diff options
Diffstat (limited to 'src/http_auth.c')
| -rw-r--r-- | src/http_auth.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/http_auth.c b/src/http_auth.c index ae2560c..fc125cf 100644 --- a/src/http_auth.c +++ b/src/http_auth.c @@ -733,7 +733,8 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p } } - + if (p->conf.auth_ldap_allow_empty_pw != 1 && pw[0] == '\0') + return -1; /* build filter */ buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap_filter_pre); @@ -828,7 +829,6 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, realm = (data_string *)array_get_element(req, "realm"); username = buffer_init(); - password = buffer_init(); base64_decode(username, realm_str); @@ -845,6 +845,7 @@ int http_auth_basic_check(server *srv, connection *con, mod_auth_plugin_data *p, username->used = pw - username->ptr; + password = buffer_init(); /* copy password to r1 */ if (http_auth_get_password(srv, p, username, realm->value, password)) { buffer_free(username); |