Mercurial > dovecot > original-hg > dovecot-1.2
changeset 6619:2a36e7d9ddb6 HEAD
Don't keep master username in original_username.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sat, 27 Oct 2007 18:31:05 +0300 |
parents | 39f5251b04f9 |
children | 2a9edc9136f9 |
files | src/auth/auth-request.c src/auth/auth-request.h |
diffstat | 2 files changed, 13 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Sat Oct 27 18:25:44 2007 +0300 +++ b/src/auth/auth-request.c Sat Oct 27 18:31:05 2007 +0300 @@ -768,17 +768,6 @@ { const char *p, *login_username = NULL; - if (request->original_username == NULL) { - /* the username may change later, but we need to use this - username when verifying at least DIGEST-MD5 password */ - request->original_username = p_strdup(request->pool, username); - } - if (request->cert_username) { - /* cert_username overrides the username given by - authentication mechanism. */ - return TRUE; - } - if (request->auth->master_user_separator != '\0' && !request->userdb_lookup) { /* check if the username contains a master user */ @@ -792,6 +781,17 @@ } } + if (request->original_username == NULL) { + /* the username may change later, but we need to use this + username when verifying at least DIGEST-MD5 password. */ + request->original_username = p_strdup(request->pool, username); + } + if (request->cert_username) { + /* cert_username overrides the username given by + authentication mechanism. */ + return TRUE; + } + if (*username == '\0') { /* Some PAM plugins go nuts with empty usernames */ *error_r = "Empty username";
--- a/src/auth/auth-request.h Sat Oct 27 18:25:44 2007 +0300 +++ b/src/auth/auth-request.h Sat Oct 27 18:31:05 2007 +0300 @@ -34,7 +34,8 @@ char *user, *requested_login_user, *master_user; /* original_username contains the username exactly as given by the client. this is needed at least with DIGEST-MD5 for password - verification */ + verification. however with master logins the master username has + been dropped from it. */ const char *original_username; char *mech_password; /* set if verify_plain() is called */ char *passdb_password; /* set after password lookup if successful */