? My guess is that if it is removed, then the network trace will display some packet marked with "Malformed Packet", but the binding result should be the same.
Still, I need some confirmation from your guys.
P.S. Shouldn't another condtion, say, "|| cred->bv_len == 0" be added into the "else if" brance as well?
Thanks, Xu Qiang