Mercurial > dovecot > core-2.2
changeset 18521:5e445c659f89
auth: If passdb has non-matching allow_nets, don't fail the other passdb lookups also.
We might want to use e.g.:
passdb {
driver = static
args = password=secretmasterpass allow_nets=10.1.2.3
}
passdb {
...
}
If allow_nets didn't match in the first passdb, we should just ignore it and
continue to the next passdb.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 05 May 2015 14:16:31 +0300 |
parents | a46620d6e0ff |
children | 164d4d499069 |
files | src/auth/auth-request.c |
diffstat | 1 files changed, 26 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Tue May 05 13:35:52 2015 +0300 +++ b/src/auth/auth-request.c Tue May 05 14:16:31 2015 +0300 @@ -552,6 +552,15 @@ } return TRUE; } + if (request->failed) { + /* The passdb didn't fail, but something inside it failed + (e.g. allow_nets mismatch). Make sure we'll fail this + lookup, but reset the failure so the next passdb can + succeed. */ + if (*result == PASSDB_RESULT_OK) + *result = PASSDB_RESULT_USER_UNKNOWN; + request->failed = FALSE; + } /* users that exist but can't log in are special. we don't try to match any of the success/failure rules to them. they'll always fail. */ @@ -618,30 +627,28 @@ auth_request_want_skip_passdb(request, next_passdb)) next_passdb = next_passdb->next; + if (*result == PASSDB_RESULT_OK) { + /* this passdb lookup succeeded, preserve its extra fields */ + auth_fields_snapshot(request->extra_fields); + request->snapshot_have_userdb_prefetch_set = + request->userdb_prefetch_set; + if (request->userdb_reply != NULL) + auth_fields_snapshot(request->userdb_reply); + } else { + /* this passdb lookup failed, remove any extra fields it set */ + auth_fields_rollback(request->extra_fields); + if (request->userdb_reply != NULL) { + auth_fields_rollback(request->userdb_reply); + request->userdb_prefetch_set = + request->snapshot_have_userdb_prefetch_set; + } + } + if (passdb_continue && next_passdb != NULL) { /* try next passdb. */ request->passdb = next_passdb; request->passdb_password = NULL; - if (*result == PASSDB_RESULT_OK) { - /* this passdb lookup succeeded, preserve its extra - fields */ - auth_fields_snapshot(request->extra_fields); - request->snapshot_have_userdb_prefetch_set = - request->userdb_prefetch_set; - if (request->userdb_reply != NULL) - auth_fields_snapshot(request->userdb_reply); - } else { - /* this passdb lookup failed, remove any extra fields - it set */ - auth_fields_rollback(request->extra_fields); - if (request->userdb_reply != NULL) { - auth_fields_rollback(request->userdb_reply); - request->userdb_prefetch_set = - request->snapshot_have_userdb_prefetch_set; - } - } - if (*result == PASSDB_RESULT_USER_UNKNOWN) { /* remember that we did at least one successful passdb lookup */