[dovecot-cvs] dovecot/src/auth auth-master-connection.c, 1.47, 1.48 userdb-static.c, 1.22, 1.23
tss at dovecot.org
tss at dovecot.org
Wed Mar 21 22:13:04 EET 2007
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv19312/src/auth
Modified Files:
auth-master-connection.c userdb-static.c
Log Message:
If doing a plain userdb lookup with userdb static, verify the user's
existence from passdb first, unless allow_all_users=yes
Index: auth-master-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.c,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -d -r1.47 -r1.48
--- auth-master-connection.c 19 Jan 2007 15:19:32 -0000 1.47
+++ auth-master-connection.c 21 Mar 2007 20:13:00 -0000 1.48
@@ -142,6 +142,7 @@
return FALSE;
}
+ auth_request->state = AUTH_REQUEST_STATE_USERDB;
auth_request_lookup_user(auth_request, user_callback);
return TRUE;
}
Index: userdb-static.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-static.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- userdb-static.c 9 Dec 2006 15:11:48 -0000 1.22
+++ userdb-static.c 21 Mar 2007 20:13:00 -0000 1.23
@@ -11,14 +11,21 @@
#include <stdlib.h>
+struct static_context {
+ userdb_callback_t *callback, *old_callback;
+ void *old_context;
+};
+
struct static_userdb_module {
struct userdb_module module;
ARRAY_DEFINE(template, const char *);
+
+ unsigned int allow_all_users:1;
};
-static void static_lookup(struct auth_request *auth_request,
- userdb_callback_t *callback)
+static void static_lookup_real(struct auth_request *auth_request,
+ userdb_callback_t *callback)
{
struct userdb_module *_module = auth_request->userdb->userdb;
struct static_userdb_module *module =
@@ -53,6 +60,70 @@
t_pop();
}
+static void
+static_credentials_callback(enum passdb_result result,
+ const char *password __attr_unused__,
+ struct auth_request *auth_request)
+{
+ struct static_context *ctx = auth_request->context;
+
+ auth_request->private_callback.userdb = ctx->old_callback;
+ auth_request->context = ctx->old_context;
+ auth_request->state = AUTH_REQUEST_STATE_USERDB;
+
+ switch (result) {
+ case PASSDB_RESULT_OK:
+ static_lookup_real(auth_request, ctx->callback);
+ break;
+ case PASSDB_RESULT_USER_UNKNOWN:
+ case PASSDB_RESULT_USER_DISABLED:
+ case PASSDB_RESULT_PASS_EXPIRED:
+ ctx->callback(USERDB_RESULT_USER_UNKNOWN, NULL, auth_request);
+ break;
+ case PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
+ auth_request_log_error(auth_request, "static",
+ "passdb doesn't support lookups, "
+ "can't verify user's existence");
+ /* fall through */
+ default:
+ ctx->callback(USERDB_RESULT_INTERNAL_FAILURE,
+ NULL, auth_request);
+ break;
+ }
+
+ i_free(ctx);
+}
+
+static void static_lookup(struct auth_request *auth_request,
+ userdb_callback_t *callback)
+{
+ struct userdb_module *_module = auth_request->userdb->userdb;
+ struct static_userdb_module *module =
+ (struct static_userdb_module *)_module;
+ struct static_context *ctx;
+
+ if (!auth_request->successful && !module->allow_all_users) {
+ /* this is a userdb-only lookup. we need to know if this
+ users exists or not. use a passdb lookup to do that.
+ if the passdb doesn't support returning credentials, this
+ will of course fail.. */
+ ctx = i_new(struct static_context, 1);
+ ctx->old_callback = auth_request->private_callback.userdb;
+ ctx->old_context = auth_request->context;
+ ctx->callback = callback;
+
+ i_assert(auth_request->state == AUTH_REQUEST_STATE_USERDB);
+ auth_request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
+
+ auth_request->context = ctx;
+ auth_request_lookup_credentials(auth_request,
+ PASSDB_CREDENTIALS_CRYPT,
+ static_credentials_callback);
+ } else {
+ static_lookup_real(auth_request, callback);
+ }
+}
+
static struct userdb_module *
static_preinit(struct auth_userdb *auth_userdb, const char *args)
{
@@ -94,6 +165,10 @@
value);
}
value = dec2str(gid);
+ } else if (strcmp(key, "allow_all_users") == 0) {
+ module->allow_all_users = value == NULL ||
+ strcasecmp(value, "yes") == 0;
+ continue;
} else if (*key == '\0') {
i_fatal("Status userdb: Empty key (=%s)", value);
}
More information about the dovecot-cvs
mailing list