* src/ejabberd_auth.erl: Do not allow empty password at creation. On authent, check...

author Mickaël Rémond <mickael.remond@process-one.net>

Mon, 11 Feb 2008 18:19:42 +0000 (18:19 +0000)

committer Mickaël Rémond <mickael.remond@process-one.net>

Mon, 11 Feb 2008 18:19:42 +0000 (18:19 +0000)
author Mickaël Rémond <mickael.remond@process-one.net>
Mon, 11 Feb 2008 18:19:42 +0000 (18:19 +0000)
committer Mickaël Rémond <mickael.remond@process-one.net>
Mon, 11 Feb 2008 18:19:42 +0000 (18:19 +0000)
diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl

index f791c60633cf575cdd54f4bb12dbcc1f95bd8a83..62282957e2ad01b57c8466c3c2df51a6f04ed6de 100644 (file)
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -85,6 +85,9 @@ check_password(User, Server, Password, StreamID, Digest) ->
               M:check_password(User, Server, Password, StreamID, Digest)
        end, auth_modules(Server)).
  
+%% We do not allow empty password:
+set_password(_User, _Server, "") ->
+    {error, not_allowed};
  set_password(User, Server, Password) ->
      lists:foldl(
        fun(M, {error, _}) ->
@@ -93,6 +96,9 @@ set_password(User, Server, Password) ->
               Res
        end, {error, not_allowed}, auth_modules(Server)).
  
+%% We do not allow empty password:
+try_register(_User, _Server, "") ->
+    {error, not_allowed};    
  try_register(User, Server, Password) ->
      case is_user_exists(User,Server) of
         true ->
diff --git a/src/ejabberd_auth_external.erl b/src/ejabberd_auth_external.erl

index 13dafa711cb48b1ed744e2e282112ad7fc1730d3..19ae6818da39aad36337179685594972a98a8ae6 100644 (file)
--- a/src/ejabberd_auth_external.erl
+++ b/src/ejabberd_auth_external.erl
@@ -55,7 +55,7 @@ plain_password_required() ->
      true.
  
  check_password(User, Server, Password) ->
-    extauth:check_password(User, Server, Password).
+    extauth:check_password(User, Server, Password) andalso Password /= "".
  
  check_password(User, Server, Password, _StreamID, _Digest) ->
      check_password(User, Server, Password).
diff --git a/src/ejabberd_auth_internal.erl b/src/ejabberd_auth_internal.erl

index 6f27a49e6184a4b262ec501cef07c999748d8157..56b775be6ce0cc91cd6ac7eeee1b81395166c889 100644 (file)
--- a/src/ejabberd_auth_internal.erl
+++ b/src/ejabberd_auth_internal.erl
@@ -72,7 +72,7 @@ check_password(User, Server, Password) ->
      US = {LUser, LServer},
      case catch mnesia:dirty_read({passwd, US}) of
         [#passwd{password = Password}] ->
-           true;
+           Password /= "";
         _ ->
             false
      end.
@@ -113,7 +113,6 @@ set_password(User, Server, Password) ->
             mnesia:transaction(F)
      end.
  
-
  try_register(User, Server, Password) ->
      LUser = jlib:nodeprep(User),
      LServer = jlib:nameprep(Server),
diff --git a/src/ejabberd_auth_odbc.erl b/src/ejabberd_auth_odbc.erl

index 076ac938004ee0adaea3ee933155ee1cb8b13279..28f01239f0466070b0f39040650d9d0a3345044d 100644 (file)
--- a/src/ejabberd_auth_odbc.erl
+++ b/src/ejabberd_auth_odbc.erl
@@ -70,7 +70,7 @@ check_password(User, Server, Password) ->
             LServer = jlib:nameprep(Server),
             case catch odbc_queries:get_password(LServer, Username) of
                 {selected, ["password"], [{Password}]} ->
-                   true;
+                   Password /= "";
                 _ ->
                     false
             end
author	Mickaël Rémond <mickael.remond@process-one.net>
	Mon, 11 Feb 2008 18:19:42 +0000 (18:19 +0000)
committer	Mickaël Rémond <mickael.remond@process-one.net>
	Mon, 11 Feb 2008 18:19:42 +0000 (18:19 +0000)
src/ejabberd_auth.erl		patch \| blob \| history
src/ejabberd_auth_external.erl		patch \| blob \| history
src/ejabberd_auth_internal.erl		patch \| blob \| history
src/ejabberd_auth_odbc.erl		patch \| blob \| history