vitalif
/
gogs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check for zero length passwords in LDAP module. (#3827)

master
Mateusz Hromada 2016-12-21 09:43:37 +01:00 committed by 无闻
parent ca6cbb95cc
commit 2cfdce88e0
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/auth/ldap/ldap.go
View File

@ -150,6 +150,11 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error {
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
// See https://tools.ietf.org/search/rfc4513#section-5.1.2
if len(passwd) == 0 {
log.Debug("Auth. failed for %s, password cannot be empty")
return "", "", "", "", false, false
}
l, err := dial(ls)
if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)