Mercurial > dovecot > original-hg > dovecot-1.2
changeset 4357:ffb59f920018 HEAD
Don't call pam_setcred() unless setcred=yes PAM passdb argument was given.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Fri, 16 Jun 2006 12:45:16 +0300 |
| parents | 0726c68f0ef9 |
| children | 414cd456e7de |
| files | dovecot-example.conf src/auth/passdb-pam.c |
| diffstat | 2 files changed, 15 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Fri Jun 16 12:43:54 2006 +0300 +++ b/dovecot-example.conf Fri Jun 16 12:45:16 2006 +0300 @@ -692,11 +692,15 @@ # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM # authentication to actually work. passdb pam { - # [session=yes] [cache_key=<key>] [<service name>] + # [session=yes] [setcred=yes] [cache_key=<key>] [<service name>] # # session=yes makes Dovecot open and immediately close PAM session. Some # PAM plugins need this to work, such as pam_mkhomedir. # + # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins + # need that. They aren't ever deleted though, so this isn't enabled by + # default. + # # cache_key can be used to enable authentication caching for PAM # (auth_cache_size also needs to be set). It isn't enabled by default # because PAM modules can do all kinds of checks besides checking password,
--- a/src/auth/passdb-pam.c Fri Jun 16 12:43:54 2006 +0300 +++ b/src/auth/passdb-pam.c Fri Jun 16 12:45:16 2006 +0300 @@ -61,7 +61,7 @@ struct pam_passdb_module { struct passdb_module module; - bool pam_session; + bool pam_setcred, pam_session; const char *service_name, *pam_cache_key; struct timeout *to_wait; }; @@ -187,10 +187,13 @@ } #ifdef HAVE_PAM_SETCRED - if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) { - *error = t_strdup_printf("pam_setcred() failed: %s", - pam_strerror(pamh, status)); - return status; + if (module->pam_setcred) { + if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != + PAM_SUCCESS) { + *error = t_strdup_printf("pam_setcred() failed: %s", + pam_strerror(pamh, status)); + return status; + } } #endif @@ -433,6 +436,8 @@ if (strcmp(t_args[i], "-session") == 0 || strcmp(t_args[i], "session=yes") == 0) module->pam_session = TRUE; + else if (strcmp(t_args[i], "setcred=yes") == 0) + module->pam_setcred = TRUE; else if (strncmp(t_args[i], "cache_key=", 10) == 0) { module->module.cache_key = p_strdup(auth_passdb->auth->pool,