Re: [PATCH] increase filter_buffer size in try_autzsearch
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [PATCH] increase filter_buffer size in try_autzsearch
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Chris J Arges <chris.j.arges [at] canonical.com>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: [PATCH] increase filter_buffer size in try_autzsearch
- Date: Fri, 16 Mar 2012 09:22:52 +0100
On Thu, 2012-03-15 at 10:19 -0500, Chris J Arges wrote:
> Attached is a patch that addresses a bug described in:
> https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/951343
>
> The filter_buffer in try_autzsearch in nslcd/pam.c currently is 1024
> bytes in length. By increasing this array size, larger search filters
> can be used.
>
> Let me know if this is the right approach, or if a better technique is
> needed to fix the situation described in the bug.
As I understand the bug report the problem was that there was no clear
error logged when the try_autzsearch failed due to a long search filter.
The logged error was:
pam_authz_search "..." is invalid
and if ... was very long the line would be cut short and the is invalid
would be lost. In r1628 I've changed the log message to
invalid pam_authz_search "...."
which means that the core of the log message will still be intact even
if the line ends up being too long.
Allowing bigger filters is certainly a possibility but not really the
issue at this point. If someone can come up with a practical search that
will not fit in the buffer I'll increase it.
Thanks,
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
