On Tue, Jul 09, 2013 at 11:15:09PM +0200, Jakub Hrozek wrote:
On Fri, Jun 28, 2013 at 02:23:01PM +0200, Lukas Slebodnik wrote:
> On (24/06/13 17:04), Ondrej Kos wrote:
> >The problem here wasn't in returned error code, but in faultly read
> >DBUS message, due to condition in sss_authtok_set_string.
> >
> >When password is empty, it passes 0 as length, which is
> >misinterpreted, and the function tries to determine the length of
> >string by itself, reaching over boundaries of authtok string.
> >
> >trac issue:
https://fedorahosted.org/sssd/ticket/1814
> >
> >Patch is attached
> >
> >Ondra
>
> We found out that it is right approach (after long discussion :-)
>
> ACK
The approach might be good but on entering a blank password I'm getting
"System Error" with this patch, while without the patch I was getting
"Authentication failure". PAM_AUTH_ERR is the correct return code for
this use case.
Hi,
Ondra asked me to re-test atop the current git HEAD. Here is what I see
when I type "su - jhrozek" and then just type "Enter":
[sssd[be[redhat.com]]] [be_pam_handler] (0x0100): Got request with the following data
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): command: PAM_AUTHENTICATE
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): domain:
redhat.com
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): user: jhrozek
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): service: su-l
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): tty: pts/20
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): ruser: jhrozek
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): rhost:
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): authtok type: 0
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): newauthtok type: 0
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): priv: 0
[sssd[be[redhat.com]]] [pam_print_data] (0x0100): cli_pid: 22305
[sssd[be[redhat.com]]] [krb5_pam_handler] (0x1000): Wait queue of user [jhrozek] is empty,
running request immediately.
[sssd[be[redhat.com]]] [krb5_auth_send] (0x0020): Wrong authtok type for user [jhrozek].
Expected [1], got [0]
[sssd[be[redhat.com]]] [check_wait_queue] (0x1000): Wait queue for user [jhrozek] is
empty.
[sssd[be[redhat.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4,
<NULL>) [Success]
[sssd[be[redhat.com]]] [be_pam_handler_callback] (0x0100): Sending result [
4][redhat.com]
[sssd[be[redhat.com]]] [be_pam_handler_callback] (0x0100): Sent result [
4][redhat.com]
4 == System Error