23 #include "passdb.h"
24 #include "passdb-blocking.h"
25 #include "passdb-cache.h"
26 #include "passdb-template.h"
147 	request->passdb = auth->passdbs;
375 	/* export passdb extra fields */
427 		   auth_fields_rollback() if the first passdb lookup fails. */
554 	struct auth_passdb *passdb = request->passdb;
577 	if (passdb_cache == NULL || passdb->cache_key == NULL)
584 					  passdb->cache_key, "", FALSE);
591 		/* passdb didn't provide the correct password */
615 			str_append(str, passdb->passdb->default_pass_scheme);
624 		   passdb lookup. the CHANGED flag does this, because we
625 		   snapshotted the extra_fields before the current passdb
631 	auth_cache_insert(passdb_cache, request, passdb->cache_key, str_c(str),
696 			      struct auth_passdb *passdb)
699 	const char *const *mechs = passdb->passdb->mechanisms;
700 	const char *const *username_filter = passdb->passdb->username_filter;
709 				       "skipping passdb: mechanism filtered");
713 	if (passdb->passdb->username_filter != NULL &&
718 				       "skipping passdb: username filtered");
726 	switch (passdb->skip) {
765 	if (request->passdb->set->deny &&
767 		/* deny passdb. we can get through this step only if the
772 					      "User found from deny passdb");
778 		/* The passdb didn't fail, but something inside it failed
780 		   lookup, but reset the failure so the next passdb can
798 		result_rule = request->passdb->result_success;
801 		result_rule = request->passdb->result_internalfail;
812 		result_rule = request->passdb->result_failure;
845 	/* nopassword check is specific to a single passdb and shouldn't leak
853 		/* if the passdb lookup continues, it continues with non-master
857 		next_passdb = request->passdb->next;
864 		/* this passdb lookup succeeded, preserve its extra fields */
871 		/* this passdb lookup failed, remove any extra fields it set */
881 		/* try next passdb. */
882 		  request->passdb = next_passdb;
887 			   passdb lookup */
897 		/* admin forgot to put proper passdb last */
899 			"Last passdb had noauthenticate field, cannot authenticate user");
902 		/* either this or a previous passdb lookup succeeded. */
905 		/* last passdb lookup returned internal failure. it may have
919 	if (passdb_template_export(request->passdb->override_fields_tmpl,
926 		/* try next passdb */
940 	struct auth_passdb *passdb = request->passdb;
956 		const char *cache_key = passdb->cache_key;
991 	    request->passdb != NULL)
1074 	struct auth_passdb *passdb;
1093 	passdb = request->passdb;
1095 	while (passdb != NULL && auth_request_want_skip_passdb(request, passdb))
1096 		passdb = passdb->next;
1098 	request->passdb = passdb;
1100 	if (passdb == NULL) {
1110 	cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
1119 	if (passdb->passdb->iface.verify_plain == NULL) {
1124 	} else if (passdb->passdb->blocking) {
1126 	} else if (passdb_template_export(passdb->default_fields_tmpl,
1133 		passdb->passdb->iface.verify_plain(request, password,
1146 	if (passdb_template_export(request->passdb->override_fields_tmpl,
1153 		/* try next passdb */
1156 			/* passdb continue* rule after a successful lookup.
1170 			/* we did multiple passdb lookups, but the last one
1172 			   add some extra fields). so use the first passdb's
1200 	struct auth_passdb *passdb = request->passdb;
1217 		const char *cache_key = passdb->cache_key;
1264 	struct auth_passdb *passdb;
1273 	passdb = request->passdb;
1274 	while (passdb != NULL && auth_request_want_skip_passdb(request, passdb))
1275 		passdb = passdb->next;
1276 	request->passdb = passdb;
1278 	if (passdb == NULL) {
1288 	cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
1303 	if (passdb->passdb->iface.lookup_credentials == NULL) {
1304 		/* this passdb doesn't support credentials */
1306 			"passdb doesn't support credential lookups");
1310 	} else if (passdb->passdb->blocking) {
1312 	} else if (passdb_template_export(passdb->default_fields_tmpl,
1320 		passdb->passdb->iface.lookup_credentials(request,
1329 	struct auth_passdb *passdb = request->passdb;
1332 	cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
1339 	if (passdb->passdb->blocking)
1341 	else if (passdb->passdb->iface.set_credentials != NULL) {
1342 		passdb->passdb->iface.set_credentials(request, new_credentials,
1345 		/* this passdb doesn't support credentials update */
1368 			/* username was changed by passdb or userdb */
1416 	/* We want to preserve any userdb fields set by the earlier passdb
1584 	/* (for now) auth_cache is shared between passdb and userdb */
1737 	request->passdb = master_passdb;
1897 	i_assert(request->passdb != NULL);
2384 				"Invalid hostip in passdb: %s", hostip);
2503 		if (request->passdb->next != NULL)
2504 			str_append(str, " - trying the next passdb");
2532 		/* passdb continue* rule after a successful authentication */
2536 	if (request->passdb->set->deny) {
2570 					"Invalid password%s in passdb: %s",
2593 			i_assert(auth_request->passdb != NULL);
2594 			name = auth_request->passdb->set->name[0] != '\0' ?
2595 				auth_request->passdb->set->name :
2596 				auth_request->passdb->passdb->iface.name;
2672 		else if (auth_request->passdb != NULL)
2673 			db_auth_verbose = auth_request->passdb->set->auth_verbose;

Indexes created Tue Jul 24 14:28:13 CEST 2018