From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Wed, 4 Jul 2018 09:45:39 +0000 (+0300)
Subject: auth: Fix nonexistent passwd-file error handling
X-Git-Tag: 2.3.9~1596
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=265497d6d6e50cb1b5e916cd2c8e16e134e01518;p=thirdparty%2Fdovecot%2Fcore.git

auth: Fix nonexistent passwd-file error handling

If the path uses %variables, the missing file was logged with info-level,
but it was still returning tempfail as the result. Return "user doesn't
exist" instead.
---

diff --git a/src/auth/db-passwd-file.c b/src/auth/db-passwd-file.c
index f4f54016d7..c53f0c480e 100644
--- a/src/auth/db-passwd-file.c
+++ b/src/auth/db-passwd-file.c
@@ -258,18 +258,21 @@ static int passwd_file_sync(struct auth_request *request,
 	const char *error;
 
 	if (pw->last_sync_time == ioloop_time)
-		return hash_table_is_created(pw->users) ? 0 : -1;
+		return hash_table_is_created(pw->users) ? 1 : -1;
 	pw->last_sync_time = ioloop_time;
 
 	if (stat(pw->path, &st) < 0) {
 		/* with variables don't give hard errors, or errors about
 		   nonexistent files */
+		int ret = -1;
+
 		if (errno == EACCES) {
 			auth_request_log_error(request, AUTH_SUBSYS_DB,
 				"%s", eacces_error_get("stat", pw->path));
 		} else if (errno == ENOENT) {
 			auth_request_log_info(request, "passwd-file",
 					      "missing passwd file: %s", pw->path);
+			ret = 0;
 		} else {
 			auth_request_log_error(request, AUTH_SUBSYS_DB,
 				"stat(%s) failed: %m", pw->path);
@@ -277,7 +280,7 @@ static int passwd_file_sync(struct auth_request *request,
 
 		if (pw->db->default_file != pw)
 			passwd_file_free(pw);
-		return -1;
+		return ret;
 	}
 
 	if (st.st_mtime != pw->stamp || st.st_size != pw->size) {
@@ -288,7 +291,7 @@ static int passwd_file_sync(struct auth_request *request,
 			return -1;
 		}
 	}
-	return 0;
+	return 1;
 }
 
 static struct db_passwd_file *db_passwd_file_find(const char *path)
@@ -436,6 +439,7 @@ int db_passwd_file_lookup(struct db_passwd_file *db,
 	struct passwd_file *pw;
 	string_t *username, *dest;
 	const char *error;
+	int ret;
 
 	if (!db->vars)
 		pw = db->default_file;
@@ -456,9 +460,9 @@ int db_passwd_file_lookup(struct db_passwd_file *db,
 		}
 	}
 
-	if (passwd_file_sync(request, pw) < 0) {
+	if ((ret = passwd_file_sync(request, pw)) <= 0) {
 		/* pw may be freed now */
-		return -1;
+		return ret;
 	}
 
 	username = t_str_new(256);