From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 27 Feb 2024 13:16:42 +0000 (+0200)
Subject: auth: Allow authentication succeed without passdb
X-Git-Tag: 2.4.0~745
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1861a1621f775c97baa01b8e7abf65604c7ffee1;p=thirdparty%2Fdovecot%2Fcore.git

auth: Allow authentication succeed without passdb
---

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 8764727050..4fa80365d0 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -1543,6 +1543,14 @@ auth_request_lookup_credentials_policy_continue(
 	request->passdb = passdb;
 
 	if (passdb == NULL) {
+		if (request->passdb_success) {
+			/* This is coming from mech that has already validated
+			   credentials, so we can just continue as success. */
+			result = PASSDB_RESULT_OK;
+			request->passdb_result = result;
+			callback(result, NULL, 0, request);
+			return;
+		}
 		e_error(request->event, "All password databases were skipped");
 		callback(PASSDB_RESULT_INTERNAL_FAILURE, NULL, 0, request);
 		return;
@@ -2032,7 +2040,10 @@ void auth_request_set_field(struct auth_request *request,
 	i_assert(*name != '\0');
 	i_assert(value != NULL);
 
-	i_assert(request->passdb != NULL);
+	/* Allow passdb to be NULL if it has already succeeded,
+	   this happens mostly with mechs that already know the user
+	   account is valid. */
+	i_assert(request->passdb != NULL || request->passdb_success);
 
 	if (name_len > 10 && strcmp(name+name_len-10, ":protected") == 0) {
 		/* set this field only if it hasn't been set before */