auth: Ignore first passdbs that contain skip=unauthenticated.

They can never match anything.

diff --git a/src/auth/auth.c b/src/auth/auth.c
index 3a23cd8ab395792e3e4fccce7924545e91c2e69c..778a0b3256dcaee2d8382a16537a22851712ac06 100644 (file)
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -227,6 +227,13 @@ auth_preinit(const struct auth_settings *set, const char *service, pool_t pool,
                if (passdbs[i]->master)
                        continue;
 
+               /* passdb { skip=unauthenticated } as the first passdb doesn't
+                  make sense, since user is never authenticated at that point.
+                  skip over them silently. */
+               if (auth->passdbs == NULL &&
+                   auth_passdb_skip_parse(passdbs[i]->skip) == AUTH_PASSDB_SKIP_UNAUTHENTICATED)
+                       continue;
+
                auth_passdb_preinit(auth, passdbs[i], &auth->passdbs);
                passdb_count++;
                last_passdb = i;
@@ -238,6 +245,11 @@ auth_preinit(const struct auth_settings *set, const char *service, pool_t pool,
                if (!passdbs[i]->master)
                        continue;
 
+               /* skip skip=unauthenticated, as explained above */
+               if (auth->masterdbs == NULL &&
+                   auth_passdb_skip_parse(passdbs[i]->skip) == AUTH_PASSDB_SKIP_UNAUTHENTICATED)
+                       continue;
+
                if (passdbs[i]->deny)
                        i_fatal("Master passdb can't have deny=yes");
                if (passdbs[i]->pass && passdb_count == 0) {