[dovecot-cvs] dovecot/src/auth auth-request.c, 1.36, 1.37 auth-request.h, 1.19, 1.20 auth-worker-client.c, 1.17, 1.18 passdb-ldap.c, 1.34, 1.35 passdb-sql.c, 1.22, 1.23

cras at dovecot.org cras at dovecot.org
Thu Oct 20 12:07:53 EEST 2005 

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv19102

Modified Files:
	auth-request.c auth-request.h auth-worker-client.c 
	passdb-ldap.c passdb-sql.c 
Log Message:
If passdb returned NULL password (ie. no password needed), it wasn't cached
correctly.



Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -d -r1.36 -r1.37
--- auth-request.c	19 Oct 2005 13:43:38 -0000	1.36
+++ auth-request.c	20 Oct 2005 09:07:48 -0000	1.37
@@ -201,29 +201,34 @@
 		return;
 	}
 
-	if (request->passdb_password == NULL) {
+	if (!request->no_password && request->passdb_password == NULL) {
 		/* passdb didn't provide the correct password */
 		if (result != PASSDB_RESULT_OK ||
 		    request->mech_password == NULL)
 			return;
 
-		/* we can still cache valid password lookups though */
-		request->passdb_password = request->mech_password;
+		/* we can still cache valid password lookups though.
+		   strdup() it so that mech_password doesn't get
+		   cleared too early. */
+		request->passdb_password =
+			p_strdup(request->pool, request->mech_password);
 	}
 
 	/* save all except the currently given password in cache */
 	str = t_str_new(256);
-	if (*request->passdb_password != '{') {
-		/* cached passwords must have a known scheme */
-		str_append_c(str, '{');
-		str_append(str, passdb->default_pass_scheme);
-		str_append_c(str, '}');
+	if (request->passdb_password != NULL) {
+		if (*request->passdb_password != '{') {
+			/* cached passwords must have a known scheme */
+			str_append_c(str, '{');
+			str_append(str, passdb->default_pass_scheme);
+			str_append_c(str, '}');
+		}
+		if (strchr(request->passdb_password, '\t') != NULL)
+			i_panic("%s: Password contains TAB", request->user);
+		if (strchr(request->passdb_password, '\n') != NULL)
+			i_panic("%s: Password contains LF", request->user);
+		str_append(str, request->passdb_password);
 	}
-	if (strchr(request->passdb_password, '\t') != NULL)
-		i_panic("%s: Password contains TAB", request->user);
-	if (strchr(request->passdb_password, '\n') != NULL)
-		i_panic("%s: Password contains LF", request->user);
-	str_append(str, request->passdb_password);
 
 	if (extra_fields != NULL) {
 		str_append_c(str, '\t');
@@ -546,6 +551,13 @@
 		return;
 	}
 
+	if (strcmp(name, "nopassword") == 0) {
+		/* NULL password - anything goes */
+		i_assert(request->passdb_password == NULL);
+		request->no_password = TRUE;
+		return;
+	}
+
 	if (strcmp(name, "nologin") == 0) {
 		/* user can't actually login - don't keep this
 		   reply for master */

Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- auth-request.h	1 Oct 2005 10:52:14 -0000	1.19
+++ auth-request.h	20 Oct 2005 09:07:48 -0000	1.20
@@ -57,6 +57,7 @@
 	unsigned int accept_input:1;
 	unsigned int no_failure_delay:1;
 	unsigned int no_login:1;
+	unsigned int no_password:1;
 	unsigned int proxy:1;
 	unsigned int cert_username:1;
 

Index: auth-worker-client.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-worker-client.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- auth-worker-client.c	16 Oct 2005 14:34:39 -0000	1.17
+++ auth-worker-client.c	20 Oct 2005 09:07:48 -0000	1.18
@@ -90,6 +90,8 @@
 		if (request->passdb_password != NULL)
 			str_append(str, request->passdb_password);
 		str_append_c(str, '\t');
+		if (request->no_password)
+			str_append(str, "nopassword\t");
 		if (request->extra_fields != NULL) {
 			const char *field =
 				auth_stream_reply_export(request->extra_fields);

Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- passdb-ldap.c	16 Oct 2005 14:06:59 -0000	1.34
+++ passdb-ldap.c	20 Oct 2005 09:07:48 -0000	1.35
@@ -126,6 +126,8 @@
 					       "Multiple password replies");
 		} else {
 			password = auth_request->passdb_password;
+			if (password == NULL)
+				auth_request->no_password = TRUE;
 			passdb_result = PASSDB_RESULT_OK;
 		}
 	}

Index: passdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-sql.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- passdb-sql.c	16 Oct 2005 14:06:59 -0000	1.22
+++ passdb-sql.c	20 Oct 2005 09:07:48 -0000	1.23
@@ -86,6 +86,8 @@
 				"Password query returned multiple matches");
 		} else {
 			password = auth_request->passdb_password;
+			if (password == NULL)
+				auth_request->no_password = TRUE;
 			passdb_result = PASSDB_RESULT_OK;
 		}
 	}

More information about the dovecot-cvs mailing list