]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
auth: Added %{session_pid} variable for userdb lookups in login requests.
authorTimo Sirainen <tss@iki.fi>
Sat, 2 Nov 2013 11:52:30 +0000 (13:52 +0200)
committerTimo Sirainen <tss@iki.fi>
Sat, 2 Nov 2013 11:52:30 +0000 (13:52 +0200)
session_pid is now always sent to auth process. A new request_auth_token
parameter was added to specify if auth_token should be returned or not.

src/auth/auth-request-handler.c
src/auth/auth-request.c
src/auth/auth-request.h
src/lib-master/master-login-auth.c

index 19b8624a2f80919a9eb3bb2ff93c38253de3f326..56ce379c05d5a9f6c925fc9149e210d59f809841 100644 (file)
@@ -669,7 +669,8 @@ static void userdb_callback(enum userdb_result result,
                        str_append(str, "\tanonymous");
                }
                /* generate auth_token when master service provided session_pid */
-               if (request->session_pid != (pid_t)-1) {
+               if (request->request_auth_token &&
+                   request->session_pid != (pid_t)-1) {
                        const char *auth_token =
                                auth_token_get(request->service,
                                               dec2str(request->session_pid),
index 2982b9cc5f56c41e0a14ef00fbfcc2271423a757..ce02ceee6765800f50bcbf871af5711e02e000c9 100644 (file)
@@ -331,7 +331,9 @@ bool auth_request_import_master(struct auth_request *request,
        if (strcmp(key, "session_pid") == 0) {
                if (str_to_pid(value, &pid) == 0)
                        request->session_pid = pid;
-       } else
+       } else if (strcmp(key, "request_auth_token") == 0)
+               request->request_auth_token = TRUE;
+       else
                return FALSE;
        return TRUE;
 }
@@ -1950,6 +1952,7 @@ auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1] = {
        { '\0', NULL, "domain_first" },
        { '\0', NULL, "domain_last" },
        { '\0', NULL, "master_user" },
+       { '\0', NULL, "session_pid" },
        /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */
        { '\0', NULL, NULL }
 };
@@ -2037,6 +2040,8 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
                tab[24].value = escape_func(tab[24].value+1, auth_request);
        tab[25].value = auth_request->master_user == NULL ? NULL :
                escape_func(auth_request->master_user, auth_request);
+       tab[26].value = auth_request->session_pid == (pid_t)-1 ? NULL :
+               dec2str(auth_request->session_pid);
        return ret_tab;
 }
 
index 6db0532f11d8d830785808a33d1964c292be7fdb..6319707deafc34a7acf663e1fa60b85d359354e8 100644 (file)
@@ -108,6 +108,7 @@ struct auth_request {
        unsigned int no_penalty:1;
        unsigned int valid_client_cert:1;
        unsigned int cert_username:1;
+       unsigned int request_auth_token:1;
 
        /* success/failure states: */
        unsigned int successful:1;
@@ -143,7 +144,7 @@ extern unsigned int auth_request_state_count[AUTH_REQUEST_STATE_MAX];
 #define AUTH_REQUEST_VAR_TAB_USER_IDX 0
 #define AUTH_REQUEST_VAR_TAB_USERNAME_IDX 1
 #define AUTH_REQUEST_VAR_TAB_DOMAIN_IDX 2
-#define AUTH_REQUEST_VAR_TAB_COUNT 26
+#define AUTH_REQUEST_VAR_TAB_COUNT 27
 extern const struct var_expand_table
 auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1];
 
index f8b03c3de7064714a58098d0e254e48d8cb3c60f..7ba9996a4d2e597b90e4f69001db3ba986ec1e12 100644 (file)
@@ -440,8 +440,9 @@ master_login_auth_send_request(struct master_login_auth *auth,
        str_printfa(str, "REQUEST\t%u\t%u\t%u\t", req->id,
                    req->client_pid, req->auth_id);
        binary_to_hex_append(str, req->cookie, sizeof(req->cookie));
+       str_printfa(str, "\tsession_pid=%s", my_pid);
        if (auth->request_auth_token)
-               str_printfa(str, "\tsession_pid=%s", my_pid);
+               str_append(str, "\trequest_auth_token");
        str_append_c(str, '\n');
        o_stream_nsend(auth->output, str_data(str), str_len(str));
 }