playground
/
gogs
mirror of https://github.com/gogits/gogs.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

Check for zero length passwords in LDAP module. (#3827)

pull/3781/merge
Mateusz Hromada 8 years ago committed by 无闻
parent
ca6cbb95cc
commit
2cfdce88e0
1 changed files with 5 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      modules/auth/ldap/ldap.go

5
modules/auth/ldap/ldap.go
Unescape View File

@ -150,6 +150,11 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error {
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) { func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
// See https://tools.ietf.org/search/rfc4513#section-5.1.2
if len(passwd) == 0 {
log.Debug("Auth. failed for %s, password cannot be empty")
return "", "", "", "", false, false
}
l, err := dial(ls) l, err := dial(ls)
if err != nil { if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)

Write Preview
Loading…
Cancel
Save