dovecot: Don't keep master username in original_username.

dovecot at dovecot.org dovecot at dovecot.org
Sat Oct 27 18:31:09 EEST 2007 

details:   http://hg.dovecot.org/dovecot/rev/2a36e7d9ddb6
changeset: 6619:2a36e7d9ddb6
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Oct 27 18:31:05 2007 +0300
description:
Don't keep master username in original_username.

diffstat:

2 files changed, 13 insertions(+), 12 deletions(-)
src/auth/auth-request.c |   22 +++++++++++-----------
src/auth/auth-request.h |    3 ++-

diffs (52 lines):

diff -r 39f5251b04f9 -r 2a36e7d9ddb6 src/auth/auth-request.c
--- a/src/auth/auth-request.c	Sat Oct 27 18:25:44 2007 +0300
+++ b/src/auth/auth-request.c	Sat Oct 27 18:31:05 2007 +0300
@@ -768,17 +768,6 @@ bool auth_request_set_username(struct au
 {
 	const char *p, *login_username = NULL;
 
-	if (request->original_username == NULL) {
-		/* the username may change later, but we need to use this
-		   username when verifying at least DIGEST-MD5 password */
-		request->original_username = p_strdup(request->pool, username);
-	}
-	if (request->cert_username) {
-		/* cert_username overrides the username given by
-		   authentication mechanism. */
-		return TRUE;
-	}
-
 	if (request->auth->master_user_separator != '\0' &&
 	    !request->userdb_lookup) {
 		/* check if the username contains a master user */
@@ -790,6 +779,17 @@ bool auth_request_set_username(struct au
 			/* username is the master user */
 			username = p + 1;
 		}
+	}
+
+	if (request->original_username == NULL) {
+		/* the username may change later, but we need to use this
+		   username when verifying at least DIGEST-MD5 password. */
+		request->original_username = p_strdup(request->pool, username);
+	}
+	if (request->cert_username) {
+		/* cert_username overrides the username given by
+		   authentication mechanism. */
+		return TRUE;
 	}
 
 	if (*username == '\0') {
diff -r 39f5251b04f9 -r 2a36e7d9ddb6 src/auth/auth-request.h
--- a/src/auth/auth-request.h	Sat Oct 27 18:25:44 2007 +0300
+++ b/src/auth/auth-request.h	Sat Oct 27 18:31:05 2007 +0300
@@ -34,7 +34,8 @@ struct auth_request {
         char *user, *requested_login_user, *master_user;
 	/* original_username contains the username exactly as given by the
 	   client. this is needed at least with DIGEST-MD5 for password
-	   verification */
+	   verification. however with master logins the master username has
+	   been dropped from it. */
 	const char *original_username;
 	char *mech_password; /* set if verify_plain() is called */
 	char *passdb_password; /* set after password lookup if successful */

More information about the dovecot-cvs mailing list