[Fedora-directory-commits] ldapserver/ldap/servers/plugins/pam_passthru pam_ptimpl.c, 1.8, 1.9

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Tue Oct 10 16:31:04 UTC 2006


Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5948

Modified Files:
	pam_ptimpl.c 
Log Message:
Bug(s) fixed: 210120
Bug Description: PAM passthru plugin causes directory server to crash
Reviewed by: nhosoi (Thanks!)
Fix Description: If the DN given in the BIND request is bogus i.e. not a valid DN (at least not one that ldap_explode_dn can parse), we should just skip the PAM processing and just report a reasonable error to the client.  Similarly, if the map method says to lookup the pam ID from the bind DN entry, and the entry cannot be found, just report an error and skip pam processing.
Platforms tested: FC5
Flag Day: no
Doc impact: no 



Index: pam_ptimpl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- pam_ptimpl.c	15 Jul 2005 18:13:28 -0000	1.8
+++ pam_ptimpl.c	10 Oct 2006 16:31:01 -0000	1.9
@@ -272,6 +272,13 @@
 		init_my_str_buf(&pam_id, binddn);
 	}
 
+	if (!pam_id.str) {
+		errmsg = PR_smprintf("Bind DN [%s] is invalid or not found",
+							 escape_string(binddn, buf));
+		retcode = LDAP_NO_SUCH_OBJECT; /* user unknown */
+		goto done; /* skip the pam stuff */
+	}
+
 	/* do the pam stuff */
 	my_data.pb = pb;
 	my_data.pam_identity = pam_id.str;
@@ -361,6 +368,7 @@
 	slapi_unlock_mutex(PAMLock);
 	/* not in critical section any more */
 
+done:
 	delete_my_str_buf(&pam_id);
 
 	if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) {




More information about the Fedora-directory-commits mailing list