* src/ejabberd_auth.erl: Do not allow empty password at creation. On authent, check in all cases that password is not empty.

* src/ejabberd_auth_odbc.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 1183
2008-02-11 18:19:42 +00:00 · 2008-02-11 18:19:42 +00:00 · 0ae7f15ce7
parent 4b5632a260
commit 0ae7f15ce7
4 changed files with 9 additions and 4 deletions
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@ -85,6 +85,9 @@ check_password(User, Server, Password, StreamID, Digest) ->
 	      M:check_password(User, Server, Password, StreamID, Digest)
      end, auth_modules(Server)).

+%% We do not allow empty password:
+set_password(_User, _Server, "") ->
+    {error, not_allowed};
 set_password(User, Server, Password) ->
    lists:foldl(
      fun(M, {error, _}) ->
@ -93,6 +96,9 @@ set_password(User, Server, Password) ->
 	      Res
      end, {error, not_allowed}, auth_modules(Server)).

+%% We do not allow empty password:
+try_register(_User, _Server, "") ->
+    {error, not_allowed};    
 try_register(User, Server, Password) ->
    case is_user_exists(User,Server) of
 	true ->
--- a/src/ejabberd_auth_external.erl
+++ b/src/ejabberd_auth_external.erl
@ -55,7 +55,7 @@ plain_password_required() ->
    true.

 check_password(User, Server, Password) ->
-    extauth:check_password(User, Server, Password).
+    extauth:check_password(User, Server, Password) andalso Password /= "".

 check_password(User, Server, Password, _StreamID, _Digest) ->
    check_password(User, Server, Password).
--- a/src/ejabberd_auth_internal.erl
+++ b/src/ejabberd_auth_internal.erl
@ -72,7 +72,7 @@ check_password(User, Server, Password) ->
    US = {LUser, LServer},
    case catch mnesia:dirty_read({passwd, US}) of
 	[#passwd{password = Password}] ->
-	    true;
+	    Password /= "";
 	_ ->
 	    false
    end.
@ -113,7 +113,6 @@ set_password(User, Server, Password) ->
 	    mnesia:transaction(F)
    end.

-
 try_register(User, Server, Password) ->
    LUser = jlib:nodeprep(User),
    LServer = jlib:nameprep(Server),
--- a/src/ejabberd_auth_odbc.erl
+++ b/src/ejabberd_auth_odbc.erl
@ -70,7 +70,7 @@ check_password(User, Server, Password) ->
 	    LServer = jlib:nameprep(Server),
 	    case catch odbc_queries:get_password(LServer, Username) of
 		{selected, ["password"], [{Password}]} ->
-		    true;
+		    Password /= "";
 		_ ->
 		    false
 	    end