From a7f5035eebbd138a5436a2eb2ce1fa5fd3d269fb Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Thu, 21 Oct 2010 17:11:02 +0100
Subject: [PATCH] auth: userdb passwd iteration now lists only users within
 first_valid_uid..last_valid_uid range.

---
 src/auth/auth-settings.c |  4 ++++
 src/auth/auth-settings.h |  2 ++
 src/auth/userdb-passwd.c | 23 +++++++++++++++--------
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
index 784a6aad39..49db6a4d6f 100644
--- a/src/auth/auth-settings.c
+++ b/src/auth/auth-settings.c
@@ -191,6 +191,8 @@ static const struct setting_define auth_setting_defines[] = {
 	DEF(SET_STR, gssapi_hostname),
 	DEF(SET_STR, winbind_helper_path),
 	DEF(SET_TIME, failure_delay),
+	DEF(SET_UINT, first_valid_uid),
+	DEF(SET_UINT, last_valid_uid),
 
 	DEF(SET_BOOL, verbose),
 	DEF(SET_BOOL, debug),
@@ -226,6 +228,8 @@ static const struct auth_settings auth_default_settings = {
 	.gssapi_hostname = "",
 	.winbind_helper_path = "/usr/bin/ntlm_auth",
 	.failure_delay = 2,
+	.first_valid_uid = 500,
+	.last_valid_uid = 0,
 
 	.verbose = FALSE,
 	.debug = FALSE,
diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
index e1e69f2a60..7b1533c8a0 100644
--- a/src/auth/auth-settings.h
+++ b/src/auth/auth-settings.h
@@ -33,6 +33,8 @@ struct auth_settings {
 	const char *gssapi_hostname;
 	const char *winbind_helper_path;
 	unsigned int failure_delay;
+	unsigned int first_valid_uid;
+	unsigned int last_valid_uid;
 
 	bool verbose, debug, debug_passwords;
 	const char *verbose_passwords;
diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c
index 2aa62be41b..e24dc42679 100644
--- a/src/auth/userdb-passwd.c
+++ b/src/auth/userdb-passwd.c
@@ -20,6 +20,7 @@ struct passwd_userdb_module {
 struct passwd_userdb_iterate_context {
 	struct userdb_iterate_context ctx;
 	struct passwd_userdb_iterate_context *next_waiting;
+	const struct auth_settings *set;
 };
 
 static struct passwd_userdb_iterate_context *cur_userdb_iter = NULL;
@@ -78,6 +79,7 @@ passwd_iterate_init(struct userdb_module *userdb,
 	ctx->ctx.userdb = userdb;
 	ctx->ctx.callback = callback;
 	ctx->ctx.context = context;
+	ctx->set = auth_find_service("")->set;
 	setpwent();
 
 	if (cur_userdb_iter == NULL)
@@ -100,16 +102,21 @@ static void passwd_iterate_next(struct userdb_iterate_context *_ctx)
 	}
 
 	errno = 0;
-	pw = getpwent();
-	if (pw == NULL) {
-		if (errno != 0) {
-			i_error("getpwent() failed: %m");
-			_ctx->failed = TRUE;
+	while ((pw = getpwent()) != NULL) {
+		/* skip entries not in valid UID range.
+		   they're users for daemons and such. */
+		if (pw->pw_uid >= ctx->set->first_valid_uid &&
+		    (ctx->set->last_valid_uid == 0 ||
+		     pw->pw_uid <= ctx->set->last_valid_uid)) {
+			_ctx->callback(pw->pw_name, _ctx->context);
+			return;
 		}
-		_ctx->callback(NULL, _ctx->context);
-	} else {
-		_ctx->callback(pw->pw_name, _ctx->context);
 	}
+	if (errno != 0) {
+		i_error("getpwent() failed: %m");
+		_ctx->failed = TRUE;
+	}
+	_ctx->callback(NULL, _ctx->context);
 }
 
 static void passwd_iterate_next_timeout(void *context ATTR_UNUSED)
-- 
2.47.3