Bug 205907
| Summary: | slapd crashes on wrong SSHA hash value | ||
|---|---|---|---|
| Product: | [Retired] 389 | Reporter: | Radek Hladik <rhladik> |
| Component: | Security - General | Assignee: | Rich Megginson <rmeggins> |
| Status: | CLOSED DUPLICATE | QA Contact: | Orla Hegarty <ohegarty> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | ohegarty |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-09-11 01:48:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of 199321 *** Bug already CLOSED. setting screened+ flag |
Description of problem: I've inserted wrong SSHA hash value into userPassword attribute and tried to logon. Slapd crashed with nothing in error log. Version-Release number of selected component (if applicable): FDS 7.1 How reproducible: Steps to Reproduce: 1. Insert {SSHA}+bho1PL+kFecbk7OfkIg9E7K1ZVzYWx0= into userPassword attribute for any user 2. Try to log on into LDAP as that user 3. ps -ax | grep slapd Actual results: slapd crashes Expected results: slapd should reject authentication Additional info: The hash is made from secret "abcd" and hash "salt". When inserted without trailing = everything works fine (user can log in with abcd password). Error log excerpt (with maximum logging enabled via console) (tried with password "aaaaa") [10/Sep/2006:02:20:10 +0200] roles-plugin - <-- roles_is_entry_member_of_object [10/Sep/2006:02:20:10 +0200] roles-plugin - <-- roles_cache_build_nsrole [10/Sep/2006:02:20:10 +0200] roles-plugin - <-- roles_cache_listroles [10/Sep/2006:02:20:10 +0200] - <-- cos_cache_query_attr [10/Sep/2006:02:20:10 +0200] - --> cos_cache_release [10/Sep/2006:02:20:10 +0200] - <-- cos_cache_release [10/Sep/2006:02:20:10 +0200] - <-- cos_cache_vattr_get [10/Sep/2006:02:20:10 +0200] - => find_entry_internal (dn=uid=radek,ou=kralik de partment,ou=people,dc=radbook,dc=twobears,dc=cz) lock 0 [10/Sep/2006:02:20:10 +0200] - => dn2entry "uid=radek,ou=kralik department,ou=pe ople,dc=radbook,dc=twobears,dc=cz" [10/Sep/2006:02:20:10 +0200] - <= dn2entry 9475d00 [10/Sep/2006:02:20:10 +0200] - <= find_entry_internal_dn found (uid=radek,ou=kra lik department,ou=people,dc=radbook,dc=twobears,dc=cz) [10/Sep/2006:02:20:10 +0200] - => slapi_pw_find value: "aaaaa" And that is last message in error log :) I can send more info (longer error log excerpt, code to generate hash,...).