diff options
| author | Marcus Rückert <darix@opensu.se> | 2007-01-14 09:40:02 +0000 |
|---|---|---|
| committer | Marcus Rückert <darix@opensu.se> | 2007-01-14 09:40:02 +0000 |
| commit | 0aaf0c58ae4aa46f2977022af85e2dfdb17f2cc5 (patch) | |
| tree | 94d1aba980f3a86c2b83c405381e5ae1251e8f0f | |
| parent | cb1b4975c40fd2f838bec9e2b822fd8a300397a7 (diff) | |
| download | lighttpd-git-0aaf0c58ae4aa46f2977022af85e2dfdb17f2cc5.tar.gz | |
r1553@h2o: darix | 2007-01-14 10:37:14 +0100
- allow empty passwords with ldap.
patch by Jöerg Sonnenberger
git-svn-id: svn+ssh://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1516 152afb58-edef-0310-8abb-c4023f1b3aa9
| -rw-r--r-- | src/http_auth.c | 3 | ||||
| -rw-r--r-- | src/http_auth.h | 1 | ||||
| -rw-r--r-- | src/mod_auth.c | 15 |
3 files changed, 13 insertions, 6 deletions
diff --git a/src/http_auth.c b/src/http_auth.c index ae2560ce..0285f3b8 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -733,7 +733,8 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p } } - + if (p->conf.auth_ldap_allow_empty_pw != 1 && pw[0] == '\0') + return -1; /* build filter */ buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap_filter_pre); diff --git a/src/http_auth.h b/src/http_auth.h index d469c0d3..f956bd1a 100644 --- a/src/http_auth.h +++ b/src/http_auth.h @@ -36,6 +36,7 @@ typedef struct { buffer *auth_ldap_filter; buffer *auth_ldap_cafile; unsigned short auth_ldap_starttls; + unsigned short auth_ldap_allow_empty_pw; unsigned short auth_debug; diff --git a/src/mod_auth.c b/src/mod_auth.c index d7e82763..ef4f6c82 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -113,6 +113,7 @@ static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plug PATCH(auth_ldap_filter); PATCH(auth_ldap_cafile); PATCH(auth_ldap_starttls); + PATCH(auth_ldap_allow_empty_pw); #ifdef USE_LDAP PATCH(ldap); PATCH(ldap_filter_pre); @@ -160,6 +161,8 @@ static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plug PATCH(auth_ldap_cafile); } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.starttls"))) { PATCH(auth_ldap_starttls); + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) { + PATCH(auth_ldap_allow_empty_pw); } } } @@ -312,6 +315,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) { { "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, { "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, { "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */ + { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 13 */ @@ -359,11 +363,12 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) { cv[6].destination = s->auth_ldap_filter; cv[7].destination = s->auth_ldap_cafile; cv[8].destination = &(s->auth_ldap_starttls); - cv[9].destination = s->auth_ldap_binddn; - cv[10].destination = s->auth_ldap_bindpw; - cv[11].destination = s->auth_htdigest_userfile; - cv[12].destination = s->auth_htpasswd_userfile; - cv[13].destination = &(s->auth_debug); + cv[9].destination = s->auth_ldap_binddn; + cv[10].destination = s->auth_ldap_bindpw; + cv[11].destination = &(s->auth_ldap_allow_empty_pw); + cv[12].destination = s->auth_htdigest_userfile; + cv[13].destination = s->auth_htpasswd_userfile; + cv[14].destination = &(s->auth_debug); p->config_storage[i] = s; ca = ((data_config *)srv->config_context->data[i])->value; |