auth_request_want_skip_passdb(struct auth_request *request,
struct auth_passdb *passdb)
{
+ /* if mechanism is not supported, skip */
+ const char *const *mech = passdb->passdb->mechanisms;
+
+ /* if request->mech == NULL it means we are doing
+ lookup without authentication and should not match this */
+ if (mech != NULL && (request->mech == NULL ||
+ !str_array_icase_find(mech, request->mech->mech_name))) {
+ return TRUE;
+ }
+
/* skip_password_check basically specifies if authentication is
finished */
bool authenticated = request->skip_password_check;
DEF(SET_STR, args),
DEF(SET_STR, default_fields),
DEF(SET_STR, override_fields),
+ DEF(SET_STR, mechanisms),
DEF(SET_ENUM, skip),
DEF(SET_ENUM, result_success),
.args = "",
.default_fields = "",
.override_fields = "",
+ .mechanisms = "",
.skip = "never:authenticated:unauthenticated",
.result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail",
const char *args;
const char *default_fields;
const char *override_fields;
+ const char *mechanisms;
const char *skip;
const char *result_success;
passdb->id = ++auth_passdb_id;
passdb->iface = *iface;
passdb->args = p_strdup(pool, set->args);
+ if (*set->mechanisms == '\0') {
+ passdb->mechanisms = NULL;
+ } else if (strcasecmp(set->mechanisms, "none") == 0) {
+ passdb->mechanisms = (const char *const[]){NULL};
+ } else {
+ passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,");
+ }
array_append(&passdb_modules, &passdb, 1);
return passdb;
/* Default password scheme for this module.
If cache_key is set, must not be NULL. */
const char *default_pass_scheme;
+ /* Supported authentication mechanisms, NULL is all, [NULL] is none*/
+ const char *const *mechanisms;
+
/* If blocking is set to TRUE, use child processes to access
this passdb. */
bool blocking;
projects / thirdparty / dovecot / core.git / commitdiff
