* refuse empty passvoids against host auth

[citadel.git] / citadel / user_ops.c

diff --git a/citadel/user_ops.c b/citadel/user_ops.c
index 9cb18c870c25ac8030b9cf1e62d3b5c5322a93a9..7f84fa21eadb893c5bbd51cfe5bc6b8533616702 100644 (file)
--- a/citadel/user_ops.c
+++ b/citadel/user_ops.c
@@ -413,7 +413,8 @@ int CtdlLoginExistingUser(char *authname, char *trythisname)
                 * If not found, make one attempt to create it.
                 */
                found_user = getuserbyuid(&CC->user, pd.pw_uid);
-               lprintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %ld\n", (long)pd.pw_uid, pd.pw_gecos, found_user);
+               lprintf(CTDL_DEBUG, "found it: uid=%ld, gecos=%s here: %d\n",
+                       (long)pd.pw_uid, pd.pw_gecos, found_user);
                if (found_user != 0) {
                        create_user(username, 0);
                        found_user = getuserbyuid(&CC->user, pd.pw_uid);
@@ -624,6 +625,11 @@ static int validpw(uid_t uid, const char *pass)
 {
        char buf[256];
 
+       if (IsEmptyStr(pass)) {
+               lprintf(CTDL_DEBUG, "refusing to check empty password for uid=%d using chkpwd...\n", uid);
+               return 0;
+       }
+
        lprintf(CTDL_DEBUG, "Validating password for uid=%d using chkpwd...\n", uid);
 
        begin_critical_section(S_CHKPWD);
@@ -810,6 +816,10 @@ int purge_user(char pname[])
 
        makeuserkey(usernamekey, pname);
 
+       /* If the name is empty we can't find them in the DB any way so just return */
+       if (IsEmptyStr(pname))
+               return (ERROR + NO_SUCH_USER);
+
        if (getuser(&usbuf, pname) != 0) {
                lprintf(CTDL_ERR, "Cannot purge user <%s> - not found\n", pname);
                return (ERROR + NO_SUCH_USER);