[sssd/el5/master] Resolves: CVE-2010-2940

[Stephen Gallagher]

commit 33b14b9906c2fad9600e6d03f755ba230de50c86
Author: Stephen Gallagher <sgallagh at redhat.com>
Date:   Tue Aug 24 11:51:41 2010 -0400

    Resolves: CVE-2010-2940

 ...Treat-a-zero-length-password-as-a-failure.patch |   32 ++++++++++++++++++++
 sssd.spec                                          |    7 ++++-
 2 files changed, 38 insertions(+), 1 deletions(-)
---
diff --git a/0009-Treat-a-zero-length-password-as-a-failure.patch b/0009-Treat-a-zero-length-password-as-a-failure.patch
new file mode 100644
index 0000000..24c1570
--- /dev/null
+++ b/0009-Treat-a-zero-length-password-as-a-failure.patch
@@ -0,0 +1,32 @@
+From 8eeb47279a5a4559d9d7f911250d6164ab120897 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh at redhat.com>
+Date: Wed, 18 Aug 2010 12:57:43 -0400
+Subject: [PATCH 9/9] Treat a zero-length password as a failure
+
+Some LDAP servers allow binding with blank passwords. We should
+not allow a blank password to authenticate the SSSD.
+---
+ src/providers/ldap/ldap_auth.c |    7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
+index b05e3075ce117fad17b87ffde257c80fc035b8c4..1a959d4cc45980fe5dd12db3460cc23f341466fd 100644
+--- a/src/providers/ldap/ldap_auth.c
++++ b/src/providers/ldap/ldap_auth.c
+@@ -557,6 +557,13 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
+     req = tevent_req_create(memctx, &state, struct auth_state);
+     if (!req) return NULL;
+ 
++    /* Treat a zero-length password as a failure */
++    if (password.length == 0) {
++        state->result = SDAP_AUTH_FAILED;
++        tevent_req_done(req);
++        return tevent_req_post(req, ev);
++    }
++
+     state->ev = ev;
+     state->ctx = ctx;
+     state->username = username;
+-- 
+1.7.2.1
+
diff --git a/sssd.spec b/sssd.spec
index b7719d3..e27896c 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -7,7 +7,7 @@ Name: sssd
 Version: 1.2.1
 #Never reset the Release, always increment it
 #Otherwise we can have issues if library versions do not change
-Release: 26%{?dist}
+Release: 27%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -30,6 +30,7 @@ Patch0005: 0005-Add-sss_log-function.patch
 Patch0006: 0006-Allow-sssd-clients-to-reconnect.patch
 Patch0007: 0007-Clean-up-initgroups-processing-for-RFC2307.patch
 Patch0008: 0008-Fix-chpass-operations-with-LDAP-provider.patch
+Patch0009: 0009-Treat-a-zero-length-password-as-a-failure.patch
 
 ### Dependencies ###
 
@@ -217,6 +218,7 @@ A dynamically-growing, reference-counted array
 %patch0006 -p1
 %patch0007 -p1
 %patch0008 -p1
+%patch0009 -p1
 
 # RHEL 5 uses an old libtool, so we need to reconfigure
 for i in libtool.m4  lt~obsolete.m4  ltoptions.m4  ltsugar.m4  ltversion.m4
@@ -483,6 +485,9 @@ fi
 %postun -n libref_array -p /sbin/ldconfig
 
 %changelog
+* Tue Aug 24 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.1-27
+- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
+-                           against LDAP
 * Wed Aug 04 2010 Stephen Gallagher <sgallagh at redhat.com> - 1.2.1-26
 - Resolves: rhbz#621307 - Password changes are broken on LDAP