auth: passdb shadow supports now lookup_credentials() API

author Timo Sirainen <tss@iki.fi>

Sat, 2 Nov 2013 10:46:08 +0000 (12:46 +0200)

committer Timo Sirainen <tss@iki.fi>

Sat, 2 Nov 2013 10:46:08 +0000 (12:46 +0200)
author Timo Sirainen <tss@iki.fi>
Sat, 2 Nov 2013 10:46:08 +0000 (12:46 +0200)
committer Timo Sirainen <tss@iki.fi>
Sat, 2 Nov 2013 10:46:08 +0000 (12:46 +0200)
diff --git a/src/auth/passdb-shadow.c b/src/auth/passdb-shadow.c

index 0424fd6328ba253b6cd609b93a683a5432e8dc7f..4215ceb66cc4d838c328cfd0cc4bfe2e40971945 100644 (file)
--- a/src/auth/passdb-shadow.c
+++ b/src/auth/passdb-shadow.c
@@ -12,32 +12,42 @@
  #define SHADOW_CACHE_KEY "%u"
  #define SHADOW_PASS_SCHEME "CRYPT"
  
-static void
-shadow_verify_plain(struct auth_request *request, const char *password,
-                   verify_plain_callback_t *callback)
+static enum passdb_result
+shadow_lookup(struct auth_request *request, struct spwd **spw_r)
  {
-       struct spwd *spw;
-       int ret;
-
         auth_request_log_debug(request, "shadow", "lookup");
  
-       spw = getspnam(request->user);
-       if (spw == NULL) {
+       *spw_r = getspnam(request->user);
+       if (*spw_r == NULL) {
                 auth_request_log_unknown_user(request, "shadow");
-               callback(PASSDB_RESULT_USER_UNKNOWN, request);
-               return;
+               return PASSDB_RESULT_USER_UNKNOWN;
         }
  
-       if (!IS_VALID_PASSWD(spw->sp_pwdp)) {
+       if (!IS_VALID_PASSWD((*spw_r)->sp_pwdp)) {
                 auth_request_log_info(request, "shadow",
                                       "invalid password field");
-               callback(PASSDB_RESULT_USER_DISABLED, request);
-               return;
+               return PASSDB_RESULT_USER_DISABLED;
         }
  
         /* save the password so cache can use it */
-       auth_request_set_field(request, "password", spw->sp_pwdp,
+       auth_request_set_field(request, "password", (*spw_r)->sp_pwdp,
                                SHADOW_PASS_SCHEME);
+       return PASSDB_RESULT_OK;
+}
+
+static void
+shadow_verify_plain(struct auth_request *request, const char *password,
+                   verify_plain_callback_t *callback)
+{
+       struct spwd *spw;
+       enum passdb_result res;
+       int ret;
+
+       res = shadow_lookup(request, &spw);
+       if (res != PASSDB_RESULT_OK) {
+               callback(res, request);
+               return;
+       }
  
         /* check if the password is valid */
         ret = auth_request_password_verify(request, password, spw->sp_pwdp,
@@ -57,6 +67,24 @@ shadow_verify_plain(struct auth_request *request, const char *password,
         callback(PASSDB_RESULT_OK, request);
  }
  
+static void
+shadow_lookup_credentials(struct auth_request *request,
+                         lookup_credentials_callback_t *callback)
+{
+       struct spwd *spw;
+       enum passdb_result res;
+
+       res = shadow_lookup(request, &spw);
+       if (res != PASSDB_RESULT_OK) {
+               callback(res, NULL, 0, request);
+               return;
+       }
+       /* make sure we're using the username exactly as it's in the database */
+        auth_request_set_field(request, "user", spw->sp_namp, NULL);
+       passdb_handle_credentials(PASSDB_RESULT_OK, spw->sp_pwdp,
+                                 SHADOW_PASS_SCHEME, callback, request);
+}
+
  static struct passdb_module *
  shadow_preinit(pool_t pool, const char *args)
  {
@@ -87,7 +115,7 @@ struct passdb_module_interface passdb_shadow = {
         shadow_deinit,
  
         shadow_verify_plain,
-       NULL,
+       shadow_lookup_credentials,
         NULL
  };
  #else
author	Timo Sirainen <tss@iki.fi>
	Sat, 2 Nov 2013 10:46:08 +0000 (12:46 +0200)
committer	Timo Sirainen <tss@iki.fi>
	Sat, 2 Nov 2013 10:46:08 +0000 (12:46 +0200)