This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 206662 - PAM passthru: ENTRY map method not working and schema incorrect
PAM passthru: ENTRY map method not working and schema incorrect
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Server - Plugins (Show other bugs)
1.0.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
:
Depends On:
Blocks: fds103trackingbug
  Show dependency treegraph
 
Reported: 2006-09-15 11:54 EDT by Rich Megginson
Modified: 2015-12-07 12:05 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 12:05:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
diffs for fix (9.59 KB, text/plain)
2006-09-15 11:54 EDT, Rich Megginson
no flags Details
new diffs (3.05 KB, text/plain)
2006-09-15 13:00 EDT, Rich Megginson
no flags Details
real new diffs (10.99 KB, text/plain)
2006-09-15 13:35 EDT, Rich Megginson
no flags Details

  None (edit)
Description Rich Megginson 2006-09-15 11:54:47 EDT
1) The ENTRY method is not working
2) The schema is not correct - pamMapMethod should be pamIDMapMethod to
correspond to the pamIDAttr attribute type.
Comment 1 Rich Megginson 2006-09-15 11:54:47 EDT
Created attachment 136369 [details]
diffs for fix
Comment 2 Rich Megginson 2006-09-15 12:12:43 EDT
Fix:
1) Rename all occurrences of pamMapMethod to pamIDMapMethod
2) The parsing code for the map method was just plain wrong - it wasn't
incrementing the pointer correctly.
3) This code: if (one == two == three == PAMPT_MAP_METHOD_NONE) - is not correct.
Comment 3 Noriko Hosoi 2006-09-15 12:41:29 EDT
Your fix looks good.

Looking into the file pam_ptconfig.c, there are two places calling
parse_map_method.  First one in pam_passthru_validate_config assign the return
value to *returncode, but it's not checking the value.  The next one in
pam_passthru_apply_config does not check the return value from parse_map_method
nor the returned theConfig.pamptconfig_map_method#...  Could they be okay?
Comment 4 Rich Megginson 2006-09-15 13:00:34 EDT
Created attachment 136376 [details]
new diffs

Thanks Noriko.	I was missing some error checking there.

For the second call to parse_map_method in pam_passthru_apply_config() - it
doesn't need checking.	This function is the DSE post op callback, and
pam_passthru_validate_config() is the DSE pre op callback.  If validate passes,
it is ok to apply the changes.	If validate fails, apply will never be called.
Comment 5 Noriko Hosoi 2006-09-15 13:30:15 EDT
internal_comp_deps.mk? ;)
Comment 6 Rich Megginson 2006-09-15 13:35:49 EDT
Created attachment 136380 [details]
real new diffs

These are the real diffs
Comment 7 Noriko Hosoi 2006-09-15 17:15:10 EDT
Looks good.
Comment 8 Rich Megginson 2006-09-15 17:22:05 EDT
Branch: HEAD
Fix Description:
1) Rename all occurrences of pamMapMethod to pamIDMapMethod
2) The parsing code for the map method was just plain wrong - it wasn't
incrementing the pointer correctly.
3) This code: if (one == two == three == PAMPT_MAP_METHOD_NONE) - is not correct.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no 

Checking in ldapserver/ldap/schema/60pam-plugin.ldif;
/cvs/dirsec/ldapserver/ldap/schema/60pam-plugin.ldif,v  <--  60pam-plugin.ldif
new revision: 1.5; previous revision: 1.4
done
Checking in ldapserver/ldap/servers/plugins/pam_passthru/README;
/cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/README,v  <--  README
new revision: 1.5; previous revision: 1.4
done
Checking in ldapserver/ldap/servers/plugins/pam_passthru/config.ldif;
/cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/config.ldif,v  <-- 
config.ldif
new revision: 1.5; previous revision: 1.4
done
Checking in ldapserver/ldap/servers/plugins/pam_passthru/pam_ptconfig.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptconfig.c,v  <--
pam_ptconfig.c
new revision: 1.7; previous revision: 1.6
done
Comment 11 Amita Sharma 2011-06-20 02:57:51 EDT
PAM passthrough startup Tests  PASS   : 100% (13/13)
PAM passthrough run Tests  PASS       : 100% (9/9)
PAM passthrough cleanup Tests  PASS   : 100% (5/5)

hence marking Verified -sanity only.

Note You need to log in before you can comment on or make changes to this bug.