projects
/
catagits/Catalyst-Authentication-Store-LDAP.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
(parent:
195f2f1
)
Fix security issue. RT#81908
Tomas Doran [Fri, 26 Apr 2013 19:44:11 +0000 (19:44 +0000)]
Changes
patch
|
blob
|
blame
|
history
lib/Catalyst/Authentication/Store/LDAP/Backend.pm
patch
|
blob
|
blame
|
history
diff --git
a/Changes
b/Changes
index
1d8f27d
..
6fc7302
100644
(file)
--- a/
Changes
+++ b/
Changes
@@
-1,3
+1,5
@@
+ - Don't fall back to unauthenticated bind when authenticating
+
1.013 9 January 2013
- fix for https://rt.cpan.org/Ticket/Display.html?id=81908 security hole.
diff --git
a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
index
a0be77a
..
7211e72
100644
(file)
--- a/
lib/Catalyst/Authentication/Store/LDAP/Backend.pm
+++ b/
lib/Catalyst/Authentication/Store/LDAP/Backend.pm
@@
-226,7
+226,8
@@
sub ldap_bind {
$self->_ldap_bind_anon($ldap);
}
else {
- if ($bindpw) {
+ # Don't fall back to unauthenticated bind when authenticating
+ if ($bindpw or $forauth eq 'forauth') {
my $mesg = $ldap->bind( $binddn, 'password' => $bindpw );
if ( $mesg->is_error ) {