* refuse empty passvoids against host auth

[citadel.git] / citadel / user_ops.c

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 974e1da8b51187fc9a60357de46dbf8f4ab342e6..7f84fa21eadb893c5bbd51cfe5bc6b8533616702 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -413,7 +413,8 @@ int CtdlLoginExistingUser(char *authname, char *trythisname)
                 * If not found, make one attempt to create it.
                 */
                found_user = getuserbyuid(&CC->user, pd.pw_uid);
-               lprintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %ld\n", (long)pd.pw_uid, pd.pw_gecos, found_user);
+               lprintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n",
+                       (long)pd.pw_uid, pd.pw_gecos, found_user);
                if (found_user != 0) {
                        create_user(username, 0);
                        found_user = getuserbyuid(&CC->user, pd.pw_uid);
@@ -624,6 +625,11 @@ static int validpw(uid_t uid, const char *pass)
 {
        char buf[256];
 
+       if (IsEmptyStr(pass)) {
+               lprintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid);
+               return 0;
+       }
+
        lprintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid);
 
        begin_critical_section(S_CHKPWD);