You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ja...@apache.org on 2013/10/28 18:10:03 UTC
svn commit: r1536419 -
/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
Author: janstey
Date: Mon Oct 28 17:10:02 2013
New Revision: 1536419
URL: http://svn.apache.org/r1536419
Log:
KARAF-2528 - dont allow authentication = none if LDAP user or password is provided
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
Modified: karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java?rev=1536419&r1=1536418&r2=1536419&view=diff
==============================================================================
--- karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java (original)
+++ karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java Mon Oct 28 17:10:02 2013
@@ -153,6 +153,16 @@ public class LDAPLoginModule extends Abs
user = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
+
+ // If either a username or password is specified don't allow authentication = "none".
+ // This is to prevent someone from logging into Karaf as any user without providing a
+ // valid password (because if authentication = none, the password could be any
+ // value - it is ignored).
+ if ("none".equals(authentication) && (user != null || tmpPassword != null)) {
+ // default to simple so that the provided user/password will get checked
+ authentication = "simple";
+ }
+
if (tmpPassword == null) {
tmpPassword = new char[0];
}