33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 8eeb47279a5a4559d9d7f911250d6164ab120897 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
Date: Wed, 18 Aug 2010 12:57:43 -0400
|
|
Subject: [PATCH 9/9] Treat a zero-length password as a failure
|
|
|
|
Some LDAP servers allow binding with blank passwords. We should
|
|
not allow a blank password to authenticate the SSSD.
|
|
---
|
|
src/providers/ldap/ldap_auth.c | 7 +++++++
|
|
1 files changed, 7 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
|
|
index b05e3075ce117fad17b87ffde257c80fc035b8c4..1a959d4cc45980fe5dd12db3460cc23f341466fd 100644
|
|
--- a/src/providers/ldap/ldap_auth.c
|
|
+++ b/src/providers/ldap/ldap_auth.c
|
|
@@ -557,6 +557,13 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
|
|
req = tevent_req_create(memctx, &state, struct auth_state);
|
|
if (!req) return NULL;
|
|
|
|
+ /* Treat a zero-length password as a failure */
|
|
+ if (password.length == 0) {
|
|
+ state->result = SDAP_AUTH_FAILED;
|
|
+ tevent_req_done(req);
|
|
+ return tevent_req_post(req, ev);
|
|
+ }
|
|
+
|
|
state->ev = ev;
|
|
state->ctx = ctx;
|
|
state->username = username;
|
|
--
|
|
1.7.2.1
|
|
|