dovecot-2.2: auth ldap: Don't require password field to exist fo...
dovecot at dovecot.org
dovecot at dovecot.org
Wed Aug 27 04:39:36 UTC 2014
details: http://hg.dovecot.org/dovecot-2.2/rev/4136f64146d0
changeset: 17748:4136f64146d0
user: Timo Sirainen <tss at iki.fi>
date: Wed Aug 27 13:38:53 2014 +0900
description:
auth ldap: Don't require password field to exist for passdb lookups when auth_bind=yes.
This should fix lmtp/doveadm proxy lookups with auth_bind=yes
diffstat:
src/auth/passdb-ldap.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diffs (67 lines):
diff -r 4a11d88a280a -r 4136f64146d0 src/auth/passdb-ldap.c
--- a/src/auth/passdb-ldap.c Tue Aug 26 16:00:37 2014 +0900
+++ b/src/auth/passdb-ldap.c Wed Aug 27 13:38:53 2014 +0900
@@ -36,6 +36,7 @@
} callback;
unsigned int entries;
+ bool require_password;
};
static void
@@ -83,6 +84,7 @@
"pass_filter matched multiple objects, aborting");
passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
} else if (auth_request->passdb_password == NULL &&
+ ldap_request->require_password &&
!auth_fields_exists(auth_request->extra_fields, "nopassword")) {
auth_request_log_info(auth_request, AUTH_SUBSYS_DB,
"No password returned (and no nopassword)");
@@ -273,7 +275,8 @@
}
static void ldap_lookup_pass(struct auth_request *auth_request,
- struct passdb_ldap_request *request)
+ struct passdb_ldap_request *request,
+ bool require_password)
{
struct passdb_module *_module = auth_request->passdb->passdb;
struct ldap_passdb_module *module =
@@ -284,6 +287,7 @@
const char **attr_names = (const char **)conn->pass_attr_names;
string_t *str;
+ srequest->require_password = require_password;
srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
@@ -390,7 +394,7 @@
ldap_request->request.ldap.auth_request = request;
if (!conn->set.auth_bind)
- ldap_lookup_pass(request, ldap_request);
+ ldap_lookup_pass(request, ldap_request, TRUE);
else if (conn->set.auth_bind_userdn == NULL)
ldap_bind_lookup_dn(request, ldap_request);
else
@@ -401,6 +405,7 @@
lookup_credentials_callback_t *callback)
{
struct passdb_ldap_request *ldap_request;
+ bool require_password;
ldap_request = p_new(request->pool, struct passdb_ldap_request, 1);
ldap_request->callback.lookup_credentials = callback;
@@ -408,7 +413,11 @@
auth_request_ref(request);
ldap_request->request.ldap.auth_request = request;
- ldap_lookup_pass(request, ldap_request);
+ /* with auth_bind=yes we don't necessarily have a password.
+ this will fail actual password credentials lookups, but it's fine
+ for passdb lookups done by lmtp/doveadm */
+ require_password = !conn->set.auth_bind;
+ ldap_lookup_pass(request, ldap_request, require_password);
}
static struct passdb_module *
More information about the dovecot-cvs
mailing list