From: Timo Sirainen <tss@iki.fi>
Date: Mon, 7 Sep 2015 14:10:19 +0000 (+0300)
Subject: auth: Ignore first passdbs that contain skip=unauthenticated.
X-Git-Tag: 2.2.19.rc1~88
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a3f0bb25ba19fd61246d3dab686d26dd625ab5c;p=thirdparty%2Fdovecot%2Fcore.git

auth: Ignore first passdbs that contain skip=unauthenticated.
They can never match anything.
---

diff --git a/src/auth/auth.c b/src/auth/auth.c
index 3a23cd8ab3..778a0b3256 100644
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -227,6 +227,13 @@ auth_preinit(const struct auth_settings *set, const char *service, pool_t pool,
 		if (passdbs[i]->master)
 			continue;
 
+		/* passdb { skip=unauthenticated } as the first passdb doesn't
+		   make sense, since user is never authenticated at that point.
+		   skip over them silently. */
+		if (auth->passdbs == NULL &&
+		    auth_passdb_skip_parse(passdbs[i]->skip) == AUTH_PASSDB_SKIP_UNAUTHENTICATED)
+			continue;
+
 		auth_passdb_preinit(auth, passdbs[i], &auth->passdbs);
 		passdb_count++;
 		last_passdb = i;
@@ -238,6 +245,11 @@ auth_preinit(const struct auth_settings *set, const char *service, pool_t pool,
 		if (!passdbs[i]->master)
 			continue;
 
+		/* skip skip=unauthenticated, as explained above */
+		if (auth->masterdbs == NULL &&
+		    auth_passdb_skip_parse(passdbs[i]->skip) == AUTH_PASSDB_SKIP_UNAUTHENTICATED)
+			continue;
+
 		if (passdbs[i]->deny)
 			i_fatal("Master passdb can't have deny=yes");
 		if (passdbs[i]->pass && passdb_count == 0) {