]> granicus.if.org Git - ejabberd/commitdiff
projects / ejabberd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 22d7665)
Fix authentication for usernames containing uppercase characters
authorStu Tomlinson <stu@nosnilmot.com>
Wed, 30 May 2018 14:10:25 +0000 (15:10 +0100)
committerStu Tomlinson <stu@nosnilmot.com>
Wed, 30 May 2018 17:43:26 +0000 (18:43 +0100)
Applies to authentication methods that compare User (normalized)
and AuthzId (was not being normalized). These are external, ldap & pam.

Fixes #2280

src/ejabberd_auth.erl patch | blob | history

diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
index 847549c740d0830c811b8ddc5804af8eb9c8a951..39598e5278b65ce1aa39057fc7526fe2def106af 100644 (file)
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -230,19 +230,22 @@ check_password_with_authmodule(User, AuthzId, Server, Password) ->
 check_password_with_authmodule(User, AuthzId, Server, Password, Digest, DigestGen) ->
     case validate_credentials(User, Server) of
        {ok, LUser, LServer} ->
-           lists:foldl(
-             fun(Mod, false) ->
-                     case db_check_password(
-                            LUser, AuthzId, LServer, Password,
+           case jid:nodeprep(AuthzId) of
+               error ->
+                   false;
+           LAuthzId ->
+               lists:foldl(
+                 fun(Mod, false) ->
+                       case db_check_password(
+                            LUser, LAuthzId, LServer, Password,
                             Digest, DigestGen, Mod) of
                          true -> {true, Mod};
                          false -> false
-                     end;
-                (_, Acc) ->
-                     Acc
-             end, false, auth_modules(LServer));
-       _ ->
-           false
+                       end;
+                       (_, Acc) ->
+                           Acc
+                 end, false, auth_modules(LServer))
+           end
     end.
 
 -spec set_password(binary(), binary(), password()) -> ok | {error, atom()}.
Unnamed repository; edit this file 'description' to name the repository.