Mercurial > dovecot > core-2.2
changeset 4758:2fc38c1e48c4 HEAD
Don't send "pass" back if it's already set, or if it's not known.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 05 Nov 2006 18:12:14 +0200 |
parents | 8df9c973dcc3 |
children | 79bcc076e3fb |
files | src/auth/auth-request-handler.c |
diffstat | 1 files changed, 13 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request-handler.c Sun Nov 05 18:01:32 2006 +0200 +++ b/src/auth/auth-request-handler.c Sun Nov 05 18:12:14 2006 +0200 @@ -111,6 +111,7 @@ string_t *str; const char **fields, *extra_fields; unsigned int src, dest; + bool seen_pass = FALSE; extra_fields = request->extra_fields == NULL ? NULL : auth_stream_reply_export(request->extra_fields); @@ -125,20 +126,23 @@ } str = t_str_new(128); - if (request->proxy) { + fields = t_strsplit(extra_fields, "\t"); + for (src = dest = 0; fields[src] != NULL; src++) { + if (strncmp(fields[src], "userdb_", 7) != 0) { + if (str_len(str) > 0) + str_append_c(str, '\t'); + if (!seen_pass && strncmp(fields[src], "pass=", 5) == 0) + seen_pass = TRUE; + str_append(str, fields[src]); + } + } + + if (request->proxy && !seen_pass && request->mech_password != NULL) { /* we're proxying - send back the password that was sent by user (not the password in passdb). */ str_printfa(str, "pass=%s", request->mech_password); } - fields = t_strsplit(extra_fields, "\t"); - for (src = dest = 0; fields[src] != NULL; src++) { - if (strncmp(fields[src], "userdb_", 7) != 0) { - if (str_len(str) > 0) - str_append_c(str, '\t'); - str_append(str, fields[src]); - } - } return str_len(str) == 0 ? NULL : str_c(str); }