From: Michael Friedrich <michael.friedrich@netways.de>
Date: Mon, 4 Apr 2016 14:38:47 +0000 (+0200)
Subject: API: Ensure that empty passwords w/ client_cn are properly checked
X-Git-Tag: v2.5.0~422
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d2f5008557f6261ef1ee878ffe0d2d8f84044d9f;p=icinga2

API: Ensure that empty passwords w/ client_cn are properly checked

fixes #11482
---

diff --git a/lib/remote/httpserverconnection.cpp b/lib/remote/httpserverconnection.cpp
index d78ced453..f4aa24f42 100644
--- a/lib/remote/httpserverconnection.cpp
+++ b/lib/remote/httpserverconnection.cpp
@@ -144,12 +144,16 @@ void HttpServerConnection::ProcessMessageAsync(HttpRequest& request)
 
 	ApiUser::Ptr user;
 
+	/* client_cn matched. */
 	if (m_ApiUser)
 		user = m_ApiUser;
 	else {
 		user = ApiUser::GetByName(username);
 
-		if (user && user->GetPassword() != password)
+		/* Deny authentication if 1) given password is empty 2) configured password does not match. */
+		if (password.IsEmpty())
+			user.reset();
+		else if (user && user->GetPassword() != password)
 			user.reset();
 	}