Mercurial > dovecot > core-2.2

changeset 21956:fcaed9f9bb3f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: Fix mechanism filter to support `none` Otherwise credentials lookup can fail. None indicates that it should match when no mech is specified.
author Aki Tuomi <aki.tuomi@dovecot.fi>
date Tue, 11 Apr 2017 15:47:33 +0300
parents 64d17b868bcc
children 23ea7cc3b559
files src/auth/auth-request.c
diffstat 1 files changed, 15 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-request.c	Tue Apr 11 15:33:22 2017 +0300
+++ b/src/auth/auth-request.c	Tue Apr 11 15:47:33 2017 +0300
@@ -618,18 +618,27 @@
 }
 
 static bool
+auth_request_mechanism_accepted(const char *const *mechs,
+				const struct mech_module *mech)
+{
+	/* no filter specified, anything goes */
+	if (mechs == NULL) return TRUE;
+	/* request has no mechanism, see if none is accepted */
+	if (mech == NULL)
+		return str_array_icase_find(mechs, "none");
+	/* check if request mechanism is accepted */
+	return str_array_icase_find(mechs, mech->mech_name);
+}
+
+static bool
 auth_request_want_skip_passdb(struct auth_request *request,
 			      struct auth_passdb *passdb)
 {
 	/* if mechanism is not supported, skip */
-	const char *const *mech = passdb->passdb->mechanisms;
+	const char *const *mechs = passdb->passdb->mechanisms;
 
-	/* if request->mech == NULL it means we are doing
-	   lookup without authentication and should not match this */
-	if (mech != NULL && (request->mech == NULL ||
-	     !str_array_icase_find(mech, request->mech->mech_name))) {
+	if (!auth_request_mechanism_accepted(mechs, request->mech))
 		return TRUE;
-	}
 
 	/* skip_password_check basically specifies if authentication is
 	   finished */