Mercurial > dovecot > original-hg > dovecot-1.2
changeset 4374:96fd7a3f9bfe HEAD
If password is expired, give "Password expired" error. Currently works only
with PAM. Also added "unknown user" PAM return value handling.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 16 Jun 2006 13:01:25 +0300 |
parents | 936e90b7d525 |
children | 4fa4d1d299d3 |
files | src/auth/auth-request.c src/auth/passdb-pam.c src/auth/passdb.h |
diffstat | 3 files changed, 27 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Fri Jun 16 12:55:32 2006 +0300 +++ b/src/auth/auth-request.c Fri Jun 16 13:01:25 2006 +0300 @@ -192,6 +192,7 @@ /* can be cached */ break; case PASSDB_RESULT_USER_DISABLED: + case PASSDB_RESULT_PASS_EXPIRED: /* FIXME: we can't cache this now, or cache lookup would return success. */ return; @@ -316,6 +317,11 @@ return FALSE; } } + } else if (*result == PASSDB_RESULT_PASS_EXPIRED) { + if (request->extra_fields == NULL) + request->extra_fields = auth_stream_reply_init(request); + auth_stream_reply_add(request->extra_fields, "reason", + "Password expired"); } else if (request->passdb->next != NULL && *result != PASSDB_RESULT_USER_DISABLED) { /* try next passdb. */
--- a/src/auth/passdb-pam.c Fri Jun 16 12:55:32 2006 +0300 +++ b/src/auth/passdb-pam.c Fri Jun 16 13:01:25 2006 +0300 @@ -266,10 +266,21 @@ status = pam_auth(request, pamh, &str); if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) { - /* FIXME: check for PASSDB_RESULT_UNKNOWN_USER - somehow? */ - result = status == PAM_SUCCESS ? PASSDB_RESULT_OK : - PASSDB_RESULT_PASSWORD_MISMATCH; + switch (status) { + case PAM_SUCCESS: + result = PASSDB_RESULT_OK; + break; + case PAM_USER_UNKNOWN: + result = PASSDB_RESULT_USER_UNKNOWN; + break; + case PAM_NEW_AUTHTOK_REQD: + case PAM_ACCT_EXPIRED: + result = PASSDB_RESULT_PASS_EXPIRED; + break; + default: + result = PASSDB_RESULT_PASSWORD_MISMATCH; + break; + } } else { result = PASSDB_RESULT_INTERNAL_FAILURE; str = t_strdup_printf("pam_end() failed: %s",
--- a/src/auth/passdb.h Fri Jun 16 12:55:32 2006 +0300 +++ b/src/auth/passdb.h Fri Jun 16 13:01:25 2006 +0300 @@ -19,10 +19,12 @@ }; enum passdb_result { - PASSDB_RESULT_USER_UNKNOWN = -1, - PASSDB_RESULT_USER_DISABLED = -2, - PASSDB_RESULT_INTERNAL_FAILURE = -3, - PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -4, + PASSDB_RESULT_INTERNAL_FAILURE = -1, + PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2, + + PASSDB_RESULT_USER_UNKNOWN = -3, + PASSDB_RESULT_USER_DISABLED = -4, + PASSDB_RESULT_PASS_EXPIRED = -5, PASSDB_RESULT_PASSWORD_MISMATCH = 0, PASSDB_RESULT_OK = 1