Peter Mogensen
2017-May-27 20:02 UTC
When will passdb callback to mechanism yield PASSDB_RESULT_NEXT?
Hi, code question... I've been trying to figure out the implications of the new "noauthenticate" passdb field. Internally it causes a passdb to result in PASSDB_RESULT_NEXT. When a SASL mechanism calls auth_request_lookup_credentials(...,callback) the passdb result is passed to the callback. But I can't really figure out when that result will ever be PASSDB_RESULT_NEXT. It seems the passdb fallthrough resolver will always replace it with PASSDB_RESULT_INTERNAL_FAILURE if it ends up being the last result. Can it ever leak into the callback or is it an internal intermediate value or the passdb resolver? /Peter
Aki Tuomi
2017-May-29 07:11 UTC
When will passdb callback to mechanism yield PASSDB_RESULT_NEXT?
On 27.05.2017 23:02, Peter Mogensen wrote:> Hi, > > code question... > > I've been trying to figure out the implications of the new > "noauthenticate" passdb field. > > Internally it causes a passdb to result in PASSDB_RESULT_NEXT. > > When a SASL mechanism calls > auth_request_lookup_credentials(...,callback) the passdb result is > passed to the callback. > > But I can't really figure out when that result will ever be > PASSDB_RESULT_NEXT. It seems the passdb fallthrough resolver will > always replace it with PASSDB_RESULT_INTERNAL_FAILURE if it ends up > being the last result. > > Can it ever leak into the callback or is it an internal intermediate > value or the passdb resolver? > > /PeterHi! PASSDB_RESULT_NEXT is internal result, that should not go out. It's intention is to point out that authentication is done by next passdb, and if there is no next passdb, it should fail because no one was able to authenticate the user (or noauthenticate was seen). Aki