Bug(s) fixed: 210120

Bug Description: PAM passthru plugin causes directory server to crash
Reviewed by: nhosoi (Thanks!)
Fix Description: If the DN given in the BIND request is bogus i.e. not a valid DN (at least not one that ldap_explode_dn can parse), we should just skip the PAM processing and just report a reasonable error to the client.  Similarly, if the map method says to lookup the pam ID from the bind DN entry, and the entry cannot be found, just report an error and skip pam processing.
Platforms tested: FC5
Flag Day: no
Doc impact: no

1 files changed, 8 insertions, 0 deletions

diff --git a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
index 232ce3c4..1a3ce4a6 100644
--- a/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
+++ b/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
@@ -272,6 +272,13 @@ do_one_pam_auth(
 		init_my_str_buf(&pam_id, binddn);
 	}
 
+	if (!pam_id.str) {
+		errmsg = PR_smprintf("Bind DN [%s] is invalid or not found",
+							 escape_string(binddn, buf));
+		retcode = LDAP_NO_SUCH_OBJECT; /* user unknown */
+		goto done; /* skip the pam stuff */
+	}
+
 	/* do the pam stuff */
 	my_data.pb = pb;
 	my_data.pam_identity = pam_id.str;
@@ -361,6 +368,7 @@ do_one_pam_auth(
 	slapi_unlock_mutex(PAMLock);
 	/* not in critical section any more */
 
+done:
 	delete_my_str_buf(&pam_id);
 
 	if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) {