Mercurial > dovecot > core-2.2
annotate src/auth/auth-settings.c @ 20419:0dc214cf2e30
auth-policy: Add policy implementation
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Fri, 03 Jun 2016 20:21:42 +0300 |
parents | a7cd7cb4844c |
children | b3803bacf702 |
rev | line source |
---|---|
19552
0f22db71df7a
global: freshen copyright
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
18137
diff
changeset
|
1 /* Copyright (c) 2005-2016 Dovecot authors, see the included COPYING file */ |
9002 | 2 |
3 #include "lib.h" | |
4 #include "array.h" | |
20419
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
5 #include "hash-method.h" |
9002 | 6 #include "settings-parser.h" |
10953
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
7 #include "master-service-private.h" |
9159
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9057
diff
changeset
|
8 #include "master-service-settings.h" |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
9 #include "service-settings.h" |
9002 | 10 #include "auth-settings.h" |
11 | |
12 #include <stddef.h> | |
13 | |
9261
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
14 static bool auth_settings_check(void *_set, pool_t pool, const char **error_r); |
10578
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
15 static bool auth_passdb_settings_check(void *_set, pool_t pool, const char **error_r); |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
16 static bool auth_userdb_settings_check(void *_set, pool_t pool, const char **error_r); |
9261
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
17 |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
18 /* <settings checks> */ |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
19 static struct file_listener_settings auth_unix_listeners_array[] = { |
11285
1a3c9bd45b11
auth: Separate auth and login connections. Non-login requests are freed immediately after auth finished.
Timo Sirainen <tss@iki.fi>
parents:
11251
diff
changeset
|
20 { "login/login", 0666, "", "" }, |
15051
9ad9a79c1747
Use "tokenlogin" socket name (instead of "token-login") after all.
Timo Sirainen <tss@iki.fi>
parents:
15049
diff
changeset
|
21 { "token-login/tokenlogin", 0666, "", "" }, |
11330
f15b3aac5443
auth: Create auth-login socket by default where internal user can connect to.
Timo Sirainen <tss@iki.fi>
parents:
11285
diff
changeset
|
22 { "auth-login", 0600, "$default_internal_user", "" }, |
16723
96fa57cacfc7
auth: auth-client socket should be owned by $default_internal_user
Timo Sirainen <tss@iki.fi>
parents:
15715
diff
changeset
|
23 { "auth-client", 0600, "$default_internal_user", "" }, |
14461
bda92bf286a0
auth: Changed auth-userdb socket's default user to $default_internal_user.
Timo Sirainen <tss@iki.fi>
parents:
14159
diff
changeset
|
24 { "auth-userdb", 0666, "$default_internal_user", "" }, |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
25 { "auth-master", 0600, "", "" } |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
26 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
27 static struct file_listener_settings *auth_unix_listeners[] = { |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
28 &auth_unix_listeners_array[0], |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
29 &auth_unix_listeners_array[1], |
10889
653ae02bf8cf
Create auth-client socket by default.
Timo Sirainen <tss@iki.fi>
parents:
10587
diff
changeset
|
30 &auth_unix_listeners_array[2], |
11330
f15b3aac5443
auth: Create auth-login socket by default where internal user can connect to.
Timo Sirainen <tss@iki.fi>
parents:
11285
diff
changeset
|
31 &auth_unix_listeners_array[3], |
15049
aa6027a0a78e
Added support to perform token-based service process authentication.
Stephan Bosch <stephan@rename-it.nl>
parents:
14920
diff
changeset
|
32 &auth_unix_listeners_array[4], |
aa6027a0a78e
Added support to perform token-based service process authentication.
Stephan Bosch <stephan@rename-it.nl>
parents:
14920
diff
changeset
|
33 &auth_unix_listeners_array[5] |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
34 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
35 static buffer_t auth_unix_listeners_buf = { |
17397
f373df52082a
treewide - mass cleanup of 0 used to end a settings list
Phil Carmody <phil@dovecot.fi>
parents:
17236
diff
changeset
|
36 auth_unix_listeners, sizeof(auth_unix_listeners), { NULL, } |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
37 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
38 /* </settings checks> */ |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
39 |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
40 struct service_settings auth_service_settings = { |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
41 .name = "auth", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
42 .protocol = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
43 .type = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
44 .executable = "auth", |
10910
858ad8aa7f8b
auth: Auth master process is now running as default_internal_user by default.
Timo Sirainen <tss@iki.fi>
parents:
10905
diff
changeset
|
45 .user = "$default_internal_user", |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
46 .group = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
47 .privileged_group = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
48 .extra_groups = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
49 .chroot = "", |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
50 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
51 .drop_priv_before_exec = FALSE, |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
52 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
53 .process_min_avail = 0, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
54 .process_limit = 1, |
13785
8c8dd04b8496
auth: Dropped default client_limit back to default_client_limit.
Timo Sirainen <tss@iki.fi>
parents:
13760
diff
changeset
|
55 .client_limit = 0, |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
56 .service_count = 0, |
11631
d41694c931d0
Added support for per-service idle kill timeout.
Timo Sirainen <tss@iki.fi>
parents:
11330
diff
changeset
|
57 .idle_kill = 0, |
12432
8793036f6de8
Services' default vsz_limit wasn't actually using default_vsz_limit but rather 4 GB.
Timo Sirainen <tss@iki.fi>
parents:
12328
diff
changeset
|
58 .vsz_limit = (uoff_t)-1, |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
59 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
60 .unix_listeners = { { &auth_unix_listeners_buf, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
61 sizeof(auth_unix_listeners[0]) } }, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
62 .fifo_listeners = ARRAY_INIT, |
12166
ce75971127a2
Fail at startup if process_limit>1 for services that don't support it.
Timo Sirainen <tss@iki.fi>
parents:
12089
diff
changeset
|
63 .inet_listeners = ARRAY_INIT, |
ce75971127a2
Fail at startup if process_limit>1 for services that don't support it.
Timo Sirainen <tss@iki.fi>
parents:
12089
diff
changeset
|
64 |
ce75971127a2
Fail at startup if process_limit>1 for services that don't support it.
Timo Sirainen <tss@iki.fi>
parents:
12089
diff
changeset
|
65 .process_limit_1 = TRUE |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
66 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
67 |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
68 /* <settings checks> */ |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
69 static struct file_listener_settings auth_worker_unix_listeners_array[] = { |
10910
858ad8aa7f8b
auth: Auth master process is now running as default_internal_user by default.
Timo Sirainen <tss@iki.fi>
parents:
10905
diff
changeset
|
70 { "auth-worker", 0600, "$default_internal_user", "" } |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
71 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
72 static struct file_listener_settings *auth_worker_unix_listeners[] = { |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
73 &auth_worker_unix_listeners_array[0] |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
74 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
75 static buffer_t auth_worker_unix_listeners_buf = { |
17397
f373df52082a
treewide - mass cleanup of 0 used to end a settings list
Phil Carmody <phil@dovecot.fi>
parents:
17236
diff
changeset
|
76 auth_worker_unix_listeners, sizeof(auth_worker_unix_listeners), { NULL, } |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
77 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
78 /* </settings checks> */ |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
79 |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
80 struct service_settings auth_worker_service_settings = { |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
81 .name = "auth-worker", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
82 .protocol = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
83 .type = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
84 .executable = "auth -w", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
85 .user = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
86 .group = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
87 .privileged_group = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
88 .extra_groups = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
89 .chroot = "", |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
90 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
91 .drop_priv_before_exec = FALSE, |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
92 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
93 .process_min_avail = 0, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
94 .process_limit = 0, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
95 .client_limit = 1, |
10921
87c462c463cc
auth: Changed worker process to die after auth server closes its connection.
Timo Sirainen <tss@iki.fi>
parents:
10910
diff
changeset
|
96 .service_count = 1, |
11631
d41694c931d0
Added support for per-service idle kill timeout.
Timo Sirainen <tss@iki.fi>
parents:
11330
diff
changeset
|
97 .idle_kill = 0, |
12432
8793036f6de8
Services' default vsz_limit wasn't actually using default_vsz_limit but rather 4 GB.
Timo Sirainen <tss@iki.fi>
parents:
12328
diff
changeset
|
98 .vsz_limit = (uoff_t)-1, |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
99 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
100 .unix_listeners = { { &auth_worker_unix_listeners_buf, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
101 sizeof(auth_worker_unix_listeners[0]) } }, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
102 .fifo_listeners = ARRAY_INIT, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
103 .inet_listeners = ARRAY_INIT |
10179
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
104 }; |
afe52d60989c
Moved default service settings from master.conf to source code.
Timo Sirainen <tss@iki.fi>
parents:
10177
diff
changeset
|
105 |
9002 | 106 #undef DEF |
107 #define DEF(type, name) \ | |
108 { type, #name, offsetof(struct auth_passdb_settings, name), NULL } | |
109 | |
10177
d589d568a19d
Changed all settings related structs to const and changed APIs to make it work.
Timo Sirainen <tss@iki.fi>
parents:
10107
diff
changeset
|
110 static const struct setting_define auth_passdb_setting_defines[] = { |
17236
917946c08f83
auth: If passdb/userdb has a name, use it for the log prefix instead of the driver name.
Timo Sirainen <tss@iki.fi>
parents:
17139
diff
changeset
|
111 DEF(SET_STR, name), |
9002 | 112 DEF(SET_STR, driver), |
113 DEF(SET_STR, args), | |
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
114 DEF(SET_STR, default_fields), |
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
115 DEF(SET_STR, override_fields), |
17042
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
116 |
15691
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
117 DEF(SET_ENUM, skip), |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
118 DEF(SET_ENUM, result_success), |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
119 DEF(SET_ENUM, result_failure), |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
120 DEF(SET_ENUM, result_internalfail), |
17042
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
121 |
9002 | 122 DEF(SET_BOOL, deny), |
10576
9c80cc65def8
auth: passdb { pass and master } settings weren't working.
Timo Sirainen <tss@iki.fi>
parents:
10410
diff
changeset
|
123 DEF(SET_BOOL, pass), |
9c80cc65def8
auth: passdb { pass and master } settings weren't working.
Timo Sirainen <tss@iki.fi>
parents:
10410
diff
changeset
|
124 DEF(SET_BOOL, master), |
20036
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
125 DEF(SET_ENUM, auth_verbose), |
9002 | 126 |
127 SETTING_DEFINE_LIST_END | |
128 }; | |
129 | |
10905
cb26518a7e51
auth: Fixed compiling config binary.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
130 static const struct auth_passdb_settings auth_passdb_default_settings = { |
17236
917946c08f83
auth: If passdb/userdb has a name, use it for the log prefix instead of the driver name.
Timo Sirainen <tss@iki.fi>
parents:
17139
diff
changeset
|
131 .name = "", |
10897
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
132 .driver = "", |
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
133 .args = "", |
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
134 .default_fields = "", |
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
135 .override_fields = "", |
17042
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
136 |
15691
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
137 .skip = "never:authenticated:unauthenticated", |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
138 .result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail", |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
139 .result_failure = "continue:return:return-ok:return-fail:continue-ok:continue-fail", |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
140 .result_internalfail = "continue:return:return-ok:return-fail:continue-ok:continue-fail", |
17042
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
141 |
10897
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
142 .deny = FALSE, |
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
143 .pass = FALSE, |
20036
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
144 .master = FALSE, |
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
145 .auth_verbose = "default:yes:no" |
10897
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
146 }; |
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
147 |
10177
d589d568a19d
Changed all settings related structs to const and changed APIs to make it work.
Timo Sirainen <tss@iki.fi>
parents:
10107
diff
changeset
|
148 const struct setting_parser_info auth_passdb_setting_parser_info = { |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
149 .defines = auth_passdb_setting_defines, |
10905
cb26518a7e51
auth: Fixed compiling config binary.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
150 .defaults = &auth_passdb_default_settings, |
9002 | 151 |
17236
917946c08f83
auth: If passdb/userdb has a name, use it for the log prefix instead of the driver name.
Timo Sirainen <tss@iki.fi>
parents:
17139
diff
changeset
|
152 .type_offset = offsetof(struct auth_passdb_settings, name), |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
153 .struct_size = sizeof(struct auth_passdb_settings), |
9002 | 154 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
155 .parent_offset = (size_t)-1, |
10578
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
156 .parent = &auth_setting_parser_info, |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
157 |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
158 .check_func = auth_passdb_settings_check |
9002 | 159 }; |
160 | |
161 #undef DEF | |
162 #define DEF(type, name) \ | |
163 { type, #name, offsetof(struct auth_userdb_settings, name), NULL } | |
164 | |
10177
d589d568a19d
Changed all settings related structs to const and changed APIs to make it work.
Timo Sirainen <tss@iki.fi>
parents:
10107
diff
changeset
|
165 static const struct setting_define auth_userdb_setting_defines[] = { |
17236
917946c08f83
auth: If passdb/userdb has a name, use it for the log prefix instead of the driver name.
Timo Sirainen <tss@iki.fi>
parents:
17139
diff
changeset
|
166 DEF(SET_STR, name), |
9002 | 167 DEF(SET_STR, driver), |
168 DEF(SET_STR, args), | |
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
169 DEF(SET_STR, default_fields), |
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
170 DEF(SET_STR, override_fields), |
9002 | 171 |
17042
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
172 DEF(SET_ENUM, skip), |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
173 DEF(SET_ENUM, result_success), |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
174 DEF(SET_ENUM, result_failure), |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
175 DEF(SET_ENUM, result_internalfail), |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
176 |
20036
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
177 DEF(SET_ENUM, auth_verbose), |
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
178 |
9002 | 179 SETTING_DEFINE_LIST_END |
180 }; | |
181 | |
10905
cb26518a7e51
auth: Fixed compiling config binary.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
182 static const struct auth_userdb_settings auth_userdb_default_settings = { |
17060
eaadd1e1fea2
auth: Don't crash when userdb hasn't been specified at all.
Timo Sirainen <tss@iki.fi>
parents:
17042
diff
changeset
|
183 /* NOTE: when adding fields, update also auth.c:userdb_dummy_set */ |
17236
917946c08f83
auth: If passdb/userdb has a name, use it for the log prefix instead of the driver name.
Timo Sirainen <tss@iki.fi>
parents:
17139
diff
changeset
|
184 .name = "", |
10897
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
185 .driver = "", |
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
186 .args = "", |
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12983
diff
changeset
|
187 .default_fields = "", |
17042
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
188 .override_fields = "", |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
189 |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
190 .skip = "never:found:notfound", |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
191 .result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail", |
eeadb7b5045b
auth: Added userdb result_success/failure/tempfail and skip settings, similar to passdb's.
Timo Sirainen <tss@iki.fi>
parents:
16838
diff
changeset
|
192 .result_failure = "continue:return:return-ok:return-fail:continue-ok:continue-fail", |
20036
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
193 .result_internalfail = "continue:return:return-ok:return-fail:continue-ok:continue-fail", |
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
194 |
a7cd7cb4844c
auth: Added passdb/userdb { auth_verbose } setting.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19721
diff
changeset
|
195 .auth_verbose = "default:yes:no" |
10897
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
196 }; |
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10896
diff
changeset
|
197 |
10177
d589d568a19d
Changed all settings related structs to const and changed APIs to make it work.
Timo Sirainen <tss@iki.fi>
parents:
10107
diff
changeset
|
198 const struct setting_parser_info auth_userdb_setting_parser_info = { |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
199 .defines = auth_userdb_setting_defines, |
10905
cb26518a7e51
auth: Fixed compiling config binary.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
200 .defaults = &auth_userdb_default_settings, |
9002 | 201 |
17236
917946c08f83
auth: If passdb/userdb has a name, use it for the log prefix instead of the driver name.
Timo Sirainen <tss@iki.fi>
parents:
17139
diff
changeset
|
202 .type_offset = offsetof(struct auth_userdb_settings, name), |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
203 .struct_size = sizeof(struct auth_userdb_settings), |
9002 | 204 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
205 .parent_offset = (size_t)-1, |
10578
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
206 .parent = &auth_setting_parser_info, |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
207 |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
208 .check_func = auth_userdb_settings_check |
9002 | 209 }; |
210 | |
9834
3f4d796db5fd
config: Auth settings now require the "auth_" prefix also inside auth blocks.
Timo Sirainen <tss@iki.fi>
parents:
9451
diff
changeset
|
211 /* we're kind of kludging here to avoid "auth_" prefix in the struct fields */ |
9002 | 212 #undef DEF |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10978
diff
changeset
|
213 #undef DEF_NOPREFIX |
9002 | 214 #undef DEFLIST |
215 #define DEF(type, name) \ | |
9834
3f4d796db5fd
config: Auth settings now require the "auth_" prefix also inside auth blocks.
Timo Sirainen <tss@iki.fi>
parents:
9451
diff
changeset
|
216 { type, "auth_"#name, offsetof(struct auth_settings, name), NULL } |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10978
diff
changeset
|
217 #define DEF_NOPREFIX(type, name) \ |
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10978
diff
changeset
|
218 { type, #name, offsetof(struct auth_settings, name), NULL } |
9002 | 219 #define DEFLIST(field, name, defines) \ |
220 { SET_DEFLIST, name, offsetof(struct auth_settings, field), defines } | |
221 | |
10177
d589d568a19d
Changed all settings related structs to const and changed APIs to make it work.
Timo Sirainen <tss@iki.fi>
parents:
10107
diff
changeset
|
222 static const struct setting_define auth_setting_defines[] = { |
9002 | 223 DEF(SET_STR, mechanisms), |
224 DEF(SET_STR, realms), | |
225 DEF(SET_STR, default_realm), | |
10281
4b663b9e63af
Added "size" setting type, which supports B/k/M/G/T suffixes.
Timo Sirainen <tss@iki.fi>
parents:
10179
diff
changeset
|
226 DEF(SET_SIZE, cache_size), |
10282
7215f4142901
Added "time" (interval) setting type, which supports s/m/h/d/w suffixes.
Timo Sirainen <tss@iki.fi>
parents:
10281
diff
changeset
|
227 DEF(SET_TIME, cache_ttl), |
7215f4142901
Added "time" (interval) setting type, which supports s/m/h/d/w suffixes.
Timo Sirainen <tss@iki.fi>
parents:
10281
diff
changeset
|
228 DEF(SET_TIME, cache_negative_ttl), |
9002 | 229 DEF(SET_STR, username_chars), |
230 DEF(SET_STR, username_translation), | |
231 DEF(SET_STR, username_format), | |
232 DEF(SET_STR, master_user_separator), | |
233 DEF(SET_STR, anonymous_username), | |
234 DEF(SET_STR, krb5_keytab), | |
235 DEF(SET_STR, gssapi_hostname), | |
236 DEF(SET_STR, winbind_helper_path), | |
14159
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
237 DEF(SET_STR, proxy_self), |
10282
7215f4142901
Added "time" (interval) setting type, which supports s/m/h/d/w suffixes.
Timo Sirainen <tss@iki.fi>
parents:
10281
diff
changeset
|
238 DEF(SET_TIME, failure_delay), |
9002 | 239 |
20419
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
240 DEF(SET_STR, policy_server_url), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
241 DEF(SET_STR, policy_server_api_header), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
242 DEF(SET_UINT, policy_server_timeout_msecs), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
243 DEF(SET_STR, policy_hash_mech), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
244 DEF(SET_STR, policy_hash_nonce), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
245 DEF(SET_STR, policy_request_attributes), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
246 DEF(SET_BOOL, policy_reject_on_fail), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
247 DEF(SET_UINT, policy_hash_truncate), |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
248 |
19721
9d2fa1afc222
auth: If auth_stats=yes, send statistics to stats process.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19552
diff
changeset
|
249 DEF(SET_BOOL, stats), |
9002 | 250 DEF(SET_BOOL, verbose), |
251 DEF(SET_BOOL, debug), | |
252 DEF(SET_BOOL, debug_passwords), | |
16838
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
253 DEF(SET_STR, verbose_passwords), |
9002 | 254 DEF(SET_BOOL, ssl_require_client_cert), |
255 DEF(SET_BOOL, ssl_username_from_cert), | |
256 DEF(SET_BOOL, use_winbind), | |
257 | |
258 DEF(SET_UINT, worker_max_count), | |
259 | |
260 DEFLIST(passdbs, "passdb", &auth_passdb_setting_parser_info), | |
261 DEFLIST(userdbs, "userdb", &auth_userdb_setting_parser_info), | |
262 | |
13555
fe89e95867a4
auth: Added passdb imap plugin.
Timo Sirainen <tss@iki.fi>
parents:
13330
diff
changeset
|
263 DEF_NOPREFIX(SET_STR, base_dir), |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10978
diff
changeset
|
264 DEF_NOPREFIX(SET_BOOL, verbose_proctitle), |
15709
18661d1d6ed0
auth: first/last_valid_uid settings shouldn't have had auth_ prefix.
Timo Sirainen <tss@iki.fi>
parents:
15691
diff
changeset
|
265 DEF_NOPREFIX(SET_UINT, first_valid_uid), |
18661d1d6ed0
auth: first/last_valid_uid settings shouldn't have had auth_ prefix.
Timo Sirainen <tss@iki.fi>
parents:
15691
diff
changeset
|
266 DEF_NOPREFIX(SET_UINT, last_valid_uid), |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10978
diff
changeset
|
267 |
9002 | 268 SETTING_DEFINE_LIST_END |
269 }; | |
270 | |
10177
d589d568a19d
Changed all settings related structs to const and changed APIs to make it work.
Timo Sirainen <tss@iki.fi>
parents:
10107
diff
changeset
|
271 static const struct auth_settings auth_default_settings = { |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
272 .mechanisms = "plain", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
273 .realms = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
274 .default_realm = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
275 .cache_size = 0, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
276 .cache_ttl = 60*60, |
12298
94608c2debe2
auth: Default for auth_cache_negative_ttl was supposed to be 1 hour, not disabled.
Timo Sirainen <tss@iki.fi>
parents:
12166
diff
changeset
|
277 .cache_negative_ttl = 60*60, |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
278 .username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
279 .username_translation = "", |
12983
c0b40ebc527d
auth_username_format default changed to %Lu
Timo Sirainen <tss@iki.fi>
parents:
12889
diff
changeset
|
280 .username_format = "%Lu", |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
281 .master_user_separator = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
282 .anonymous_username = "anonymous", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
283 .krb5_keytab = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
284 .gssapi_hostname = "", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
285 .winbind_helper_path = "/usr/bin/ntlm_auth", |
14159
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
286 .proxy_self = "", |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
287 .failure_delay = 2, |
9002 | 288 |
20419
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
289 .policy_server_url = "", |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
290 .policy_server_api_header = "", |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
291 .policy_server_timeout_msecs = 2000, |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
292 .policy_hash_mech = "sha256", |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
293 .policy_hash_nonce = "", |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
294 .policy_request_attributes = "login=%{orig_username} pwhash=%{hashed_password} remote=%{real_rip}", |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
295 .policy_reject_on_fail = FALSE, |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
296 .policy_hash_truncate = 12, |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
297 |
19721
9d2fa1afc222
auth: If auth_stats=yes, send statistics to stats process.
Timo Sirainen <timo.sirainen@dovecot.fi>
parents:
19552
diff
changeset
|
298 .stats = FALSE, |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
299 .verbose = FALSE, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
300 .debug = FALSE, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
301 .debug_passwords = FALSE, |
16838
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
302 .verbose_passwords = "no", |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
303 .ssl_require_client_cert = FALSE, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
304 .ssl_username_from_cert = FALSE, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
305 .use_winbind = FALSE, |
9002 | 306 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
307 .worker_max_count = 30, |
9002 | 308 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
309 .passdbs = ARRAY_INIT, |
11251
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10978
diff
changeset
|
310 .userdbs = ARRAY_INIT, |
6243376eff60
auth: If verbose_proctitle=yes, show auth request counts in ps.
Timo Sirainen <tss@iki.fi>
parents:
10978
diff
changeset
|
311 |
13555
fe89e95867a4
auth: Added passdb imap plugin.
Timo Sirainen <tss@iki.fi>
parents:
13330
diff
changeset
|
312 .base_dir = PKG_RUNDIR, |
15709
18661d1d6ed0
auth: first/last_valid_uid settings shouldn't have had auth_ prefix.
Timo Sirainen <tss@iki.fi>
parents:
15691
diff
changeset
|
313 .verbose_proctitle = FALSE, |
18661d1d6ed0
auth: first/last_valid_uid settings shouldn't have had auth_ prefix.
Timo Sirainen <tss@iki.fi>
parents:
15691
diff
changeset
|
314 .first_valid_uid = 500, |
18661d1d6ed0
auth: first/last_valid_uid settings shouldn't have had auth_ prefix.
Timo Sirainen <tss@iki.fi>
parents:
15691
diff
changeset
|
315 .last_valid_uid = 0, |
9002 | 316 }; |
317 | |
10177
d589d568a19d
Changed all settings related structs to const and changed APIs to make it work.
Timo Sirainen <tss@iki.fi>
parents:
10107
diff
changeset
|
318 const struct setting_parser_info auth_setting_parser_info = { |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
319 .module_name = "auth", |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
320 .defines = auth_setting_defines, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
321 .defaults = &auth_default_settings, |
9002 | 322 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
323 .type_offset = (size_t)-1, |
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
324 .struct_size = sizeof(struct auth_settings), |
9002 | 325 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
326 .parent_offset = (size_t)-1, |
10106
5a25b4ec5694
Reordered struct setting_parser_info fields to make using them easier.
Timo Sirainen <tss@iki.fi>
parents:
9846
diff
changeset
|
327 |
10410
b757dab45756
Removed MEMBER() macro. Require C99 style struct initializer.
Timo Sirainen <tss@iki.fi>
parents:
10282
diff
changeset
|
328 .check_func = auth_settings_check |
9002 | 329 }; |
330 | |
9261
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
331 /* <settings checks> */ |
14159
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
332 static bool |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
333 auth_settings_set_self_ips(struct auth_settings *set, pool_t pool, |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
334 const char **error_r) |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
335 { |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
336 const char *const *tmp; |
14920
a097ef0a9d6d
Array API changed: ARRAY_DEFINE(name, type) -> ARRAY(type) name
Timo Sirainen <tss@iki.fi>
parents:
14726
diff
changeset
|
337 ARRAY(struct ip_addr) ips_array; |
14159
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
338 struct ip_addr *ips; |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
339 unsigned int ips_count; |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
340 int ret; |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
341 |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
342 if (*set->proxy_self == '\0') { |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
343 set->proxy_self_ips = p_new(pool, struct ip_addr, 1); |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
344 return TRUE; |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
345 } |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
346 |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
347 p_array_init(&ips_array, pool, 4); |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
348 tmp = t_strsplit_spaces(set->proxy_self, " "); |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
349 for (; *tmp != NULL; tmp++) { |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
350 ret = net_gethostbyname(*tmp, &ips, &ips_count); |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
351 if (ret != 0) { |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
352 *error_r = t_strdup_printf("auth_proxy_self_ips: " |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
353 "gethostbyname(%s) failed: %s", |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
354 *tmp, net_gethosterror(ret)); |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
355 } |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
356 array_append(&ips_array, ips, ips_count); |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
357 } |
14686
9ff19c1d5f69
Added array_append_zero() to write a zero-filled record to an array.
Timo Sirainen <tss@iki.fi>
parents:
14461
diff
changeset
|
358 array_append_zero(&ips_array); |
14159
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
359 set->proxy_self_ips = array_idx(&ips_array, 0); |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
360 return TRUE; |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
361 } |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
362 |
16838
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
363 static bool |
17139
27ac53f11f1f
auth: Allow auth_verbose_passwords=yes as an alias for "plain".
Timo Sirainen <tss@iki.fi>
parents:
17138
diff
changeset
|
364 auth_verify_verbose_password(struct auth_settings *set, |
16838
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
365 const char **error_r) |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
366 { |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
367 const char *p, *value = set->verbose_passwords; |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
368 unsigned int num; |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
369 |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
370 p = strchr(value, ':'); |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
371 if (p != NULL) { |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
372 if (str_to_uint(p+1, &num) < 0 || num == 0) { |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
373 *error_r = t_strdup_printf("auth_verbose_passwords: " |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
374 "Invalid truncation number: '%s'", p+1); |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
375 return FALSE; |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
376 } |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
377 value = t_strdup_until(value, p); |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
378 } |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
379 if (strcmp(value, "no") == 0) |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
380 return TRUE; |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
381 else if (strcmp(value, "plain") == 0) |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
382 return TRUE; |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
383 else if (strcmp(value, "sha1") == 0) |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
384 return TRUE; |
17139
27ac53f11f1f
auth: Allow auth_verbose_passwords=yes as an alias for "plain".
Timo Sirainen <tss@iki.fi>
parents:
17138
diff
changeset
|
385 else if (strcmp(value, "yes") == 0) { |
27ac53f11f1f
auth: Allow auth_verbose_passwords=yes as an alias for "plain".
Timo Sirainen <tss@iki.fi>
parents:
17138
diff
changeset
|
386 /* just use it as alias for "plain" */ |
27ac53f11f1f
auth: Allow auth_verbose_passwords=yes as an alias for "plain".
Timo Sirainen <tss@iki.fi>
parents:
17138
diff
changeset
|
387 set->verbose_passwords = "plain"; |
27ac53f11f1f
auth: Allow auth_verbose_passwords=yes as an alias for "plain".
Timo Sirainen <tss@iki.fi>
parents:
17138
diff
changeset
|
388 return TRUE; |
27ac53f11f1f
auth: Allow auth_verbose_passwords=yes as an alias for "plain".
Timo Sirainen <tss@iki.fi>
parents:
17138
diff
changeset
|
389 } else { |
17138
afd3cfcf1bcb
auth: Fixed crash/NULL error if auth_verbose_passwords had an invalid value.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
390 *error_r = "auth_verbose_passwords: Invalid value"; |
16838
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
391 return FALSE; |
17138
afd3cfcf1bcb
auth: Fixed crash/NULL error if auth_verbose_passwords had an invalid value.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
392 } |
16838
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
393 } |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
394 |
10892
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
395 static bool auth_settings_check(void *_set, pool_t pool, |
12087
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
396 const char **error_r) |
9261
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
397 { |
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
398 struct auth_settings *set = _set; |
10892
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
399 const char *p; |
9261
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
400 |
9451
d86490ef27bd
auth: Fixed auth_debug_password -> auth_debug -> auth_Verbose cascading.
Timo Sirainen <tss@iki.fi>
parents:
9267
diff
changeset
|
401 if (set->debug_passwords) |
d86490ef27bd
auth: Fixed auth_debug_password -> auth_debug -> auth_Verbose cascading.
Timo Sirainen <tss@iki.fi>
parents:
9267
diff
changeset
|
402 set->debug = TRUE; |
d86490ef27bd
auth: Fixed auth_debug_password -> auth_debug -> auth_Verbose cascading.
Timo Sirainen <tss@iki.fi>
parents:
9267
diff
changeset
|
403 if (set->debug) |
d86490ef27bd
auth: Fixed auth_debug_password -> auth_debug -> auth_Verbose cascading.
Timo Sirainen <tss@iki.fi>
parents:
9267
diff
changeset
|
404 set->verbose = TRUE; |
10892
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
405 |
13958
7175320feafc
auth: Throttle SQL auth worker process creation if they can't connect to database.
Timo Sirainen <tss@iki.fi>
parents:
13785
diff
changeset
|
406 if (set->worker_max_count == 0) { |
7175320feafc
auth: Throttle SQL auth worker process creation if they can't connect to database.
Timo Sirainen <tss@iki.fi>
parents:
13785
diff
changeset
|
407 *error_r = "auth_worker_max_count must be above zero"; |
7175320feafc
auth: Throttle SQL auth worker process creation if they can't connect to database.
Timo Sirainen <tss@iki.fi>
parents:
13785
diff
changeset
|
408 return FALSE; |
7175320feafc
auth: Throttle SQL auth worker process creation if they can't connect to database.
Timo Sirainen <tss@iki.fi>
parents:
13785
diff
changeset
|
409 } |
7175320feafc
auth: Throttle SQL auth worker process creation if they can't connect to database.
Timo Sirainen <tss@iki.fi>
parents:
13785
diff
changeset
|
410 |
12089
52e197994a55
Don't fail with auth_cache_size=0
Timo Sirainen <tss@iki.fi>
parents:
12087
diff
changeset
|
411 if (set->cache_size > 0 && set->cache_size < 1024) { |
12087
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
412 /* probably a configuration error. |
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
413 older versions used megabyte numbers */ |
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
414 *error_r = t_strdup_printf("auth_cache_size value is too small " |
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
415 "(%"PRIuUOFF_T" bytes)", |
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
416 set->cache_size); |
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
417 return FALSE; |
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
418 } |
27d235096cca
auth: Fail if auth_cache_size value is too small.
Timo Sirainen <tss@iki.fi>
parents:
11631
diff
changeset
|
419 |
16838
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
420 if (!auth_verify_verbose_password(set, error_r)) |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
421 return FALSE; |
dc46ae14008c
auth: Added ability to truncate values logged by auth_verbose_passwords.
Timo Sirainen <tss@iki.fi>
parents:
16723
diff
changeset
|
422 |
10892
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
423 if (*set->username_chars == '\0') { |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
424 /* all chars are allowed */ |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
425 memset(set->username_chars_map, 1, |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
426 sizeof(set->username_chars_map)); |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
427 } else { |
10896
f93195ae4bed
auth: Recent changes broke auth_username_chars checking.
Timo Sirainen <tss@iki.fi>
parents:
10893
diff
changeset
|
428 for (p = set->username_chars; *p != '\0'; p++) |
10892
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
429 set->username_chars_map[(int)(uint8_t)*p] = 1; |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
430 } |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
431 |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
432 if (*set->username_translation != '\0') { |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
433 p = set->username_translation; |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
434 for (; *p != '\0' && p[1] != '\0'; p += 2) |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
435 set->username_translation_map[(int)(uint8_t)*p] = p[1]; |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
436 } |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
437 set->realms_arr = |
9675d9a54ac9
auth: Moved some variables generated from settings to struct auth_settings.
Timo Sirainen <tss@iki.fi>
parents:
10889
diff
changeset
|
438 (const char *const *)p_strsplit_spaces(pool, set->realms, " "); |
14159
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
439 |
20419
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
440 if (*set->policy_server_url != '\0') { |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
441 if (*set->policy_hash_nonce == '\0') { |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
442 |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
443 *error_r = "auth_policy_hash_nonce must be set when policy server is used"; |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
444 return FALSE; |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
445 } |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
446 const struct hash_method *digest = hash_method_lookup(set->policy_hash_mech); |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
447 if (digest == NULL) { |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
448 *error_r = "invalid auth_policy_hash_mech given"; |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
449 return FALSE; |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
450 } |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
451 if (set->policy_hash_truncate > 0 && set->policy_hash_truncate >= digest->digest_size*8) { |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
452 *error_r = t_strdup_printf("policy_hash_truncate is not smaller than digest size (%u >= %u)", |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
453 set->policy_hash_truncate, |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
454 digest->digest_size*8); |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
455 return FALSE; |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
456 } |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
457 } |
0dc214cf2e30
auth-policy: Add policy implementation
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20036
diff
changeset
|
458 |
14159
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
459 if (!auth_settings_set_self_ips(set, pool, error_r)) |
98d696965c91
auth: Added auth_proxy_self setting to specify IPs that are considered as "self" for proxy_maybe.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
460 return FALSE; |
9261
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
461 return TRUE; |
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
462 } |
10578
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
463 |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
464 static bool |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
465 auth_passdb_settings_check(void *_set, pool_t pool ATTR_UNUSED, |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
466 const char **error_r) |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
467 { |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
468 struct auth_passdb_settings *set = _set; |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
469 |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
470 if (set->driver == NULL || *set->driver == '\0') { |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
471 *error_r = "passdb is missing driver"; |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
472 return FALSE; |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
473 } |
15691
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
474 if (set->pass && strcmp(set->result_success, "return-ok") != 0) { |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
475 *error_r = "Obsolete pass=yes setting mixed with non-default result_success"; |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
476 return FALSE; |
d60aa734c72d
auth: Added passdb { result_* and skip } settings.
Timo Sirainen <tss@iki.fi>
parents:
15088
diff
changeset
|
477 } |
10578
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
478 return TRUE; |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
479 } |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
480 |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
481 static bool |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
482 auth_userdb_settings_check(void *_set, pool_t pool ATTR_UNUSED, |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
483 const char **error_r) |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
484 { |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
485 struct auth_userdb_settings *set = _set; |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
486 |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
487 if (set->driver == NULL || *set->driver == '\0') { |
10587
bea4b2d1f27f
auth: Fixed "userdb is missing driver" error.
Timo Sirainen <tss@iki.fi>
parents:
10585
diff
changeset
|
488 *error_r = "userdb is missing driver"; |
10578
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
489 return FALSE; |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
490 } |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
491 return TRUE; |
a2ed5c020cfa
auth: Don't use section names for passdb/userdb driver names.
Timo Sirainen <tss@iki.fi>
parents:
10576
diff
changeset
|
492 } |
9261
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
493 /* </settings checks> */ |
5e80d667a827
auth settings: Make sure we have a section name defined.
Timo Sirainen <tss@iki.fi>
parents:
9244
diff
changeset
|
494 |
10893
1a4c2e4bff75
auth: auth_userdb and auth_passdb no longer has pointer to struct auth.
Timo Sirainen <tss@iki.fi>
parents:
10892
diff
changeset
|
495 struct auth_settings *global_auth_settings; |
1a4c2e4bff75
auth: auth_userdb and auth_passdb no longer has pointer to struct auth.
Timo Sirainen <tss@iki.fi>
parents:
10892
diff
changeset
|
496 |
10953
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
497 struct auth_settings * |
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
498 auth_settings_read(const char *service, pool_t pool, |
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
499 struct master_service_settings_output *output_r) |
9002 | 500 { |
9159
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9057
diff
changeset
|
501 static const struct setting_parser_info *set_roots[] = { |
9846
cf27080f3fcf
config: Removed auth sections completely for now.
Timo Sirainen <tss@iki.fi>
parents:
9834
diff
changeset
|
502 &auth_setting_parser_info, |
9159
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9057
diff
changeset
|
503 NULL |
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9057
diff
changeset
|
504 }; |
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
505 struct master_service_settings_input input; |
10953
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
506 struct setting_parser_context *set_parser; |
9159
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9057
diff
changeset
|
507 const char *error; |
15088
14df6be0111f
Read SSL settings only if service has SSL sockets or MASTER_SERVICE_FLAG_USE_SSL_SETTINGS.
Timo Sirainen <tss@iki.fi>
parents:
15051
diff
changeset
|
508 void **sets; |
9002 | 509 |
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
510 memset(&input, 0, sizeof(input)); |
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
511 input.roots = set_roots; |
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
512 input.module = "auth"; |
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
513 input.service = service; |
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
514 if (master_service_settings_read(master_service, &input, |
10953
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
515 output_r, &error) < 0) |
9159
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9057
diff
changeset
|
516 i_fatal("Error reading configuration: %s", error); |
9002 | 517 |
13760
acfe332f9aeb
auth: Support passing regular %variables to sql/ldap iterate queries.
Timo Sirainen <tss@iki.fi>
parents:
13555
diff
changeset
|
518 pool_ref(pool); |
10953
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
519 set_parser = settings_parser_dup(master_service->set_parser, pool); |
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
520 if (!settings_parser_check(set_parser, pool, &error)) |
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
521 i_unreached(); |
bdef690d41d5
auth: Fixed support for per-service auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10921
diff
changeset
|
522 |
15088
14df6be0111f
Read SSL settings only if service has SSL sockets or MASTER_SERVICE_FLAG_USE_SSL_SETTINGS.
Timo Sirainen <tss@iki.fi>
parents:
15051
diff
changeset
|
523 sets = master_service_settings_parser_get_others(master_service, |
14df6be0111f
Read SSL settings only if service has SSL sockets or MASTER_SERVICE_FLAG_USE_SSL_SETTINGS.
Timo Sirainen <tss@iki.fi>
parents:
15051
diff
changeset
|
524 set_parser); |
13760
acfe332f9aeb
auth: Support passing regular %variables to sql/ldap iterate queries.
Timo Sirainen <tss@iki.fi>
parents:
13555
diff
changeset
|
525 settings_parser_deinit(&set_parser); |
15088
14df6be0111f
Read SSL settings only if service has SSL sockets or MASTER_SERVICE_FLAG_USE_SSL_SETTINGS.
Timo Sirainen <tss@iki.fi>
parents:
15051
diff
changeset
|
526 return sets[0]; |
9002 | 527 } |