request->mech_password = p_strdup(request->pool, password);
else
i_assert(request->mech_password == password);
+ request->user_changed_by_lookup = FALSE;
if (request->policy_processed) {
auth_request_verify_plain_continue(request, callback);
if (request->credentials_scheme == NULL)
request->credentials_scheme = p_strdup(request->pool, scheme);
+ request->user_changed_by_lookup = FALSE;
if (request->policy_processed)
auth_request_lookup_credentials_policy_continue(request, callback);
it set */
auth_fields_rollback(request->userdb_reply);
}
+ request->user_changed_by_lookup = FALSE;
request->userdb = next_userdb;
auth_request_lookup_user(request,
const char *cache_key, *error;
request->private_callback.userdb = callback;
+ request->user_changed_by_lookup = FALSE;
request->userdb_lookup = TRUE;
request->userdb_result_from_cache = FALSE;
if (request->userdb_reply == NULL)
/* similar to original_username, but after translations */
request->translated_username = request->user;
}
+ request->user_changed_by_lookup = TRUE;
if (login_username != NULL) {
if (!auth_request_set_login_username(request,
bool in_delayed_failure_queue:1;
bool removed_from_handler:1;
bool snapshot_have_userdb_prefetch_set:1;
+ /* username was changed by this passdb/userdb lookup. Used by
+ auth-workers to determine whether to send back a changed username. */
+ bool user_changed_by_lookup:1;
/* each passdb lookup can update the current success-status using the
result_* rules. the authentication succeeds only if this is TRUE
at the end. mechanisms that don't require passdb, but do a passdb
str_printfa(str, "FAIL\t%d", result);
if (result != PASSDB_RESULT_INTERNAL_FAILURE) {
str_append_c(str, '\t');
- str_append_tabescaped(str, request->user);
+ if (request->user_changed_by_lookup)
+ str_append_tabescaped(str, request->user);
str_append_c(str, '\t');
if (request->passdb_password != NULL)
str_append_tabescaped(str, request->passdb_password);
str_append(str, "NEXT\t");
else
str_append(str, "OK\t");
- str_append_tabescaped(str, request->user);
+ if (request->user_changed_by_lookup)
+ str_append_tabescaped(str, request->user);
str_append_c(str, '\t');
if (request->credentials_scheme[0] != '\0') {
str_printfa(str, "{%s.b64}", request->credentials_scheme);
break;
case USERDB_RESULT_OK:
str_append(str, "OK\t");
- str_append_tabescaped(str, auth_request->user);
+ if (auth_request->user_changed_by_lookup)
+ str_append_tabescaped(str, auth_request->user);
str_append_c(str, '\t');
/* export only the fields changed by this lookup */
auth_fields_append(auth_request->userdb_reply, str,
if (strcmp(*args, "OK") == 0 && args[1] != NULL && args[2] != NULL) {
/* OK \t user \t password [\t extra] */
- auth_request_set_field(request, "user", args[1], NULL);
+ if (args[1][0] != '\0')
+ auth_request_set_field(request, "user", args[1], NULL);
auth_worker_reply_parse_args(request, args + 2);
return PASSDB_RESULT_OK;
}
if (strcmp(*args, "NEXT") == 0 && args[1] != NULL) {
/* NEXT \t user [\t extra] */
- auth_request_set_field(request, "user", args[1], NULL);
+ if (args[1][0] != '\0')
+ auth_request_set_field(request, "user", args[1], NULL);
auth_worker_reply_parse_args(request, args + 1);
return PASSDB_RESULT_NEXT;
}
args = "";
else
username = t_strdup_until(username, args++);
- if (strcmp(request->user, username) != 0)
+ if (username[0] != '\0' && strcmp(request->user, username) != 0)
request->user = p_strdup(request->pool, username);
} else {
result = USERDB_RESULT_INTERNAL_FAILURE;
projects / thirdparty / dovecot / core.git / commitdiff
