dovecot-2.2: auth: passdb shadow supports now lookup_credentials...

Sat Nov 2 12:46:13 EET 2013

details:   http://hg.dovecot.org/dovecot-2.2/rev/8eec76bbde28
changeset: 16906:8eec76bbde28
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Nov 02 12:46:08 2013 +0200
description:
auth: passdb shadow supports now lookup_credentials() API

diffstat:

 src/auth/passdb-shadow.c |  64 ++++++++++++++++++++++++++++++++++-------------
 1 files changed, 46 insertions(+), 18 deletions(-)

diffs (98 lines):

diff -r 9b45f6d20d9d -r 8eec76bbde28 src/auth/passdb-shadow.c

--- a/src/auth/passdb-shadow.c	Sat Nov 02 12:42:55 2013 +0200
+++ b/src/auth/passdb-shadow.c	Sat Nov 02 12:46:08 2013 +0200
@@ -12,33 +12,43 @@
 #define SHADOW_CACHE_KEY "%u"
 #define SHADOW_PASS_SCHEME "CRYPT"
 
+static enum passdb_result
+shadow_lookup(struct auth_request *request, struct spwd **spw_r)
+{
+	auth_request_log_debug(request, "shadow", "lookup");
+
+	*spw_r = getspnam(request->user);
+	if (*spw_r == NULL) {
+		auth_request_log_unknown_user(request, "shadow");
+		return PASSDB_RESULT_USER_UNKNOWN;
+	}
+
+	if (!IS_VALID_PASSWD((*spw_r)->sp_pwdp)) {
+		auth_request_log_info(request, "shadow",
+				      "invalid password field");
+		return PASSDB_RESULT_USER_DISABLED;
+	}
+
+	/* save the password so cache can use it */
+	auth_request_set_field(request, "password", (*spw_r)->sp_pwdp,
+			       SHADOW_PASS_SCHEME);
+	return PASSDB_RESULT_OK;
+}
+
 static void
 shadow_verify_plain(struct auth_request *request, const char *password,
 		    verify_plain_callback_t *callback)
 {
 	struct spwd *spw;
+	enum passdb_result res;
 	int ret;
 
-	auth_request_log_debug(request, "shadow", "lookup");
-
-	spw = getspnam(request->user);
-	if (spw == NULL) {
-		auth_request_log_unknown_user(request, "shadow");
-		callback(PASSDB_RESULT_USER_UNKNOWN, request);
+	res = shadow_lookup(request, &spw);
+	if (res != PASSDB_RESULT_OK) {
+		callback(res, request);
 		return;
 	}
 
-	if (!IS_VALID_PASSWD(spw->sp_pwdp)) {
-		auth_request_log_info(request, "shadow",
-				      "invalid password field");
-		callback(PASSDB_RESULT_USER_DISABLED, request);
-		return;
-	}
-
-	/* save the password so cache can use it */
-	auth_request_set_field(request, "password", spw->sp_pwdp,
-			       SHADOW_PASS_SCHEME);
-
 	/* check if the password is valid */
 	ret = auth_request_password_verify(request, password, spw->sp_pwdp,
 					   SHADOW_PASS_SCHEME, "shadow");
@@ -57,6 +67,24 @@
 	callback(PASSDB_RESULT_OK, request);
 }
 
+static void
+shadow_lookup_credentials(struct auth_request *request,
+			  lookup_credentials_callback_t *callback)
+{
+	struct spwd *spw;
+	enum passdb_result res;
+
+	res = shadow_lookup(request, &spw);
+	if (res != PASSDB_RESULT_OK) {
+		callback(res, NULL, 0, request);
+		return;
+	}
+	/* make sure we're using the username exactly as it's in the database */
+        auth_request_set_field(request, "user", spw->sp_namp, NULL);
+	passdb_handle_credentials(PASSDB_RESULT_OK, spw->sp_pwdp,
+				  SHADOW_PASS_SCHEME, callback, request);
+}
+
 static struct passdb_module *
 shadow_preinit(pool_t pool, const char *args)
 {
@@ -87,7 +115,7 @@
 	shadow_deinit,
 
 	shadow_verify_plain,
-	NULL,
+	shadow_lookup_credentials,
 	NULL
 };
 #else
