auth: passdb/userdb checkpassword args now supports %variable expansion

--HG--
branch : HEAD

diff --git a/src/auth/db-checkpassword.c b/src/auth/db-checkpassword.c
index e324c4d5a28c61b74bb2f940888090acec302156..05d65b4ea776275fa044e6242c60071710d95c58 100644 (file)
--- a/src/auth/db-checkpassword.c
+++ b/src/auth/db-checkpassword.c
@@ -4,6 +4,7 @@
 
 #if defined(PASSDB_CHECKPASSWORD) || defined(USERDB_CHECKPASSWORD)
 
+#include "var-expand.h"
 #include "db-checkpassword.h"
 
 static void env_put_extra_fields(const char *extra_fields)
@@ -129,6 +130,18 @@ void checkpassword_setup_env(struct auth_request *request)
        }
 }
 
+const char *
+checkpassword_get_cmd(struct auth_request *request, const char *args,
+                     const char *checkpassword_reply_path)
+{
+       string_t *str;
+
+       str = t_str_new(256);
+       var_expand(str, args,
+                  auth_request_get_var_expand_table(request, NULL));
+       return t_strconcat(str_c(str), " ", checkpassword_reply_path, NULL);
+}
+
 void checkpassword_child_input(struct chkpw_auth_request *request)
 {
        unsigned char buf[1024];

diff --git a/src/auth/db-checkpassword.h b/src/auth/db-checkpassword.h
index 25de9d34b234a8fae05de532b85a0e8c181c2100..5ea7de9a616e7158b08e36232ffd2b583ee1a09d 100644 (file)
--- a/src/auth/db-checkpassword.h
+++ b/src/auth/db-checkpassword.h
@@ -48,6 +48,10 @@ enum checkpassword_sigchld_handler_result
 checkpassword_sigchld_handler(const struct child_wait_status *child_wait_status,
                              struct chkpw_auth_request *request);
 void checkpassword_setup_env(struct auth_request *request);
+const char *
+checkpassword_get_cmd(struct auth_request *request, const char *args,
+                     const char *checkpassword_reply_path);
+
 void checkpassword_child_input(struct chkpw_auth_request *request);
 void checkpassword_child_output(struct chkpw_auth_request *request);
 

diff --git a/src/auth/passdb-checkpassword.c b/src/auth/passdb-checkpassword.c
index 8af65e68e2b71a49c8eb3b781dea8d39664d8a04..e064ae22c27abbf240e76dfb184aa422031e0dd3 100644 (file)
--- a/src/auth/passdb-checkpassword.c
+++ b/src/auth/passdb-checkpassword.c
@@ -136,12 +136,12 @@ checkpassword_verify_plain_child(struct auth_request *request,
                                       "dup2() failed: %m");
        } else {
                checkpassword_setup_env(request);
-               /* very simple argument splitting. */
-               cmd = t_strconcat(module->checkpassword_path, " ",
-                                 module->checkpassword_reply_path, NULL);
+               cmd = checkpassword_get_cmd(request, module->checkpassword_path,
+                                           module->checkpassword_reply_path);
                auth_request_log_debug(request, "checkpassword",
                                       "execute: %s", cmd);
 
+               /* very simple argument splitting. */
                args = t_strsplit(cmd, " ");
                execv_const(args[0], args);
        }

diff --git a/src/auth/userdb-checkpassword.c b/src/auth/userdb-checkpassword.c
index d6f044625d42e8637c311a158d83d13352355d09..5bc3651b6983518a285bc02eb0ff54cccdbbcff0 100644 (file)
--- a/src/auth/userdb-checkpassword.c
+++ b/src/auth/userdb-checkpassword.c
@@ -121,12 +121,12 @@ checkpassword_lookup_child(struct auth_request *request,
                   handle this. */
                env_put("AUTHORIZED=1");
                checkpassword_setup_env(request);
-               /* very simple argument splitting. */
-               cmd = t_strconcat(module->checkpassword_path, " ",
-                                 module->checkpassword_reply_path, NULL);
+               cmd = checkpassword_get_cmd(request, module->checkpassword_path,
+                                           module->checkpassword_reply_path);
                auth_request_log_debug(request, "userdb-checkpassword",
                                       "execute: %s", cmd);
 
+               /* very simple argument splitting. */
                args = t_strsplit(cmd, " ");
                execv_const(args[0], args);
        }