Mercurial > dovecot > original-hg > dovecot-1.2

changeset 4374:96fd7a3f9bfe HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If password is expired, give "Password expired" error. Currently works only with PAM. Also added "unknown user" PAM return value handling.
author Timo Sirainen <tss@iki.fi>
date Fri, 16 Jun 2006 13:01:25 +0300
parents 936e90b7d525
children 4fa4d1d299d3
files src/auth/auth-request.c src/auth/passdb-pam.c src/auth/passdb.h
diffstat 3 files changed, 27 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-request.c	Fri Jun 16 12:55:32 2006 +0300
+++ b/src/auth/auth-request.c	Fri Jun 16 13:01:25 2006 +0300
@@ -192,6 +192,7 @@
 		/* can be cached */
 		break;
 	case PASSDB_RESULT_USER_DISABLED:
+	case PASSDB_RESULT_PASS_EXPIRED:
 		/* FIXME: we can't cache this now, or cache lookup would
 		   return success. */
 		return;
@@ -316,6 +317,11 @@
 				return FALSE;
 			}
 		}
+	} else if (*result == PASSDB_RESULT_PASS_EXPIRED) {
+	        if (request->extra_fields == NULL)
+		        request->extra_fields = auth_stream_reply_init(request);
+	        auth_stream_reply_add(request->extra_fields, "reason",
+				      "Password expired");
 	} else if (request->passdb->next != NULL &&
 		   *result != PASSDB_RESULT_USER_DISABLED) {
 		/* try next passdb. */
--- a/src/auth/passdb-pam.c	Fri Jun 16 12:55:32 2006 +0300
+++ b/src/auth/passdb-pam.c	Fri Jun 16 13:01:25 2006 +0300
@@ -266,10 +266,21 @@
 
 		status = pam_auth(request, pamh, &str);
 		if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) {
-			/* FIXME: check for PASSDB_RESULT_UNKNOWN_USER
-			   somehow? */
-			result = status == PAM_SUCCESS ? PASSDB_RESULT_OK :
-				PASSDB_RESULT_PASSWORD_MISMATCH;
+			switch (status) {
+			case PAM_SUCCESS:
+				result = PASSDB_RESULT_OK;
+				break;
+			case PAM_USER_UNKNOWN:
+				result = PASSDB_RESULT_USER_UNKNOWN;
+				break;
+			case PAM_NEW_AUTHTOK_REQD:
+			case PAM_ACCT_EXPIRED:
+				result = PASSDB_RESULT_PASS_EXPIRED;
+				break;
+			default:
+				result = PASSDB_RESULT_PASSWORD_MISMATCH;
+				break;
+			}
 		} else {
 			result = PASSDB_RESULT_INTERNAL_FAILURE;
 			str = t_strdup_printf("pam_end() failed: %s",
--- a/src/auth/passdb.h	Fri Jun 16 12:55:32 2006 +0300
+++ b/src/auth/passdb.h	Fri Jun 16 13:01:25 2006 +0300
@@ -19,10 +19,12 @@
 };
 
 enum passdb_result {
-	PASSDB_RESULT_USER_UNKNOWN = -1,
-	PASSDB_RESULT_USER_DISABLED = -2,
-	PASSDB_RESULT_INTERNAL_FAILURE = -3,
-	PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -4,
+	PASSDB_RESULT_INTERNAL_FAILURE = -1,
+	PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2,
+
+	PASSDB_RESULT_USER_UNKNOWN = -3,
+	PASSDB_RESULT_USER_DISABLED = -4,
+	PASSDB_RESULT_PASS_EXPIRED = -5,
 
 	PASSDB_RESULT_PASSWORD_MISMATCH = 0,
 	PASSDB_RESULT_OK = 1