dovecot/core-2.2: src/auth/auth-request.c annotate

annotate src/auth/auth-request.c @ 3432:079ec5c2d665 HEAD

Last change caused user-given passwords to be cached, and later the password used instead of the real one (ie. login once with correct password, then you could login using whatever password as long as user is cached). Clearly not good. Did several changes to make sure this can't happen again.

author	Timo Sirainen <tss@iki.fi>
date	Thu, 16 Jun 2005 11:21:17 +0300
parents	27fb8c9202e2
children	e2fe8222449d

rev	line source
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	1 /* Copyright (C) 2002-2005 Timo Sirainen */
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	2
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	3 #include "common.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	4 #include "ioloop.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	5 #include "buffer.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	6 #include "hash.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	7 #include "str.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	8 #include "safe-memset.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	9 #include "str-sanitize.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	10 #include "var-expand.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	11 #include "auth-request.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	12 #include "auth-client-connection.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	13 #include "auth-master-connection.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	14 #include "passdb.h"
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	15 #include "passdb-blocking.h"
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	16 #include "userdb-blocking.h"
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	17 #include "passdb-cache.h"
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	18
3072 289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	19 struct auth_request *
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	20 auth_request_new(struct auth auth, struct mech_module mech,
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	21 mech_callback_t callback, void context)
3072 289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	22 {
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	23 struct auth_request *request;
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	24
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	25 request = mech->auth_new();
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	26 request->state = AUTH_REQUEST_STATE_NEW;
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	27 request->passdb = auth->passdbs;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	28 request->userdb = auth->userdbs;
3072 289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	29
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	30 request->refcount = 1;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	31 request->created = ioloop_time;
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	32
3072 289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	33 request->auth = auth;
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	34 request->mech = mech;
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	35 request->callback = callback;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	36 request->context = context;
3072 289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	37 return request;
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	38 }
289a98ba5d95 Another try with API cleanup. Timo Sirainen <tss@iki.fi> parents: 3071 diff changeset	39
3185 3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	40 struct auth_request auth_request_new_dummy(struct auth auth)
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	41 {
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	42 struct auth_request *auth_request;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	43 pool_t pool;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	44
3318 04867ddac911 Grow default auth_request pools to 512 bytes per request. Timo Sirainen <tss@iki.fi> parents: 3274 diff changeset	45 pool = pool_alloconly_create("auth_request", 512);
3185 3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	46 auth_request = p_new(pool, struct auth_request, 1);
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	47 auth_request->pool = pool;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	48
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	49 auth_request->refcount = 1;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	50 auth_request->created = ioloop_time;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	51 auth_request->auth = auth;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	52 auth_request->passdb = auth->passdbs;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	53 auth_request->userdb = auth->userdbs;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	54
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	55 return auth_request;
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	56 }
3089083e1d47 Handle USER requests from master connections. Timo Sirainen <tss@iki.fi> parents: 3183 diff changeset	57
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	58 void auth_request_success(struct auth_request *request,
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	59 const void *data, size_t data_size)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	60 {
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	61 i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	62
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	63 request->state = AUTH_REQUEST_STATE_FINISHED;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	64 request->successful = TRUE;
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	65 request->callback(request, AUTH_CLIENT_RESULT_SUCCESS,
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	66 data, data_size);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	67 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	68
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	69 void auth_request_fail(struct auth_request *request)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	70 {
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	71 i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	72
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	73 request->state = AUTH_REQUEST_STATE_FINISHED;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	74 request->callback(request, AUTH_CLIENT_RESULT_FAILURE, NULL, 0);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	75 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	76
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	77 void auth_request_internal_failure(struct auth_request *request)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	78 {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	79 request->internal_failure = TRUE;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	80 auth_request_fail(request);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	81 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	82
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	83 void auth_request_ref(struct auth_request *request)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	84 {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	85 request->refcount++;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	86 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	87
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	88 int auth_request_unref(struct auth_request *request)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	89 {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	90 i_assert(request->refcount > 0);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	91 if (--request->refcount > 0)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	92 return TRUE;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	93
3386 e4b84d82c685 Master connection's USER command was leaking memory (with deliver binary). Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	94 if (request->mech != NULL)
e4b84d82c685 Master connection's USER command was leaking memory (with deliver binary). Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	95 request->mech->auth_free(request);
e4b84d82c685 Master connection's USER command was leaking memory (with deliver binary). Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	96 else
e4b84d82c685 Master connection's USER command was leaking memory (with deliver binary). Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	97 pool_unref(request->pool);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	98 return FALSE;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	99 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	100
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	101 void auth_request_export(struct auth_request request, string_t str)
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	102 {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	103 str_append(str, "user=");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	104 str_append(str, request->user);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	105 str_append(str, "\tservice=");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	106 str_append(str, request->service);
3338 e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	107
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	108 if (request->local_ip.family != 0) {
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	109 str_append(str, "\tlip=");
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	110 str_append(str, net_ip2addr(&request->local_ip));
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	111 }
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	112 if (request->remote_ip.family != 0) {
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	113 str_append(str, "\trip=");
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	114 str_append(str, net_ip2addr(&request->remote_ip));
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	115 }
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	116 }
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	117
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	118 int auth_request_import(struct auth_request *request,
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	119 const char key, const char value)
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	120 {
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	121 if (strcmp(key, "user") == 0)
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	122 request->user = p_strdup(request->pool, value);
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	123 if (strcmp(key, "service") == 0)
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	124 request->service = p_strdup(request->pool, value);
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	125 else if (strcmp(key, "lip") == 0)
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	126 net_addr2ip(value, &request->local_ip);
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	127 else if (strcmp(key, "rip") == 0)
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	128 net_addr2ip(value, &request->remote_ip);
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	129 else
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	130 return FALSE;
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	131
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3318 diff changeset	132 return TRUE;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	133 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	134
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	135 void auth_request_initial(struct auth_request *request,
3071 c7db6b291daa API cleanup Timo Sirainen <tss@iki.fi> parents: 3069 diff changeset	136 const unsigned char *data, size_t data_size)
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	137 {
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	138 i_assert(request->state == AUTH_REQUEST_STATE_NEW);
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	139
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	140 request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
3071 c7db6b291daa API cleanup Timo Sirainen <tss@iki.fi> parents: 3069 diff changeset	141 request->mech->auth_initial(request, data, data_size);
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	142 }
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	143
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	144 void auth_request_continue(struct auth_request *request,
3071 c7db6b291daa API cleanup Timo Sirainen <tss@iki.fi> parents: 3069 diff changeset	145 const unsigned char *data, size_t data_size)
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	146 {
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	147 i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	148
3071 c7db6b291daa API cleanup Timo Sirainen <tss@iki.fi> parents: 3069 diff changeset	149 request->mech->auth_continue(request, data, data_size);
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	150 }
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	151
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	152 static void auth_request_save_cache(struct auth_request *request,
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	153 enum passdb_result result)
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	154 {
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	155 struct passdb_module *passdb = request->passdb->passdb;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	156 string_t *str;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	157
3432 079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3431 diff changeset	158 i_assert(request->extra_fields == NULL \|\|
079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3431 diff changeset	159 (strstr(str_c(request->extra_fields), "\tpass=") == NULL &&
079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3431 diff changeset	160 strncmp(str_c(request->extra_fields), "pass=", 5) != 0));
079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3431 diff changeset	161
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	162 if (passdb_cache == NULL)
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	163 return;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	164
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	165 if (passdb->cache_key == NULL)
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	166 return;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	167
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	168 if (result < 0) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	169 /* lookup failed. */
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	170 if (result == PASSDB_RESULT_USER_UNKNOWN) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	171 auth_cache_insert(passdb_cache, request,
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	172 passdb->cache_key, "");
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	173 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	174 return;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	175 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	176
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	177 /* save all except the currently given password in cache */
3192 2ff790d5d9e2 Crashfix. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 3185 diff changeset	178 str = t_str_new(32 + (request->extra_fields != NULL ?
2ff790d5d9e2 Crashfix. Patch by Andrey Panin. Timo Sirainen <tss@iki.fi> parents: 3185 diff changeset	179 str_len(request->extra_fields) : 0));
3431 27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	180 if (request->passdb_password != NULL) {
27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	181 if (*request->passdb_password != '{') {
27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	182 /* cached passwords must have a known scheme */
27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	183 str_append_c(str, '{');
27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	184 str_append(str, passdb->default_pass_scheme);
27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	185 str_append_c(str, '}');
27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	186 }
27fb8c9202e2 Auth cache wasn't working if password wasn't given (ie. didn't work for Timo Sirainen <tss@iki.fi> parents: 3427 diff changeset	187 str_append(str, request->passdb_password);
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	188 }
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	189
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	190 if (request->extra_fields != NULL) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	191 str_append_c(str, '\t');
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	192 str_append_str(str, request->extra_fields);
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	193 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	194 if (request->no_failure_delay) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	195 str_append_c(str, '\t');
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	196 str_append(str, "nodelay");
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	197 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	198 auth_cache_insert(passdb_cache, request, passdb->cache_key, str_c(str));
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	199 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	200
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	201 void auth_request_verify_plain_callback(enum passdb_result result,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	202 struct auth_request *request)
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	203 {
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	204 const char *cache_key;
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	205
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	206 i_assert(request->state == AUTH_REQUEST_STATE_PASSDB);
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	207
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	208 request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	209
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	210 auth_request_save_cache(request, result);
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	211
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	212 cache_key = passdb_cache == NULL ? NULL :
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	213 request->passdb->passdb->cache_key;
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	214 if (result == PASSDB_RESULT_INTERNAL_FAILURE && cache_key != NULL) {
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	215 /* lookup failed. if we're looking here only because the
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	216 request was expired in cache, fallback to using cached
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	217 expired record. */
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	218 if (passdb_cache_verify_plain(request, cache_key,
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	219 request->mech_password,
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	220 &result, TRUE)) {
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	221 request->private_callback.verify_plain(result, request);
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	222 safe_memset(request->mech_password, 0,
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	223 strlen(request->mech_password));
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	224 return;
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	225 }
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	226 }
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	227
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	228 if (request->passdb_password != NULL) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	229 safe_memset(request->passdb_password, 0,
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	230 strlen(request->passdb_password));
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	231 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	232
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	233 if (result != PASSDB_RESULT_OK &&
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	234 result != PASSDB_RESULT_INTERNAL_FAILURE &&
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	235 request->passdb->next != NULL) {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	236 /* try next passdb. */
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	237 if (request->extra_fields != NULL)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	238 str_truncate(request->extra_fields, 0);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	239
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	240 request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	241 request->passdb = request->passdb->next;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	242 auth_request_verify_plain(request, request->mech_password,
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	243 request->private_callback.verify_plain);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	244 return;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	245 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	246
3432 079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3431 diff changeset	247 auth_request_ref(request);
079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3431 diff changeset	248 request->private_callback.verify_plain(result, request);
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	249 safe_memset(request->mech_password, 0, strlen(request->mech_password));
3432 079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3431 diff changeset	250 auth_request_unref(request);
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	251 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	252
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	253 void auth_request_verify_plain(struct auth_request *request,
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	254 const char *password,
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	255 verify_plain_callback_t *callback)
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	256 {
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	257 struct passdb_module *passdb = request->passdb->passdb;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	258 enum passdb_result result;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	259 const char *cache_key;
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	260
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	261 i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	262
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	263 if (request->mech_password == NULL)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	264 request->mech_password = p_strdup(request->pool, password);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	265 request->private_callback.verify_plain = callback;
3164 da9e4ffef09f Last changes broke proxying when user was in auth cache. Timo Sirainen <tss@iki.fi> parents: 3161 diff changeset	266
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	267 cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	268 if (cache_key != NULL) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	269 if (passdb_cache_verify_plain(request, cache_key, password,
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	270 &result, FALSE)) {
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	271 callback(result, request);
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	272 return;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	273 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	274 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	275
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	276 request->state = AUTH_REQUEST_STATE_PASSDB;
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	277
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	278 if (passdb->blocking)
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	279 passdb_blocking_verify_plain(request);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	280 else {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	281 passdb->verify_plain(request, password,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	282 auth_request_verify_plain_callback);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	283 }
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	284 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	285
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	286 void auth_request_lookup_credentials_callback(enum passdb_result result,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	287 const char *credentials,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	288 struct auth_request *request)
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	289 {
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	290 const char cache_key, scheme;
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	291
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	292 i_assert(request->state == AUTH_REQUEST_STATE_PASSDB);
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	293
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	294 request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	295 auth_request_save_cache(request, result);
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	296
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	297 if (request->passdb_password != NULL) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	298 safe_memset(request->passdb_password, 0,
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	299 strlen(request->passdb_password));
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	300 }
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	301
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	302 cache_key = passdb_cache == NULL ? NULL :
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	303 request->passdb->passdb->cache_key;
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	304 if (result == PASSDB_RESULT_INTERNAL_FAILURE && cache_key != NULL) {
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	305 /* lookup failed. if we're looking here only because the
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	306 request was expired in cache, fallback to using cached
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	307 expired record. */
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	308 if (passdb_cache_lookup_credentials(request, cache_key,
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	309 &credentials, &scheme,
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	310 TRUE)) {
3167 97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	311 passdb_handle_credentials(credentials != NULL ?
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	312 PASSDB_RESULT_OK : PASSDB_RESULT_USER_UNKNOWN,
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	313 request->credentials, credentials, scheme,
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	314 request->private_callback.lookup_credentials,
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	315 request);
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	316 return;
97f53e0cce63 Fallback to using expired records from auth cache if database lookups fail. Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	317 }
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	318 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	319
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	320 request->private_callback.lookup_credentials(result, credentials,
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	321 request);
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	322 }
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	323
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	324 void auth_request_lookup_credentials(struct auth_request *request,
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	325 enum passdb_credentials credentials,
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	326 lookup_credentials_callback_t *callback)
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	327 {
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	328 struct passdb_module *passdb = request->passdb->passdb;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	329 const char cache_key, result, *scheme;
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	330
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	331 i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	332
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	333 cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	334 if (cache_key != NULL) {
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	335 if (passdb_cache_lookup_credentials(request, cache_key,
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	336 &result, &scheme, FALSE)) {
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	337 passdb_handle_credentials(result != NULL ?
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	338 PASSDB_RESULT_OK :
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	339 PASSDB_RESULT_USER_UNKNOWN,
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	340 credentials, result, scheme,
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	341 callback, request);
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	342 return;
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	343 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	344 }
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	345
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3167 diff changeset	346 request->state = AUTH_REQUEST_STATE_PASSDB;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	347 request->credentials = credentials;
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	348 request->private_callback.lookup_credentials = callback;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	349
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	350 if (passdb->blocking)
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	351 passdb_blocking_lookup_credentials(request);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	352 else {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	353 passdb->lookup_credentials(request, credentials,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	354 auth_request_lookup_credentials_callback);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	355 }
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	356 }
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	357
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	358 void auth_request_userdb_callback(const char *result,
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	359 struct auth_request *request)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	360 {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	361 if (result == NULL && request->userdb->next != NULL) {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	362 /* try next userdb. */
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	363 if (request->extra_fields != NULL)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	364 str_truncate(request->extra_fields, 0);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	365
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	366 request->userdb = request->userdb->next;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	367 auth_request_lookup_user(request,
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	368 request->private_callback.userdb);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	369 return;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	370 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	371
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	372 if (result == NULL && request->client_pid != 0) {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	373 /* this was actual login attempt */
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	374 auth_request_log_error(request, "userdb",
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	375 "user not found from userdb");
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	376 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	377
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	378 request->private_callback.userdb(result, request);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	379 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	380
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	381 void auth_request_lookup_user(struct auth_request *request,
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	382 userdb_callback_t *callback)
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	383 {
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	384 struct userdb_module *userdb = request->userdb->userdb;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	385
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	386 request->private_callback.userdb = callback;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	387
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	388 if (userdb->blocking)
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	389 userdb_blocking_lookup(request);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3164 diff changeset	390 else
3183 16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	391 userdb->lookup(request, auth_request_userdb_callback);
3068 b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	392 }
b01a8fa09f94 Cleanups. Timo Sirainen <tss@iki.fi> parents: 3065 diff changeset	393
3065 29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	394 int auth_request_set_username(struct auth_request *request,
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	395 const char username, const char *error_r)
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	396 {
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	397 unsigned char *p;
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	398
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	399 if (*username == '\0') {
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	400 /* Some PAM plugins go nuts with empty usernames */
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	401 *error_r = "Empty username";
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	402 return FALSE;
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	403 }
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	404
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	405 if (strchr(username, '@') == NULL &&
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	406 request->auth->default_realm != NULL) {
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	407 request->user = p_strconcat(request->pool, username, "@",
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	408 request->auth->default_realm, NULL);
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	409 } else {
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	410 request->user = p_strdup(request->pool, username);
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	411 }
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	412
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	413 for (p = (unsigned char )request->user; p != '\0'; p++) {
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	414 if (request->auth->username_translation[*p & 0xff] != 0)
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	415 p = request->auth->username_translation[p & 0xff];
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	416 if (request->auth->username_chars[*p & 0xff] == 0) {
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	417 *error_r = "Username contains disallowed characters";
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	418 return FALSE;
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	419 }
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	420 }
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	421
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	422 return TRUE;
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	423 }
29d83a8bb50d Reorganized the code to have less global/static variables. Timo Sirainen <tss@iki.fi> parents: 3064 diff changeset	424
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	425 void auth_request_set_field(struct auth_request *request,
3272 36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	426 const char name, const char value,
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	427 const char *default_scheme)
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	428 {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	429 string_t *str;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	430
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	431 i_assert(value != NULL);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	432
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	433 if (strcmp(name, "password") == 0) {
3272 36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	434 if (request->passdb_password != NULL) {
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	435 auth_request_log_error(request, "auth",
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	436 "Multiple password values not supported");
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	437 return;
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	438 }
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	439
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	440 if (*value == '{') {
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	441 request->passdb_password =
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	442 p_strdup(request->pool, value);
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	443 } else {
3274 859c4ffd514e Don't crash if cache is enabled and we're caching more than just Timo Sirainen <tss@iki.fi> parents: 3272 diff changeset	444 i_assert(default_scheme != NULL);
3272 36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	445 request->passdb_password =
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	446 p_strdup_printf(request->pool, "{%s}%s",
36db3285f4a7 Try to keep scheme always included in auth_request->passdb_password. Timo Sirainen <tss@iki.fi> parents: 3257 diff changeset	447 default_scheme, value);
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	448 }
3397 2db396230881 auth_request_set_field() shouldn't save password to extra_fields. Fixes a Timo Sirainen <tss@iki.fi> parents: 3386 diff changeset	449 return;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	450 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	451
3257 92c16e82b806 passdb can now change the username that was used to log in. This is mostly Timo Sirainen <tss@iki.fi> parents: 3192 diff changeset	452 if (strcmp(name, "user") == 0) {
92c16e82b806 passdb can now change the username that was used to log in. This is mostly Timo Sirainen <tss@iki.fi> parents: 3192 diff changeset	453 /* update username to be exactly as it's in database */
3427 3f7575e43202 If username changes, log the change if debugging is enabled. Timo Sirainen <tss@iki.fi> parents: 3397 diff changeset	454 if (strcmp(request->user, value) != 0) {
3f7575e43202 If username changes, log the change if debugging is enabled. Timo Sirainen <tss@iki.fi> parents: 3397 diff changeset	455 auth_request_log_debug(request, "auth",
3f7575e43202 If username changes, log the change if debugging is enabled. Timo Sirainen <tss@iki.fi> parents: 3397 diff changeset	456 "username changed %s -> %s",
3f7575e43202 If username changes, log the change if debugging is enabled. Timo Sirainen <tss@iki.fi> parents: 3397 diff changeset	457 request->user, value);
3f7575e43202 If username changes, log the change if debugging is enabled. Timo Sirainen <tss@iki.fi> parents: 3397 diff changeset	458 request->user = p_strdup(request->pool, value);
3f7575e43202 If username changes, log the change if debugging is enabled. Timo Sirainen <tss@iki.fi> parents: 3397 diff changeset	459 }
3257 92c16e82b806 passdb can now change the username that was used to log in. This is mostly Timo Sirainen <tss@iki.fi> parents: 3192 diff changeset	460 return;
92c16e82b806 passdb can now change the username that was used to log in. This is mostly Timo Sirainen <tss@iki.fi> parents: 3192 diff changeset	461 }
92c16e82b806 passdb can now change the username that was used to log in. This is mostly Timo Sirainen <tss@iki.fi> parents: 3192 diff changeset	462
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	463 if (strcmp(name, "nodelay") == 0) {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	464 /* don't delay replying to client of the failure */
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	465 request->no_failure_delay = TRUE;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	466 return;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	467 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	468
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	469 str = request->extra_fields;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	470 if (str == NULL)
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	471 request->extra_fields = str = str_new(request->pool, 64);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	472
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	473 if (strcmp(name, "nologin") == 0) {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	474 /* user can't actually login - don't keep this
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	475 reply for master */
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	476 request->no_login = TRUE;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	477 if (str_len(str) > 0)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	478 str_append_c(str, '\t');
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	479 str_append(str, name);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	480 } else if (strcmp(name, "proxy") == 0) {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	481 /* we're proxying authentication for this user. send
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	482 password back if using plaintext authentication. */
3161 6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request Timo Sirainen <tss@iki.fi> parents: 3158 diff changeset	483 request->proxy = TRUE;
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	484 if (str_len(str) > 0)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	485 str_append_c(str, '\t');
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	486 str_append(str, name);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	487 } else {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	488 if (str_len(str) > 0)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	489 str_append_c(str, '\t');
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	490 str_printfa(str, "%s=%s", name, value);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	491 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	492 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	493
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	494 static const char escape_none(const char str)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	495 {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	496 return str;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	497 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	498
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	499 const struct var_expand_table *
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	500 auth_request_get_var_expand_table(const struct auth_request *auth_request,
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	501 const char (escape_func)(const char *))
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	502 {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	503 static struct var_expand_table static_tab[] = {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	504 { 'u', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	505 { 'n', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	506 { 'd', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	507 { 's', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	508 { 'h', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	509 { 'l', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	510 { 'r', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	511 { 'p', NULL },
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	512 { '\0', NULL }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	513 };
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	514 struct var_expand_table *tab;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	515
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	516 if (escape_func == NULL)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	517 escape_func = escape_none;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	518
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	519 tab = t_malloc(sizeof(static_tab));
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	520 memcpy(tab, static_tab, sizeof(static_tab));
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	521
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	522 tab[0].value = escape_func(auth_request->user);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	523 tab[1].value = escape_func(t_strcut(auth_request->user, '@'));
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	524 tab[2].value = strchr(auth_request->user, '@');
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	525 if (tab[2].value != NULL)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	526 tab[2].value = escape_func(tab[2].value+1);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	527 tab[3].value = auth_request->service;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	528 /* tab[4] = we have no home dir */
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	529 if (auth_request->local_ip.family != 0)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	530 tab[5].value = net_ip2addr(&auth_request->local_ip);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	531 if (auth_request->remote_ip.family != 0)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	532 tab[6].value = net_ip2addr(&auth_request->remote_ip);
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: 3072 diff changeset	533 tab[7].value = dec2str(auth_request->client_pid);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	534 return tab;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	535 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	536
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	537 static const char *
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	538 get_log_str(struct auth_request auth_request, const char subsystem,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	539 const char *format, va_list va)
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	540 {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	541 #define MAX_LOG_USERNAME_LEN 64
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	542 const char *ip;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	543 string_t *str;
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	544
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	545 str = t_str_new(128);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	546 str_append(str, subsystem);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	547 str_append_c(str, '(');
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	548
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	549 if (auth_request->user == NULL)
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	550 str_append(str, "?");
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	551 else {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	552 str_sanitize_append(str, auth_request->user,
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	553 MAX_LOG_USERNAME_LEN);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	554 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	555
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	556 ip = net_ip2addr(&auth_request->remote_ip);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	557 if (ip != NULL) {
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	558 str_append_c(str, ',');
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	559 str_append(str, ip);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	560 }
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	561 str_append(str, "): ");
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	562 str_vprintfa(str, format, va);
3064 2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	563 return str_c(str);
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	564 }
2d33734b16d5 Split auth_request* functions from mech.c to auth-request.c Timo Sirainen <tss@iki.fi> parents: diff changeset	565
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	566 void auth_request_log_debug(struct auth_request *auth_request,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	567 const char *subsystem,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	568 const char *format, ...)
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	569 {
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	570 va_list va;
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	571
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	572 if (!auth_request->auth->verbose_debug)
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	573 return;
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	574
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	575 va_start(va, format);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	576 t_push();
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	577 i_info("%s", get_log_str(auth_request, subsystem, format, va));
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	578 t_pop();
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	579 va_end(va);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	580 }
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	581
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	582 void auth_request_log_info(struct auth_request *auth_request,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	583 const char *subsystem,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	584 const char *format, ...)
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	585 {
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	586 va_list va;
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	587
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	588 if (!auth_request->auth->verbose)
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	589 return;
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	590
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	591 va_start(va, format);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	592 t_push();
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	593 i_info("%s", get_log_str(auth_request, subsystem, format, va));
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	594 t_pop();
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	595 va_end(va);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	596 }
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	597
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	598 void auth_request_log_error(struct auth_request *auth_request,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	599 const char *subsystem,
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	600 const char *format, ...)
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	601 {
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	602 va_list va;
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	603
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	604 va_start(va, format);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	605 t_push();
3158 8849f2e380d1 userdb can now return extra parameters to master. Removed special handling Timo Sirainen <tss@iki.fi> parents: 3074 diff changeset	606 i_error("%s", get_log_str(auth_request, subsystem, format, va));
3069 131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	607 t_pop();
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	608 va_end(va);
131151e25e4b Added auth_request_log_(). Timo Sirainen <tss@iki.fi>* parents: 3068 diff changeset	609 }

Mercurial > dovecot > core-2.2

annotate src/auth/auth-request.c @ 3432:079ec5c2d665 HEAD