From 4e9506ea508108c00a20f35756eb36b93ec2232d Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 8 Feb 2013 16:51:18 +0100 Subject: LDAP: Check for authtok validity The default authtok type in the LDAP provider (unlike the new IPA and AD providers) is "password". This oddity dates back to when password was the only supported authtok type in the SSSD, so configuration specifying only the password and bind DN was valid. We need to check the authtok validity as well before attempting to use it. --- src/providers/ldap/sdap_async_connection.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 20f282e3..b673daf6 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1628,15 +1628,17 @@ static void sdap_cli_auth_step(struct tevent_req *req) tevent_req_error(req, EINVAL); return; } + authtok_blob = dp_opt_get_blob(state->opts->basic, SDAP_DEFAULT_AUTHTOK); - - ret = sss_authtok_set_password(state, &authtok, - (const char *)authtok_blob.data, - authtok_blob.length); - if (ret) { - tevent_req_error(req, ret); - return; + if (authtok_blob.data) { + ret = sss_authtok_set_password(state, &authtok, + (const char *)authtok_blob.data, + authtok_blob.length); + if (ret) { + tevent_req_error(req, ret); + return; + } } } -- cgit