[Dovecot] "nopassword" extra field useless with LDAP passdb
Zohan
29e8c6f5 at mail.ru
Fri Dec 19 01:53:30 EET 2008
Timo,
Seems that "nopassword" extra field (more exactly, auth_request->no_password condition) is completely ignored in passdb-ldap.c, due to (line 112 as of Dovecot 1.1.7):
===
if (auth_request->passdb_password == NULL) {
auth_request_log_error(auth_request, "ldap",
"No password in reply");
} else if (ldap_next_entry(conn->ld, entry) != NULL) {
auth_request_log_error(auth_request, "ldap",
"pass_filter matched multiple objects, aborting");
} else if (auth_request->passdb_password == NULL &&
!auth_request->no_password) {
auth_request_log_info(auth_request, "ldap",
"Empty password returned without nopassword");
passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
} else {
/* passdb_password may change on the way,
so we'll need to strdup. */
password = t_strdup(auth_request->passdb_password);
passdb_result = PASSDB_RESULT_OK;
}
===
As we see, the first "if" block intercepts auth_request->passdb_password == NULL condition, ignoring auth_request->no_password and making line 127 (passdb_result = PASSDB_RESULT_OK) unreachable even if auth_request->no_password is set.
For my local installation I've just removed the first "if" block (see patch in attachment), and it seems to fix the problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot-1.1.7-ldap-nopassword.patch
Type: text/x-patch
Size: 628 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20081219/3e7dda40/attachment.bin
More information about the dovecot
mailing list