dovecot-2.2: auth: passdb shadow supports now lookup_credentials...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Nov 2 12:46:13 EET 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/8eec76bbde28
changeset: 16906:8eec76bbde28
user: Timo Sirainen <tss at iki.fi>
date: Sat Nov 02 12:46:08 2013 +0200
description:
auth: passdb shadow supports now lookup_credentials() API
diffstat:
src/auth/passdb-shadow.c | 64 ++++++++++++++++++++++++++++++++++-------------
1 files changed, 46 insertions(+), 18 deletions(-)
diffs (98 lines):
diff -r 9b45f6d20d9d -r 8eec76bbde28 src/auth/passdb-shadow.c
--- a/src/auth/passdb-shadow.c Sat Nov 02 12:42:55 2013 +0200
+++ b/src/auth/passdb-shadow.c Sat Nov 02 12:46:08 2013 +0200
@@ -12,33 +12,43 @@
#define SHADOW_CACHE_KEY "%u"
#define SHADOW_PASS_SCHEME "CRYPT"
+static enum passdb_result
+shadow_lookup(struct auth_request *request, struct spwd **spw_r)
+{
+ auth_request_log_debug(request, "shadow", "lookup");
+
+ *spw_r = getspnam(request->user);
+ if (*spw_r == NULL) {
+ auth_request_log_unknown_user(request, "shadow");
+ return PASSDB_RESULT_USER_UNKNOWN;
+ }
+
+ if (!IS_VALID_PASSWD((*spw_r)->sp_pwdp)) {
+ auth_request_log_info(request, "shadow",
+ "invalid password field");
+ return PASSDB_RESULT_USER_DISABLED;
+ }
+
+ /* save the password so cache can use it */
+ auth_request_set_field(request, "password", (*spw_r)->sp_pwdp,
+ SHADOW_PASS_SCHEME);
+ return PASSDB_RESULT_OK;
+}
+
static void
shadow_verify_plain(struct auth_request *request, const char *password,
verify_plain_callback_t *callback)
{
struct spwd *spw;
+ enum passdb_result res;
int ret;
- auth_request_log_debug(request, "shadow", "lookup");
-
- spw = getspnam(request->user);
- if (spw == NULL) {
- auth_request_log_unknown_user(request, "shadow");
- callback(PASSDB_RESULT_USER_UNKNOWN, request);
+ res = shadow_lookup(request, &spw);
+ if (res != PASSDB_RESULT_OK) {
+ callback(res, request);
return;
}
- if (!IS_VALID_PASSWD(spw->sp_pwdp)) {
- auth_request_log_info(request, "shadow",
- "invalid password field");
- callback(PASSDB_RESULT_USER_DISABLED, request);
- return;
- }
-
- /* save the password so cache can use it */
- auth_request_set_field(request, "password", spw->sp_pwdp,
- SHADOW_PASS_SCHEME);
-
/* check if the password is valid */
ret = auth_request_password_verify(request, password, spw->sp_pwdp,
SHADOW_PASS_SCHEME, "shadow");
@@ -57,6 +67,24 @@
callback(PASSDB_RESULT_OK, request);
}
+static void
+shadow_lookup_credentials(struct auth_request *request,
+ lookup_credentials_callback_t *callback)
+{
+ struct spwd *spw;
+ enum passdb_result res;
+
+ res = shadow_lookup(request, &spw);
+ if (res != PASSDB_RESULT_OK) {
+ callback(res, NULL, 0, request);
+ return;
+ }
+ /* make sure we're using the username exactly as it's in the database */
+ auth_request_set_field(request, "user", spw->sp_namp, NULL);
+ passdb_handle_credentials(PASSDB_RESULT_OK, spw->sp_pwdp,
+ SHADOW_PASS_SCHEME, callback, request);
+}
+
static struct passdb_module *
shadow_preinit(pool_t pool, const char *args)
{
@@ -87,7 +115,7 @@
shadow_deinit,
shadow_verify_plain,
- NULL,
+ shadow_lookup_credentials,
NULL
};
#else
More information about the dovecot-cvs
mailing list