changeset 12328:745ef289b0ea

auth: userdb passwd iteration now lists only users within first_valid_uid..last_valid_uid range.
author Timo Sirainen <tss@iki.fi>
date Thu, 21 Oct 2010 17:11:02 +0100
parents 099925543768
children f38e4e1465c8
files src/auth/auth-settings.c src/auth/auth-settings.h src/auth/userdb-passwd.c
diffstat 3 files changed, 21 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-settings.c	Thu Oct 21 16:33:28 2010 +0100
+++ b/src/auth/auth-settings.c	Thu Oct 21 17:11:02 2010 +0100
@@ -191,6 +191,8 @@
 	DEF(SET_STR, gssapi_hostname),
 	DEF(SET_STR, winbind_helper_path),
 	DEF(SET_TIME, failure_delay),
+	DEF(SET_UINT, first_valid_uid),
+	DEF(SET_UINT, last_valid_uid),
 
 	DEF(SET_BOOL, verbose),
 	DEF(SET_BOOL, debug),
@@ -226,6 +228,8 @@
 	.gssapi_hostname = "",
 	.winbind_helper_path = "/usr/bin/ntlm_auth",
 	.failure_delay = 2,
+	.first_valid_uid = 500,
+	.last_valid_uid = 0,
 
 	.verbose = FALSE,
 	.debug = FALSE,
--- a/src/auth/auth-settings.h	Thu Oct 21 16:33:28 2010 +0100
+++ b/src/auth/auth-settings.h	Thu Oct 21 17:11:02 2010 +0100
@@ -33,6 +33,8 @@
 	const char *gssapi_hostname;
 	const char *winbind_helper_path;
 	unsigned int failure_delay;
+	unsigned int first_valid_uid;
+	unsigned int last_valid_uid;
 
 	bool verbose, debug, debug_passwords;
 	const char *verbose_passwords;
--- a/src/auth/userdb-passwd.c	Thu Oct 21 16:33:28 2010 +0100
+++ b/src/auth/userdb-passwd.c	Thu Oct 21 17:11:02 2010 +0100
@@ -20,6 +20,7 @@
 struct passwd_userdb_iterate_context {
 	struct userdb_iterate_context ctx;
 	struct passwd_userdb_iterate_context *next_waiting;
+	const struct auth_settings *set;
 };
 
 static struct passwd_userdb_iterate_context *cur_userdb_iter = NULL;
@@ -78,6 +79,7 @@
 	ctx->ctx.userdb = userdb;
 	ctx->ctx.callback = callback;
 	ctx->ctx.context = context;
+	ctx->set = auth_find_service("")->set;
 	setpwent();
 
 	if (cur_userdb_iter == NULL)
@@ -100,16 +102,21 @@
 	}
 
 	errno = 0;
-	pw = getpwent();
-	if (pw == NULL) {
-		if (errno != 0) {
-			i_error("getpwent() failed: %m");
-			_ctx->failed = TRUE;
+	while ((pw = getpwent()) != NULL) {
+		/* skip entries not in valid UID range.
+		   they're users for daemons and such. */
+		if (pw->pw_uid >= ctx->set->first_valid_uid &&
+		    (ctx->set->last_valid_uid == 0 ||
+		     pw->pw_uid <= ctx->set->last_valid_uid)) {
+			_ctx->callback(pw->pw_name, _ctx->context);
+			return;
 		}
-		_ctx->callback(NULL, _ctx->context);
-	} else {
-		_ctx->callback(pw->pw_name, _ctx->context);
 	}
+	if (errno != 0) {
+		i_error("getpwent() failed: %m");
+		_ctx->failed = TRUE;
+	}
+	_ctx->callback(NULL, _ctx->context);
 }
 
 static void passwd_iterate_next_timeout(void *context ATTR_UNUSED)