Bug(s) fixed: 210120

Bug Description: PAM passthru plugin causes directory server to crash
Reviewed by: nhosoi (Thanks!)
Fix Description: If the DN given in the BIND request is bogus i.e. not a valid DN (at least not one that ldap_explode_dn can parse), we should just skip the PAM processing and just report a reasonable error to the client.  Similarly, if the map method says to lookup the pam ID from the bind DN entry, and the entry cannot be found, just report an error and skip pam processing.
Platforms tested: FC5
Flag Day: no
Doc impact: no

ldap/servers/plugins/pam_passthru/pam_ptimpl.c

@@ -272,6 +272,13 @@ do_one_pam_auth(
 		init_my_str_buf(&pam_id, binddn);
 	}
 
+	if (!pam_id.str) {
+		errmsg = PR_smprintf("Bind DN [%s] is invalid or not found",
+							 escape_string(binddn, buf));
+		retcode = LDAP_NO_SUCH_OBJECT; /* user unknown */
+		goto done; /* skip the pam stuff */
+	}
+
 	/* do the pam stuff */
 	my_data.pb = pb;
 	my_data.pam_identity = pam_id.str;
@@ -361,6 +368,7 @@ do_one_pam_auth(
 	slapi_unlock_mutex(PAMLock);
 	/* not in critical section any more */
 
+done:
 	delete_my_str_buf(&pam_id);
 
 	if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) {