Mercurial > dovecot > core-2.2

diff src/auth/auth-request.c @ 3669:09b5e002ad8a HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If passdb returned NULL password (ie. no password needed), it wasn't cached correctly.
author Timo Sirainen <tss@iki.fi>
date Thu, 20 Oct 2005 12:07:48 +0300
parents c9f1bd1e1ec2
children 0207808033ad
line wrap: on
line diff
--- a/src/auth/auth-request.c	Wed Oct 19 16:43:38 2005 +0300
+++ b/src/auth/auth-request.c	Thu Oct 20 12:07:48 2005 +0300
@@ -201,29 +201,34 @@
 		return;
 	}
 
-	if (request->passdb_password == NULL) {
+	if (!request->no_password && request->passdb_password == NULL) {
 		/* passdb didn't provide the correct password */
 		if (result != PASSDB_RESULT_OK ||
 		    request->mech_password == NULL)
 			return;
 
-		/* we can still cache valid password lookups though */
-		request->passdb_password = request->mech_password;
+		/* we can still cache valid password lookups though.
+		   strdup() it so that mech_password doesn't get
+		   cleared too early. */
+		request->passdb_password =
+			p_strdup(request->pool, request->mech_password);
 	}
 
 	/* save all except the currently given password in cache */
 	str = t_str_new(256);
-	if (*request->passdb_password != '{') {
-		/* cached passwords must have a known scheme */
-		str_append_c(str, '{');
-		str_append(str, passdb->default_pass_scheme);
-		str_append_c(str, '}');
+	if (request->passdb_password != NULL) {
+		if (*request->passdb_password != '{') {
+			/* cached passwords must have a known scheme */
+			str_append_c(str, '{');
+			str_append(str, passdb->default_pass_scheme);
+			str_append_c(str, '}');
+		}
+		if (strchr(request->passdb_password, '\t') != NULL)
+			i_panic("%s: Password contains TAB", request->user);
+		if (strchr(request->passdb_password, '\n') != NULL)
+			i_panic("%s: Password contains LF", request->user);
+		str_append(str, request->passdb_password);
 	}
-	if (strchr(request->passdb_password, '\t') != NULL)
-		i_panic("%s: Password contains TAB", request->user);
-	if (strchr(request->passdb_password, '\n') != NULL)
-		i_panic("%s: Password contains LF", request->user);
-	str_append(str, request->passdb_password);
 
 	if (extra_fields != NULL) {
 		str_append_c(str, '\t');
@@ -546,6 +551,13 @@
 		return;
 	}
 
+	if (strcmp(name, "nopassword") == 0) {
+		/* NULL password - anything goes */
+		i_assert(request->passdb_password == NULL);
+		request->no_password = TRUE;
+		return;
+	}
+
 	if (strcmp(name, "nologin") == 0) {
 		/* user can't actually login - don't keep this
 		   reply for master */