From 1ffac9bc801ce5265fc68e8994908caa1934f868 Mon Sep 17 00:00:00 2001
From: Daniel Maya <daniel.maya@pandorafms.com>
Date: Thu, 24 Nov 2022 12:07:48 +0100
Subject: [PATCH] #9894 Fixed ldap_search

---
 pandora_console/include/auth/mysql.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index 5d5cc88478..8725f0f819 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -250,9 +250,9 @@ function process_user_login_remote($login, $pass, $api=false)
 {
     global $config, $mysql_cache;
 
-    // Remote authentication
+    // Remote authentication.
     switch ($config['auth']) {
-        // LDAP
+        // LDAP.
         case 'ldap':
             $sr = ldap_process_user_login($login, $pass);
             // Try with secondary server if not login.
@@ -265,7 +265,7 @@ function process_user_login_remote($login, $pass, $api=false)
             }
         break;
 
-        // Active Directory
+        // Active Directory.
         case 'ad':
             if (enterprise_hook('ad_process_user_login', [$login, $pass]) === false) {
                 $config['auth_error'] = 'User not found in database or incorrect password';
@@ -273,7 +273,7 @@ function process_user_login_remote($login, $pass, $api=false)
             }
         break;
 
-        // Remote Pandora FMS
+        // Remote Pandora FMS.
         case 'pandora':
             if (enterprise_hook('remote_pandora_process_user_login', [$login, $pass]) === false) {
                 $config['auth_error'] = 'User not found in database or incorrect password';
@@ -281,7 +281,7 @@ function process_user_login_remote($login, $pass, $api=false)
             }
         break;
 
-        // Remote Integria
+        // Remote Integria.
         case 'integria':
             if (enterprise_hook('remote_integria_process_user_login', [$login, $pass]) === false) {
                 $config['auth_error'] = 'User not found in database or incorrect password';
@@ -289,7 +289,7 @@ function process_user_login_remote($login, $pass, $api=false)
             }
         break;
 
-        // Unknown authentication method
+        // Unknown authentication method.
         default:
             $config['auth_error'] = 'User not found in database or incorrect password';
         return false;
@@ -303,7 +303,7 @@ function process_user_login_remote($login, $pass, $api=false)
         }
     }
 
-    // Authentication ok, check if the user exists in the local database
+    // Authentication ok, check if the user exists in the local database.
     if (is_user($login)) {
         if (!user_can_login($login) && $api === false) {
             return false;
@@ -370,10 +370,10 @@ function process_user_login_remote($login, $pass, $api=false)
         return $login;
     }
 
-    // The user does not exist and can not be created
+    // The user does not exist and can not be created.
     if ($config['autocreate_remote_users'] == 0 || is_user_blacklisted($login)) {
         $config['auth_error'] = __(
-            'Ooops User not found in 
+            'Ooops User not found in
 				database or incorrect password'
         );
 
@@ -967,6 +967,12 @@ function ldap_process_user_login($login, $password, $secondary_server=false)
 
         $sr = ldap_search($ds, io_safe_output($ldap['ldap_base_dn']), $filter);
 
+        if (empty($sr) === true) {
+            $config['auth_error'] = 'ldap search failed';
+            @ldap_close($ds);
+            return false;
+        }
+
         $memberof = ldap_get_entries($ds, $sr);
 
         if ($memberof['count'] == 0 && !isset($memberof[0]['memberof'])) {