mirror of
https://github.com/processone/ejabberd.git
synced 2024-09-27 14:30:55 +02:00
* src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers
as ejabberd is providing other anonymous authentication mechanism (EJAB-190). SVN Revision: 731
This commit is contained in:
parent
1affdd8dce
commit
90488e5f37
@ -1,5 +1,9 @@
|
|||||||
2007-02-19 Mickael Remond <mickael.remond@process-one.net>
|
2007-02-19 Mickael Remond <mickael.remond@process-one.net>
|
||||||
|
|
||||||
|
* src/ejabberd_auth_ldap.erl: prevent anonymous bind on LDAP servers
|
||||||
|
as ejabberd is providing other anonymous authentication mechanism
|
||||||
|
(EJAB-190).
|
||||||
|
|
||||||
* src/cyrsasl_plain.erl: bad-auth error code replaced by not-authorized
|
* src/cyrsasl_plain.erl: bad-auth error code replaced by not-authorized
|
||||||
(EJAB-187).
|
(EJAB-187).
|
||||||
|
|
||||||
|
@ -120,11 +120,16 @@ plain_password_required() ->
|
|||||||
true.
|
true.
|
||||||
|
|
||||||
check_password(User, Server, Password) ->
|
check_password(User, Server, Password) ->
|
||||||
case catch check_password_ldap(User, Server, Password) of
|
%% In LDAP spec: empty password means anonymous authentication.
|
||||||
{'EXIT', _} ->
|
%% As ejabberd is providing other anonymous authentication mechanisms
|
||||||
false;
|
%% we simply prevent the use of LDAP anonymous authentication.
|
||||||
Result ->
|
if Password == "" ->
|
||||||
Result
|
false;
|
||||||
|
true ->
|
||||||
|
case catch check_password_ldap(User, Server, Password) of
|
||||||
|
{'EXIT', _} -> false;
|
||||||
|
Result -> Result
|
||||||
|
end
|
||||||
end.
|
end.
|
||||||
|
|
||||||
check_password(User, Server, Password, _StreamID, _Digest) ->
|
check_password(User, Server, Password, _StreamID, _Digest) ->
|
||||||
|
Loading…
Reference in New Issue
Block a user