[dovecot-cvs] dovecot/src/auth auth-master-connection.c, 1.42.2.4, 1.42.2.5 userdb-static.c, 1.18.2.1, 1.18.2.2

tss at dovecot.org tss at dovecot.org
Wed Mar 21 22:12:59 EET 2007


Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv19316/src/auth

Modified Files:
      Tag: branch_1_0
	auth-master-connection.c userdb-static.c 
Log Message:
If doing a plain userdb lookup with userdb static, verify the user's
existence from passdb first, unless allow_all_users=yes



Index: auth-master-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.c,v
retrieving revision 1.42.2.4
retrieving revision 1.42.2.5
diff -u -d -r1.42.2.4 -r1.42.2.5
--- auth-master-connection.c	19 Jan 2007 15:19:29 -0000	1.42.2.4
+++ auth-master-connection.c	21 Mar 2007 20:12:57 -0000	1.42.2.5
@@ -144,6 +144,7 @@
 		return FALSE;
 	}
 
+	auth_request->state = AUTH_REQUEST_STATE_USERDB;
 	auth_request_lookup_user(auth_request, user_callback);
 	return TRUE;
 }

Index: userdb-static.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-static.c,v
retrieving revision 1.18.2.1
retrieving revision 1.18.2.2
diff -u -d -r1.18.2.1 -r1.18.2.2
--- userdb-static.c	9 Dec 2006 15:11:34 -0000	1.18.2.1
+++ userdb-static.c	21 Mar 2007 20:12:57 -0000	1.18.2.2
@@ -11,14 +11,21 @@
 
 #include <stdlib.h>
 
+struct static_context {
+	userdb_callback_t *callback, *old_callback;
+	void *old_context;
+};
+
 struct static_userdb_module {
 	struct userdb_module module;
 
 	array_t ARRAY_DEFINE(template, const char *);
+
+	unsigned int allow_all_users:1;
 };
 
-static void static_lookup(struct auth_request *auth_request,
-			  userdb_callback_t *callback)
+static void static_lookup_real(struct auth_request *auth_request,
+			       userdb_callback_t *callback)
 {
 	struct userdb_module *_module = auth_request->userdb->userdb;
 	struct static_userdb_module *module =
@@ -53,6 +60,70 @@
 	t_pop();
 }
 
+static void
+static_credentials_callback(enum passdb_result result,
+			    const char *password __attr_unused__,
+			    struct auth_request *auth_request)
+{
+	struct static_context *ctx = auth_request->context;
+
+	auth_request->private_callback.userdb = ctx->old_callback;
+	auth_request->context = ctx->old_context;
+	auth_request->state = AUTH_REQUEST_STATE_USERDB;
+
+	switch (result) {
+	case PASSDB_RESULT_OK:
+		static_lookup_real(auth_request, ctx->callback);
+		break;
+	case PASSDB_RESULT_USER_UNKNOWN:
+	case PASSDB_RESULT_USER_DISABLED:
+	case PASSDB_RESULT_PASS_EXPIRED:
+		ctx->callback(USERDB_RESULT_USER_UNKNOWN, NULL, auth_request);
+		break;
+	case PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
+		auth_request_log_error(auth_request, "static",
+			"passdb doesn't support lookups, "
+			"can't verify user's existence");
+		/* fall through */
+	default:
+		ctx->callback(USERDB_RESULT_INTERNAL_FAILURE,
+			      NULL, auth_request);
+		break;
+	}
+
+	i_free(ctx);
+}
+
+static void static_lookup(struct auth_request *auth_request,
+			  userdb_callback_t *callback)
+{
+	struct userdb_module *_module = auth_request->userdb->userdb;
+	struct static_userdb_module *module =
+		(struct static_userdb_module *)_module;
+	struct static_context *ctx;
+
+	if (!auth_request->successful && !module->allow_all_users) {
+		/* this is a userdb-only lookup. we need to know if this
+		   users exists or not. use a passdb lookup to do that.
+		   if the passdb doesn't support returning credentials, this
+		   will of course fail.. */
+		ctx = i_new(struct static_context, 1);
+		ctx->old_callback = auth_request->private_callback.userdb;
+		ctx->old_context = auth_request->context;
+		ctx->callback = callback;
+
+		i_assert(auth_request->state == AUTH_REQUEST_STATE_USERDB);
+		auth_request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
+
+		auth_request->context = ctx;
+		auth_request_lookup_credentials(auth_request,
+						PASSDB_CREDENTIALS_CRYPT,
+						static_credentials_callback);
+	} else {
+		static_lookup_real(auth_request, callback);
+	}
+}
+
 static struct userdb_module *
 static_preinit(struct auth_userdb *auth_userdb, const char *args)
 {
@@ -94,6 +165,10 @@
 					value);
 			}
 			value = dec2str(gid);
+		} else if (strcmp(key, "allow_all_users") == 0) {
+			module->allow_all_users = value == NULL ||
+				strcasecmp(value, "yes") == 0;
+			continue;
 		} else if (*key == '\0') {
 			i_fatal("Status userdb: Empty key (=%s)", value);
 		}



More information about the dovecot-cvs mailing list