dovecot-2.2: auth: Don't keep username duplicated in userdb_repl...

Sat Jan 5 00:37:37 EET 2013

details:   http://hg.dovecot.org/dovecot-2.2/rev/922049229f7f
changeset: 15500:922049229f7f
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Jan 05 00:37:26 2013 +0200
description:
auth: Don't keep username duplicated in userdb_reply string.
This fixes bugs where userdb_reply is accessed via auth_stream_*() functions
that remove/replace existing fields, which may have ended up
removing/replacing the username.

diffstat:

 src/auth/auth-master-connection.c |   2 ++
 src/auth/auth-request-handler.c   |   5 +++--
 src/auth/auth-request.c           |  22 ----------------------
 3 files changed, 5 insertions(+), 24 deletions(-)

diffs (87 lines):

diff -r 8863e68291bd -r 922049229f7f src/auth/auth-master-connection.c

--- a/src/auth/auth-master-connection.c	Fri Jan 04 21:39:07 2013 +0200
+++ b/src/auth/auth-master-connection.c	Sat Jan 05 00:37:26 2013 +0200
@@ -276,6 +276,8 @@
 		break;
 	case USERDB_RESULT_OK:
 		str_printfa(str, "USER\t%u\t", auth_request->id);
+		str_append_tabescaped(str, auth_request->user);
+		str_append_c(str, '\t');
 		str_append(str, auth_stream_reply_export(reply));
 		break;
 	}
diff -r 8863e68291bd -r 922049229f7f src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c	Fri Jan 04 21:39:07 2013 +0200
+++ b/src/auth/auth-request-handler.c	Sat Jan 05 00:37:26 2013 +0200
@@ -661,8 +661,6 @@
 		auth_stream_reply_add(reply, NULL, dec2str(request->id));
 		break;
 	case USERDB_RESULT_OK:
-		auth_stream_reply_add(reply, "USER", NULL);
-		auth_stream_reply_add(reply, NULL, dec2str(request->id));
 		if (request->master_user != NULL &&
 		    auth_stream_reply_find(request->userdb_reply,
 					   "master_user") == NULL) {
@@ -680,6 +678,9 @@
 					      "anonymous", NULL);
 		}
 
+		auth_stream_reply_add(reply, "USER", NULL);
+		auth_stream_reply_add(reply, NULL, dec2str(request->id));
+		auth_stream_reply_add(reply, NULL, request->user);
 		auth_stream_reply_import(reply,
 			auth_stream_reply_export(request->userdb_reply));
 
diff -r 8863e68291bd -r 922049229f7f src/auth/auth-request.c
--- a/src/auth/auth-request.c	Fri Jan 04 21:39:07 2013 +0200
+++ b/src/auth/auth-request.c	Sat Jan 05 00:37:26 2013 +0200
@@ -438,22 +438,6 @@
 			  result == PASSDB_RESULT_OK);
 }
 
-static void auth_request_userdb_reply_update_user(struct auth_request *request)
-{
-	const char *str, *p;
-
-	str = t_strdup(auth_stream_reply_export(request->userdb_reply));
-
-	/* reset the reply and add the new username */
-	auth_stream_reply_reset(request->userdb_reply);
-	auth_stream_reply_add(request->userdb_reply, NULL, request->user);
-
-	/* add the rest */
-	p = strchr(str, '\t');
-	if (p != NULL)
-		auth_stream_reply_import(request->userdb_reply, p + 1);
-}
-
 static bool auth_request_master_lookup_finish(struct auth_request *request)
 {
 	struct auth_passdb *passdb;
@@ -468,8 +452,6 @@
 	request->master_user = request->user;
 	request->user = request->requested_login_user;
 	request->requested_login_user = NULL;
-	if (request->userdb_reply != NULL)
-		auth_request_userdb_reply_update_user(request);
 
 	request->skip_password_check = TRUE;
 	request->passdb_password = NULL;
@@ -1261,8 +1243,6 @@
 				       "username changed %s -> %s",
 				       request->user, new_value);
 		request->user = p_strdup(request->pool, new_value);
-		if (request->userdb_reply != NULL)
-			auth_request_userdb_reply_update_user(request);
 	}
 	return TRUE;
 }
@@ -1367,8 +1347,6 @@
 	struct userdb_module *module = request->userdb->userdb;
 
 	request->userdb_reply = auth_stream_reply_init(request->pool);
-	auth_stream_reply_add(request->userdb_reply, NULL, request->user);
-
 	userdb_template_export(module->default_fields_tmpl, request);
 }
 
