Mercurial > dovecot > core-2.2
changeset 20619:533591bab969
auth: When setting noauthenticate=yes, also set nopassword=yes
There are various places which check only "nopassword", but not
"noauthenticate".
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Wed, 10 Aug 2016 17:14:28 +0300 |
parents | 199918a54c38 |
children | 66a4f25b9e0e |
files | src/auth/auth-request.c |
diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Wed Aug 10 17:41:51 2016 +0300 +++ b/src/auth/auth-request.c Wed Aug 10 17:14:28 2016 +0300 @@ -1748,11 +1748,17 @@ return; } auth_request_set_userdb_field(request, name + 7, value); + } else if (strcmp(name, "noauthenticate") == 0) { + /* add "nopassword" also so that passdbs won't try to verify + the password. */ + auth_fields_add(request->extra_fields, name, value, 0); + auth_fields_add(request->extra_fields, "nopassword", NULL, 0); } else if (strcmp(name, "nopassword") == 0) { /* NULL password - anything goes */ const char *password = request->passdb_password; - if (password != NULL) { + if (password != NULL && + !auth_fields_exists(request->extra_fields, "noauthenticate")) { (void)password_get_scheme(&password); if (*password != '\0') { auth_request_log_error(request, AUTH_SUBSYS_DB,