mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-26 17:38:45 +01:00
* src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers
as ejabberd is providing other anonymous authentication mechanism (EJAB-190). SVN Revision: 731
This commit is contained in:
parent
1affdd8dce
commit
90488e5f37
@ -1,5 +1,9 @@
|
||||
2007-02-19 Mickael Remond <mickael.remond@process-one.net>
|
||||
|
||||
* src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers
|
||||
as ejabberd is providing other anonymous authentication mechanism
|
||||
(EJAB-190).
|
||||
|
||||
* src/cyrsasl_plain.erl: bad-auth error code replaced by not-authorized
|
||||
(EJAB-187).
|
||||
|
||||
|
@ -120,11 +120,16 @@ plain_password_required() ->
|
||||
true.
|
||||
|
||||
check_password(User, Server, Password) ->
|
||||
case catch check_password_ldap(User, Server, Password) of
|
||||
{'EXIT', _} ->
|
||||
false;
|
||||
Result ->
|
||||
Result
|
||||
%% In LDAP spec: empty password means anonymous authentication.
|
||||
%% As ejabberd is providing other anonymous authentication mechanisms
|
||||
%% we simply prevent the use of LDAP anonymous authentication.
|
||||
if Password == "" ->
|
||||
false;
|
||||
true ->
|
||||
case catch check_password_ldap(User, Server, Password) of
|
||||
{'EXIT', _} -> false;
|
||||
Result -> Result
|
||||
end
|
||||
end.
|
||||
|
||||
check_password(User, Server, Password, _StreamID, _Digest) ->
|
||||
|
Loading…
Reference in New Issue
Block a user