tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-07-27 07:34:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

API: Ensure that empty passwords w/ client_cn are properly checked

Browse Source 
fixes #11482
This commit is contained in:
Michael Friedrich 2016-04-04 16:38:47 +02:00 committed by Gunnar Beutner
parent 909845c456
commit 5910f2e310
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/remote/httpserverconnection.cpp
View File

@ -144,12 +144,16 @@ void HttpServerConnection::ProcessMessageAsync(HttpRequest& request)
ApiUser::Ptr user; ApiUser::Ptr user;
/* client_cn matched. */
if (m_ApiUser) if (m_ApiUser)
user = m_ApiUser; user = m_ApiUser;
else { else {
user = ApiUser::GetByName(username); user = ApiUser::GetByName(username);
if (user && user->GetPassword() != password) /* Deny authentication if 1) given password is empty 2) configured password does not match. */
if (password.IsEmpty())
user.reset();
else if (user && user->GetPassword() != password)
user.reset(); user.reset();
} }