[dovecot/core] cbf6b2: auth: oauth2 - Fix aborting auth requests on deini...
GitHub
noreply at github.com
Thu Mar 16 07:00:11 UTC 2017
Branch: refs/heads/master
Home: https://github.com/dovecot/core
Commit: cbf6b2a59538d86e0acc1b63c5923ab1be2d2100
https://github.com/dovecot/core/commit/cbf6b2a59538d86e0acc1b63c5923ab1be2d2100
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
Log Message:
-----------
auth: oauth2 - Fix aborting auth requests on deinit.
The auth_request needs to be finished by calling the callback.
Commit: 8fd1d49dca142533bc3e30e443d857602081aa14
https://github.com/dovecot/core/commit/8fd1d49dca142533bc3e30e443d857602081aa14
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
Log Message:
-----------
auth: oauth2 - Make sure db_oauth2_request.req is set to NULL when it gets freed.
Doesn't fix anything, but makes it clearer that req->req must not be
aborted anymore after this stage, because it gets freed anyway.
Commit: 6bcf2e4195f000194f11a37433caa7890663bd22
https://github.com/dovecot/core/commit/6bcf2e4195f000194f11a37433caa7890663bd22
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
Log Message:
-----------
auth: oauth2 - introspection lookup error should be internal failure
Not the default, which is "password mismatch".
Commit: 3d365d35f808bfe6096738d56d75cdb23bddd585
https://github.com/dovecot/core/commit/3d365d35f808bfe6096738d56d75cdb23bddd585
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
M src/auth/db-oauth2.h
Log Message:
-----------
auth: oauth2 - make db_oauth2_template_export() static
It's not used outside db-oauth2.c
Commit: 01484d200b661650021338c7516cef5449623db9
https://github.com/dovecot/core/commit/01484d200b661650021338c7516cef5449623db9
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
Log Message:
-----------
auth: oauth2 - Template expand failure should be an internal error
Not the default "password mismatch". Also changed the API to be closer to
the other nearby functions.
Commit: 5e48e30039369053adfc16b93bca0cc9a7ec9f1d
https://github.com/dovecot/core/commit/5e48e30039369053adfc16b93bca0cc9a7ec9f1d
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
M src/auth/db-oauth2.h
M src/auth/passdb-oauth2.c
Log Message:
-----------
auth: oauth2 - remove db_oauth2_request.result
It's not a persistent state. When it's set, the callback needs to be called.
This way it's more difficult to forget to set it.
Commit: b928b757e77cf5d791fdf54b87e308b39e87071c
https://github.com/dovecot/core/commit/b928b757e77cf5d791fdf54b87e308b39e87071c
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
M src/auth/db-oauth2.h
M src/auth/passdb-oauth2.c
Log Message:
-----------
auth: oauth2 - remove db_oauth2_request.failed
It is an unnecessary duplication of passdb_result.
Commit: e252a81ca2dc3eb8d2af986229a3a40ff26c5ce8
https://github.com/dovecot/core/commit/e252a81ca2dc3eb8d2af986229a3a40ff26c5ce8
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
Log Message:
-----------
auth: oauth2 - Clarify token validation success/valid error handling
result->error is NULL only if result->success && !result->valid.
Also !result->success is the more important error handling case.
Write out these cases explicitly so it's easier to understand.
Commit: 34cb91abb3ba217aa1220b967b61aabc00f7251c
https://github.com/dovecot/core/commit/34cb91abb3ba217aa1220b967b61aabc00f7251c
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
Log Message:
-----------
auth: oauth2 - make it easier to see where db_oauth2_callback() is called
Doesn't fix anything, but places the db_oauth2_callback() calls into the end
of _continue() calls so it's clearer that they're always being called
exactly once.
Commit: d88304d95978c1f92477f5c35f1821510ca607e6
https://github.com/dovecot/core/commit/d88304d95978c1f92477f5c35f1821510ca607e6
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/db-oauth2.c
M src/auth/db-oauth2.h
M src/auth/passdb-oauth2.c
Log Message:
-----------
auth: oauth2 - cleanup db_oauth2_lookup_callback_t
db parameter isn't needed, because request->db already contains it.
Also moved request parameter to be the first.
Commit: 070caf28f190230fc211f22ba8fbd8e26aec06fd
https://github.com/dovecot/core/commit/070caf28f190230fc211f22ba8fbd8e26aec06fd
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/lib-oauth2/oauth2-introspect.c
M src/lib-oauth2/oauth2-private.h
M src/lib-oauth2/oauth2-refresh.c
M src/lib-oauth2/oauth2-token-validate.c
M src/lib-oauth2/oauth2.c
Log Message:
-----------
lib-oauth2: Fix memory leak if HTTP URL parsing fails.
Also delay calling the callback. The callers don't necessarily expect an
immediate callback (auth/db-oauth2.c doesn't).
Commit: 878915649726a252d6e1679b28db8c3dd807af26
https://github.com/dovecot/core/commit/878915649726a252d6e1679b28db8c3dd807af26
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/lib-oauth2/oauth2-introspect.c
M src/lib-oauth2/oauth2-refresh.c
M src/lib-oauth2/oauth2-token-validate.c
Log Message:
-----------
lib-oauth2: Don't free oauth2_request too early.
Move the freeing explicitly to only after calling the callback. The
previous method of freeing it on when http_request was destroyed could
have happened too early when oauth2_parse_json() called i_stream_unref(),
which released the last reference to the http_request.
Commit: 0098ac3b6dcd8ef6ac20f87a8285da201db75a01
https://github.com/dovecot/core/commit/0098ac3b6dcd8ef6ac20f87a8285da201db75a01
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/lib-sql/driver-cassandra.c
Log Message:
-----------
cassandra: Treat CASS_ERROR_SERVER_UNAVAILABLE as "write success is uncertain"
Looks like the write could still have actually gone through.
Commit: c5e62353a11087958ea4e619660e084a613e1a37
https://github.com/dovecot/core/commit/c5e62353a11087958ea4e619660e084a613e1a37
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/login-common/client-common.c
M src/login-common/client-common.h
M src/login-common/main.c
Log Message:
-----------
*-login: Change API for how login_plugins hook into client allocation.
The previous API worked badly when there were more than one plugin.
The current behavior works similarly to how mail_plugins work.
Commit: c12aed4d817acd9b72d12830e1fbf6df76062e7b
https://github.com/dovecot/core/commit/c12aed4d817acd9b72d12830e1fbf6df76062e7b
Author: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/auth-client-connection.c
Log Message:
-----------
auth: Properly hide all fields with passwords
client reply line wasn't hiding all items
which contain 'pass' substring. This was
inconsistent behaviour since elsewhere this was done.
Commit: e0a84bcd487b05872da59781452168609b5c1f2c
https://github.com/dovecot/core/commit/e0a84bcd487b05872da59781452168609b5c1f2c
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/auth-worker-client.c
Log Message:
-----------
auth: passdb/userdb lookups via auth-worker cached too much of the replies
Only the fields returned by the lookup itself were supposed to be cached.
This was especially problematic if the lookup via auth-worker didn't
uniquely identify the user. For example doing a passdb lookup for an
attribute shared by multiple users could have caused the reply to contain
the previous cached user's all extra fields.
Commit: 865a82c1e9bba11609835a36674964649025bf77
https://github.com/dovecot/core/commit/865a82c1e9bba11609835a36674964649025bf77
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-03-16 (Thu, 16 Mar 2017)
Changed paths:
M src/auth/auth-request.c
M src/auth/auth-request.h
M src/auth/auth-worker-client.c
M src/auth/passdb-blocking.c
M src/auth/userdb-blocking.c
Log Message:
-----------
auth: Auth workers shouldn't return username if it wasn't changed
This continues the previous fix where username was always added to
passdb/userdb cache, even if the username wasn't changed. That could have
resulted in wrongly changing usernames if the cache key didn't uniquely
identify the user.
Compare: https://github.com/dovecot/core/compare/000030feb7a3...865a82c1e9bb
More information about the dovecot-cvs
mailing list