9002
|
1 /* Copyright (c) 2005-2008 Dovecot authors, see the included COPYING file */
|
|
2
|
|
3 #include "lib.h"
|
|
4 #include "array.h"
|
|
5 #include "hostpid.h"
|
|
6 #include "settings-parser.h"
|
|
7 #include "auth-settings.h"
|
|
8
|
|
9 #include <stddef.h>
|
|
10
|
|
11 extern struct setting_parser_info auth_socket_setting_parser_info;
|
|
12 extern struct setting_parser_info auth_setting_parser_info;
|
|
13 extern struct setting_parser_info auth_root_setting_parser_info;
|
|
14
|
|
15 #undef DEF
|
|
16 #define DEF(type, name) \
|
|
17 { type, #name, offsetof(struct auth_socket_unix_settings, name), NULL }
|
|
18
|
|
19 static struct setting_define auth_socket_client_setting_defines[] = {
|
|
20 DEF(SET_STR, path),
|
|
21 DEF(SET_UINT, mode),
|
|
22 DEF(SET_STR, user),
|
|
23 DEF(SET_STR, group),
|
|
24
|
|
25 SETTING_DEFINE_LIST_END
|
|
26 };
|
|
27
|
|
28 static struct auth_socket_unix_settings auth_socket_client_default_settings = {
|
|
29 MEMBER(path) "auth-client",
|
|
30 MEMBER(mode) 0660,
|
|
31 MEMBER(user) "",
|
|
32 MEMBER(group) ""
|
|
33 };
|
|
34
|
|
35 struct setting_parser_info auth_socket_client_setting_parser_info = {
|
|
36 MEMBER(defines) auth_socket_client_setting_defines,
|
|
37 MEMBER(defaults) &auth_socket_client_default_settings,
|
|
38
|
|
39 MEMBER(parent) &auth_socket_setting_parser_info,
|
|
40 MEMBER(dynamic_parsers) NULL,
|
|
41
|
|
42 MEMBER(parent_offset) (size_t)-1,
|
|
43 MEMBER(type_offset) (size_t)-1,
|
|
44 MEMBER(struct_size) sizeof(struct auth_socket_unix_settings)
|
|
45 };
|
|
46
|
|
47 #undef DEF
|
|
48 #define DEF(type, name) \
|
|
49 { type, #name, offsetof(struct auth_socket_unix_settings, name), NULL }
|
|
50
|
|
51 static struct setting_define auth_socket_master_setting_defines[] = {
|
|
52 DEF(SET_STR, path),
|
|
53 DEF(SET_UINT, mode),
|
|
54 DEF(SET_STR, user),
|
|
55 DEF(SET_STR, group),
|
|
56
|
|
57 SETTING_DEFINE_LIST_END
|
|
58 };
|
|
59
|
|
60 static struct auth_socket_unix_settings auth_socket_master_default_settings = {
|
|
61 MEMBER(path) "auth-master",
|
|
62 MEMBER(mode) 0660,
|
|
63 MEMBER(user) "",
|
|
64 MEMBER(group) ""
|
|
65 };
|
|
66
|
|
67 struct setting_parser_info auth_socket_master_setting_parser_info = {
|
|
68 MEMBER(defines) auth_socket_master_setting_defines,
|
|
69 MEMBER(defaults) &auth_socket_master_default_settings,
|
|
70
|
|
71 MEMBER(parent) &auth_socket_setting_parser_info,
|
|
72 MEMBER(dynamic_parsers) NULL,
|
|
73
|
|
74 MEMBER(parent_offset) (size_t)-1,
|
|
75 MEMBER(type_offset) (size_t)-1,
|
|
76 MEMBER(struct_size) sizeof(struct auth_socket_unix_settings)
|
|
77 };
|
|
78
|
|
79 #undef DEF
|
|
80 #undef DEFLIST
|
|
81 #define DEF(type, name) \
|
|
82 { type, #name, offsetof(struct auth_socket_settings, name), NULL }
|
|
83 #define DEFLIST(field, name, defines) \
|
|
84 { SET_DEFLIST, name, offsetof(struct auth_socket_settings, field), defines }
|
|
85
|
|
86 static struct setting_define auth_socket_setting_defines[] = {
|
|
87 DEF(SET_STR, type),
|
|
88
|
|
89 DEFLIST(clients, "client", &auth_socket_client_setting_parser_info),
|
|
90 DEFLIST(masters, "master", &auth_socket_master_setting_parser_info),
|
|
91
|
|
92 SETTING_DEFINE_LIST_END
|
|
93 };
|
|
94
|
|
95 static struct auth_socket_settings auth_socket_default_settings = {
|
|
96 MEMBER(type) "listen"
|
|
97 };
|
|
98
|
|
99 struct setting_parser_info auth_socket_setting_parser_info = {
|
|
100 MEMBER(defines) auth_socket_setting_defines,
|
|
101 MEMBER(defaults) &auth_socket_default_settings,
|
|
102
|
|
103 MEMBER(parent) &auth_setting_parser_info,
|
|
104 MEMBER(dynamic_parsers) NULL,
|
|
105
|
|
106 MEMBER(parent_offset) (size_t)-1,
|
|
107 MEMBER(type_offset) offsetof(struct auth_socket_settings, type),
|
|
108 MEMBER(struct_size) sizeof(struct auth_socket_settings)
|
|
109 };
|
|
110
|
|
111 #undef DEF
|
|
112 #define DEF(type, name) \
|
|
113 { type, #name, offsetof(struct auth_passdb_settings, name), NULL }
|
|
114
|
|
115 static struct setting_define auth_passdb_setting_defines[] = {
|
|
116 DEF(SET_STR, driver),
|
|
117 DEF(SET_STR, args),
|
|
118 DEF(SET_BOOL, deny),
|
|
119
|
|
120 SETTING_DEFINE_LIST_END
|
|
121 };
|
|
122
|
|
123 struct setting_parser_info auth_passdb_setting_parser_info = {
|
|
124 MEMBER(defines) auth_passdb_setting_defines,
|
|
125 MEMBER(defaults) NULL,
|
|
126
|
|
127 MEMBER(parent) &auth_setting_parser_info,
|
|
128 MEMBER(dynamic_parsers) NULL,
|
|
129
|
|
130 MEMBER(parent_offset) (size_t)-1,
|
|
131 MEMBER(type_offset) offsetof(struct auth_passdb_settings, driver),
|
|
132 MEMBER(struct_size) sizeof(struct auth_passdb_settings)
|
|
133 };
|
|
134
|
|
135 #undef DEF
|
|
136 #define DEF(type, name) \
|
|
137 { type, #name, offsetof(struct auth_userdb_settings, name), NULL }
|
|
138
|
|
139 static struct setting_define auth_userdb_setting_defines[] = {
|
|
140 DEF(SET_STR, driver),
|
|
141 DEF(SET_STR, args),
|
|
142
|
|
143 SETTING_DEFINE_LIST_END
|
|
144 };
|
|
145
|
|
146 struct setting_parser_info auth_userdb_setting_parser_info = {
|
|
147 MEMBER(defines) auth_userdb_setting_defines,
|
|
148 MEMBER(defaults) NULL,
|
|
149
|
|
150 MEMBER(parent) &auth_setting_parser_info,
|
|
151 MEMBER(dynamic_parsers) NULL,
|
|
152
|
|
153 MEMBER(parent_offset) (size_t)-1,
|
|
154 MEMBER(type_offset) offsetof(struct auth_userdb_settings, driver),
|
|
155 MEMBER(struct_size) sizeof(struct auth_userdb_settings)
|
|
156 };
|
|
157
|
|
158 #undef DEF
|
|
159 #undef DEFLIST
|
|
160 #define DEF(type, name) \
|
|
161 { type, #name, offsetof(struct auth_settings, name), NULL }
|
|
162 #define DEFLIST(field, name, defines) \
|
|
163 { SET_DEFLIST, name, offsetof(struct auth_settings, field), defines }
|
|
164
|
|
165 static struct setting_define auth_setting_defines[] = {
|
|
166 DEF(SET_STR, name),
|
|
167 DEF(SET_STR, mechanisms),
|
|
168 DEF(SET_STR, realms),
|
|
169 DEF(SET_STR, default_realm),
|
|
170 DEF(SET_UINT, cache_size),
|
|
171 DEF(SET_UINT, cache_ttl),
|
|
172 DEF(SET_UINT, cache_negative_ttl),
|
|
173 DEF(SET_STR, username_chars),
|
|
174 DEF(SET_STR, username_translation),
|
|
175 DEF(SET_STR, username_format),
|
|
176 DEF(SET_STR, master_user_separator),
|
|
177 DEF(SET_STR, anonymous_username),
|
|
178 DEF(SET_STR, krb5_keytab),
|
|
179 DEF(SET_STR, gssapi_hostname),
|
|
180 DEF(SET_STR, winbind_helper_path),
|
|
181 DEF(SET_UINT, failure_delay),
|
|
182
|
|
183 DEF(SET_BOOL, verbose),
|
|
184 DEF(SET_BOOL, debug),
|
|
185 DEF(SET_BOOL, debug_passwords),
|
|
186 DEF(SET_BOOL, ssl_require_client_cert),
|
|
187 DEF(SET_BOOL, ssl_username_from_cert),
|
|
188 DEF(SET_BOOL, use_winbind),
|
|
189
|
|
190 DEF(SET_UINT, worker_max_count),
|
|
191
|
|
192 DEFLIST(sockets, "socket", &auth_socket_setting_parser_info),
|
|
193 DEFLIST(passdbs, "passdb", &auth_passdb_setting_parser_info),
|
|
194 DEFLIST(userdbs, "userdb", &auth_userdb_setting_parser_info),
|
|
195
|
|
196 SETTING_DEFINE_LIST_END
|
|
197 };
|
|
198
|
|
199 static struct auth_settings auth_default_settings = {
|
|
200 MEMBER(name) NULL,
|
|
201 MEMBER(root) NULL,
|
|
202
|
|
203 MEMBER(mechanisms) "plain",
|
|
204 MEMBER(realms) "",
|
|
205 MEMBER(default_realm) "",
|
|
206 MEMBER(cache_size) 0,
|
|
207 MEMBER(cache_ttl) 3600,
|
|
208 MEMBER(cache_negative_ttl) 0,
|
|
209 MEMBER(username_chars) "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@",
|
|
210 MEMBER(username_translation) "",
|
|
211 MEMBER(username_format) "",
|
|
212 MEMBER(master_user_separator) "",
|
|
213 MEMBER(anonymous_username) "anonymous",
|
|
214 MEMBER(krb5_keytab) "",
|
|
215 MEMBER(gssapi_hostname) "",
|
|
216 MEMBER(winbind_helper_path) "/usr/bin/ntlm_auth",
|
|
217 MEMBER(failure_delay) 2,
|
|
218
|
|
219 MEMBER(verbose) FALSE,
|
|
220 MEMBER(debug) FALSE,
|
|
221 MEMBER(debug_passwords) FALSE,
|
|
222 MEMBER(ssl_require_client_cert) FALSE,
|
|
223 MEMBER(ssl_username_from_cert) FALSE,
|
|
224 MEMBER(use_winbind) FALSE,
|
|
225
|
|
226 MEMBER(worker_max_count) 30,
|
|
227
|
|
228 MEMBER(sockets) ARRAY_INIT,
|
|
229 MEMBER(passdbs) ARRAY_INIT,
|
|
230 MEMBER(userdbs) ARRAY_INIT
|
|
231 };
|
|
232
|
|
233 struct setting_parser_info auth_setting_parser_info = {
|
|
234 MEMBER(defines) auth_setting_defines,
|
|
235 MEMBER(defaults) &auth_default_settings,
|
|
236
|
|
237 MEMBER(parent) &auth_root_setting_parser_info,
|
|
238 MEMBER(dynamic_parsers) NULL,
|
|
239
|
|
240 MEMBER(parent_offset) offsetof(struct auth_settings, root),
|
|
241 MEMBER(type_offset) offsetof(struct auth_settings, name),
|
|
242 MEMBER(struct_size) sizeof(struct auth_settings)
|
|
243 };
|
|
244
|
|
245 #undef DEF
|
|
246 #undef DEFLIST
|
|
247 #define DEF(type, name) \
|
|
248 { type, #name, offsetof(struct auth_root_settings, name), NULL }
|
|
249 #define DEFLIST(field, name, defines) \
|
|
250 { SET_DEFLIST, name, offsetof(struct auth_root_settings, field), defines }
|
|
251
|
|
252 static struct setting_define auth_root_setting_defines[] = {
|
|
253 DEF(SET_STR, base_dir),
|
|
254 DEFLIST(auths, "auth", &auth_setting_parser_info),
|
|
255
|
|
256 SETTING_DEFINE_LIST_END
|
|
257 };
|
|
258
|
|
259 static struct auth_root_settings auth_root_default_settings = {
|
|
260 MEMBER(base_dir) PKG_RUNDIR,
|
|
261 MEMBER(auths) ARRAY_INIT
|
|
262 };
|
|
263
|
|
264 struct setting_parser_info auth_root_setting_parser_info = {
|
|
265 MEMBER(defines) auth_root_setting_defines,
|
|
266 MEMBER(defaults) &auth_root_default_settings,
|
|
267
|
|
268 MEMBER(parent) NULL,
|
|
269 MEMBER(dynamic_parsers) NULL,
|
|
270
|
|
271 MEMBER(parent_offset) (size_t)-1,
|
|
272 MEMBER(type_offset) (size_t)-1,
|
|
273 MEMBER(struct_size) sizeof(struct auth_root_settings)
|
|
274 };
|
|
275
|
|
276 static pool_t settings_pool = NULL;
|
|
277
|
|
278 static void fix_base_path(struct auth_settings *set, const char **str)
|
|
279 {
|
|
280 if (*str != NULL && **str != '\0' && **str != '/') {
|
|
281 *str = p_strconcat(settings_pool,
|
|
282 set->root->base_dir, "/", *str, NULL);
|
|
283 }
|
|
284 }
|
|
285
|
|
286 static void auth_settings_check(struct auth_settings *set)
|
|
287 {
|
|
288 struct auth_socket_unix_settings *const *u;
|
|
289 struct auth_socket_settings *const *sockets;
|
|
290 unsigned int i, j, count, count2;
|
|
291
|
|
292 if (!array_is_created(&set->sockets))
|
|
293 return;
|
|
294
|
|
295 sockets = array_get(&set->sockets, &count);
|
|
296 for (i = 0; i < count; i++) {
|
|
297 if (array_is_created(&sockets[i]->masters)) {
|
|
298 u = array_get(&sockets[i]->masters, &count2);
|
|
299 for (j = 0; j < count2; j++)
|
|
300 fix_base_path(set, &u[j]->path);
|
|
301 }
|
|
302 if (array_is_created(&sockets[i]->clients)) {
|
|
303 u = array_get(&sockets[i]->clients, &count2);
|
|
304 for (j = 0; j < count2; j++)
|
|
305 fix_base_path(set, &u[j]->path);
|
|
306 }
|
|
307 }
|
|
308 }
|
|
309
|
|
310 struct auth_settings *auth_settings_read(const char *name)
|
|
311 {
|
|
312 struct setting_parser_context *parser;
|
|
313 struct auth_root_settings *set;
|
|
314 struct auth_settings *const *auths;
|
|
315 unsigned int i, count;
|
|
316
|
|
317 if (settings_pool == NULL)
|
|
318 settings_pool = pool_alloconly_create("auth settings", 1024);
|
|
319 else
|
|
320 p_clear(settings_pool);
|
|
321
|
|
322 parser = settings_parser_init(settings_pool,
|
|
323 &auth_root_setting_parser_info,
|
|
324 SETTINGS_PARSER_FLAG_IGNORE_UNKNOWN_KEYS);
|
|
325
|
|
326 auth_default_settings.gssapi_hostname = my_hostname;
|
|
327
|
|
328 if (settings_parse_environ(parser) < 0) {
|
|
329 i_fatal("Error reading configuration: %s",
|
|
330 settings_parser_get_error(parser));
|
|
331 }
|
|
332
|
|
333 set = settings_parser_get(parser);
|
|
334 settings_parser_deinit(&parser);
|
|
335
|
|
336 if (array_is_created(&set->auths)) {
|
|
337 auths = array_get(&set->auths, &count);
|
|
338 for (i = 0; i < count; i++) {
|
|
339 if (strcmp(auths[i]->name, name) == 0) {
|
|
340 auth_settings_check(auths[i]);
|
|
341 return auths[i];
|
|
342 }
|
|
343 }
|
|
344 }
|
|
345 i_fatal("Error reading configuration: No auth section: %s", name);
|
|
346 return NULL;
|
|
347 }
|