Mercurial > dovecot > original-hg > dovecot-1.2
changeset 2961:155386b3149d HEAD
When master looked for auth request, it didn't check if the authentication
was yet finished, so auth client could have fooled master by beginning
authentication without finishing it. Login processes didn't allow users to
do this though, so no real problem.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 09 Dec 2004 00:35:50 +0200 |
parents | 41a4ea8496d6 |
children | d048ef0a67f2 |
files | src/auth/auth-master-connection.c src/auth/mech.c src/auth/mech.h |
diffstat | 3 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-master-connection.c Thu Dec 09 00:06:41 2004 +0200 +++ b/src/auth/auth-master-connection.c Thu Dec 09 00:35:50 2004 +0200 @@ -130,6 +130,10 @@ client_pid, client_id); } master_send(conn, "NOTFOUND\t%u", id); + } else if (!request->successful) { + i_error("Master requested unfinished authentication request " + "%u.%u", client_pid, client_id); + master_send(conn, "NOTFOUND\t%u", id); } else { master_request = i_new(struct master_userdb_request, 1); master_request->conn = conn;
--- a/src/auth/mech.c Thu Dec 09 00:06:41 2004 +0200 +++ b/src/auth/mech.c Thu Dec 09 00:35:50 2004 +0200 @@ -158,6 +158,7 @@ return; } + request->successful = TRUE; if (request->conn != NULL) { request->callback(request, AUTH_CLIENT_RESULT_SUCCESS, data, data_size);
--- a/src/auth/mech.h Thu Dec 09 00:06:41 2004 +0200 +++ b/src/auth/mech.h Thu Dec 09 00:35:50 2004 +0200 @@ -34,6 +34,7 @@ struct ip_addr local_ip, remote_ip; mech_callback_t *callback; + unsigned int successful:1; unsigned int accept_input:1; unsigned int no_failure_delay:1; unsigned int no_login:1;