Mercurial > dovecot > original-hg > dovecot-1.2

changeset 4104:77e10f1d2cb2 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Removed master_no_passdb setting. Added pass setting which can be used to do the same thing, and other things. Now setting pass=yes to a passdb continues to next passdb if the lookup succeeded. This allows eg. requiring the user to be in multiple passdbs, or doing a username conversion before running the actual userdb, etc.
author Timo Sirainen <tss@iki.fi>
date Sat, 25 Mar 2006 12:22:04 +0200
parents 25204e1faeb6
children 085bffbdd1b1
files dovecot-example.conf src/auth/auth-request.c src/auth/auth.c src/auth/auth.h src/master/auth-process.c src/master/master-settings.c src/master/master-settings.h
diffstat 7 files changed, 24 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/dovecot-example.conf	Sat Mar 25 12:19:10 2006 +0200
+++ b/dovecot-example.conf	Sat Mar 25 12:22:04 2006 +0200
@@ -640,10 +640,10 @@
   # duplicating the system users into virtual database.
   #
   # By adding master=yes setting inside a passdb you make the passdb a list
-  # of "master users", who can log in as anyone else. The destination user
-  # is still looked up from passdb without password verification, but this
-  # doesn't work with eg. PAM, so you can also set master_no_passdb=yes to
-  # skip this step and rely on userdb catching the invalid usernames.
+  # of "master users", who can log in as anyone else. Unless you're using PAM,
+  # you probably still want the destination user to be looked up from passdb
+  # that it really exists. This can be done by adding pass=yes setting to the
+  # master passdb.
   #
   # http://wiki.dovecot.org/Authentication
   #
--- a/src/auth/auth-request.c	Sat Mar 25 12:19:10 2006 +0200
+++ b/src/auth/auth-request.c	Sat Mar 25 12:22:04 2006 +0200
@@ -272,7 +272,7 @@
 	request->skip_password_check = TRUE;
 	request->passdb_password = NULL;
 
-	if (request->passdb->master_no_passdb) {
+	if (!request->passdb->pass) {
 		/* skip the passdb lookup, we're authenticated now. */
 		return TRUE;
 	}
@@ -307,6 +307,13 @@
 			/* this was a master user lookup. */
 			if (!auth_request_master_lookup_finish(request))
 				return FALSE;
+		} else {
+			if (request->passdb->pass) {
+				/* this wasn't the final passdb lookup,
+				   continue to next passdb */
+				request->passdb = request->passdb->next;
+				return FALSE;
+			}
 		}
 	} else if (request->passdb->next != NULL &&
 		   *result != PASSDB_RESULT_USER_DISABLED) {
--- a/src/auth/auth.c	Sat Mar 25 12:19:10 2006 +0200
+++ b/src/auth/auth.c	Sat Mar 25 12:22:04 2006 +0200
@@ -34,6 +34,7 @@
 	t_push();
 	passdb_p = &auth->passdbs;
 	masterdb_p = &auth->masterdbs;
+	auth_passdb = NULL;
 	for (i = 1; ; i++) {
 		driver = getenv(t_strdup_printf("PASSDB_%u_DRIVER", i));
 		if (driver == NULL)
@@ -44,12 +45,11 @@
 
                 auth_passdb->deny =
                         getenv(t_strdup_printf("PASSDB_%u_DENY", i)) != NULL;
-                auth_passdb->master_no_passdb =
-                        getenv(t_strdup_printf("PASSDB_%u_MASTER_NO_PASSDB",
-                                               i)) != NULL;
+		auth_passdb->pass =
+                        getenv(t_strdup_printf("PASSDB_%u_PASS", i)) != NULL;
 
 		if (getenv(t_strdup_printf("PASSDB_%u_MASTER", i)) == NULL) {
-                        *passdb_p = auth_passdb;
+			*passdb_p = auth_passdb;
 			passdb_p = &auth_passdb->next;
                 } else {
 			if (auth_passdb->deny)
@@ -59,6 +59,8 @@
 			masterdb_p = &auth_passdb->next;
 		}
 	}
+	if (auth_passdb != NULL && auth_passdb->pass)
+		i_fatal("Last passdb can't have pass=yes");
 	t_pop();
 
 	t_push();
--- a/src/auth/auth.h	Sat Mar 25 12:19:10 2006 +0200
+++ b/src/auth/auth.h	Sat Mar 25 12:22:04 2006 +0200
@@ -14,8 +14,8 @@
 #endif
         /* if user is found from this passdb, deny authentication immediately */
 	unsigned int deny:1;
-	/* masterdb: no passdb lookup for user wanted */
-	unsigned int master_no_passdb:1;
+	/* after a successful lookup, continue to next passdb */
+	unsigned int pass:1;
 };
 
 struct auth_userdb {
--- a/src/master/auth-process.c	Sat Mar 25 12:19:10 2006 +0200
+++ b/src/master/auth-process.c	Sat Mar 25 12:22:04 2006 +0200
@@ -431,12 +431,10 @@
 		}
 		if (ap->deny)
 			env_put(t_strdup_printf("PASSDB_%u_DENY=1", i));
+                if (ap->pass)
+                        env_put(t_strdup_printf("PASSDB_%u_PASS=1", i));
 		if (ap->master)
                         env_put(t_strdup_printf("PASSDB_%u_MASTER=1", i));
-                if (ap->master_no_passdb) {
-                        env_put(t_strdup_printf("PASSDB_%u_MASTER_NO_PASSDB=1",
-                                                i));
-                }
 	}
 	for (au = set->userdbs, i = 1; au != NULL; au = au->next, i++) {
 		env_put(t_strdup_printf("USERDB_%u_DRIVER=%s", i, au->driver));
--- a/src/master/master-settings.c	Sat Mar 25 12:19:10 2006 +0200
+++ b/src/master/master-settings.c	Sat Mar 25 12:22:04 2006 +0200
@@ -214,8 +214,8 @@
 	DEF(SET_STR, driver),
 	DEF(SET_STR, args),
 	DEF(SET_BOOL, deny),
+	DEF(SET_BOOL, pass),
 	DEF(SET_BOOL, master),
-	DEF(SET_BOOL, master_no_passdb),
 
 	{ 0, NULL, 0 }
 };
--- a/src/master/master-settings.h	Sat Mar 25 12:19:10 2006 +0200
+++ b/src/master/master-settings.h	Sat Mar 25 12:22:04 2006 +0200
@@ -145,8 +145,8 @@
 	const char *driver;
 	const char *args;
 	bool deny;
+	bool pass;
 	bool master;
-	bool master_no_passdb;
 };
 
 struct auth_userdb_settings {