From 9ad7afac16721c1c25bcdc7e121548c8d5f30835 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Tue, 11 Apr 2017 15:47:33 +0300 Subject: [PATCH] auth: Fix mechanism filter to support `none` Otherwise credentials lookup can fail. None indicates that it should match when no mech is specified. --- src/auth/auth-request.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index 66729de68a..1f4e272ed9 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -617,19 +617,28 @@ static void auth_request_master_lookup_finish(struct auth_request *request) request->requested_login_user = NULL; } +static bool +auth_request_mechanism_accepted(const char *const *mechs, + const struct mech_module *mech) +{ + /* no filter specified, anything goes */ + if (mechs == NULL) return TRUE; + /* request has no mechanism, see if none is accepted */ + if (mech == NULL) + return str_array_icase_find(mechs, "none"); + /* check if request mechanism is accepted */ + return str_array_icase_find(mechs, mech->mech_name); +} + static bool auth_request_want_skip_passdb(struct auth_request *request, struct auth_passdb *passdb) { /* if mechanism is not supported, skip */ - const char *const *mech = passdb->passdb->mechanisms; + const char *const *mechs = passdb->passdb->mechanisms; - /* if request->mech == NULL it means we are doing - lookup without authentication and should not match this */ - if (mech != NULL && (request->mech == NULL || - !str_array_icase_find(mech, request->mech->mech_name))) { + if (!auth_request_mechanism_accepted(mechs, request->mech)) return TRUE; - } /* skip_password_check basically specifies if authentication is finished */ -- 2.47.3