[Dovecot] Re: [PATCH, RFC 8/13] OTP: add sql passdb support

Andrey Panin pazke at donpac.ru
Tue Jun 27 10:07:51 EEST 2006


On 177, 06 26, 2006 at 04:26:23PM +0300, Timo Sirainen wrote:
> On Mon, 2006-06-26 at 16:58 +0400, Andrey Panin wrote:
> > +	MEMBER(update_query) "UPDATE users SET password = '%c' WHERE userid = '%u'",
> ..
> > +	buf = buffer_create_dynamic(unsafe_data_stack_pool, 128);
> > +
> > +	tmp.key = 'c';
> > +	tmp.value = new_credentials;
> > +	buffer_append(buf, &tmp, sizeof(tmp));
> > +
> > +	tab = auth_request_get_var_expand_table(request, passdb_sql_escape);
> > +	do {
> > +		 buffer_append(buf, tab++, sizeof(*tab));
> > +	} while (tab->key != '\0');
> 
> I haven't looked at the patches too closely yet, but how about using the
> existing %w instead of adding a new %c?

Good idea, but needs documentation update since %w is defined as
"plaintext password from plaintext authentication mechanism" now.

> Otherwise looks good. Well, except PASSS could be changed to something
> else :) SETCRED maybe.

As you wish :) I'll send an updated patches soon.

-- 
Andrey Panin		| Linux and UNIX system administrator
pazke at donpac.ru		| PGP key: wwwkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20060627/1bed670f/attachment.pgp


More information about the dovecot mailing list