From 9908ae716961322bd557e2d810a0ad104d1867c0 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 11 Jan 2024 11:09:13 -0500
Subject: [PATCH] auth: Support passdb-specific auth_settings

---
 src/auth/auth-request.c |  8 ++++++++
 src/auth/auth-request.h |  4 ++++
 src/auth/auth.c         | 22 ++++++++++++++++++++--
 src/auth/auth.h         |  1 +
 src/auth/test-mech.c    |  1 +
 5 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 6e7cb1910e..5c0e578cca 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -139,6 +139,7 @@ auth_request_post_alloc_init(struct auth_request *request,
 	request->last_access = ioloop_time;
 	request->session_pid = (pid_t)-1;
 	request->set = global_auth_settings;
+	request->protocol_set = global_auth_settings;
 	request->event = event_create(parent_event);
 	auth_request_fields_init(request);
 
@@ -208,6 +209,7 @@ void auth_request_init(struct auth_request *request)
 
 	auth = auth_request_get_auth(request);
 	request->set = auth->protocol_set;
+	request->protocol_set = auth->protocol_set;
 	request->passdb = auth->passdbs;
 	request->userdb = auth->userdbs;
 }
@@ -674,6 +676,9 @@ void auth_request_passdb_lookup_begin(struct auth_request *request)
 
 	request->passdb_cache_result = AUTH_REQUEST_CACHE_NONE;
 
+	/* use passdb-specific settings during the passdb lookup */
+	request->set = request->passdb->auth_set;
+
 	event = event_create(request->event);
 	event_add_str(event, "passdb", request->passdb->set->name);
 	event_add_str(event, "passdb_id", dec2str(request->passdb->passdb->id));
@@ -711,6 +716,9 @@ void auth_request_passdb_lookup_end(struct auth_request *request,
 	e_debug(e->event(), "Finished passdb lookup");
 	event_unref(&event);
 	array_pop_back(&request->authdb_event);
+
+	/* restore protocol-specific settings */
+	request->set = request->protocol_set;
 }
 
 void auth_request_userdb_lookup_begin(struct auth_request *request)
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h
index 3c27797edb..ad2e41eb9a 100644
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -129,6 +129,10 @@ struct auth_request {
 	enum passdb_result passdb_result;
 
 	const struct mech_module *mech;
+	/* Protocol-specific settings */
+	const struct auth_settings *protocol_set;
+	/* Currently active settings. May be the same as protocol_set, but
+	   changes to passdb and userdb specific settings. */
 	const struct auth_settings *set;
         struct auth_passdb *passdb;
         struct auth_userdb *userdb;
diff --git a/src/auth/auth.c b/src/auth/auth.c
index 4422600ce3..7fc8f2047a 100644
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -83,7 +83,19 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *set,
 {
 	struct auth_passdb *auth_passdb, **dest;
 
+	/* Lookup passdb-specific auth_settings */
+	struct event *event = event_create(auth_event);
+	event_add_str(event, "protocol", auth->protocol);
+	event_add_str(event, "passdb", set->name);
+	event_set_ptr(event, SETTINGS_EVENT_FILTER_NAME,
+		      p_strconcat(event_get_pool(event), "passdb_",
+				  set->driver, NULL));
+
 	auth_passdb = p_new(auth->pool, struct auth_passdb, 1);
+	auth_passdb->auth_set =
+		settings_get_or_fatal(event, &auth_setting_parser_info);
+	event_unref(&event);
+
 	auth_passdb->set = set;
 	auth_passdb->skip = auth_passdb_skip_parse(set->skip);
 	auth_passdb->result_success =
@@ -128,6 +140,12 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *set,
 	}
 }
 
+static void auth_passdb_deinit(struct auth_passdb *passdb)
+{
+	settings_free(passdb->auth_set);
+	passdb_deinit(passdb->passdb);
+}
+
 static void
 auth_userdb_preinit(struct auth *auth, const struct auth_userdb_settings *set)
 {
@@ -359,9 +377,9 @@ static void auth_deinit(struct auth *auth)
 	struct auth_userdb *userdb;
 
 	for (passdb = auth->masterdbs; passdb != NULL; passdb = passdb->next)
-		passdb_deinit(passdb->passdb);
+		auth_passdb_deinit(passdb);
 	for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next)
-		passdb_deinit(passdb->passdb);
+		auth_passdb_deinit(passdb);
 	for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next)
 		userdb_deinit(userdb->userdb);
 
diff --git a/src/auth/auth.h b/src/auth/auth.h
index 7c8256dedf..33af106901 100644
--- a/src/auth/auth.h
+++ b/src/auth/auth.h
@@ -32,6 +32,7 @@ enum auth_db_rule {
 struct auth_passdb {
 	struct auth_passdb *next;
 
+	const struct auth_settings *auth_set;
 	const struct auth_passdb_settings *set;
 	struct passdb_module *passdb;
 
diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
index bd78d0f231..c6947994f0 100644
--- a/src/auth/test-mech.c
+++ b/src/auth/test-mech.c
@@ -95,6 +95,7 @@ static void test_mech_prepare_request(struct auth_request **request_r,
 	request->mech_password = NULL;
 	request->state = AUTH_REQUEST_STATE_NEW;
 	request->set = global_auth_settings;
+	request->protocol_set = global_auth_settings;
 	request->connect_uid = running_test;
 	request->passdb = auth->passdbs;
 	request->userdb = auth->userdbs;
-- 
2.47.3