dovecot-2.2: auth: Changed passdb { continue-ok } handling for c...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Jan 17 00:41:24 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/20acc7cc5b11
changeset: 18163:20acc7cc5b11
user: Timo Sirainen <tss at iki.fi>
date: Sat Jan 17 02:40:11 2015 +0200
description:
auth: Changed passdb { continue-ok } handling for credentials lookups.
If the last passdb after it doesn't return credentials, use the first
passdb's credentials. This allows implementing plugins that modify the
passdb result without actually changing the credentials.
diffstat:
src/auth/auth-request.c | 19 +++++++++++++++++++
src/auth/auth-request.h | 4 +++-
src/auth/passdb.c | 4 ++++
3 files changed, 26 insertions(+), 1 deletions(-)
diffs (61 lines):
diff -r a6e51d9098bc -r 20acc7cc5b11 src/auth/auth-request.c
--- a/src/auth/auth-request.c Sat Jan 17 02:31:24 2015 +0200
+++ b/src/auth/auth-request.c Sat Jan 17 02:40:11 2015 +0200
@@ -800,10 +800,29 @@
{
if (!auth_request_handle_passdb_callback(&result, request)) {
/* try next passdb */
+ if (request->skip_password_check &&
+ request->delayed_credentials == NULL) {
+ /* passdb continue* rule after a successful lookup.
+ remember these credentials and use them later on. */
+ unsigned char *dup;
+
+ dup = p_malloc(request->pool, size);
+ memcpy(dup, credentials, size);
+ request->delayed_credentials = dup;
+ request->delayed_credentials_size = size;
+ }
auth_request_lookup_credentials(request,
request->credentials_scheme,
request->private_callback.lookup_credentials);
} else {
+ if (request->delayed_credentials != NULL && size == 0) {
+ /* we did multiple passdb lookups, but the last one
+ didn't provide any credentials (e.g. just wanted to
+ add some extra fields). so use the first passdb's
+ credentials instead. */
+ credentials = request->delayed_credentials;
+ size = request->delayed_credentials_size;
+ }
if (request->set->debug_passwords &&
result == PASSDB_RESULT_OK) {
auth_request_log_debug(request, AUTH_SUBSYS_DB,
diff -r a6e51d9098bc -r 20acc7cc5b11 src/auth/auth-request.h
--- a/src/auth/auth-request.h Sat Jan 17 02:31:24 2015 +0200
+++ b/src/auth/auth-request.h Sat Jan 17 02:40:11 2015 +0200
@@ -89,7 +89,9 @@
set_credentials_callback_t *set_credentials;
userdb_callback_t *userdb;
} private_callback;
- const char *credentials_scheme;
+ const char *credentials_scheme;
+ const unsigned char *delayed_credentials;
+ size_t delayed_credentials_size;
void *context;
diff -r a6e51d9098bc -r 20acc7cc5b11 src/auth/passdb.c
--- a/src/auth/passdb.c Sat Jan 17 02:31:24 2015 +0200
+++ b/src/auth/passdb.c Sat Jan 17 02:40:11 2015 +0200
@@ -155,6 +155,10 @@
} else if (*auth_request->credentials_scheme == '\0') {
/* We're doing a passdb lookup (not authenticating).
Pass through a NULL password without an error. */
+ } else if (auth_request->delayed_credentials != NULL) {
+ /* We already have valid credentials from an earlier
+ passdb lookup. auth_request_lookup_credentials_finish()
+ will use them. */
} else {
auth_request_log_info(auth_request, AUTH_SUBSYS_DB,
"Requested %s scheme, but we have a NULL password",
More information about the dovecot-cvs
mailing list