[dovecot-cvs] dovecot/src/auth auth-request-handler.c, 1.6, 1.7 auth-request.c, 1.25, 1.26 auth-worker-client.c, 1.12, 1.13 passdb-blocking.c, 1.4, 1.5

[cras at dovecot.org]

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv2020

Modified Files:
	auth-request-handler.c auth-request.c auth-worker-client.c 
	passdb-blocking.c 
Log Message:
Last change caused user-given passwords to be cached, and later the password
used instead of the real one (ie. login once with correct password, then you
could login using whatever password as long as user is cached). Clearly not
good. Did several changes to make sure this can't happen again.



Index: auth-request-handler.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- auth-request-handler.c	26 Apr 2005 11:43:36 -0000	1.6
+++ auth-request-handler.c	16 Jun 2005 08:21:17 -0000	1.7
@@ -106,23 +106,35 @@
 
 static const char *get_client_extra_fields(struct auth_request *request)
 {
+	string_t *str;
 	const char **fields;
 	unsigned int src, dest;
 
-	if (request->extra_fields == NULL)
-		return NULL;
+	if (!request->proxy) {
+		if (request->extra_fields == NULL)
+			return NULL;
 
-	/* we only wish to remove all fields prefixed with "userdb_" */
-	if (strstr(str_c(request->extra_fields), "userdb_") == NULL)
-		return str_c(request->extra_fields);
+		/* we only wish to remove all fields prefixed with "userdb_" */
+		if (strstr(str_c(request->extra_fields), "userdb_") == NULL)
+			return str_c(request->extra_fields);
+	}
+
+	str = t_str_new(128);
+	if (request->proxy) {
+		/* we're proxying - send back the password that was
+		   sent by user (not the password in passdb). */
+		str_printfa(str, "pass=%s", request->mech_password);
+	}
 
 	fields = t_strsplit(str_c(request->extra_fields), "\t");
 	for (src = dest = 0; fields[src] != NULL; src++) {
-		if (strncmp(fields[src], "userdb_", 7) != 0)
-			fields[dest++] = fields[src];
+		if (strncmp(fields[src], "userdb_", 7) != 0) {
+			if (str_len(str) > 0)
+				str_append_c(str, '\t');
+			str_append(str, fields[src]);
+		}
 	}
-	fields[dest] = NULL;
-	return t_strarray_join(fields, "\t");
+	return str_c(str);
 }
 
 static void auth_callback(struct auth_request *request,

Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- auth-request.c	15 Jun 2005 08:05:04 -0000	1.25
+++ auth-request.c	16 Jun 2005 08:21:17 -0000	1.26
@@ -155,6 +155,10 @@
 	struct passdb_module *passdb = request->passdb->passdb;
 	string_t *str;
 
+	i_assert(request->extra_fields == NULL ||
+		 (strstr(str_c(request->extra_fields), "\tpass=") == NULL &&
+		  strncmp(str_c(request->extra_fields), "pass=", 5) != 0));
+
 	if (passdb_cache == NULL)
 		return;
 
@@ -221,13 +225,6 @@
 		}
 	}
 
-	if (request->proxy) {
-		/* we're proxying - send back the password that was
-		   sent by user (not the password in passdb). */
-		str_printfa(request->extra_fields, "\tpass=%s",
-			    request->mech_password);
-	}
-
 	if (request->passdb_password != NULL) {
 		safe_memset(request->passdb_password, 0,
 			    strlen(request->passdb_password));
@@ -247,9 +244,10 @@
 		return;
 	}
 
-        safe_memset(request->mech_password, 0, strlen(request->mech_password));
-
+	auth_request_ref(request);
 	request->private_callback.verify_plain(result, request);
+        safe_memset(request->mech_password, 0, strlen(request->mech_password));
+	auth_request_unref(request);
 }
 
 void auth_request_verify_plain(struct auth_request *request,

Index: auth-worker-client.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-worker-client.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- auth-worker-client.c	8 Jun 2005 13:37:17 -0000	1.12
+++ auth-worker-client.c	16 Jun 2005 08:21:17 -0000	1.13
@@ -90,11 +90,6 @@
 		if (request->passdb_password != NULL)
 			str_append(str, request->passdb_password);
 		str_append_c(str, '\t');
-		if (request->proxy) {
-			/* we're proxying - send back the password that was
-			   sent by user (not the password in passdb). */
-			str_printfa(str, "pass=%s\t", request->mech_password);
-		}
 		if (request->extra_fields != NULL)
 			str_append_str(str, request->extra_fields);
 	}

Index: passdb-blocking.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-blocking.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- passdb-blocking.c	2 Apr 2005 22:00:49 -0000	1.4
+++ passdb-blocking.c	16 Jun 2005 08:21:17 -0000	1.5
@@ -83,6 +83,10 @@
 	if (*reply != '\0') {
 		i_assert(request->extra_fields == NULL);
 
+		p = strstr(reply, "\tproxy");
+		if (p != NULL && (p[6] == '\0' || p[6] == '\t'))
+			request->proxy = TRUE;
+
 		request->extra_fields = str_new(request->pool, 128);
 		str_append(request->extra_fields, reply);
 	}