From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 11 Jan 2024 16:10:35 +0000 (-0500)
Subject: auth: Support userdb-specific auth_settings
X-Git-Tag: 2.4.1~1110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=169b58b1e9633a7e469a893627b78043dc7e8064;p=thirdparty%2Fdovecot%2Fcore.git

auth: Support userdb-specific auth_settings
---

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 5c0e578cca..206ca5329e 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -730,6 +730,9 @@ void auth_request_userdb_lookup_begin(struct auth_request *request)
 
 	request->userdb_cache_result = AUTH_REQUEST_CACHE_NONE;
 
+	/* use userdb-specific settings during the userdb lookup */
+	request->set = request->userdb->auth_set;
+
 	event = event_create(request->event);
 	event_add_str(event, "userdb", request->userdb->set->name);
 	event_add_str(event, "userdb_id", dec2str(request->userdb->userdb->id));
@@ -767,6 +770,9 @@ void auth_request_userdb_lookup_end(struct auth_request *request,
 	e_debug(e->event(), "Finished userdb lookup");
 	event_unref(&event);
 	array_pop_back(&request->authdb_event);
+
+	/* restore protocol-specific settings */
+	request->set = request->protocol_set;
 }
 
 static unsigned int
diff --git a/src/auth/auth.c b/src/auth/auth.c
index 7fc8f2047a..9aba873d5d 100644
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -151,7 +151,19 @@ auth_userdb_preinit(struct auth *auth, const struct auth_userdb_settings *set)
 {
         struct auth_userdb *auth_userdb, **dest;
 
+	/* Lookup userdb-specific auth_settings */
+	struct event *event = event_create(auth_event);
+	event_add_str(event, "protocol", auth->protocol);
+	event_add_str(event, "userdb", set->name);
+	event_set_ptr(event, SETTINGS_EVENT_FILTER_NAME,
+		      p_strconcat(event_get_pool(event), "userdb_",
+				  set->driver, NULL));
+
 	auth_userdb = p_new(auth->pool, struct auth_userdb, 1);
+	auth_userdb->auth_set =
+		settings_get_or_fatal(event, &auth_setting_parser_info);
+	event_unref(&event);
+
 	auth_userdb->set = set;
 	auth_userdb->skip = auth_userdb_skip_parse(set->skip);
 	auth_userdb->result_success =
@@ -183,6 +195,12 @@ auth_userdb_preinit(struct auth *auth, const struct auth_userdb_settings *set)
 	}
 }
 
+static void auth_userdb_deinit(struct auth_userdb *userdb)
+{
+	settings_free(userdb->auth_set);
+	userdb_deinit(userdb->userdb);
+}
+
 static bool auth_passdb_list_have_verify_plain(const struct auth *auth)
 {
 	const struct auth_passdb *passdb;
@@ -381,7 +399,7 @@ static void auth_deinit(struct auth *auth)
 	for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next)
 		auth_passdb_deinit(passdb);
 	for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next)
-		userdb_deinit(userdb->userdb);
+		auth_userdb_deinit(userdb);
 
 	dns_client_deinit(&auth->dns_client);
 }
diff --git a/src/auth/auth.h b/src/auth/auth.h
index 33af106901..34ffae1168 100644
--- a/src/auth/auth.h
+++ b/src/auth/auth.h
@@ -56,6 +56,7 @@ struct auth_passdb {
 struct auth_userdb {
 	struct auth_userdb *next;
 
+	const struct auth_settings *auth_set;
 	const struct auth_userdb_settings *set;
 	struct userdb_module *userdb;