From 0ae7f15ce7c6ea652333d8987c820415b17c3794 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20R=C3=A9mond?= Date: Mon, 11 Feb 2008 18:19:42 +0000 Subject: [PATCH] * src/ejabberd_auth.erl: Do not allow empty password at creation. On authent, check in all cases that password is not empty. * src/ejabberd_auth_odbc.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 1183 --- src/ejabberd_auth.erl | 6 ++++++ src/ejabberd_auth_external.erl | 2 +- src/ejabberd_auth_internal.erl | 3 +-- src/ejabberd_auth_odbc.erl | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl index f791c6063..62282957e 100644 --- a/src/ejabberd_auth.erl +++ b/src/ejabberd_auth.erl @@ -85,6 +85,9 @@ check_password(User, Server, Password, StreamID, Digest) -> M:check_password(User, Server, Password, StreamID, Digest) end, auth_modules(Server)). +%% We do not allow empty password: +set_password(_User, _Server, "") -> + {error, not_allowed}; set_password(User, Server, Password) -> lists:foldl( fun(M, {error, _}) -> @@ -93,6 +96,9 @@ set_password(User, Server, Password) -> Res end, {error, not_allowed}, auth_modules(Server)). +%% We do not allow empty password: +try_register(_User, _Server, "") -> + {error, not_allowed}; try_register(User, Server, Password) -> case is_user_exists(User,Server) of true -> diff --git a/src/ejabberd_auth_external.erl b/src/ejabberd_auth_external.erl index 13dafa711..19ae6818d 100644 --- a/src/ejabberd_auth_external.erl +++ b/src/ejabberd_auth_external.erl @@ -55,7 +55,7 @@ plain_password_required() -> true. check_password(User, Server, Password) -> - extauth:check_password(User, Server, Password). + extauth:check_password(User, Server, Password) andalso Password /= "". check_password(User, Server, Password, _StreamID, _Digest) -> check_password(User, Server, Password). diff --git a/src/ejabberd_auth_internal.erl b/src/ejabberd_auth_internal.erl index 6f27a49e6..56b775be6 100644 --- a/src/ejabberd_auth_internal.erl +++ b/src/ejabberd_auth_internal.erl @@ -72,7 +72,7 @@ check_password(User, Server, Password) -> US = {LUser, LServer}, case catch mnesia:dirty_read({passwd, US}) of [#passwd{password = Password}] -> - true; + Password /= ""; _ -> false end. @@ -113,7 +113,6 @@ set_password(User, Server, Password) -> mnesia:transaction(F) end. - try_register(User, Server, Password) -> LUser = jlib:nodeprep(User), LServer = jlib:nameprep(Server), diff --git a/src/ejabberd_auth_odbc.erl b/src/ejabberd_auth_odbc.erl index 076ac9380..28f01239f 100644 --- a/src/ejabberd_auth_odbc.erl +++ b/src/ejabberd_auth_odbc.erl @@ -70,7 +70,7 @@ check_password(User, Server, Password) -> LServer = jlib:nameprep(Server), case catch odbc_queries:get_password(LServer, Username) of {selected, ["password"], [{Password}]} -> - true; + Password /= ""; _ -> false end