Mercurial > dovecot > original-hg > dovecot-1.2
changeset 4104:77e10f1d2cb2 HEAD
Removed master_no_passdb setting. Added pass setting which can be used to do
the same thing, and other things. Now setting pass=yes to a passdb continues
to next passdb if the lookup succeeded. This allows eg. requiring the user
to be in multiple passdbs, or doing a username conversion before running the
actual userdb, etc.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sat, 25 Mar 2006 12:22:04 +0200 |
parents | 25204e1faeb6 |
children | 085bffbdd1b1 |
files | dovecot-example.conf src/auth/auth-request.c src/auth/auth.c src/auth/auth.h src/master/auth-process.c src/master/master-settings.c src/master/master-settings.h |
diffstat | 7 files changed, 24 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Sat Mar 25 12:19:10 2006 +0200 +++ b/dovecot-example.conf Sat Mar 25 12:22:04 2006 +0200 @@ -640,10 +640,10 @@ # duplicating the system users into virtual database. # # By adding master=yes setting inside a passdb you make the passdb a list - # of "master users", who can log in as anyone else. The destination user - # is still looked up from passdb without password verification, but this - # doesn't work with eg. PAM, so you can also set master_no_passdb=yes to - # skip this step and rely on userdb catching the invalid usernames. + # of "master users", who can log in as anyone else. Unless you're using PAM, + # you probably still want the destination user to be looked up from passdb + # that it really exists. This can be done by adding pass=yes setting to the + # master passdb. # # http://wiki.dovecot.org/Authentication #
--- a/src/auth/auth-request.c Sat Mar 25 12:19:10 2006 +0200 +++ b/src/auth/auth-request.c Sat Mar 25 12:22:04 2006 +0200 @@ -272,7 +272,7 @@ request->skip_password_check = TRUE; request->passdb_password = NULL; - if (request->passdb->master_no_passdb) { + if (!request->passdb->pass) { /* skip the passdb lookup, we're authenticated now. */ return TRUE; } @@ -307,6 +307,13 @@ /* this was a master user lookup. */ if (!auth_request_master_lookup_finish(request)) return FALSE; + } else { + if (request->passdb->pass) { + /* this wasn't the final passdb lookup, + continue to next passdb */ + request->passdb = request->passdb->next; + return FALSE; + } } } else if (request->passdb->next != NULL && *result != PASSDB_RESULT_USER_DISABLED) {
--- a/src/auth/auth.c Sat Mar 25 12:19:10 2006 +0200 +++ b/src/auth/auth.c Sat Mar 25 12:22:04 2006 +0200 @@ -34,6 +34,7 @@ t_push(); passdb_p = &auth->passdbs; masterdb_p = &auth->masterdbs; + auth_passdb = NULL; for (i = 1; ; i++) { driver = getenv(t_strdup_printf("PASSDB_%u_DRIVER", i)); if (driver == NULL) @@ -44,12 +45,11 @@ auth_passdb->deny = getenv(t_strdup_printf("PASSDB_%u_DENY", i)) != NULL; - auth_passdb->master_no_passdb = - getenv(t_strdup_printf("PASSDB_%u_MASTER_NO_PASSDB", - i)) != NULL; + auth_passdb->pass = + getenv(t_strdup_printf("PASSDB_%u_PASS", i)) != NULL; if (getenv(t_strdup_printf("PASSDB_%u_MASTER", i)) == NULL) { - *passdb_p = auth_passdb; + *passdb_p = auth_passdb; passdb_p = &auth_passdb->next; } else { if (auth_passdb->deny) @@ -59,6 +59,8 @@ masterdb_p = &auth_passdb->next; } } + if (auth_passdb != NULL && auth_passdb->pass) + i_fatal("Last passdb can't have pass=yes"); t_pop(); t_push();
--- a/src/auth/auth.h Sat Mar 25 12:19:10 2006 +0200 +++ b/src/auth/auth.h Sat Mar 25 12:22:04 2006 +0200 @@ -14,8 +14,8 @@ #endif /* if user is found from this passdb, deny authentication immediately */ unsigned int deny:1; - /* masterdb: no passdb lookup for user wanted */ - unsigned int master_no_passdb:1; + /* after a successful lookup, continue to next passdb */ + unsigned int pass:1; }; struct auth_userdb {
--- a/src/master/auth-process.c Sat Mar 25 12:19:10 2006 +0200 +++ b/src/master/auth-process.c Sat Mar 25 12:22:04 2006 +0200 @@ -431,12 +431,10 @@ } if (ap->deny) env_put(t_strdup_printf("PASSDB_%u_DENY=1", i)); + if (ap->pass) + env_put(t_strdup_printf("PASSDB_%u_PASS=1", i)); if (ap->master) env_put(t_strdup_printf("PASSDB_%u_MASTER=1", i)); - if (ap->master_no_passdb) { - env_put(t_strdup_printf("PASSDB_%u_MASTER_NO_PASSDB=1", - i)); - } } for (au = set->userdbs, i = 1; au != NULL; au = au->next, i++) { env_put(t_strdup_printf("USERDB_%u_DRIVER=%s", i, au->driver));
--- a/src/master/master-settings.c Sat Mar 25 12:19:10 2006 +0200 +++ b/src/master/master-settings.c Sat Mar 25 12:22:04 2006 +0200 @@ -214,8 +214,8 @@ DEF(SET_STR, driver), DEF(SET_STR, args), DEF(SET_BOOL, deny), + DEF(SET_BOOL, pass), DEF(SET_BOOL, master), - DEF(SET_BOOL, master_no_passdb), { 0, NULL, 0 } };