dovecot-2.2: auth: Added ":protected" suffix to passdb and userd...

dovecot at dovecot.org dovecot at dovecot.org
Mon Aug 31 21:12:34 UTC 2015 

details:   http://hg.dovecot.org/dovecot-2.2/rev/c0e61e4f47ec
changeset: 19054:c0e61e4f47ec
user:      Timo Sirainen <tss at iki.fi>
date:      Tue Sep 01 00:11:37 2015 +0300
description:
auth: Added ":protected" suffix to passdb and userdb field names.
This means that if the field is set only if it hasn't already been set.
Usually an earlier passdb/userdb would have set the field and this is
setting a default (e.g. per-user settings override per-domain settings).

diffstat:

 src/auth/auth-request.c |  31 +++++++++++++++++++++++--------
 1 files changed, 23 insertions(+), 8 deletions(-)

diffs (65 lines):

diff -r 6adcfddd354d -r c0e61e4f47ec src/auth/auth-request.c
--- a/src/auth/auth-request.c	Mon Aug 31 23:54:24 2015 +0300
+++ b/src/auth/auth-request.c	Tue Sep 01 00:11:37 2015 +0300
@@ -1447,11 +1447,20 @@
 			    const char *name, const char *value,
 			    const char *default_scheme)
 {
+	unsigned int name_len = strlen(name);
+
 	i_assert(*name != '\0');
 	i_assert(value != NULL);
 
 	i_assert(request->passdb != NULL);
 
+	if (name_len > 10 && strcmp(name+name_len-10, ":protected") == 0) {
+		/* set this field only if it hasn't been set before */
+		name = t_strndup(name, name_len-10);
+		if (auth_fields_exists(request->extra_fields, name))
+			return;
+	}
+
 	if (strcmp(name, "password") == 0) {
 		auth_request_set_password(request, value,
 					  default_scheme, FALSE);
@@ -1510,14 +1519,12 @@
 		return;
 	}
 
-	if ((passdb_cache != NULL &&
-	     request->passdb->passdb->cache_key != NULL) || worker) {
-		/* we'll need to get this field stored into cache,
-		   or we're a worker and we'll need to send this to the main
-		   auth process that can store it in the cache. */
-		auth_fields_add(request->extra_fields, name, value,
-				AUTH_FIELD_FLAG_HIDDEN);
-	}
+	/* add the field unconditionally to extra_fields. this is required if
+	   a) auth cache is used, b) if we're a worker and we'll need to send
+	   this to the main auth process that can store it in the cache,
+	   c) for easily checking :protected fields' existence. */
+	auth_fields_add(request->extra_fields, name, value,
+			AUTH_FIELD_FLAG_HIDDEN);
 }
 
 void auth_request_set_null_field(struct auth_request *request, const char *name)
@@ -1605,11 +1612,19 @@
 void auth_request_set_userdb_field(struct auth_request *request,
 				   const char *name, const char *value)
 {
+	unsigned int name_len = strlen(name);
 	uid_t uid;
 	gid_t gid;
 
 	i_assert(value != NULL);
 
+	if (name_len > 10 && strcmp(name+name_len-10, ":protected") == 0) {
+		/* set this field only if it hasn't been set before */
+		name = t_strndup(name, name_len-10);
+		if (auth_fields_exists(request->userdb_reply, name))
+			return;
+	}
+
 	if (strcmp(name, "uid") == 0) {
 		uid = userdb_parse_uid(request, value);
 		if (uid == (uid_t)-1) {

More information about the dovecot-cvs mailing list