LDAP: Check for authtok validity

The default authtok type in the LDAP provider (unlike the new IPA and AD
providers) is "password". This oddity dates back to when password was
the only supported authtok type in the SSSD, so configuration specifying
only the password and bind DN was valid.

We need to check the authtok validity as well before attempting to use
it.

1 files changed, 9 insertions, 7 deletions

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 20f282e3d..b673daf6e 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -1628,15 +1628,17 @@ static void sdap_cli_auth_step(struct tevent_req *req)
             tevent_req_error(req, EINVAL);
             return;
         }
+
         authtok_blob = dp_opt_get_blob(state->opts->basic,
                                        SDAP_DEFAULT_AUTHTOK);
-
-        ret = sss_authtok_set_password(state, &authtok,
-                                       (const char *)authtok_blob.data,
-                                       authtok_blob.length);
-        if (ret) {
-            tevent_req_error(req, ret);
-            return;
+        if (authtok_blob.data) {
+            ret = sss_authtok_set_password(state, &authtok,
+                                        (const char *)authtok_blob.data,
+                                        authtok_blob.length);
+            if (ret) {
+                tevent_req_error(req, ret);
+                return;
+            }
         }
     }