diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-08-18 12:57:43 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-08-24 12:43:09 -0400 |
commit | 266e86ae3dacf9bcb73e9b9b1c7deb7bccbcae2c (patch) | |
tree | 4bf69b702a1c3c515e08fcf467ac27376be76eb8 /src/providers | |
parent | d015bbda295ad323fcd24ec34612b891af61b8f4 (diff) | |
download | sssd-266e86ae3dacf9bcb73e9b9b1c7deb7bccbcae2c.tar.gz sssd-266e86ae3dacf9bcb73e9b9b1c7deb7bccbcae2c.tar.xz sssd-266e86ae3dacf9bcb73e9b9b1c7deb7bccbcae2c.zip |
Treat a zero-length password as a failure
Some LDAP servers allow binding with blank passwords. We should
not allow a blank password to authenticate the SSSD.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/ldap_auth.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 533db8e22..d01449262 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -511,6 +511,13 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx, req = tevent_req_create(memctx, &state, struct auth_state); if (!req) return NULL; + /* Treat a zero-length password as a failure */ + if (password.length == 0) { + state->result = SDAP_AUTH_FAILED; + tevent_req_done(req); + return tevent_req_post(req, ev); + } + state->ev = ev; state->ctx = ctx; state->username = username; |