summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOndrej Kos <okos@redhat.com>2013-07-17 13:42:57 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-07-18 16:06:07 +0200
commit5359c2ce8d562353f01940ed19e41c584e89f245 (patch)
tree3287d080dd0a3fb21811d700ea53af49022cdc00
parent1040b33d3ddc361b821a689162f66727fca6709d (diff)
downloadsssd-5359c2ce8d562353f01940ed19e41c584e89f245.tar.gz
sssd-5359c2ce8d562353f01940ed19e41c584e89f245.tar.xz
sssd-5359c2ce8d562353f01940ed19e41c584e89f245.zip
KRB: Handle empty password gracefully
https://fedorahosted.org/sssd/ticket/1814 Return authentication error when empty password is passed.
Diffstat
-rw-r--r--src/providers/krb5/krb5_auth.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 22495f570..4c2fe0f24 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -495,6 +495,17 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
case SSS_PAM_AUTHENTICATE:
case SSS_PAM_CHAUTHTOK:
if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) {
+ /* handle empty password gracefully */
+ if (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_EMPTY) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Illegal zero-length authtok for user [%s]\n",
+ pd->user));
+ state->pam_status = PAM_AUTH_ERR;
+ state->dp_err = DP_ERR_OK;
+ ret = EOK;
+ goto done;
+ }
+
DEBUG(SSSDBG_CRIT_FAILURE,
("Wrong authtok type for user [%s]. " \
"Expected [%d], got [%d]\n", pd->user,
generated by cgit (git 2.34.1) at 2024-04-24 18:52:02 +0000