Mercurial > kallithea
changeset 5604:74e669d8a479 stable
auth: fail pam and internal authentication attempts if no username is provided (Issue #180)
When the Mercurial client communicates with a server over HTTP, it will always
first try to perform operations unauthenticated before providing credentials.
Authentication attempts without credentials is usually pointless and will just
slow operations down.
Some authentication plugins (such as LDAP) already skipped these
unauthenticated requests. Now, do the same for other authentication plugions.
Other authentication plugins also skip if no password is provided ... but that
doesn't seem necessary.
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Fri, 25 Dec 2015 12:32:25 +0100 |
parents | 720339c9f81c |
children | 20699dd652ff |
files | kallithea/lib/auth_modules/auth_internal.py kallithea/lib/auth_modules/auth_pam.py |
diffstat | 2 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth_modules/auth_internal.py Thu Dec 24 21:28:19 2015 +0100 +++ b/kallithea/lib/auth_modules/auth_internal.py Fri Dec 25 12:32:25 2015 +0100 @@ -67,6 +67,9 @@ log.warning("userobj:%s extern_type mismatch got:`%s` expected:`%s`", userobj, userobj.extern_type, self.name) return None + if not username: + log.debug('Empty username - skipping...') + return None user_data = { "username": userobj.username,
--- a/kallithea/lib/auth_modules/auth_pam.py Thu Dec 24 21:28:19 2015 +0100 +++ b/kallithea/lib/auth_modules/auth_pam.py Fri Dec 25 12:32:25 2015 +0100 @@ -85,6 +85,9 @@ return True def auth(self, userobj, username, password, settings, **kwargs): + if not username: + log.debug('Empty username - skipping...') + return None if username not in _auth_cache: # Need lock here, as PAM authentication is not thread safe _pam_lock.acquire()