From: Timo Sirainen <tss@iki.fi>
Date: Sat, 2 Nov 2013 11:52:30 +0000 (+0200)
Subject: auth: Added %{session_pid} variable for userdb lookups in login requests.
X-Git-Tag: 2.2.7~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e3ea9f8db1626f3143665882a0500cfd7f9ab3d2;p=thirdparty%2Fdovecot%2Fcore.git

auth: Added %{session_pid} variable for userdb lookups in login requests.
session_pid is now always sent to auth process. A new request_auth_token
parameter was added to specify if auth_token should be returned or not.
---

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index 19b8624a2f..56ce379c05 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -669,7 +669,8 @@ static void userdb_callback(enum userdb_result result,
 			str_append(str, "\tanonymous");
 		}
 		/* generate auth_token when master service provided session_pid */
-		if (request->session_pid != (pid_t)-1) {
+		if (request->request_auth_token &&
+		    request->session_pid != (pid_t)-1) {
 			const char *auth_token =
 				auth_token_get(request->service,
 					       dec2str(request->session_pid),
diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 2982b9cc5f..ce02ceee67 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -331,7 +331,9 @@ bool auth_request_import_master(struct auth_request *request,
 	if (strcmp(key, "session_pid") == 0) {
 		if (str_to_pid(value, &pid) == 0)
 			request->session_pid = pid;
-	} else
+	} else if (strcmp(key, "request_auth_token") == 0)
+		request->request_auth_token = TRUE;
+	else
 		return FALSE;
 	return TRUE;
 }
@@ -1950,6 +1952,7 @@ auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1] = {
 	{ '\0', NULL, "domain_first" },
 	{ '\0', NULL, "domain_last" },
 	{ '\0', NULL, "master_user" },
+	{ '\0', NULL, "session_pid" },
 	/* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */
 	{ '\0', NULL, NULL }
 };
@@ -2037,6 +2040,8 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
 		tab[24].value = escape_func(tab[24].value+1, auth_request);
 	tab[25].value = auth_request->master_user == NULL ? NULL :
 		escape_func(auth_request->master_user, auth_request);
+	tab[26].value = auth_request->session_pid == (pid_t)-1 ? NULL :
+		dec2str(auth_request->session_pid);
 	return ret_tab;
 }
 
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h
index 6db0532f11..6319707dea 100644
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -108,6 +108,7 @@ struct auth_request {
 	unsigned int no_penalty:1;
 	unsigned int valid_client_cert:1;
 	unsigned int cert_username:1;
+	unsigned int request_auth_token:1;
 
 	/* success/failure states: */
 	unsigned int successful:1;
@@ -143,7 +144,7 @@ extern unsigned int auth_request_state_count[AUTH_REQUEST_STATE_MAX];
 #define AUTH_REQUEST_VAR_TAB_USER_IDX 0
 #define AUTH_REQUEST_VAR_TAB_USERNAME_IDX 1
 #define AUTH_REQUEST_VAR_TAB_DOMAIN_IDX 2
-#define AUTH_REQUEST_VAR_TAB_COUNT 26
+#define AUTH_REQUEST_VAR_TAB_COUNT 27
 extern const struct var_expand_table
 auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1];
 
diff --git a/src/lib-master/master-login-auth.c b/src/lib-master/master-login-auth.c
index f8b03c3de7..7ba9996a4d 100644
--- a/src/lib-master/master-login-auth.c
+++ b/src/lib-master/master-login-auth.c
@@ -440,8 +440,9 @@ master_login_auth_send_request(struct master_login_auth *auth,
 	str_printfa(str, "REQUEST\t%u\t%u\t%u\t", req->id,
 		    req->client_pid, req->auth_id);
 	binary_to_hex_append(str, req->cookie, sizeof(req->cookie));
+	str_printfa(str, "\tsession_pid=%s", my_pid);
 	if (auth->request_auth_token)
-		str_printfa(str, "\tsession_pid=%s", my_pid);
+		str_append(str, "\trequest_auth_token");
 	str_append_c(str, '\n');
 	o_stream_nsend(auth->output, str_data(str), str_len(str));
 }