dovecot-2.2: auth: Don't keep username duplicated in userdb_repl...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Jan 5 00:37:37 EET 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/922049229f7f
changeset: 15500:922049229f7f
user: Timo Sirainen <tss at iki.fi>
date: Sat Jan 05 00:37:26 2013 +0200
description:
auth: Don't keep username duplicated in userdb_reply string.
This fixes bugs where userdb_reply is accessed via auth_stream_*() functions
that remove/replace existing fields, which may have ended up
removing/replacing the username.
diffstat:
src/auth/auth-master-connection.c | 2 ++
src/auth/auth-request-handler.c | 5 +++--
src/auth/auth-request.c | 22 ----------------------
3 files changed, 5 insertions(+), 24 deletions(-)
diffs (87 lines):
diff -r 8863e68291bd -r 922049229f7f src/auth/auth-master-connection.c
--- a/src/auth/auth-master-connection.c Fri Jan 04 21:39:07 2013 +0200
+++ b/src/auth/auth-master-connection.c Sat Jan 05 00:37:26 2013 +0200
@@ -276,6 +276,8 @@
break;
case USERDB_RESULT_OK:
str_printfa(str, "USER\t%u\t", auth_request->id);
+ str_append_tabescaped(str, auth_request->user);
+ str_append_c(str, '\t');
str_append(str, auth_stream_reply_export(reply));
break;
}
diff -r 8863e68291bd -r 922049229f7f src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c Fri Jan 04 21:39:07 2013 +0200
+++ b/src/auth/auth-request-handler.c Sat Jan 05 00:37:26 2013 +0200
@@ -661,8 +661,6 @@
auth_stream_reply_add(reply, NULL, dec2str(request->id));
break;
case USERDB_RESULT_OK:
- auth_stream_reply_add(reply, "USER", NULL);
- auth_stream_reply_add(reply, NULL, dec2str(request->id));
if (request->master_user != NULL &&
auth_stream_reply_find(request->userdb_reply,
"master_user") == NULL) {
@@ -680,6 +678,9 @@
"anonymous", NULL);
}
+ auth_stream_reply_add(reply, "USER", NULL);
+ auth_stream_reply_add(reply, NULL, dec2str(request->id));
+ auth_stream_reply_add(reply, NULL, request->user);
auth_stream_reply_import(reply,
auth_stream_reply_export(request->userdb_reply));
diff -r 8863e68291bd -r 922049229f7f src/auth/auth-request.c
--- a/src/auth/auth-request.c Fri Jan 04 21:39:07 2013 +0200
+++ b/src/auth/auth-request.c Sat Jan 05 00:37:26 2013 +0200
@@ -438,22 +438,6 @@
result == PASSDB_RESULT_OK);
}
-static void auth_request_userdb_reply_update_user(struct auth_request *request)
-{
- const char *str, *p;
-
- str = t_strdup(auth_stream_reply_export(request->userdb_reply));
-
- /* reset the reply and add the new username */
- auth_stream_reply_reset(request->userdb_reply);
- auth_stream_reply_add(request->userdb_reply, NULL, request->user);
-
- /* add the rest */
- p = strchr(str, '\t');
- if (p != NULL)
- auth_stream_reply_import(request->userdb_reply, p + 1);
-}
-
static bool auth_request_master_lookup_finish(struct auth_request *request)
{
struct auth_passdb *passdb;
@@ -468,8 +452,6 @@
request->master_user = request->user;
request->user = request->requested_login_user;
request->requested_login_user = NULL;
- if (request->userdb_reply != NULL)
- auth_request_userdb_reply_update_user(request);
request->skip_password_check = TRUE;
request->passdb_password = NULL;
@@ -1261,8 +1243,6 @@
"username changed %s -> %s",
request->user, new_value);
request->user = p_strdup(request->pool, new_value);
- if (request->userdb_reply != NULL)
- auth_request_userdb_reply_update_user(request);
}
return TRUE;
}
@@ -1367,8 +1347,6 @@
struct userdb_module *module = request->userdb->userdb;
request->userdb_reply = auth_stream_reply_init(request->pool);
- auth_stream_reply_add(request->userdb_reply, NULL, request->user);
-
userdb_template_export(module->default_fields_tmpl, request);
}
More information about the dovecot-cvs
mailing list