Mercurial > dovecot > core-2.2
annotate src/plugins/var-expand-crypt/var-expand-crypt-plugin.c @ 22656:1789bf2a1e01
director: Make sure HOST-RESET-USERS isn't used with max_moving_users=0
The reset command would just hang in that case. doveadm would never have
sent this, so this is just an extra sanity check.
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Sun, 05 Nov 2017 23:51:56 +0200 |
| parents | a5de42736743 |
| children | cb108f786fb4 |
| rev | line source |
|---|---|
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
1 /* Copyright (c) 2003-2016 Dovecot authors, see the included COPYING file */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
2 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
4 #include "array.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
5 #include "hex-binary.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
6 #include "base64.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
7 #include "str.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
8 #include "strescape.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
9 #include "var-expand.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
10 #include "var-expand-private.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
11 #include "dcrypt.h" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
12 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
13 #define VAR_EXPAND_CRYPT_DEFAULT_ALGO "AES-256-CBC" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
14 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
15 struct module; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
16 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
17 enum crypt_field_format { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
18 FORMAT_HEX, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
19 FORMAT_BASE64 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
20 }; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
21 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
22 struct var_expand_crypt_context { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
23 struct var_expand_context *ctx; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
24 const char *algo; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
25 string_t *iv; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
26 string_t *enckey; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
27 enum crypt_field_format format; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
28 bool enc_result_only:1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
29 }; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
30 |
|
21866
f23b6f713a50
var-expand-crypt: Add error handling for initialization
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21865
diff
changeset
|
31 static bool var_expand_crypt_initialize(const char **error_r); |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
32 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
33 void var_expand_crypt_init(struct module *module); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
34 void var_expand_crypt_deinit(void); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
35 void auth_var_expand_crypt_init(struct module *module); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
36 void auth_var_expand_crypt_deinit(void); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
37 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
38 static bool has_been_init; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
39 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
40 static int |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
41 var_expand_crypt_settings(struct var_expand_crypt_context *ctx, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
42 const char *const *args, const char **error_r) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
43 { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
44 while(args != NULL && *args != NULL) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
45 const char *k = t_strcut(*args, '='); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
46 const char *value = strchr(*args, '='); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
47 if (value == NULL) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
48 args++; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
49 continue; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
50 } else { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
51 value++; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
52 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
53 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
54 if (strcmp(k, "iv") == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
55 str_truncate(ctx->iv, 0); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
56 var_expand_with_funcs(ctx->iv, value, ctx->ctx->table, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
57 ctx->ctx->func_table, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
58 ctx->ctx->context); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
59 const char *hexiv = t_strdup(str_c(ctx->iv)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
60 /* try to decode IV */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
61 str_truncate(ctx->iv, 0); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
62 hex_to_binary(hexiv, ctx->iv); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
63 if (str_len(ctx->iv) == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
64 *error_r = "iv is not valid hex encoded value"; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
65 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
66 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
67 } if (strcmp(k, "noiv") == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
68 ctx->enc_result_only = strcasecmp(value, "yes")==0; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
69 } if (strcmp(k, "algo") == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
70 ctx->algo = value; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
71 } else if (strcmp(k, "key") == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
72 str_truncate(ctx->enckey, 0); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
73 var_expand_with_funcs(ctx->enckey, value, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
74 ctx->ctx->table, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
75 ctx->ctx->func_table, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
76 ctx->ctx->context); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
77 const char *hexkey = t_strdup(str_c(ctx->enckey)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
78 str_truncate(ctx->enckey, 0); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
79 hex_to_binary(hexkey, ctx->enckey); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
80 if (str_len(ctx->enckey) == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
81 *error_r = "key is not valid hex encoded value"; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
82 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
83 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
84 } else if (strcmp(k, "format") == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
85 if (strcmp(value, "hex") == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
86 ctx->format = FORMAT_HEX; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
87 } else if (strcmp(value, "base64") == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
88 ctx->format = FORMAT_BASE64; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
89 } else { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
90 *error_r = t_strdup_printf( |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
91 "Cannot parse hash arguments:" |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
92 "'%s' is not supported format", |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
93 value); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
94 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
95 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
96 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
97 args++; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
98 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
99 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
100 if (ctx->algo == NULL) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
101 ctx->algo = "AES-256-CBC"; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
102 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
103 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
104 return 0; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
105 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
106 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
107 static int |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
108 var_expand_crypt(struct dcrypt_context_symmetric *dctx, buffer_t *key, buffer_t *iv, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
109 const buffer_t *input, buffer_t *output, const char **error_r) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
110 { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
111 /* make sure IV is correct */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
112 if (iv->used == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
113 dcrypt_ctx_sym_set_key_iv_random(dctx); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
114 /* acquire IV */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
115 dcrypt_ctx_sym_get_iv(dctx, iv); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
116 } else if (dcrypt_ctx_sym_get_iv_length(dctx) != iv->used) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
117 *error_r = t_strdup_printf("crypt: IV length invalid (%"PRIuSIZE_T" != %u)", |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
118 iv->used, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
119 dcrypt_ctx_sym_get_iv_length(dctx)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
120 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
121 } else { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
122 dcrypt_ctx_sym_set_iv(dctx, iv->data, iv->used); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
123 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
124 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
125 if (dcrypt_ctx_sym_get_key_length(dctx) != key->used) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
126 *error_r = t_strdup_printf("crypt: Key length invalid (%"PRIuSIZE_T" != %u)", |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
127 key->used, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
128 dcrypt_ctx_sym_get_key_length(dctx)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
129 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
130 } else { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
131 dcrypt_ctx_sym_set_key(dctx, key->data, key->used); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
132 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
133 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
134 if (!dcrypt_ctx_sym_init(dctx, error_r) || |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
135 !dcrypt_ctx_sym_update(dctx, input->data, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
136 input->used, output, error_r) || |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
137 !dcrypt_ctx_sym_final(dctx, output, error_r)) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
138 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
139 return 0; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
140 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
141 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
142 static int |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
143 var_expand_encrypt(struct var_expand_context *_ctx, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
144 const char *key, const char *field, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
145 const char **result_r, const char **error_r) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
146 { |
|
21866
f23b6f713a50
var-expand-crypt: Add error handling for initialization
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21865
diff
changeset
|
147 if (!has_been_init && !var_expand_crypt_initialize(error_r)) |
|
f23b6f713a50
var-expand-crypt: Add error handling for initialization
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21865
diff
changeset
|
148 return -1; |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
149 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
150 const char *p = strchr(key, ';'); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
151 const char *const *args = NULL; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
152 const char *value; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
153 struct var_expand_crypt_context ctx; |
|
21862
026af538e3dd
var-expand-crypt: Fix base64 encoding
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21861
diff
changeset
|
154 string_t *dest; |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
155 int ret = 0; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
156 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
157 memset(&ctx, 0, sizeof(ctx)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
158 ctx.ctx = _ctx; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
159 ctx.format = FORMAT_HEX; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
160 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
161 if (p != NULL) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
162 args = t_strsplit(p+1, ","); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
163 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
164 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
165 string_t *field_value = t_str_new(64); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
166 ctx.iv = t_str_new(64); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
167 ctx.enckey = t_str_new(64); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
168 string_t *tmp = t_str_new(128); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
169 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
170 if ((ret = var_expand_long(_ctx, field, strlen(field), |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
171 &value, error_r)) < 1) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
172 return ret; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
173 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
174 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
175 if (*value == '\0') { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
176 *result_r = value; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
177 return ret; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
178 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
179 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
180 if (var_expand_crypt_settings(&ctx, args, error_r) < 0) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
181 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
182 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
183 str_append(field_value, value); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
184 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
185 struct dcrypt_context_symmetric *dctx; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
186 if (!dcrypt_ctx_sym_create(ctx.algo, DCRYPT_MODE_ENCRYPT, &dctx, error_r)) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
187 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
188 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
189 ret = var_expand_crypt(dctx, ctx.enckey, ctx.iv, field_value, tmp, error_r); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
190 dcrypt_ctx_sym_destroy(&dctx); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
191 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
192 if (ret == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
193 /* makes compiler happy */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
194 const char *enciv = ""; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
195 const char *res = ""; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
196 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
197 switch(ctx.format) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
198 case FORMAT_HEX: |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
199 enciv = binary_to_hex(ctx.iv->data, ctx.iv->used); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
200 res = binary_to_hex(tmp->data, tmp->used); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
201 break; |
|
21862
026af538e3dd
var-expand-crypt: Fix base64 encoding
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21861
diff
changeset
|
202 case FORMAT_BASE64: |
|
026af538e3dd
var-expand-crypt: Fix base64 encoding
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21861
diff
changeset
|
203 dest = t_str_new(32); |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
204 base64_encode(ctx.iv->data, ctx.iv->used, dest); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
205 enciv = str_c(dest); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
206 dest = t_str_new(32); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
207 base64_encode(tmp->data, tmp->used, dest); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
208 res = str_c(dest); |
|
21862
026af538e3dd
var-expand-crypt: Fix base64 encoding
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21861
diff
changeset
|
209 break; |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
210 default: |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
211 i_unreached(); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
212 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
213 if (ctx.enc_result_only) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
214 *result_r = t_strdup(res); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
215 else |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
216 *result_r = t_strdup_printf("%s$%s$", enciv, res); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
217 ret = 1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
218 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
219 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
220 return ret; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
221 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
222 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
223 static int |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
224 var_expand_decrypt(struct var_expand_context *_ctx, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
225 const char *key, const char *field, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
226 const char **result_r, const char **error_r) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
227 { |
|
21866
f23b6f713a50
var-expand-crypt: Add error handling for initialization
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21865
diff
changeset
|
228 if (!has_been_init && !var_expand_crypt_initialize(error_r)) |
|
f23b6f713a50
var-expand-crypt: Add error handling for initialization
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21865
diff
changeset
|
229 return -1; |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
230 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
231 const char *p = strchr(key, ';'); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
232 const char *const *args = NULL; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
233 const char *value; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
234 struct var_expand_crypt_context ctx; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
235 int ret = 0; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
236 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
237 memset(&ctx, 0, sizeof(ctx)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
238 ctx.ctx = _ctx; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
239 ctx.format = FORMAT_HEX; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
240 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
241 if (p != NULL) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
242 args = t_strsplit(p+1, ","); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
243 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
244 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
245 string_t *field_value = t_str_new(64); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
246 ctx.iv = t_str_new(64); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
247 ctx.enckey = t_str_new(64); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
248 string_t *tmp = t_str_new(128); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
249 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
250 if ((ret = var_expand_long(_ctx, field, strlen(field), |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
251 &value, error_r)) < 1) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
252 return ret; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
253 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
254 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
255 if (*value == '\0') { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
256 *result_r = value; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
257 return ret; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
258 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
259 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
260 if (var_expand_crypt_settings(&ctx, args, error_r) < 0) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
261 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
262 |
|
21867
a5de42736743
var-expand-crypt: Fix data decryption
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21866
diff
changeset
|
263 const char *encdata = value; |
|
a5de42736743
var-expand-crypt: Fix data decryption
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21866
diff
changeset
|
264 const char *enciv = ""; |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
265 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
266 /* make sure IV is correct */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
267 if (ctx.iv->used == 0 && (p = strchr(encdata, '$')) != NULL) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
268 /* see if IV can be taken from data */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
269 enciv = t_strcut(encdata, '$'); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
270 encdata = t_strcut(p+1,'$'); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
271 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
272 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
273 str_truncate(field_value, 0); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
274 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
275 /* try to decode iv and encdata */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
276 switch(ctx.format) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
277 case FORMAT_HEX: |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
278 if (ctx.iv->used == 0) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
279 hex_to_binary(enciv, ctx.iv); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
280 hex_to_binary(encdata, field_value); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
281 break; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
282 case FORMAT_BASE64: |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
283 if (ctx.iv->used == 0) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
284 str_append_str(ctx.iv, t_base64_decode_str(enciv)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
285 str_append_str(field_value, t_base64_decode_str(encdata)); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
286 break; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
287 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
288 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
289 if (ctx.iv->used == 0) { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
290 *error_r = t_strdup_printf("decrypt: IV missing"); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
291 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
292 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
293 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
294 struct dcrypt_context_symmetric *dctx; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
295 if (!dcrypt_ctx_sym_create(ctx.algo, DCRYPT_MODE_DECRYPT, &dctx, error_r)) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
296 return -1; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
297 ret = var_expand_crypt(dctx, ctx.enckey, ctx.iv, field_value, tmp, error_r); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
298 dcrypt_ctx_sym_destroy(&dctx); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
299 |
|
21867
a5de42736743
var-expand-crypt: Fix data decryption
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21866
diff
changeset
|
300 if (ret == 0) { |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
301 *result_r = str_c(tmp); |
|
21867
a5de42736743
var-expand-crypt: Fix data decryption
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21866
diff
changeset
|
302 ret = 1; |
|
a5de42736743
var-expand-crypt: Fix data decryption
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21866
diff
changeset
|
303 } |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
304 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
305 return ret; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
306 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
307 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
308 static const struct var_expand_extension_func_table funcs[] = { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
309 { "encrypt", var_expand_encrypt }, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
310 { "decrypt", var_expand_decrypt }, |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
311 { NULL, NULL, } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
312 }; |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
313 |
|
21866
f23b6f713a50
var-expand-crypt: Add error handling for initialization
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21865
diff
changeset
|
314 static bool var_expand_crypt_initialize(const char **error_r) |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
315 { |
|
21866
f23b6f713a50
var-expand-crypt: Add error handling for initialization
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21865
diff
changeset
|
316 return dcrypt_initialize(NULL, NULL, error_r); |
|
21861
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
317 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
318 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
319 void var_expand_crypt_init(struct module *module ATTR_UNUSED) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
320 { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
321 var_expand_register_func_array(funcs); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
322 /* do not initialize dcrypt here - saves alot of memory |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
323 to not load openssl every time. Only load it if |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
324 needed */ |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
325 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
326 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
327 void var_expand_crypt_deinit(void) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
328 { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
329 var_expand_unregister_func_array(funcs); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
330 if (has_been_init) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
331 dcrypt_deinitialize(); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
332 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
333 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
334 void auth_var_expand_crypt_init(struct module *module) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
335 { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
336 var_expand_crypt_init(module); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
337 } |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
338 |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
339 void auth_var_expand_crypt_deinit(void) |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
340 { |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
341 var_expand_crypt_deinit(); |
|
e57b7745e081
var-expand-crypt: Encryption/decryption support for var-expand
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
diff
changeset
|
342 } |