Mercurial > dovecot > original-hg > dovecot-1.2
changeset 7123:25e7c37c7c10 HEAD
If proxy user has a password and authentication fails, don't return the
proxy fields to client.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 06 Jan 2008 03:17:20 +0200 |
parents | fb03422c0760 |
children | fe42e3097e23 |
files | src/auth/auth-request-handler.c src/auth/auth-request.c src/auth/auth-request.h |
diffstat | 3 files changed, 17 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request-handler.c Sun Jan 06 03:13:20 2008 +0200 +++ b/src/auth/auth-request-handler.c Sun Jan 06 03:17:20 2008 +0200 @@ -209,7 +209,7 @@ handler->callback(str_c(str), handler->context); break; case AUTH_CLIENT_RESULT_SUCCESS: - auth_request_proxy_finish(request); + auth_request_proxy_finish(request, TRUE); str_printfa(str, "OK\t%u\tuser=%s", request->id, request->user); if (reply_size > 0) { @@ -230,6 +230,8 @@ handler->callback(str_c(str), handler->context); break; case AUTH_CLIENT_RESULT_FAILURE: + auth_request_proxy_finish(request, FALSE); + str_printfa(str, "FAIL\t%u", request->id); if (request->user != NULL) str_printfa(str, "\tuser=%s", request->user);
--- a/src/auth/auth-request.c Sun Jan 06 03:13:20 2008 +0200 +++ b/src/auth/auth-request.c Sun Jan 06 03:17:20 2008 +0200 @@ -1254,18 +1254,23 @@ strcmp(destuser, request->original_username) == 0; } -void auth_request_proxy_finish(struct auth_request *request) +void auth_request_proxy_finish(struct auth_request *request, bool success) { - if (!request->proxy_maybe || request->no_login) + if (!request->proxy || request->no_login) return; - if (!auth_request_proxy_is_self(request)) { - request->no_login = TRUE; - return; + if (!success) { + /* drop all proxy fields */ + } else { + if (!request->proxy_maybe || + !auth_request_proxy_is_self(request)) { + request->no_login = TRUE; + return; + } + + /* proxying to ourself - log in without proxying by dropping + all the proxying fields. */ } - - /* proxying to ourself - log in without proxying by dropping all the - proxying fields. */ auth_stream_reply_remove(request->extra_fields, "proxy"); auth_stream_reply_remove(request->extra_fields, "host"); auth_stream_reply_remove(request->extra_fields, "port");
--- a/src/auth/auth-request.h Sun Jan 06 03:13:20 2008 +0200 +++ b/src/auth/auth-request.h Sun Jan 06 03:17:20 2008 +0200 @@ -148,7 +148,7 @@ void auth_request_set_userdb_field_values(struct auth_request *request, const char *name, const char *const *values); -void auth_request_proxy_finish(struct auth_request *request); +void auth_request_proxy_finish(struct auth_request *request, bool success); int auth_request_password_verify(struct auth_request *request, const char *plain_password,