Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-26 16:26:24 +01:00
Code Releases Activity

* src/ejabberd_auth.erl: Do not allow empty password at creation. On authent, check in all cases that password is not empty.

Browse Source 
* src/ejabberd_auth_odbc.erl: Likewise
* src/ejabberd_auth_internal.erl: Likewise
* src/ejabberd_auth_external.erl: Likewise

SVN Revision: 1183
This commit is contained in:
Mickaël Rémond 2008-02-11 18:19:42 +00:00
parent 4b5632a260
commit 0ae7f15ce7
4 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ejabberd_auth.erl
View File

@ -85,6 +85,9 @@ check_password(User, Server, Password, StreamID, Digest) ->
M:check_password(User, Server, Password, StreamID, Digest) M:check_password(User, Server, Password, StreamID, Digest)
end, auth_modules(Server)). end, auth_modules(Server)).
%% We do not allow empty password:
set_password(_User, _Server, "") ->
{error, not_allowed};
set_password(User, Server, Password) -> set_password(User, Server, Password) ->
lists:foldl( lists:foldl(
fun(M, {error, _}) -> fun(M, {error, _}) ->
@ -93,6 +96,9 @@ set_password(User, Server, Password) ->
Res Res
end, {error, not_allowed}, auth_modules(Server)). end, {error, not_allowed}, auth_modules(Server)).
%% We do not allow empty password:
try_register(_User, _Server, "") ->
{error, not_allowed};
try_register(User, Server, Password) -> try_register(User, Server, Password) ->
case is_user_exists(User,Server) of case is_user_exists(User,Server) of
true -> true ->

2
src/ejabberd_auth_external.erl
View File

@ -55,7 +55,7 @@ plain_password_required() ->
true. true.
check_password(User, Server, Password) -> check_password(User, Server, Password) ->
extauth:check_password(User, Server, Password). extauth:check_password(User, Server, Password) andalso Password /= "".
check_password(User, Server, Password, _StreamID, _Digest) -> check_password(User, Server, Password, _StreamID, _Digest) ->
check_password(User, Server, Password). check_password(User, Server, Password).

3
src/ejabberd_auth_internal.erl
View File

@ -72,7 +72,7 @@ check_password(User, Server, Password) ->
US = {LUser, LServer}, US = {LUser, LServer},
case catch mnesia:dirty_read({passwd, US}) of case catch mnesia:dirty_read({passwd, US}) of
[#passwd{password = Password}] -> [#passwd{password = Password}] ->
true; Password /= "";
_ -> _ ->
false false
end. end.
@ -113,7 +113,6 @@ set_password(User, Server, Password) ->
mnesia:transaction(F) mnesia:transaction(F)
end. end.
try_register(User, Server, Password) -> try_register(User, Server, Password) ->
LUser = jlib:nodeprep(User), LUser = jlib:nodeprep(User),
LServer = jlib:nameprep(Server), LServer = jlib:nameprep(Server),

2
src/ejabberd_auth_odbc.erl
View File

@ -70,7 +70,7 @@ check_password(User, Server, Password) ->
LServer = jlib:nameprep(Server), LServer = jlib:nameprep(Server),
case catch odbc_queries:get_password(LServer, Username) of case catch odbc_queries:get_password(LServer, Username) of
{selected, ["password"], [{Password}]} -> {selected, ["password"], [{Password}]} ->
true; Password /= "";
_ -> _ ->
false false
end end