From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 1 Mar 2024 11:15:10 +0000 (+0200)
Subject: auth: Remove default passdb/userdb sql queries
X-Git-Tag: 2.4.1~946
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a76aa77fcf65d744e25650433637cd954ace009e;p=thirdparty%2Fdovecot%2Fcore.git

auth: Remove default passdb/userdb sql queries

They're unlikely to be the wanted ones, and it's just causing confusion
when the defaults are accidentally used.
---

diff --git a/src/auth/db-sql.c b/src/auth/db-sql.c
index e8c9205015..fa14e510fe 100644
--- a/src/auth/db-sql.c
+++ b/src/auth/db-sql.c
@@ -30,10 +30,10 @@ static struct setting_def setting_defs[] = {
 static struct db_sql_settings default_db_sql_settings = {
 	.driver = NULL,
 	.connect = NULL,
-	.password_query = "SELECT username, domain, password FROM users WHERE username = '%n' AND domain = '%d'",
-	.user_query = "SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d'",
-	.update_query = "UPDATE users SET password = '%w' WHERE username = '%n' AND domain = '%d'",
-	.iterate_query = "SELECT username, domain FROM users",
+	.password_query = "",
+	.user_query = "",
+	.update_query = "",
+	.iterate_query = "",
 	.default_pass_scheme = "MD5",
 	.userdb_warning_disable = FALSE
 };
@@ -89,15 +89,6 @@ struct db_sql_connection *db_sql_init(const char *config_path, bool userdb)
 	if (!settings_read_nosection(config_path, parse_setting, conn, &error))
 		i_fatal("sql %s: %s", config_path, error);
 
-	if (conn->set.password_query == default_db_sql_settings.password_query)
-		conn->default_password_query = TRUE;
-	if (conn->set.user_query == default_db_sql_settings.user_query)
-		conn->default_user_query = TRUE;
-	if (conn->set.update_query == default_db_sql_settings.update_query)
-		conn->default_update_query = TRUE;
-	if (conn->set.iterate_query == default_db_sql_settings.iterate_query)
-		conn->default_iterate_query = TRUE;
-
 	if (conn->set.driver == NULL) {
 		i_fatal("sql: driver not set in configuration file %s",
 			config_path);
diff --git a/src/auth/db-sql.h b/src/auth/db-sql.h
index 27e177be75..b1834d613e 100644
--- a/src/auth/db-sql.h
+++ b/src/auth/db-sql.h
@@ -24,10 +24,6 @@ struct db_sql_connection {
 	struct db_sql_settings set;
 	struct sql_db *db;
 
-	bool default_password_query:1;
-	bool default_user_query:1;
-	bool default_update_query:1;
-	bool default_iterate_query:1;
 	bool userdb_used:1;
 };
 
diff --git a/src/auth/passdb-sql.c b/src/auth/passdb-sql.c
index 3dae4cdfe9..2d19f15d1b 100644
--- a/src/auth/passdb-sql.c
+++ b/src/auth/passdb-sql.c
@@ -70,17 +70,8 @@ static void sql_query_callback(struct sql_result *result,
 	if (ret >= 0)
 		db_sql_success(module->conn);
 	if (ret < 0) {
-		if (!module->conn->default_password_query) {
-			e_error(authdb_event(auth_request),
-				"Password query failed: %s",
-				sql_result_get_error(result));
-		} else {
-			e_error(authdb_event(auth_request),
-				"Password query failed: %s "
-				"(using built-in default password_query: %s)",
-				sql_result_get_error(result),
-				module->conn->set.password_query);
-		}
+		e_error(authdb_event(auth_request), "Password query failed: %s",
+			sql_result_get_error(result));
 	} else if (ret == 0) {
 		auth_request_db_log_unknown_user(auth_request);
 		passdb_result = PASSDB_RESULT_USER_UNKNOWN;
@@ -206,22 +197,10 @@ static void sql_set_credentials_callback(const struct sql_commit_result *sql_res
 					 struct passdb_sql_request *sql_request)
 {
 	struct auth_request *auth_request = sql_request->auth_request;
-	struct passdb_module *_module =
-		sql_request->auth_request->passdb->passdb;
-	struct sql_passdb_module *module = (struct sql_passdb_module *)_module;
 
 	if (sql_result->error != NULL) {
-		if (!module->conn->default_update_query) {
-			e_error(authdb_event(auth_request),
-				"Set credentials query failed: %s",
-				sql_result->error);
-		} else {
-			e_error(authdb_event(auth_request),
-				"Set credentials query failed: %s"
-				"(using built-in default update_query: %s)",
-				sql_result->error,
-				module->conn->set.update_query);
-		}
+		e_error(authdb_event(auth_request),
+			"Set credentials query failed: %s", sql_result->error);
 	}
 
 	sql_request->callback.
diff --git a/src/auth/userdb-sql.c b/src/auth/userdb-sql.c
index 9527eca524..48580d2e1c 100644
--- a/src/auth/userdb-sql.c
+++ b/src/auth/userdb-sql.c
@@ -64,17 +64,8 @@ static void sql_query_callback(struct sql_result *sql_result,
 	if (ret >= 0)
 		db_sql_success(module->conn);
 	if (ret < 0) {
-		if (!module->conn->default_user_query) {
-			e_error(authdb_event(auth_request),
-				"User query failed: %s",
-				sql_result_get_error(sql_result));
-		} else {
-			e_error(authdb_event(auth_request),
-				"User query failed: %s "
-				"(using built-in default user_query: %s)",
-				sql_result_get_error(sql_result),
-				module->conn->set.user_query);
-		}
+		e_error(authdb_event(auth_request), "User query failed: %s",
+			sql_result_get_error(sql_result));
 	} else if (ret == 0) {
 		result = USERDB_RESULT_USER_UNKNOWN;
 		auth_request_db_log_unknown_user(auth_request);
@@ -231,17 +222,9 @@ static void userdb_sql_iterate_next(struct userdb_iterate_context *_ctx)
 		}
 		_ctx->failed = TRUE;
 	} else if (ret < 0) {
-		if (!module->conn->default_iterate_query) {
-			e_error(authdb_event(_ctx->auth_request),
-				"sql: Iterate query failed: %s",
-				sql_result_get_error(ctx->result));
-		} else {
-			e_error(authdb_event(_ctx->auth_request),
-				"sql: Iterate query failed: %s "
-				"(using built-in default iterate_query: %s)",
-				sql_result_get_error(ctx->result),
-				module->conn->set.iterate_query);
-		}
+		e_error(authdb_event(_ctx->auth_request),
+			"sql: Iterate query failed: %s",
+			sql_result_get_error(ctx->result));
 		_ctx->failed = TRUE;
 	}
 	_ctx->callback(NULL, _ctx->context);