* src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers

as ejabberd is providing other anonymous authentication mechanism (EJAB-190). SVN Revision: 731
2007-02-19 13:27:18 +00:00 · 2007-02-19 13:27:18 +00:00 · 90488e5f37
parent 1affdd8dce
commit 90488e5f37
2 changed files with 14 additions and 5 deletions
--- a/4
+++ b/4
@ -1,5 +1,9 @@
 2007-02-19  Mickael Remond  <mickael.remond@process-one.net>

+	* src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers
+	as ejabberd is providing other anonymous authentication mechanism
+	(EJAB-190).
+
 	* src/cyrsasl_plain.erl: bad-auth error code replaced by not-authorized
 	(EJAB-187).
 	
--- a/src/ejabberd_auth_ldap.erl
+++ b/src/ejabberd_auth_ldap.erl
@ -120,11 +120,16 @@ plain_password_required() ->
    true.

 check_password(User, Server, Password) ->
-    case catch check_password_ldap(User, Server, Password) of
-	{'EXIT', _} ->
-	    false;
-	Result ->
-	    Result
+    %% In LDAP spec: empty password means anonymous authentication.
+    %% As ejabberd is providing other anonymous authentication mechanisms
+    %% we simply prevent the use of LDAP anonymous authentication.
+    if Password == "" ->
+        false;
+    true ->
+        case catch check_password_ldap(User, Server, Password) of
+	        {'EXIT', _} -> false;
+	        Result -> Result
+        end
    end.

 check_password(User, Server, Password, _StreamID, _Digest) ->