From 4e9506ea508108c00a20f35756eb36b93ec2232d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 8 Feb 2013 16:51:18 +0100
Subject: LDAP: Check for authtok validity

The default authtok type in the LDAP provider (unlike the new IPA and AD
providers) is "password". This oddity dates back to when password was
the only supported authtok type in the SSSD, so configuration specifying
only the password and bind DN was valid.

We need to check the authtok validity as well before attempting to use
it.
---
 src/providers/ldap/sdap_async_connection.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'src/providers')

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 20f282e3d..b673daf6e 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -1628,15 +1628,17 @@ static void sdap_cli_auth_step(struct tevent_req *req)
             tevent_req_error(req, EINVAL);
             return;
         }
+
         authtok_blob = dp_opt_get_blob(state->opts->basic,
                                        SDAP_DEFAULT_AUTHTOK);
-
-        ret = sss_authtok_set_password(state, &authtok,
-                                       (const char *)authtok_blob.data,
-                                       authtok_blob.length);
-        if (ret) {
-            tevent_req_error(req, ret);
-            return;
+        if (authtok_blob.data) {
+            ret = sss_authtok_set_password(state, &authtok,
+                                        (const char *)authtok_blob.data,
+                                        authtok_blob.length);
+            if (ret) {
+                tevent_req_error(req, ret);
+                return;
+            }
         }
     }
 
-- 
cgit