From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 4 Aug 2020 11:48:23 +0000 (+0300)
Subject: auth: Add and use auth_request_set_delayed_credentials()
X-Git-Tag: 2.3.13~312
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4d724f877bc4445ae3bc25b87eeab5ca50d2f7c4;p=thirdparty%2Fdovecot%2Fcore.git

auth: Add and use auth_request_set_delayed_credentials()
---

diff --git a/src/auth/auth-request-fields.c b/src/auth/auth-request-fields.c
index cfb966facf..18781398b0 100644
--- a/src/auth/auth-request-fields.c
+++ b/src/auth/auth-request-fields.c
@@ -466,3 +466,12 @@ void auth_request_init_userdb_reply(struct auth_request *request,
 		}
 	}
 }
+
+void auth_request_set_delayed_credentials(struct auth_request *request,
+					  const unsigned char *credentials,
+					  size_t size)
+{
+	request->fields.delayed_credentials =
+		p_memdup(request->pool, credentials, size);
+	request->fields.delayed_credentials_size = size;
+}
diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 1a5b6df98a..713efaeed0 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -1151,12 +1151,8 @@ auth_request_lookup_credentials_finish(enum passdb_result result,
 		    request->fields.delayed_credentials == NULL && size > 0) {
 			/* passdb continue* rule after a successful lookup.
 			   remember these credentials and use them later on. */
-			unsigned char *dup;
-
-			dup = p_malloc(request->pool, size);
-			memcpy(dup, credentials, size);
-			request->fields.delayed_credentials = dup;
-			request->fields.delayed_credentials_size = size;
+			auth_request_set_delayed_credentials(request,
+				credentials, size);
 		}
 		auth_request_lookup_credentials(request,
 			request->credentials_scheme,
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h
index c47e0b4eb9..55506188e6 100644
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -60,6 +60,10 @@ struct auth_request_fields {
 	/* the whole userdb result reply */
 	struct auth_fields *userdb_reply;
 
+	/* Credentials from the first successful passdb lookup. These are used
+	   as the final credentials, unless overridden by later passdb
+	   lookups. Note that the requests in auth-worker processes see these
+	   only as 1 byte sized \0 strings. */
 	const unsigned char *delayed_credentials;
 	size_t delayed_credentials_size;
 
@@ -251,6 +255,10 @@ void auth_request_set_realm(struct auth_request *request, const char *realm);
 void auth_request_set_auth_successful(struct auth_request *request);
 /* Password was successfully verified by a passdb. */
 void auth_request_set_password_verified(struct auth_request *request);
+/* Save credentials from a successful passdb lookup. */
+void auth_request_set_delayed_credentials(struct auth_request *request,
+					  const unsigned char *credentials,
+					  size_t size);
 
 void auth_request_set_field(struct auth_request *request,
 			    const char *name, const char *value,