Red Hat Bugzilla – Bug 232377
PAM passthru ENTRY method not working
Last modified: 2015-12-07 11:55:19 EST
The PAM passthru ENTRY method does not work.
Created attachment 150138 [details]
Looks good to me.
Created attachment 150148 [details]
cvs commit log
Reviewed by: prowley (Thanks!)
Files: see diff
Fix Description: There are several problems.
1) For the ENTRY method to perform the internal search to get the entry for the
bind DN, it must have a component ID (aka plugin identity). The code was
already there to get/set it, but it was never initialized in the init function.
2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will
erase the knowledge that the Slapi_DN was allocated with malloc and it will not
free it in slapi_sdn_free().
3) People may assume they can specify a subtree (e.g.
ou=people,dc=example,dc=com) instead of a suffix for the list of
included/excluded suffixes. The error message will not print a list of valid
suffixes for the admin to use.
4) slapi_be_exist was failing because the database does not notify the mapping
tree code that the backend is started during startup. This works fine under
normal conditions because most all of the code in mapping_tree.c will lookup
the backend if the mtn_be pointer in the mapping tree node is NULL. However,
slapi_be_exist and slapi_be_select do not do this. The proper solution is to
call slapi_mtn_be_started() at database startup time. This is the same thing
that happens when a backend is added at runtime.
Platforms tested: FC6
Flag Day: no
Doc impact: no
PAM passthrough startup Tests PASS : 100% (13/13)
PAM passthrough run Tests PASS : 100% (9/9)
PAM passthrough cleanup Tests PASS : 100% (5/5)
hence marking Verified -sanity only.