sssd/0001-Treat-a-zero-length-password-as-a-failure.patch
2010-08-24 12:10:04 -04:00

33 lines
1.1 KiB
Diff

From 8eeb47279a5a4559d9d7f911250d6164ab120897 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 18 Aug 2010 12:57:43 -0400
Subject: [PATCH 9/9] Treat a zero-length password as a failure
Some LDAP servers allow binding with blank passwords. We should
not allow a blank password to authenticate the SSSD.
---
src/providers/ldap/ldap_auth.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index b05e3075ce117fad17b87ffde257c80fc035b8c4..1a959d4cc45980fe5dd12db3460cc23f341466fd 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -557,6 +557,13 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
req = tevent_req_create(memctx, &state, struct auth_state);
if (!req) return NULL;
+ /* Treat a zero-length password as a failure */
+ if (password.length == 0) {
+ state->result = SDAP_AUTH_FAILED;
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
state->ev = ev;
state->ctx = ctx;
state->username = username;
--
1.7.2.1