[dovecot-cvs] dovecot/src/auth auth-master-connection.c, 1.18, 1.19 mech.c, 1.50, 1.51 mech.h, 1.28, 1.29

cras at dovecot.org cras at dovecot.org
Thu Dec 9 00:35:53 EET 2004 

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv31967

Modified Files:
	auth-master-connection.c mech.c mech.h 
Log Message:
When master looked for auth request, it didn't check if the authentication
was yet finished, so auth client could have fooled master by beginning
authentication without finishing it. Login processes didn't allow users to
do this though, so no real problem.



Index: auth-master-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- auth-master-connection.c	22 Oct 2004 13:42:55 -0000	1.18
+++ auth-master-connection.c	8 Dec 2004 22:35:50 -0000	1.19
@@ -130,6 +130,10 @@
 			       client_pid, client_id);
 		}
 		master_send(conn, "NOTFOUND\t%u", id);
+	} else if (!request->successful) {
+		i_error("Master requested unfinished authentication request "
+			"%u.%u", client_pid, client_id);
+		master_send(conn, "NOTFOUND\t%u", id);
 	} else {
 		master_request = i_new(struct master_userdb_request, 1);
 		master_request->conn = conn;

Index: mech.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech.c,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -d -r1.50 -r1.51
--- mech.c	8 Dec 2004 02:27:39 -0000	1.50
+++ mech.c	8 Dec 2004 22:35:50 -0000	1.51
@@ -158,6 +158,7 @@
 		return;
 	}
 
+	request->successful = TRUE;
 	if (request->conn != NULL) {
 		request->callback(request, AUTH_CLIENT_RESULT_SUCCESS,
 				  data, data_size);

Index: mech.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech.h,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- mech.h	8 Dec 2004 02:27:39 -0000	1.28
+++ mech.h	8 Dec 2004 22:35:50 -0000	1.29
@@ -34,6 +34,7 @@
 	struct ip_addr local_ip, remote_ip;
 	mech_callback_t *callback;
 
+	unsigned int successful:1;
 	unsigned int accept_input:1;
 	unsigned int no_failure_delay:1;
 	unsigned int no_login:1;

More information about the dovecot-cvs mailing list