Mercurial > dovecot > core-2.2
annotate src/auth/db-passwd-file.c @ 15641:19403b3926f9
Several fixes to handling "istream input line too long" conditions.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 14 Jan 2013 08:01:47 +0200 |
parents | 96fd2c3bf932 |
children | 90710c6c3beb |
rev | line source |
---|---|
14133
ba770cba5598
Updated copyright notices to include year 2012.
Timo Sirainen <tss@iki.fi>
parents:
14012
diff
changeset
|
1 /* Copyright (c) 2002-2012 Dovecot authors, see the included COPYING file */ |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
9219
97cdfeb57129
Renamed headers to prevent collision if they were flattened on an install.
Mark Washenberger
parents:
8590
diff
changeset
|
3 #include "auth-common.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #if defined (USERDB_PASSWD_FILE) || defined(PASSDB_PASSWD_FILE) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "userdb.h" |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "db-passwd-file.h" |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
14818
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
10 #include "array.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "buffer.h" |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "istream.h" |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "hash.h" |
1217
15c1353d74d9
passwd-file changes. Moved flags before MAIL environment which is now last
Timo Sirainen <tss@iki.fi>
parents:
1191
diff
changeset
|
14 #include "str.h" |
11432
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
15 #include "eacces-error.h" |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
16 #include "var-expand.h" |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 #include <stdlib.h> |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include <unistd.h> |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 #include <fcntl.h> |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
21 #include <time.h> |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 #include <sys/stat.h> |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
24 #define PARSE_TIME_STARTUP_WARN_SECS 60 |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
25 #define PARSE_TIME_RELOAD_WARN_SECS 10 |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
26 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
27 static struct db_passwd_file *passwd_files; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
28 |
14629
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
29 static void ATTR_NULL(3) |
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
30 passwd_file_add(struct passwd_file *pw, const char *username, |
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
31 const char *pass, const char *const *args) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 { |
4034
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
33 /* args = uid, gid, user info, home dir, shell, extra_fields */ |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 struct passwd_user *pu; |
4111
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
35 const char *extra_fields = NULL; |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
36 char *user; |
4111
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
37 size_t len; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
39 if (hash_table_lookup(pw->users, username) != NULL) { |
3043
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
40 i_error("passwd-file %s: User %s exists more than once", |
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
41 pw->path, username); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 return; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 pu = p_new(pw->pool, struct passwd_user, 1); |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
46 user = p_strdup(pw->pool, username); |
1129 | 47 |
4137
1cbaed584eb8
Don't crash if passwd-file has entries without passwords.
Timo Sirainen <tss@iki.fi>
parents:
4111
diff
changeset
|
48 len = pass == NULL ? 0 : strlen(pass); |
1cbaed584eb8
Don't crash if passwd-file has entries without passwords.
Timo Sirainen <tss@iki.fi>
parents:
4111
diff
changeset
|
49 if (len > 4 && pass[0] != '{' && pass[0] != '$' && |
1cbaed584eb8
Don't crash if passwd-file has entries without passwords.
Timo Sirainen <tss@iki.fi>
parents:
4111
diff
changeset
|
50 pass[len-1] == ']' && pass[len-4] == '[') { |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 /* password[type] - we're being libpam-pwdfile compatible |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
52 here. it uses 13 = DES and 34 = MD5. For backwards |
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
53 comaptibility with ourself, we have also 56 = Digest-MD5. */ |
4111
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
54 int num = (pass[len-3] - '0') * 10 + (pass[len-2] - '0'); |
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
55 |
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
56 pass = t_strndup(pass, len-4); |
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
57 if (num == 34) { |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
58 pu->password = p_strconcat(pw->pool, "{PLAIN-MD5}", |
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
59 pass, NULL); |
4111
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
60 } else if (num == 56) { |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
61 pu->password = p_strconcat(pw->pool, "{DIGEST-MD5}", |
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
62 pass, NULL); |
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
63 if (strlen(pu->password) != 32 + 12) { |
3043
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
64 i_error("passwd-file %s: User %s " |
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
65 "has invalid password", |
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
66 pw->path, username); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 return; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 } else { |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
70 pu->password = p_strconcat(pw->pool, "{CRYPT}", |
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1129
diff
changeset
|
71 pass, NULL); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 } |
4111
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
73 } else { |
07ee079dcf0d
Don't break if password contains '[' characters.
Timo Sirainen <tss@iki.fi>
parents:
4103
diff
changeset
|
74 pu->password = p_strdup(pw->pool, pass); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 |
5875
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
77 pu->uid = (uid_t)-1; |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
78 pu->gid = (gid_t)-1; |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
79 |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
80 if (*args == NULL) |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
81 ; |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
82 else if (!pw->db->userdb || **args == '\0') { |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
83 args++; |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
84 } else { |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
85 pu->uid = userdb_parse_uid(NULL, *args); |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
86 if (pu->uid == 0 || pu->uid == (uid_t)-1) { |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
87 i_error("passwd-file %s: User %s has invalid UID '%s'", |
3043
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
88 pw->path, username, *args); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 return; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 args++; |
5875
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
92 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 |
5875
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
94 if (*args == NULL) { |
14818
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
95 if (pw->db->userdb_warn_missing) { |
5875
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
96 i_error("passwd-file %s: User %s is missing " |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
97 "userdb info", pw->path, username); |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
98 } |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
99 } else if (!pw->db->userdb || **args == '\0') |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
100 args++; |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
101 else { |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
102 pu->gid = userdb_parse_gid(NULL, *args); |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
103 if (pu->gid == 0 || pu->gid == (gid_t)-1) { |
cda9824bab63
Allow passwd-file ti contain empty uid/gid fields.
Timo Sirainen <tss@iki.fi>
parents:
5290
diff
changeset
|
104 i_error("passwd-file %s: User %s has invalid GID '%s'", |
3043
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
105 pw->path, username, *args); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 return; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 args++; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 /* user info */ |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 if (*args != NULL) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 args++; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 /* home */ |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 if (*args != NULL) { |
4419
c38157eefd1e
extra_args field was ignored if the passwd-file wasn't also used as a
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
117 if (pw->db->userdb) |
c38157eefd1e
extra_args field was ignored if the passwd-file wasn't also used as a
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
118 pu->home = p_strdup_empty(pw->pool, *args); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 args++; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 /* shell */ |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 if (*args != NULL) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 args++; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 |
4034
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
126 if (*args != NULL && **args == '\0') { |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
127 /* old format, this field is empty and next field may |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
128 contain MAIL */ |
1299
e7ece7cfb14c
Fixes to parsing userdb fields.
Timo Sirainen <tss@iki.fi>
parents:
1293
diff
changeset
|
129 args++; |
4419
c38157eefd1e
extra_args field was ignored if the passwd-file wasn't also used as a
Timo Sirainen <tss@iki.fi>
parents:
4295
diff
changeset
|
130 if (*args != NULL && **args != '\0' && pw->db->userdb) { |
4034
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
131 extra_fields = |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
132 t_strconcat("userdb_mail=", |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
133 t_strarray_join(args, ":"), NULL); |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
134 } |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
135 } else if (*args != NULL) { |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
136 /* new format, contains a space separated list of |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
137 extra fields */ |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
138 extra_fields = t_strarray_join(args, ":"); |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
139 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 |
4034
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
141 if (extra_fields != NULL) { |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
142 pu->extra_fields = |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
143 p_strsplit_spaces(pw->pool, extra_fields, " "); |
b533c52196e3
Updated passwd-file format to allow specifying any key=value fields. Since the value fields may contain ':' characters, this changes the file format a bit. Previously the last two fields were "flags" and "mail". Flags has been empty for last 3 years however, so the new format is used if the flags field contains something. In that case there is no separate mail field, it can instead be specified by adding userdb_mail=<mail> parameter.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3891
diff
changeset
|
144 } |
1217
15c1353d74d9
passwd-file changes. Moved flags before MAIL environment which is now last
Timo Sirainen <tss@iki.fi>
parents:
1191
diff
changeset
|
145 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
146 hash_table_insert(pw->users, user, pu); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
149 static struct passwd_file * |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
150 passwd_file_new(struct db_passwd_file *db, const char *expanded_path) |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
151 { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
152 struct passwd_file *pw; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
153 |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
154 pw = i_new(struct passwd_file, 1); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
155 pw->db = db; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
156 pw->path = i_strdup(expanded_path); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
157 pw->fd = -1; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
158 |
14918
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
159 if (hash_table_is_created(db->files)) |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
160 hash_table_insert(db->files, pw->path, pw); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
161 return pw; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
162 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
163 |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
164 static bool passwd_file_open(struct passwd_file *pw, bool startup) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 { |
3608
b86d4c76efdf
Read also users without password.
Timo Sirainen <tss@iki.fi>
parents:
3504
diff
changeset
|
166 const char *no_args = NULL; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 struct istream *input; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 const char *line; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 struct stat st; |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
170 time_t start_time, end_time; |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
171 unsigned int time_secs; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 int fd; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 fd = open(pw->path, O_RDONLY); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
175 if (fd == -1) { |
11432
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
176 if (errno == EACCES) { |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
177 i_error("passwd-file %s: %s", pw->path, |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
178 eacces_error_get("open", pw->path)); |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
179 } else { |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
180 i_error("passwd-file %s: Can't open file: %m", |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
181 pw->path); |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
182 } |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
183 return FALSE; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
184 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
186 if (fstat(fd, &st) != 0) { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
187 i_error("passwd-file %s: fstat() failed: %m", pw->path); |
14691
3945a3646c67
Changed i_close_fd() API to set the fd to -1 after closing.
Timo Sirainen <tss@iki.fi>
parents:
14687
diff
changeset
|
188 i_close_fd(&fd); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
189 return FALSE; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
190 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 pw->fd = fd; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 pw->stamp = st.st_mtime; |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
194 pw->size = st.st_size; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 |
7485 | 196 pw->pool = pool_alloconly_create(MEMPOOL_GROWING"passwd_file", 10240); |
14918
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
197 hash_table_create(&pw->users, pw->pool, 0, str_hash, strcmp); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
199 start_time = time(NULL); |
15641
19403b3926f9
Several fixes to handling "istream input line too long" conditions.
Timo Sirainen <tss@iki.fi>
parents:
14923
diff
changeset
|
200 input = i_stream_create_fd(pw->fd, (size_t)-1, FALSE); |
8439
596a577698c1
Changed all config file readers to not ignore the last line if it's missing LF.
Timo Sirainen <tss@iki.fi>
parents:
7561
diff
changeset
|
201 i_stream_set_return_partial_line(input, TRUE); |
1293
2f2c6335ed6d
Added i_stream_read_next_line()
Timo Sirainen <tss@iki.fi>
parents:
1217
diff
changeset
|
202 while ((line = i_stream_read_next_line(input)) != NULL) { |
1299
e7ece7cfb14c
Fixes to parsing userdb fields.
Timo Sirainen <tss@iki.fi>
parents:
1293
diff
changeset
|
203 if (*line == '\0' || *line == ':' || *line == '#') |
e7ece7cfb14c
Fixes to parsing userdb fields.
Timo Sirainen <tss@iki.fi>
parents:
1293
diff
changeset
|
204 continue; /* no username or comment */ |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
206 T_BEGIN { |
6940
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
207 const char *const *args = t_strsplit(line, ":"); |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
208 if (args[1] != NULL) { |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
209 /* at least username+password */ |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
210 passwd_file_add(pw, args[0], args[1], args+2); |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
211 } else { |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
212 /* only username */ |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
213 passwd_file_add(pw, args[0], NULL, &no_args); |
414c9d631a81
Replaced t_push/t_pop calls with T_FRAME*() macros.
Timo Sirainen <tss@iki.fi>
parents:
6475
diff
changeset
|
214 } |
7226
e6693a0ec8e1
Renamed T_FRAME_BEGIN/END to T_BEGIN/END. Removed T_FRAME() macro and
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
215 } T_END; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 } |
4070
71b8faa84ec6
Added i_stream_destroy() and o_stream_destroy() and used them instead of
Timo Sirainen <tss@iki.fi>
parents:
4035
diff
changeset
|
217 i_stream_destroy(&input); |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
218 end_time = time(NULL); |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
219 time_secs = end_time - start_time; |
3891
2d0859490a2f
If debug is enabled, tell how many users are found from passwd-file whenever
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
220 |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
221 if ((time_secs > PARSE_TIME_STARTUP_WARN_SECS && startup) || |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
222 (time_secs > PARSE_TIME_RELOAD_WARN_SECS && !startup)) { |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
223 i_warning("passwd-file %s: Reading %u users took %u secs", |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
224 pw->path, hash_table_count(pw->users), time_secs); |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
225 } else if (pw->db->debug) { |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
226 i_debug("passwd-file %s: Read %u users in %u secs", |
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
227 pw->path, hash_table_count(pw->users), time_secs); |
3891
2d0859490a2f
If debug is enabled, tell how many users are found from passwd-file whenever
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
228 } |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
229 return TRUE; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 static void passwd_file_close(struct passwd_file *pw) |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 if (pw->fd != -1) { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 if (close(pw->fd) < 0) |
3043
8b80b69938f0
If UID or GID isn't numeric, look it up from passwd/group.
Timo Sirainen <tss@iki.fi>
parents:
2099
diff
changeset
|
236 i_error("passwd-file %s: close() failed: %m", pw->path); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 pw->fd = -1; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 |
14918
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
240 if (hash_table_is_created(pw->users)) |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
241 hash_table_destroy(&pw->users); |
6428
7cad076906eb
pool_unref() now takes ** pointer.
Timo Sirainen <tss@iki.fi>
parents:
6417
diff
changeset
|
242 if (pw->pool != NULL) |
7cad076906eb
pool_unref() now takes ** pointer.
Timo Sirainen <tss@iki.fi>
parents:
6417
diff
changeset
|
243 pool_unref(&pw->pool); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
246 static void passwd_file_free(struct passwd_file *pw) |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
247 { |
14918
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
248 if (hash_table_is_created(pw->db->files)) |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
249 hash_table_remove(pw->db->files, pw->path); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
250 |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
251 passwd_file_close(pw); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
252 i_free(pw->path); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
253 i_free(pw); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
254 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
255 |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
256 static bool passwd_file_sync(struct passwd_file *pw) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 { |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 struct stat st; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
260 if (stat(pw->path, &st) < 0) { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
261 /* with variables don't give hard errors, or errors about |
11887
05031751cc21
Fixing my english: s/non-?existing/nonexistent/
Timo Sirainen <tss@iki.fi>
parents:
11432
diff
changeset
|
262 nonexistent files */ |
11432
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
263 if (errno == EACCES) { |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
264 i_error("passwd-file %s: %s", pw->path, |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
265 eacces_error_get("stat", pw->path)); |
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
266 } else if (errno != ENOENT) { |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
267 i_error("passwd-file %s: stat() failed: %m", pw->path); |
11432
dcfabc2e2143
auth: Improved passwd-file's EACCES error messages.
Timo Sirainen <tss@iki.fi>
parents:
11079
diff
changeset
|
268 } |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
269 |
5290
9b3029f06521
If passwd-file wasn't found, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
270 if (pw->db->default_file != pw) |
9b3029f06521
If passwd-file wasn't found, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
271 passwd_file_free(pw); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
272 return FALSE; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
273 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
275 if (st.st_mtime != pw->stamp || st.st_size != pw->size) { |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 passwd_file_close(pw); |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
277 return passwd_file_open(pw, FALSE); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
278 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
279 return TRUE; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
280 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
281 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
282 static struct db_passwd_file *db_passwd_file_find(const char *path) |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
283 { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
284 struct db_passwd_file *f; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
285 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
286 for (f = passwd_files; f != NULL; f = f->next) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
287 if (strcmp(f->path, path) == 0) |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
288 return f; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
289 } |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
290 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
291 return NULL; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
292 } |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
293 |
14818
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
294 static void db_passwd_file_set_userdb(struct db_passwd_file *db) |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
295 { |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
296 db->userdb = TRUE; |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
297 /* warn about missing userdb fields only when there aren't any other |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
298 userdbs. */ |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
299 db->userdb_warn_missing = |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
300 array_count(&global_auth_settings->userdbs) == 1; |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
301 } |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
302 |
3891
2d0859490a2f
If debug is enabled, tell how many users are found from passwd-file whenever
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
303 struct db_passwd_file * |
11079
2fbd31f90277
auth: Fixed using same passwd-file with different username_format settings.
Timo Sirainen <tss@iki.fi>
parents:
10582
diff
changeset
|
304 db_passwd_file_init(const char *path, bool userdb, bool debug) |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
305 { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
306 struct db_passwd_file *db; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
307 const char *p; |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
308 bool percents = FALSE; |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
309 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
310 db = db_passwd_file_find(path); |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
311 if (db != NULL) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
312 db->refcount++; |
14818
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
313 if (userdb) |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
314 db_passwd_file_set_userdb(db); |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
315 return db; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
316 } |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
317 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
318 db = i_new(struct db_passwd_file, 1); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
319 db->refcount = 1; |
14818
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
320 if (userdb) |
f74557336910
auth: if passwd-file isn't the only userdb, don't complain about missing userdb fields
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
321 db_passwd_file_set_userdb(db); |
3891
2d0859490a2f
If debug is enabled, tell how many users are found from passwd-file whenever
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
322 db->debug = debug; |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
323 |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
324 for (p = path; *p != '\0'; p++) { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
325 if (*p == '%' && p[1] != '\0') { |
6394
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
326 if (var_get_key(++p) == '%') |
3611
5d92a45fc751
When passwd-file has %d, drop domain names from username lookups only if %d
Timo Sirainen <tss@iki.fi>
parents:
3608
diff
changeset
|
327 percents = TRUE; |
5d92a45fc751
When passwd-file has %d, drop domain names from username lookups only if %d
Timo Sirainen <tss@iki.fi>
parents:
3608
diff
changeset
|
328 else |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
329 db->vars = TRUE; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
330 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
331 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
332 |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
333 if (percents && !db->vars) { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
334 /* just extra escaped % chars. remove them. */ |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
335 struct var_expand_table empty_table[1]; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
336 string_t *dest; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
337 |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
338 empty_table[0].key = '\0'; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
339 dest = t_str_new(256); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
340 var_expand(dest, path, empty_table); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
341 path = str_c(dest); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
342 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
343 |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
344 db->path = i_strdup(path); |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
345 if (db->vars) { |
14918
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
346 hash_table_create(&db->files, default_pool, 0, |
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
347 str_hash, strcmp); |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
348 } else { |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
349 db->default_file = passwd_file_new(db, path); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
350 } |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
351 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
352 db->next = passwd_files; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
353 passwd_files = db; |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
354 return db; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
355 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
356 |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
357 void db_passwd_file_parse(struct db_passwd_file *db) |
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
358 { |
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
359 if (db->default_file != NULL && db->default_file->stamp == 0) { |
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
360 /* no variables, open the file immediately */ |
14012
e9a816eaa0e2
auth: If parsing passwd-file takes a long time, log a warning.
Timo Sirainen <tss@iki.fi>
parents:
13856
diff
changeset
|
361 (void)passwd_file_open(db->default_file, TRUE); |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
362 } |
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
363 } |
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
364 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
365 void db_passwd_file_unref(struct db_passwd_file **_db) |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
366 { |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
367 struct db_passwd_file *db = *_db; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
368 struct db_passwd_file **p; |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
369 struct hash_iterate_context *iter; |
14918
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
370 char *path; |
8eae4e205c82
Hash table API is now (mostly) type safe.
Timo Sirainen <tss@iki.fi>
parents:
14917
diff
changeset
|
371 struct passwd_file *file; |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
372 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
373 *_db = NULL; |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
374 i_assert(db->refcount >= 0); |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
375 if (--db->refcount > 0) |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
376 return; |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
377 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
378 for (p = &passwd_files; *p != NULL; p = &(*p)->next) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
379 if (*p == db) { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
380 *p = db->next; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
381 break; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
382 } |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
383 } |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
384 |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
385 if (db->default_file != NULL) |
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
386 passwd_file_free(db->default_file); |
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
387 else { |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
388 iter = hash_table_iterate_init(db->files); |
14923
96fd2c3bf932
Reverted "support for non-pointers" part of the hash table API changes.
Timo Sirainen <tss@iki.fi>
parents:
14918
diff
changeset
|
389 while (hash_table_iterate(iter, db->files, &path, &file)) |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
390 passwd_file_free(file); |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
391 hash_table_iterate_deinit(&iter); |
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
392 hash_table_destroy(&db->files); |
4035
335ac59efffd
If passwd-file is being used as userdb, complain immediately if some entries
Timo Sirainen <tss@iki.fi>
parents:
4034
diff
changeset
|
393 } |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
394 i_free(db->path); |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3611
diff
changeset
|
395 i_free(db); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
396 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
397 |
4295
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4137
diff
changeset
|
398 static const char * |
4fc637010202
Escape SQL strings using sql_escape_string(). Fixes the problems with
Timo Sirainen <tss@iki.fi>
parents:
4137
diff
changeset
|
399 path_fix(const char *path, |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
6394
diff
changeset
|
400 const struct auth_request *auth_request ATTR_UNUSED) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
401 { |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
402 const char *p; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
403 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
404 p = strchr(path, '/'); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
405 if (p == NULL) |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
406 return path; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
407 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
408 /* most likely this is an invalid request. just cut off the '/' and |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
409 everything after it. */ |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
410 return t_strdup_until(path, p); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
411 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
412 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
413 struct passwd_user * |
11079
2fbd31f90277
auth: Fixed using same passwd-file with different username_format settings.
Timo Sirainen <tss@iki.fi>
parents:
10582
diff
changeset
|
414 db_passwd_file_lookup(struct db_passwd_file *db, struct auth_request *request, |
2fbd31f90277
auth: Fixed using same passwd-file with different username_format settings.
Timo Sirainen <tss@iki.fi>
parents:
10582
diff
changeset
|
415 const char *username_format) |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
416 { |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
417 struct passwd_file *pw; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
418 struct passwd_user *pu; |
6394
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
419 const struct var_expand_table *table; |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7485
diff
changeset
|
420 string_t *username, *dest; |
6394
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
421 const char *path; |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
422 |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
423 if (!db->vars) |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
424 pw = db->default_file; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
425 else { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
426 table = auth_request_get_var_expand_table(request, path_fix); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
427 dest = t_str_new(256); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
428 var_expand(dest, db->path, table); |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
429 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
430 pw = hash_table_lookup(db->files, str_c(dest)); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
431 if (pw == NULL) { |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
432 /* doesn't exist yet. create lookup for it. */ |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
433 pw = passwd_file_new(db, str_c(dest)); |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
434 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
435 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
436 |
5290
9b3029f06521
If passwd-file wasn't found, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
437 path = t_strdup(pw->path); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
438 if (!passwd_file_sync(pw)) { |
5290
9b3029f06521
If passwd-file wasn't found, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
439 /* pw may be freed now */ |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
440 auth_request_log_info(request, "passwd-file", |
5290
9b3029f06521
If passwd-file wasn't found, don't crash.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
441 "no passwd file: %s", path); |
3504
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
442 return NULL; |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
443 } |
ee0e39cf4ca5
Added support for variables in passwd-file path.
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
444 |
6394
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
445 username = t_str_new(256); |
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
446 table = auth_request_get_var_expand_table(request, |
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
447 auth_request_str_escape); |
11079
2fbd31f90277
auth: Fixed using same passwd-file with different username_format settings.
Timo Sirainen <tss@iki.fi>
parents:
10582
diff
changeset
|
448 var_expand(username, username_format, table); |
5259 | 449 |
450 auth_request_log_debug(request, "passwd-file", | |
6394
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
451 "lookup: user=%s file=%s", |
9e74c008484a
Added username_format parameter for passwd-file passdb and userdb.
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
452 str_c(username), pw->path); |
5259 | 453 |
8573
f9166a09423a
Renamed hash_*() to hash_table_*() to avoid conflicts with OSX's strhash.h
Timo Sirainen <tss@iki.fi>
parents:
8439
diff
changeset
|
454 pu = hash_table_lookup(pw->users, str_c(username)); |
3069 | 455 if (pu == NULL) |
456 auth_request_log_info(request, "passwd-file", "unknown user"); | |
1062
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
457 return pu; |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
458 } |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
459 |
0522a0315d2f
Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
460 #endif |