Bug 210120
Summary: | PAM passthru plugin causes directory server to crash | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Miika Pekkarinen <miipekk> | ||||||
Component: | Server - Plugins | Assignee: | Rich Megginson <rmeggins> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 1.0.2 | CC: | amsharma, vtsuryawanshi | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-12-07 17:07:18 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 208654 | ||||||||
Attachments: |
|
Description
Miika Pekkarinen
2006-10-10 06:24:53 UTC
Created attachment 138116 [details]
Simple patch to fix the issue
Thanks! In order to accept your patch into the codebase, we need to have a signed Contributor License Agreement from you - see http://directory.fedora.redhat.com/wiki/Contributing for more details. We are just about to release Fedora DS 1.0.3 and we would really like to get this bug fix in, so please send in the CLA as soon as possible. And thanks again. Created attachment 138150 [details]
new diffs
The previous patch would fix the problem, but I think it is better to just skip
the pam processing if there is a problem with the given bind dn.
Looks good to me. Reviewed by: nhosoi (Thanks!) Files: pam_ptimpl.c Branch: HEAD Fix Description: If the DN given in the BIND request is bogus i.e. not a valid DN (at least not one that ldap_explode_dn can parse), we should just skip the PAM processing and just report a reasonable error to the client. Similarly, if the map method says to lookup the pam ID from the bind DN entry, and the entry cannot be found, just report an error and skip pam processing. Platforms tested: FC5 Flag Day: no Doc impact: no Checking in pam_ptimpl.c; /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c,v <-- pam_ptimpl.c new revision: 1.9; previous revision: 1.8 done I'm punting this because the pam_pasthrough plugin is not shipped with redhat-ds. PAM passthrough startup Tests PASS : 100% (13/13) PAM passthrough run Tests PASS : 100% (9/9) PAM passthrough cleanup Tests PASS : 100% (5/5) hence marking Verified -sanity only. |