dovecot-2.2: auth: If passdb has non-matching allow_nets, don't ...
dovecot at dovecot.org
dovecot at dovecot.org
Tue May 5 11:18:21 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/5e445c659f89
changeset: 18521:5e445c659f89
user: Timo Sirainen <tss at iki.fi>
date: Tue May 05 14:16:31 2015 +0300
description:
auth: If passdb has non-matching allow_nets, don't fail the other passdb lookups also.
We might want to use e.g.:
passdb {
driver = static
args = password=secretmasterpass allow_nets=10.1.2.3
}
passdb {
...
}
If allow_nets didn't match in the first passdb, we should just ignore it and
continue to the next passdb.
diffstat:
src/auth/auth-request.c | 45 ++++++++++++++++++++++++++-------------------
1 files changed, 26 insertions(+), 19 deletions(-)
diffs (67 lines):
diff -r a46620d6e0ff -r 5e445c659f89 src/auth/auth-request.c
--- a/src/auth/auth-request.c Tue May 05 13:35:52 2015 +0300
+++ b/src/auth/auth-request.c Tue May 05 14:16:31 2015 +0300
@@ -552,6 +552,15 @@
}
return TRUE;
}
+ if (request->failed) {
+ /* The passdb didn't fail, but something inside it failed
+ (e.g. allow_nets mismatch). Make sure we'll fail this
+ lookup, but reset the failure so the next passdb can
+ succeed. */
+ if (*result == PASSDB_RESULT_OK)
+ *result = PASSDB_RESULT_USER_UNKNOWN;
+ request->failed = FALSE;
+ }
/* users that exist but can't log in are special. we don't try to match
any of the success/failure rules to them. they'll always fail. */
@@ -618,30 +627,28 @@
auth_request_want_skip_passdb(request, next_passdb))
next_passdb = next_passdb->next;
+ if (*result == PASSDB_RESULT_OK) {
+ /* this passdb lookup succeeded, preserve its extra fields */
+ auth_fields_snapshot(request->extra_fields);
+ request->snapshot_have_userdb_prefetch_set =
+ request->userdb_prefetch_set;
+ if (request->userdb_reply != NULL)
+ auth_fields_snapshot(request->userdb_reply);
+ } else {
+ /* this passdb lookup failed, remove any extra fields it set */
+ auth_fields_rollback(request->extra_fields);
+ if (request->userdb_reply != NULL) {
+ auth_fields_rollback(request->userdb_reply);
+ request->userdb_prefetch_set =
+ request->snapshot_have_userdb_prefetch_set;
+ }
+ }
+
if (passdb_continue && next_passdb != NULL) {
/* try next passdb. */
request->passdb = next_passdb;
request->passdb_password = NULL;
- if (*result == PASSDB_RESULT_OK) {
- /* this passdb lookup succeeded, preserve its extra
- fields */
- auth_fields_snapshot(request->extra_fields);
- request->snapshot_have_userdb_prefetch_set =
- request->userdb_prefetch_set;
- if (request->userdb_reply != NULL)
- auth_fields_snapshot(request->userdb_reply);
- } else {
- /* this passdb lookup failed, remove any extra fields
- it set */
- auth_fields_rollback(request->extra_fields);
- if (request->userdb_reply != NULL) {
- auth_fields_rollback(request->userdb_reply);
- request->userdb_prefetch_set =
- request->snapshot_have_userdb_prefetch_set;
- }
- }
-
if (*result == PASSDB_RESULT_USER_UNKNOWN) {
/* remember that we did at least one successful
passdb lookup */
More information about the dovecot-cvs
mailing list