From: Timo Sirainen Date: Wed, 4 Sep 2019 12:35:55 +0000 (+0300) Subject: lib-auth: Don't disconnect from auth server when receiving "unknown id" X-Git-Tag: 2.3.9~201 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11b640661176ee0e503f3ccc45bfdf48df83d938;p=thirdparty%2Fdovecot%2Fcore.git lib-auth: Don't disconnect from auth server when receiving "unknown id" It doesn't mean that the state between auth client and server is broken. Just that the client had already forgotten about some of the IDs. This also means that the "unknown id" lines aren't treated as invalid lines. Previously the whole OK/FAIL line may have been logged, which could have included e.g. passwords. --- diff --git a/src/lib-auth/auth-client-connection.c b/src/lib-auth/auth-client-connection.c index 0d4da04f25..c372aa7333 100644 --- a/src/lib-auth/auth-client-connection.c +++ b/src/lib-auth/auth-client-connection.c @@ -222,13 +222,13 @@ auth_server_lookup_request(struct auth_client_connection *conn, if (request == NULL) { e_error(conn->event, "BUG: Authentication server sent unknown id %u", id); - return -1; + return 0; } if (remove || auth_client_request_is_aborted(request)) hash_table_remove(conn->requests, POINTER_CAST(id)); *request_r = request; - return 0; + return 1; } static int @@ -236,9 +236,10 @@ auth_server_input_ok(struct auth_client_connection *conn, const char *const *args) { struct auth_client_request *request; + int ret; - if (auth_server_lookup_request(conn, args[0], TRUE, &request) < 0) - return -1; + if ((ret = auth_server_lookup_request(conn, args[0], TRUE, &request)) <= 0) + return ret; auth_client_request_server_input(request, AUTH_REQUEST_STATUS_OK, args + 1); return 0; @@ -248,6 +249,7 @@ static int auth_server_input_cont(struct auth_client_connection *conn, const char *const *args) { struct auth_client_request *request; + int ret; if (str_array_length(args) < 2) { e_error(conn->event, @@ -255,8 +257,8 @@ static int auth_server_input_cont(struct auth_client_connection *conn, return -1; } - if (auth_server_lookup_request(conn, args[0], FALSE, &request) < 0) - return -1; + if ((ret = auth_server_lookup_request(conn, args[0], FALSE, &request)) <= 0) + return ret; auth_client_request_server_input(request, AUTH_REQUEST_STATUS_CONTINUE, args + 1); return 0; @@ -266,9 +268,10 @@ static int auth_server_input_fail(struct auth_client_connection *conn, const char *const *args) { struct auth_client_request *request; + int ret; - if (auth_server_lookup_request(conn, args[0], TRUE, &request) < 0) - return -1; + if ((ret = auth_server_lookup_request(conn, args[0], TRUE, &request)) <= 0) + return ret; auth_client_request_server_input(request, AUTH_REQUEST_STATUS_FAIL, args + 1); return 0;