Skip to content

ldap: support empty username and password#22196

Open
jay wants to merge 2 commits into
curl:masterfrom
jay:ldap_allow_empty_userpass
Open

ldap: support empty username and password#22196
jay wants to merge 2 commits into
curl:masterfrom
jay:ldap_allow_empty_userpass

Conversation

@jay

@jay jay commented Jun 26, 2026

Copy link
Copy Markdown
Member

Prior to this change an empty username or password was passed to the LDAP bind function as NULL instead of an empty string.

Regression since 8f71d0f.

Reported-by: Yoshiro Yoneya

Fixes #22162
Closes #xxxx

Prior to this change an empty username or password was passed to the
LDAP bind function as NULL instead of an empty string.

Regression since 8f71d0f.

Reported-by: Yoshiro Yoneya

Fixes curl#22162
Closes #xxxx
@jay

jay commented Jun 26, 2026

Copy link
Copy Markdown
Member Author

I'm not entirely sure my use of Curl_creds_user/passwd was correct because if credentials doesn't exist then an empty username and password would be used. But if there are no credentials, then the user didn't specify an empty user pass right?

curl/lib/creds.h

Lines 80 to 81 in 68720b4

#define Curl_creds_user(c) ((c) ? (c)->user : "")
#define Curl_creds_passwd(c) ((c) ? (c)->passwd : "")

To really get the old behavior there doesn't seem to be a macro for that, so I'm changing my proposal:

diff --git a/lib/ldap.c b/lib/ldap.c
index e385245..ae12727 100644
--- a/lib/ldap.c
+++ b/lib/ldap.c
@@ -282,8 +282,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done)
 #else
   char *host = NULL;
 #endif
-  const char *user = Curl_creds_user(data->state.creds);
-  const char *passwd = Curl_creds_passwd(data->state.creds);
+  const char *user = data->state.creds ? data->state.creds->user : NULL;
+  const char *passwd = data->state.creds ? data->state.creds->passwd : NULL;
   struct ip_quadruple ipquad;
   bool is_ipv6;
   BerElement *ber = NULL;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Development

Successfully merging this pull request may close these issues.

can't specify empty username/password to ldap server

1 participant