[dovecot-cvs] dovecot/src/auth auth-request-handler.c,1.17,1.18

[tss at dovecot.org]

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv25352

Modified Files:
	auth-request-handler.c 
Log Message:
Don't send "pass" back if it's already set, or if it's not known.



Index: auth-request-handler.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request-handler.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- auth-request-handler.c	4 Nov 2006 11:22:17 -0000	1.17
+++ auth-request-handler.c	5 Nov 2006 16:12:14 -0000	1.18
@@ -111,6 +111,7 @@
 	string_t *str;
 	const char **fields, *extra_fields;
 	unsigned int src, dest;
+	bool seen_pass = FALSE;
 
 	extra_fields = request->extra_fields == NULL ? NULL :
 		auth_stream_reply_export(request->extra_fields);
@@ -125,20 +126,23 @@
 	}
 
 	str = t_str_new(128);
-	if (request->proxy) {
-		/* we're proxying - send back the password that was
-		   sent by user (not the password in passdb). */
-		str_printfa(str, "pass=%s", request->mech_password);
-	}
-
 	fields = t_strsplit(extra_fields, "\t");
 	for (src = dest = 0; fields[src] != NULL; src++) {
 		if (strncmp(fields[src], "userdb_", 7) != 0) {
 			if (str_len(str) > 0)
 				str_append_c(str, '\t');
+			if (!seen_pass && strncmp(fields[src], "pass=", 5) == 0)
+				seen_pass = TRUE;
 			str_append(str, fields[src]);
 		}
 	}
+
+	if (request->proxy && !seen_pass && request->mech_password != NULL) {
+		/* we're proxying - send back the password that was
+		   sent by user (not the password in passdb). */
+		str_printfa(str, "pass=%s", request->mech_password);
+	}
+
 	return str_len(str) == 0 ? NULL : str_c(str);
 }