Mercurial > dovecot > core-2.2
changeset 21956:fcaed9f9bb3f
auth: Fix mechanism filter to support `none`
Otherwise credentials lookup can fail. None indicates
that it should match when no mech is specified.
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Tue, 11 Apr 2017 15:47:33 +0300 |
parents | 64d17b868bcc |
children | 23ea7cc3b559 |
files | src/auth/auth-request.c |
diffstat | 1 files changed, 15 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Tue Apr 11 15:33:22 2017 +0300 +++ b/src/auth/auth-request.c Tue Apr 11 15:47:33 2017 +0300 @@ -618,18 +618,27 @@ } static bool +auth_request_mechanism_accepted(const char *const *mechs, + const struct mech_module *mech) +{ + /* no filter specified, anything goes */ + if (mechs == NULL) return TRUE; + /* request has no mechanism, see if none is accepted */ + if (mech == NULL) + return str_array_icase_find(mechs, "none"); + /* check if request mechanism is accepted */ + return str_array_icase_find(mechs, mech->mech_name); +} + +static bool auth_request_want_skip_passdb(struct auth_request *request, struct auth_passdb *passdb) { /* if mechanism is not supported, skip */ - const char *const *mech = passdb->passdb->mechanisms; + const char *const *mechs = passdb->passdb->mechanisms; - /* if request->mech == NULL it means we are doing - lookup without authentication and should not match this */ - if (mech != NULL && (request->mech == NULL || - !str_array_icase_find(mech, request->mech->mech_name))) { + if (!auth_request_mechanism_accepted(mechs, request->mech)) return TRUE; - } /* skip_password_check basically specifies if authentication is finished */