dovecot-2.2: auth: passdb static assumed that missing "password"...
dovecot at dovecot.org
dovecot at dovecot.org
Wed Aug 6 13:41:37 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/0fe379f28af9
changeset: 17683:0fe379f28af9
user: Timo Sirainen <tss at iki.fi>
date: Wed Aug 06 16:39:27 2014 +0300
description:
auth: passdb static assumed that missing "password" field meant empty password
Missing password should be an error unless nopassword is set. If an empty
password is wanted then "password=" can be used.
diffstat:
src/auth/passdb-static.c | 25 ++++++++++++++++++-------
1 files changed, 18 insertions(+), 7 deletions(-)
diffs (64 lines):
diff -r 72db5dc3d402 -r 0fe379f28af9 src/auth/passdb-static.c
--- a/src/auth/passdb-static.c Tue Aug 05 20:23:32 2014 +0200
+++ b/src/auth/passdb-static.c Wed Aug 06 16:39:27 2014 +0300
@@ -13,7 +13,7 @@
const char *static_password_tmpl;
};
-static void
+static enum passdb_result
static_save_fields(struct auth_request *request, const char **password_r)
{
struct static_passdb_module *module =
@@ -24,23 +24,33 @@
auth_request_log_debug(request, AUTH_SUBSYS_DB, "lookup");
passdb_template_export(module->tmpl, request);
- if (module->static_password_tmpl == NULL)
- *password_r = "";
- else {
+ if (module->static_password_tmpl != NULL) {
table = auth_request_get_var_expand_table(request, NULL);
var_expand(str, module->static_password_tmpl, table);
*password_r = str_c(str);
+ } else if (auth_fields_exists(request->extra_fields, "nopassword")) {
+ *password_r = "";
+ } else {
+ auth_request_log_info(request, AUTH_SUBSYS_DB,
+ "No password returned (and no nopassword)");
+ return PASSDB_RESULT_PASSWORD_MISMATCH;
}
+ return PASSDB_RESULT_OK;
}
static void
static_verify_plain(struct auth_request *request, const char *password,
verify_plain_callback_t *callback)
{
+ enum passdb_result result;
const char *static_password;
int ret;
- static_save_fields(request, &static_password);
+ result = static_save_fields(request, &static_password);
+ if (result != PASSDB_RESULT_OK) {
+ callback(result, request);
+ return;
+ }
ret = auth_request_password_verify(request, password, static_password,
STATIC_PASS_SCHEME, AUTH_SUBSYS_DB);
@@ -56,10 +66,11 @@
static_lookup_credentials(struct auth_request *request,
lookup_credentials_callback_t *callback)
{
+ enum passdb_result result;
const char *static_password;
- static_save_fields(request, &static_password);
- passdb_handle_credentials(PASSDB_RESULT_OK, static_password,
+ result = static_save_fields(request, &static_password);
+ passdb_handle_credentials(result, static_password,
STATIC_PASS_SCHEME, callback, request);
}
More information about the dovecot-cvs
mailing list