From: Timo Sirainen Date: Mon, 31 Oct 2016 18:19:07 +0000 (+0200) Subject: auth: If passwd-file can't be read, return tempfail (not user unknown). X-Git-Tag: 2.2.27~251 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=99b7459d18f7aaf0165637b8ccc7619e8e6467bf;p=thirdparty%2Fdovecot%2Fcore.git auth: If passwd-file can't be read, return tempfail (not user unknown). --- diff --git a/src/auth/db-passwd-file.c b/src/auth/db-passwd-file.c index 572d2cab6d..7ddc52d49c 100644 --- a/src/auth/db-passwd-file.c +++ b/src/auth/db-passwd-file.c @@ -428,12 +428,12 @@ path_fix(const char *path, return t_strdup_until(path, p); } -struct passwd_user * -db_passwd_file_lookup(struct db_passwd_file *db, struct auth_request *request, - const char *username_format) +int db_passwd_file_lookup(struct db_passwd_file *db, + struct auth_request *request, + const char *username_format, + struct passwd_user **user_r) { struct passwd_file *pw; - struct passwd_user *pu; string_t *username, *dest; if (!db->vars) @@ -451,7 +451,7 @@ db_passwd_file_lookup(struct db_passwd_file *db, struct auth_request *request, if (passwd_file_sync(request, pw) < 0) { /* pw may be freed now */ - return NULL; + return -1; } username = t_str_new(256); @@ -462,10 +462,12 @@ db_passwd_file_lookup(struct db_passwd_file *db, struct auth_request *request, "lookup: user=%s file=%s", str_c(username), pw->path); - pu = hash_table_lookup(pw->users, str_c(username)); - if (pu == NULL) - auth_request_log_unknown_user(request, AUTH_SUBSYS_DB); - return pu; + *user_r = hash_table_lookup(pw->users, str_c(username)); + if (*user_r == NULL) { + auth_request_log_unknown_user(request, AUTH_SUBSYS_DB); + return 0; + } + return 1; } #endif diff --git a/src/auth/db-passwd-file.h b/src/auth/db-passwd-file.h index a137ee17e1..8708c79f3c 100644 --- a/src/auth/db-passwd-file.h +++ b/src/auth/db-passwd-file.h @@ -44,9 +44,10 @@ struct db_passwd_file { unsigned int debug:1; }; -struct passwd_user * -db_passwd_file_lookup(struct db_passwd_file *db, struct auth_request *request, - const char *username_format); +int db_passwd_file_lookup(struct db_passwd_file *db, + struct auth_request *request, + const char *username_format, + struct passwd_user **user_r); struct db_passwd_file * db_passwd_file_init(const char *path, bool userdb, bool debug); diff --git a/src/auth/passdb-passwd-file.c b/src/auth/passdb-passwd-file.c index 40f083e86f..aaceab9640 100644 --- a/src/auth/passdb-passwd-file.c +++ b/src/auth/passdb-passwd-file.c @@ -68,10 +68,11 @@ passwd_file_verify_plain(struct auth_request *request, const char *password, const char *scheme, *crypted_pass; int ret; - pu = db_passwd_file_lookup(module->pwf, request, - module->username_format); - if (pu == NULL) { - callback(PASSDB_RESULT_USER_UNKNOWN, request); + ret = db_passwd_file_lookup(module->pwf, request, + module->username_format, &pu); + if (ret <= 0) { + callback(ret < 0 ? PASSDB_RESULT_INTERNAL_FAILURE : + PASSDB_RESULT_USER_UNKNOWN, request); return; } @@ -93,11 +94,13 @@ passwd_file_lookup_credentials(struct auth_request *request, (struct passwd_file_passdb_module *)_module; struct passwd_user *pu; const char *crypted_pass, *scheme; + int ret; - pu = db_passwd_file_lookup(module->pwf, request, - module->username_format); - if (pu == NULL) { - callback(PASSDB_RESULT_USER_UNKNOWN, NULL, 0, request); + ret = db_passwd_file_lookup(module->pwf, request, + module->username_format, &pu); + if (ret <= 0) { + callback(ret < 0 ? PASSDB_RESULT_INTERNAL_FAILURE : + PASSDB_RESULT_USER_UNKNOWN, NULL, 0, request); return; } diff --git a/src/auth/userdb-passwd-file.c b/src/auth/userdb-passwd-file.c index f80cac1f9e..38f2678bf0 100644 --- a/src/auth/userdb-passwd-file.c +++ b/src/auth/userdb-passwd-file.c @@ -38,10 +38,11 @@ static void passwd_file_lookup(struct auth_request *auth_request, string_t *str; const char *key, *value; char **p; + int ret; - pu = db_passwd_file_lookup(module->pwf, auth_request, - module->username_format); - if (pu == NULL || pu->uid == 0) { + ret = db_passwd_file_lookup(module->pwf, auth_request, + module->username_format, &pu); + if (ret <= 0 || pu->uid == 0) { callback(USERDB_RESULT_USER_UNKNOWN, auth_request); return; }