diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2010-08-18 12:57:43 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-08-24 12:45:12 -0400 |
| commit | 6094a2eec52a6f4391a657fbfc519f926bd4ce21 (patch) | |
| tree | cc04dbb9e9a910984503be2c1903d36feceea965 | |
| parent | 976e5c721fc4e99c4255370108795138a9c5d99b (diff) | |
| download | sssd-1_0_7.tar.gz sssd-1_0_7.tar.xz sssd-1_0_7.zip | |
Treat a zero-length password as a failuresssd-1_0_7
Some LDAP servers allow binding with blank passwords. We should
not allow a blank password to authenticate the SSSD.
| -rw-r--r-- | server/providers/ldap/ldap_auth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/server/providers/ldap/ldap_auth.c b/server/providers/ldap/ldap_auth.c index 28b3240b3..5df4dbb43 100644 --- a/server/providers/ldap/ldap_auth.c +++ b/server/providers/ldap/ldap_auth.c @@ -458,6 +458,13 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx, req = tevent_req_create(memctx, &state, struct auth_state); if (!req) return NULL; + /* Treat a zero-length password as a failure */ + if (password.length == 0) { + state->result = SDAP_AUTH_FAILED; + tevent_req_done(req); + return tevent_req_post(req, ev); + } + state->ev = ev; state->ctx = ctx; state->username = username; |