From 56f3b542bd53a54106991d94943e596e6d65241a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9rick?= Date: Wed, 19 Feb 2014 11:55:35 -0500 Subject: [PATCH] Bug 8148: Prevent local authentification fallback if an invalid LDAP password was entered. http://bugs.koha-community.org/show_bug.cgi?id=8148 Signed-off-by: Martin Renvoize Signed-off-by: Dobrica Pavlinusic Signed-off-by: Tomas Cohen Arazi --- C4/Auth.pm | 1 + C4/Auth_with_ldap.pm | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index ad6d99bce5..c2faf8d7e4 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1543,6 +1543,7 @@ sub checkpw { if ($ldap) { $debug and print STDERR "## checkpw - checking LDAP\n"; my ($retval,$retcard,$retuserid) = checkpw_ldap(@_); # EXTERNAL AUTH + return 0 if $retval == -1; ($retval) and return ($retval,$retcard,$retuserid); } diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index 6000e76851..4f47f660e4 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -88,7 +88,9 @@ sub search_method { base => $base, filter => $filter, # attrs => ['*'], - ) or die "LDAP search failed to return object."; + ); + die "LDAP search failed to return object : " . $search->error if $search->code; + my $count = $search->count; if ($search->code > 0) { warn sprintf("LDAP Auth rejected : %s gets %d hits\n", $filter->as_string, $count) . description($search); @@ -163,7 +165,7 @@ sub checkpw_ldap { my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); if ($cmpmesg->code != 6) { warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg); - return 0; + return -1; } } -- 2.39.5