diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-08 16:51:18 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-11 16:16:16 +0100 |
commit | 4e9506ea508108c00a20f35756eb36b93ec2232d (patch) | |
tree | e4800da6ba404c582aff60f7fbbb524900e54024 /src | |
parent | 4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 (diff) | |
download | sssd-4e9506ea508108c00a20f35756eb36b93ec2232d.tar.gz sssd-4e9506ea508108c00a20f35756eb36b93ec2232d.tar.bz2 sssd-4e9506ea508108c00a20f35756eb36b93ec2232d.zip |
LDAP: Check for authtok validity
The default authtok type in the LDAP provider (unlike the new IPA and AD
providers) is "password". This oddity dates back to when password was
the only supported authtok type in the SSSD, so configuration specifying
only the password and bind DN was valid.
We need to check the authtok validity as well before attempting to use
it.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 20f282e3..b673daf6 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1628,15 +1628,17 @@ static void sdap_cli_auth_step(struct tevent_req *req) tevent_req_error(req, EINVAL); return; } + authtok_blob = dp_opt_get_blob(state->opts->basic, SDAP_DEFAULT_AUTHTOK); - - ret = sss_authtok_set_password(state, &authtok, - (const char *)authtok_blob.data, - authtok_blob.length); - if (ret) { - tevent_req_error(req, ret); - return; + if (authtok_blob.data) { + ret = sss_authtok_set_password(state, &authtok, + (const char *)authtok_blob.data, + authtok_blob.length); + if (ret) { + tevent_req_error(req, ret); + return; + } } } |