validate username/password fields when unencrypted (fixes #1545)

rstudio · Oct 3, 2017 · b59942c · b59942c
1 parent 1690899
commit b59942c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/NEWS.md b/NEWS.md
@@ -11,6 +11,7 @@
 
 * Fix "Invalid byte sequence" when spell checking
 * Fix incorrect Git status pane display when git detects that a file has been copied
+* Fix hang when submitting empty passwords and password encryption is turned off (#1545)
 
 ### RStudio Server Pro
 

diff --git a/src/cpp/server/ServerPAMAuth.cpp b/src/cpp/server/ServerPAMAuth.cpp
@@ -247,7 +247,9 @@ void signIn(const http::Request& request,
       variables[kFormAction] = "action=\"javascript:void\" "
                                "onsubmit=\"submitRealForm();return false\"";
    else
-      variables[kFormAction] = "action=\"" + variables["action"] + "\"";
+      variables[kFormAction] = "action=\"" + variables["action"] + "\" "
+                               "onsubmit=\"return verifyMe()\"";
+
 
    variables[kAppUri] = request.queryParamValue(kAppUri);
 
@@ -446,6 +448,13 @@ bool pamLogin(const std::string& username, const std::string& password)
    std::vector<std::string> args;
    args.push_back(username);
 
+   // don't try to login with an empty password (this hangs PAM as it waits for input)
+   if (password.empty())
+   {
+      LOG_WARNING_MESSAGE("No PAM password provided for user '" + username + "'; refusing login");
+      return false;
+   }
+
    // options (assume priv after fork)
    core::system::ProcessOptions options;
    options.onAfterFork = assumeRootPriv;