dovecot-2.2: auth: passdb static assumed that missing "password"...

dovecot at dovecot.org dovecot at dovecot.org
Wed Aug 6 13:41:37 UTC 2014 

details:   http://hg.dovecot.org/dovecot-2.2/rev/0fe379f28af9
changeset: 17683:0fe379f28af9
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Aug 06 16:39:27 2014 +0300
description:
auth: passdb static assumed that missing "password" field meant empty password
Missing password should be an error unless nopassword is set. If an empty
password is wanted then "password=" can be used.

diffstat:

 src/auth/passdb-static.c |  25 ++++++++++++++++++-------
 1 files changed, 18 insertions(+), 7 deletions(-)

diffs (64 lines):

diff -r 72db5dc3d402 -r 0fe379f28af9 src/auth/passdb-static.c
--- a/src/auth/passdb-static.c	Tue Aug 05 20:23:32 2014 +0200
+++ b/src/auth/passdb-static.c	Wed Aug 06 16:39:27 2014 +0300
@@ -13,7 +13,7 @@
 	const char *static_password_tmpl;
 };
 
-static void
+static enum passdb_result
 static_save_fields(struct auth_request *request, const char **password_r)
 {
 	struct static_passdb_module *module =
@@ -24,23 +24,33 @@
 	auth_request_log_debug(request, AUTH_SUBSYS_DB, "lookup");
 	passdb_template_export(module->tmpl, request);
 
-	if (module->static_password_tmpl == NULL)
-		*password_r = "";
-	else {
+	if (module->static_password_tmpl != NULL) {
 		table = auth_request_get_var_expand_table(request, NULL);
 		var_expand(str, module->static_password_tmpl, table);
 		*password_r = str_c(str);
+	} else if (auth_fields_exists(request->extra_fields, "nopassword")) {
+		*password_r = "";
+	} else {
+		auth_request_log_info(request, AUTH_SUBSYS_DB,
+			"No password returned (and no nopassword)");
+		return PASSDB_RESULT_PASSWORD_MISMATCH;
 	}
+	return PASSDB_RESULT_OK;
 }
 
 static void
 static_verify_plain(struct auth_request *request, const char *password,
 		    verify_plain_callback_t *callback)
 {
+	enum passdb_result result;
 	const char *static_password;
 	int ret;
 
-	static_save_fields(request, &static_password);
+	result = static_save_fields(request, &static_password);
+	if (result != PASSDB_RESULT_OK) {
+		callback(result, request);
+		return;
+	}
 
 	ret = auth_request_password_verify(request, password, static_password,
 					   STATIC_PASS_SCHEME, AUTH_SUBSYS_DB);
@@ -56,10 +66,11 @@
 static_lookup_credentials(struct auth_request *request,
 			  lookup_credentials_callback_t *callback)
 {
+	enum passdb_result result;
 	const char *static_password;
 
-	static_save_fields(request, &static_password);
-	passdb_handle_credentials(PASSDB_RESULT_OK, static_password,
+	result = static_save_fields(request, &static_password);
+	passdb_handle_credentials(result, static_password,
 				  STATIC_PASS_SCHEME, callback, request);
 }

More information about the dovecot-cvs mailing list