From: Aki Tuomi Date: Fri, 8 Nov 2024 07:30:14 +0000 (+0200) Subject: auth: Move username matching to auth when listing users X-Git-Tag: 2.4.0~266 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91665f9ebbd4e29ac46c0fbd86245630b7bff5f0;p=thirdparty%2Fdovecot%2Fcore.git auth: Move username matching to auth when listing users Auth process knows how to match users correctly in each userdb, so it is better to do it there. --- diff --git a/src/auth/auth-master-connection.c b/src/auth/auth-master-connection.c index 9f262ada72..cdf3cfd3d1 100644 --- a/src/auth/auth-master-connection.c +++ b/src/auth/auth-master-connection.c @@ -11,6 +11,7 @@ #include "hex-binary.h" #include "ioloop.h" #include "ostream.h" +#include "wildcard-match.h" #include "ipwd.h" #include "master-service.h" #include "userdb.h" @@ -496,13 +497,35 @@ static int master_output_list(struct master_list_iter_ctx *ctx) return 1; } +static int match_user(const char *user, struct auth_request *request, bool *match_r) +{ + struct auth_userdb *db = request->userdb; + const char *mask = request->fields.user; + + if (*db->auth_set->username_format != '\0') { + /* normalize requested mask to match userdb */ + string_t *dest = t_str_new(32); + const char *error; + if (auth_request_var_expand(dest, db->auth_set->username_format, + request, NULL, &error) < 0) { + e_error(authdb_event(request), "Iteration failed: %s", + error); + return -1; + } + mask = str_c(dest); + } + + *match_r = wildcard_match_icase(user, mask); + return 0; +} + static void master_input_list_callback(const char *user, void *context) { struct master_list_iter_ctx *ctx = context; struct auth_userdb *userdb = ctx->auth_request->userdb; - int ret; + int ret = 0; - if (user == NULL) { + if (user == NULL || ctx->failed) { if (userdb_blocking_iter_deinit(&ctx->iter) < 0) ctx->failed = TRUE; @@ -510,7 +533,7 @@ static void master_input_list_callback(const char *user, void *context) userdb = userdb->next; } while (userdb != NULL && userdb->userdb->iface->iterate_init == NULL); - if (userdb == NULL) { + if (userdb == NULL || ctx->failed) { /* iteration is finished */ const char *str; @@ -531,10 +554,14 @@ static void master_input_list_callback(const char *user, void *context) T_BEGIN { const char *str; - - str = t_strdup_printf("LIST\t%u\t%s\n", ctx->auth_request->id, - str_tabescape(user)); - ret = o_stream_send_str(ctx->conn->conn.output, str); + bool match; + if (match_user(user, ctx->auth_request, &match) < 0) + ctx->failed = TRUE; + else if (match) { + str = t_strdup_printf("LIST\t%u\t%s\n", ctx->auth_request->id, + str_tabescape(user)); + ret = o_stream_send_str(ctx->conn->conn.output, str); + } } T_END; if (o_stream_get_buffer_used_size(ctx->conn->conn.output) >= MAX_OUTBUF_SIZE) ret = o_stream_flush(ctx->conn->conn.output); diff --git a/src/doveadm/doveadm-auth.c b/src/doveadm/doveadm-auth.c index fa8c18a258..5c0c618b2e 100644 --- a/src/doveadm/doveadm-auth.c +++ b/src/doveadm/doveadm-auth.c @@ -9,7 +9,6 @@ #include "str.h" #include "strescape.h" #include "var-expand.h" -#include "wildcard-match.h" #include "dsasl-client.h" #include "settings-parser.h" #include "master-service.h" @@ -414,11 +413,7 @@ cmd_user_list(struct auth_master_connection *conn, ctx = auth_master_user_list_init(conn, user_mask, &input->info); while ((username = auth_master_user_list_next(ctx)) != NULL) { - for (i = 0; users[i] != NULL; i++) { - if (wildcard_match_icase(username, users[i])) - break; - } - if (users[i] != NULL) + for (i = 0; users[i] != NULL; i++) printf("%s\n", username); } if (auth_master_user_list_deinit(&ctx) < 0)