[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ppolicy overlay password checking module

To: Andris.Eiduks@tietoenator.com
Subject: Re: Ppolicy overlay password checking module
From: Howard Chu <hyc@symas.com>
Date: Tue, 30 Jan 2007 00:29:51 -0800
Cc: allmanj@cp.dias.ie, openldap-software@openldap.org, roger.metcalf@acs-inc.com
In-reply-to: <1FABB43D1E997C49B412A3008386ADB902684B88@dino.eu.tieto.com>
References: <1FABB43D1E997C49B412A3008386ADB902684B88@dino.eu.tieto.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2pre) Gecko/20070128 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

Andris.Eiduks@tietoenator.com wrote:

Hi !

A pair days ago I finished the same.
And it works ...

    paroles_rez:

  /* Allocate  */
    message = (char *)malloc(sizeof(char) * (strlen(retmsg)+1));

A comment on style: The C language spec defines sizeof(char) == 1. Explicitly multiplying by "sizeof(char)" in C code is redundant, distracting, and confusing.

It would have been better just to use strdup() here.

/* Copy the contents of the string. */ strcpy(message, retmsg); *ppErrStr=message; return pwqr; }

Only my returned error message slapd shows in log file and doesn't
forward to client.

That is by design. These errors are only meant for system administrators to view. Passing them back to the client would allow an attacker to discover the policy, and assist in password cracking attempts.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

References:
- RE: Ppolicy overlay password checking module
  - From: <Andris.Eiduks@tietoenator.com>

Prev by Date: RE: Ppolicy overlay password checking module
Next by Date: cleaning up logs from bdb db and upgrading ldap
Index(es):
- Chronological
- Thread