auth: userdb passwd iteration now lists only users within first_valid_uid..last_valid...

diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
index 784a6aad39426b23b36f522690a1f41a88ab2f08..49db6a4d6f4a8908e82ea3085a0bc500028c8562 100644 (file)
--- a/src/auth/auth-settings.c
+++ b/src/auth/auth-settings.c
@@ -191,6 +191,8 @@ static const struct setting_define auth_setting_defines[] = {
        DEF(SET_STR, gssapi_hostname),
        DEF(SET_STR, winbind_helper_path),
        DEF(SET_TIME, failure_delay),
+       DEF(SET_UINT, first_valid_uid),
+       DEF(SET_UINT, last_valid_uid),
 
        DEF(SET_BOOL, verbose),
        DEF(SET_BOOL, debug),
@@ -226,6 +228,8 @@ static const struct auth_settings auth_default_settings = {
        .gssapi_hostname = "",
        .winbind_helper_path = "/usr/bin/ntlm_auth",
        .failure_delay = 2,
+       .first_valid_uid = 500,
+       .last_valid_uid = 0,
 
        .verbose = FALSE,
        .debug = FALSE,

diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
index e1e69f2a60c9c6740b742ad73b52ff179bc6eb23..7b1533c8a04297100c78065857cd1c5d7b47b130 100644 (file)
--- a/src/auth/auth-settings.h
+++ b/src/auth/auth-settings.h
@@ -33,6 +33,8 @@ struct auth_settings {
        const char *gssapi_hostname;
        const char *winbind_helper_path;
        unsigned int failure_delay;
+       unsigned int first_valid_uid;
+       unsigned int last_valid_uid;
 
        bool verbose, debug, debug_passwords;
        const char *verbose_passwords;

diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c
index 2aa62be41bb19ddd0f99afa0c2eaf13f277f94f8..e24dc426793932a4ef867f052e96da230a5f5945 100644 (file)
--- a/src/auth/userdb-passwd.c
+++ b/src/auth/userdb-passwd.c
@@ -20,6 +20,7 @@ struct passwd_userdb_module {
 struct passwd_userdb_iterate_context {
        struct userdb_iterate_context ctx;
        struct passwd_userdb_iterate_context *next_waiting;
+       const struct auth_settings *set;
 };
 
 static struct passwd_userdb_iterate_context *cur_userdb_iter = NULL;
@@ -78,6 +79,7 @@ passwd_iterate_init(struct userdb_module *userdb,
        ctx->ctx.userdb = userdb;
        ctx->ctx.callback = callback;
        ctx->ctx.context = context;
+       ctx->set = auth_find_service("")->set;
        setpwent();
 
        if (cur_userdb_iter == NULL)
@@ -100,16 +102,21 @@ static void passwd_iterate_next(struct userdb_iterate_context *_ctx)
        }
 
        errno = 0;
-       pw = getpwent();
-       if (pw == NULL) {
-               if (errno != 0) {
-                       i_error("getpwent() failed: %m");
-                       _ctx->failed = TRUE;
+       while ((pw = getpwent()) != NULL) {
+               /* skip entries not in valid UID range.
+                  they're users for daemons and such. */
+               if (pw->pw_uid >= ctx->set->first_valid_uid &&
+                   (ctx->set->last_valid_uid == 0 ||
+                    pw->pw_uid <= ctx->set->last_valid_uid)) {
+                       _ctx->callback(pw->pw_name, _ctx->context);
+                       return;
                }
-               _ctx->callback(NULL, _ctx->context);
-       } else {
-               _ctx->callback(pw->pw_name, _ctx->context);
        }
+       if (errno != 0) {
+               i_error("getpwent() failed: %m");
+               _ctx->failed = TRUE;
+       }
+       _ctx->callback(NULL, _ctx->context);
 }
 
 static void passwd_iterate_next_timeout(void *context ATTR_UNUSED)