Bug 232377 - PAM passthru ENTRY method not working
PAM passthru ENTRY method not working
Product: 389
Classification: Community
Component: Server - Plugins (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
Depends On:
Blocks: FDS1.1.0
  Show dependency treegraph
Reported: 2007-03-14 22:24 EDT by Rich Megginson
Modified: 2015-12-07 11:55 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-12-07 11:55:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
diffs (9.93 KB, patch)
2007-03-15 12:40 EDT, Rich Megginson
no flags Details | Diff
cvs commit log (1.16 KB, text/plain)
2007-03-15 14:22 EDT, Rich Megginson
no flags Details

  None (edit)
Description Rich Megginson 2007-03-14 22:24:56 EDT
The PAM passthru ENTRY method does not work.
Comment 1 Rich Megginson 2007-03-15 12:40:39 EDT
Created attachment 150138 [details]
Comment 2 Noriko Hosoi 2007-03-15 14:21:46 EDT
Looks good to me.
Comment 3 Rich Megginson 2007-03-15 14:22:57 EDT
Created attachment 150148 [details]
cvs commit log

Reviewed by: prowley (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: There are several problems.
1) For the ENTRY method to perform the internal search to get the entry for the
bind DN, it must have a component ID (aka plugin identity).  The code was
already there to get/set it, but it was never initialized in the init function.

2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will
erase the knowledge that the Slapi_DN was allocated with malloc and it will not
free it in slapi_sdn_free().
3) People may assume they can specify a subtree (e.g.
ou=people,dc=example,dc=com) instead of a suffix for the list of
included/excluded suffixes.  The error message will not print a list of valid
suffixes for the admin to use.
4) slapi_be_exist was failing because the database does not notify the mapping
tree code that the backend is started during startup.  This works fine under
normal conditions because most all of the code in mapping_tree.c will lookup
the backend if the mtn_be pointer in the mapping tree node is NULL.  However,
slapi_be_exist and slapi_be_select do not do this.  The proper solution is to
call slapi_mtn_be_started() at database startup time.  This is the same thing
that happens when a backend is added at runtime.
Platforms tested: FC6
Flag Day: no
Doc impact: no
Comment 6 Amita Sharma 2011-06-20 02:54:58 EDT
PAM passthrough startup Tests  PASS       : 100% (13/13)
PAM passthrough run Tests  PASS       : 100% (9/9)
 PAM passthrough cleanup Tests  PASS       : 100% (5/5)

hence marking Verified -sanity only.

Note You need to log in before you can comment on or make changes to this bug.