summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-02-08 16:51:18 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-02-11 16:16:16 +0100
commit4e9506ea508108c00a20f35756eb36b93ec2232d (patch)
treee4800da6ba404c582aff60f7fbbb524900e54024 /src/providers
parent4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 (diff)
downloadsssd-4e9506ea508108c00a20f35756eb36b93ec2232d.tar.gz
sssd-4e9506ea508108c00a20f35756eb36b93ec2232d.tar.bz2
sssd-4e9506ea508108c00a20f35756eb36b93ec2232d.zip
LDAP: Check for authtok validity
The default authtok type in the LDAP provider (unlike the new IPA and AD providers) is "password". This oddity dates back to when password was the only supported authtok type in the SSSD, so configuration specifying only the password and bind DN was valid. We need to check the authtok validity as well before attempting to use it.
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ldap/sdap_async_connection.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 20f282e3..b673daf6 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -1628,15 +1628,17 @@ static void sdap_cli_auth_step(struct tevent_req *req)
tevent_req_error(req, EINVAL);
return;
}
+
authtok_blob = dp_opt_get_blob(state->opts->basic,
SDAP_DEFAULT_AUTHTOK);
-
- ret = sss_authtok_set_password(state, &authtok,
- (const char *)authtok_blob.data,
- authtok_blob.length);
- if (ret) {
- tevent_req_error(req, ret);
- return;
+ if (authtok_blob.data) {
+ ret = sss_authtok_set_password(state, &authtok,
+ (const char *)authtok_blob.data,
+ authtok_blob.length);
+ if (ret) {
+ tevent_req_error(req, ret);
+ return;
+ }
}
}