Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
auth: Add mechanism filter for passdbs
- Loading branch information
|
@@ -614,6 +614,16 @@ static bool |
|
|
auth_request_want_skip_passdb(struct auth_request *request, |
|
|
struct auth_passdb *passdb) |
|
|
{ |
|
|
/* if mechanism is not supported, skip */ |
|
|
const char *const *mech = passdb->passdb->mechanisms; |
|
|
|
|
|
/* if request->mech == NULL it means we are doing |
|
|
lookup without authentication and should not match this */ |
|
|
if (mech != NULL && (request->mech == NULL || |
|
|
!str_array_icase_find(mech, request->mech->mech_name))) { |
|
|
return TRUE; |
|
|
} |
|
|
|
|
|
/* skip_password_check basically specifies if authentication is |
|
|
finished */ |
|
|
bool authenticated = request->skip_password_check; |
|
|
|
@@ -113,6 +113,7 @@ static const struct setting_define auth_passdb_setting_defines[] = { |
|
|
DEF(SET_STR, args), |
|
|
DEF(SET_STR, default_fields), |
|
|
DEF(SET_STR, override_fields), |
|
|
DEF(SET_STR, mechanisms), |
|
|
|
|
|
DEF(SET_ENUM, skip), |
|
|
DEF(SET_ENUM, result_success), |
|
@@ -133,6 +134,7 @@ static const struct auth_passdb_settings auth_passdb_default_settings = { |
|
|
.args = "", |
|
|
.default_fields = "", |
|
|
.override_fields = "", |
|
|
.mechanisms = "", |
|
|
|
|
|
.skip = "never:authenticated:unauthenticated", |
|
|
.result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail", |
|
|
|
@@ -10,6 +10,7 @@ struct auth_passdb_settings { |
|
|
const char *args; |
|
|
const char *default_fields; |
|
|
const char *override_fields; |
|
|
const char *mechanisms; |
|
|
|
|
|
const char *skip; |
|
|
const char *result_success; |
|
|
|
@@ -223,6 +223,13 @@ passdb_preinit(pool_t pool, const struct auth_passdb_settings *set) |
|
|
passdb->id = ++auth_passdb_id; |
|
|
passdb->iface = *iface; |
|
|
passdb->args = p_strdup(pool, set->args); |
|
|
if (*set->mechanisms == '\0') { |
|
|
passdb->mechanisms = NULL; |
|
|
} else if (strcasecmp(set->mechanisms, "none") == 0) { |
|
|
passdb->mechanisms = (const char *const[]){NULL}; |
|
|
} else { |
|
|
passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,"); |
|
|
} |
|
|
|
|
|
array_append(&passdb_modules, &passdb, 1); |
|
|
return passdb; |
|
|
|
@@ -62,6 +62,9 @@ struct passdb_module { |
|
|
/* Default password scheme for this module. |
|
|
If cache_key is set, must not be NULL. */ |
|
|
const char *default_pass_scheme; |
|
|
/* Supported authentication mechanisms, NULL is all, [NULL] is none*/ |
|
|
const char *const *mechanisms; |
|
|
|
|
|
/* If blocking is set to TRUE, use child processes to access |
|
|
this passdb. */ |
|
|
bool blocking; |
|
|