Mercurial > dovecot > core-2.2

changeset 18521:5e445c659f89

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: If passdb has non-matching allow_nets, don't fail the other passdb lookups also. We might want to use e.g.: passdb { driver = static args = password=secretmasterpass allow_nets=10.1.2.3 } passdb { ... } If allow_nets didn't match in the first passdb, we should just ignore it and continue to the next passdb.
author Timo Sirainen <tss@iki.fi>
date Tue, 05 May 2015 14:16:31 +0300
parents a46620d6e0ff
children 164d4d499069
files src/auth/auth-request.c
diffstat 1 files changed, 26 insertions(+), 19 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-request.c	Tue May 05 13:35:52 2015 +0300
+++ b/src/auth/auth-request.c	Tue May 05 14:16:31 2015 +0300
@@ -552,6 +552,15 @@
 		}
 		return TRUE;
 	}
+	if (request->failed) {
+		/* The passdb didn't fail, but something inside it failed
+		   (e.g. allow_nets mismatch). Make sure we'll fail this
+		   lookup, but reset the failure so the next passdb can
+		   succeed. */
+		if (*result == PASSDB_RESULT_OK)
+			*result = PASSDB_RESULT_USER_UNKNOWN;
+		request->failed = FALSE;
+	}
 
 	/* users that exist but can't log in are special. we don't try to match
 	   any of the success/failure rules to them. they'll always fail. */
@@ -618,30 +627,28 @@
 	       auth_request_want_skip_passdb(request, next_passdb))
 		next_passdb = next_passdb->next;
 
+	if (*result == PASSDB_RESULT_OK) {
+		/* this passdb lookup succeeded, preserve its extra fields */
+		auth_fields_snapshot(request->extra_fields);
+		request->snapshot_have_userdb_prefetch_set =
+			request->userdb_prefetch_set;
+		if (request->userdb_reply != NULL)
+			auth_fields_snapshot(request->userdb_reply);
+	} else {
+		/* this passdb lookup failed, remove any extra fields it set */
+		auth_fields_rollback(request->extra_fields);
+		if (request->userdb_reply != NULL) {
+			auth_fields_rollback(request->userdb_reply);
+			request->userdb_prefetch_set =
+				request->snapshot_have_userdb_prefetch_set;
+		}
+	}
+
 	if (passdb_continue && next_passdb != NULL) {
 		/* try next passdb. */
                 request->passdb = next_passdb;
 		request->passdb_password = NULL;
 
-		if (*result == PASSDB_RESULT_OK) {
-			/* this passdb lookup succeeded, preserve its extra
-			   fields */
-			auth_fields_snapshot(request->extra_fields);
-			request->snapshot_have_userdb_prefetch_set =
-				request->userdb_prefetch_set;
-			if (request->userdb_reply != NULL)
-				auth_fields_snapshot(request->userdb_reply);
-		} else {
-			/* this passdb lookup failed, remove any extra fields
-			   it set */
-			auth_fields_rollback(request->extra_fields);
-			if (request->userdb_reply != NULL) {
-				auth_fields_rollback(request->userdb_reply);
-				request->userdb_prefetch_set =
-					request->snapshot_have_userdb_prefetch_set;
-			}
-		}
-
 		if (*result == PASSDB_RESULT_USER_UNKNOWN) {
 			/* remember that we did at least one successful
 			   passdb lookup */