1296
|
1 /* Copyright (C) 2003 Alex Howansky, Timo Sirainen */
|
|
2
|
|
3 #include "config.h"
|
|
4 #undef HAVE_CONFIG_H
|
|
5
|
|
6 #ifdef PASSDB_PGSQL
|
|
7
|
|
8 #include "common.h"
|
|
9 #include "str.h"
|
|
10 #include "var-expand.h"
|
|
11 #include "password-scheme.h"
|
|
12 #include "db-pgsql.h"
|
|
13 #include "passdb.h"
|
|
14
|
|
15 #include <libpq-fe.h>
|
|
16 #include <stdlib.h>
|
|
17 #include <string.h>
|
|
18
|
|
19 struct passdb_pgsql_connection {
|
|
20 struct pgsql_connection *conn;
|
|
21 };
|
|
22
|
|
23 struct passdb_pgsql_request {
|
|
24 struct pgsql_request request;
|
|
25
|
|
26 enum passdb_credentials credentials;
|
|
27 union {
|
|
28 verify_plain_callback_t *verify_plain;
|
|
29 lookup_credentials_callback_t *lookup_credentials;
|
|
30 } callback;
|
|
31
|
|
32 char password[1];
|
|
33 };
|
|
34
|
|
35 static struct passdb_pgsql_connection *passdb_pgsql_conn;
|
|
36
|
|
37 static void pgsql_handle_request(struct pgsql_connection *conn,
|
|
38 struct pgsql_request *request, PGresult *res)
|
|
39 {
|
|
40 struct passdb_pgsql_request *pgsql_request =
|
|
41 (struct passdb_pgsql_request *) request;
|
|
42 struct auth_request *auth_request = request->context;
|
|
43 const char *user, *password, *scheme;
|
|
44 int ret = 0;
|
|
45
|
|
46 user = auth_request->user;
|
|
47 password = NULL;
|
|
48
|
|
49 if (res != NULL) {
|
|
50 if (PQntuples(res) == 0) {
|
|
51 if (verbose)
|
|
52 i_info("pgsql(%s): Unknown user", user);
|
|
53 } else if (PQntuples(res) > 1) {
|
|
54 i_error("pgsql(%s): Multiple matches for user", user);
|
|
55 } else if (PQnfields(res) != 1) {
|
|
56 i_error("pgsql(%s): Password query returned "
|
|
57 "more than one field", user);
|
|
58 } else {
|
|
59 password = t_strdup(PQgetvalue(res, 0, 0));
|
|
60 }
|
|
61 }
|
|
62
|
|
63 scheme = password_get_scheme(&password);
|
|
64 if (scheme == NULL) {
|
|
65 scheme = conn->set.default_pass_scheme;
|
|
66 i_assert(scheme != NULL);
|
|
67 }
|
|
68
|
|
69 if (pgsql_request->credentials != -1) {
|
|
70 passdb_handle_credentials(pgsql_request->credentials,
|
|
71 user, password, scheme,
|
|
72 pgsql_request->callback.lookup_credentials,
|
|
73 auth_request);
|
|
74 return;
|
|
75 }
|
|
76
|
|
77 /* verify plain */
|
|
78 if (password == NULL) {
|
|
79 pgsql_request->callback.verify_plain(PASSDB_RESULT_USER_UNKNOWN,
|
|
80 auth_request);
|
|
81 return;
|
|
82 }
|
|
83
|
|
84 ret = password_verify(pgsql_request->password, password,
|
|
85 scheme, user);
|
|
86 if (ret < 0)
|
|
87 i_error("pgsql(%s): Unknown password scheme %s", user, scheme);
|
|
88 else if (ret == 0) {
|
|
89 if (verbose)
|
|
90 i_info("pgsql(%s): Password mismatch", user);
|
|
91 }
|
|
92
|
|
93 pgsql_request->callback.verify_plain(ret > 0 ? PASSDB_RESULT_OK :
|
|
94 PASSDB_RESULT_PASSWORD_MISMATCH,
|
|
95 auth_request);
|
|
96 }
|
|
97
|
|
98 static void pgsql_lookup_pass(struct auth_request *auth_request,
|
|
99 struct pgsql_request *pgsql_request)
|
|
100 {
|
|
101 struct pgsql_connection *conn = passdb_pgsql_conn->conn;
|
|
102 const char *query;
|
|
103 string_t *str;
|
|
104
|
|
105 str = t_str_new(512);
|
|
106 var_expand(str, conn->set.password_query, auth_request->user, NULL);
|
|
107 query = str_c(str);
|
|
108
|
|
109 pgsql_request->callback = pgsql_handle_request;
|
|
110 pgsql_request->context = auth_request;
|
|
111
|
|
112 if (db_pgsql_is_valid_username(conn, auth_request->user))
|
|
113 db_pgsql_query(conn, query, pgsql_request);
|
|
114 else {
|
|
115 if (verbose) {
|
|
116 i_error("pgsql(%s): Invalid username",
|
|
117 auth_request->user);
|
|
118 }
|
|
119 pgsql_handle_request(conn, pgsql_request, NULL);
|
|
120 }
|
|
121 }
|
|
122
|
|
123 static void
|
|
124 pgsql_verify_plain(struct auth_request *request, const char *password,
|
|
125 verify_plain_callback_t *callback)
|
|
126 {
|
|
127 struct passdb_pgsql_request *pgsql_request;
|
|
128
|
|
129 pgsql_request = i_malloc(sizeof(struct passdb_pgsql_request) +
|
|
130 strlen(password));
|
|
131 pgsql_request->credentials = -1;
|
|
132 pgsql_request->callback.verify_plain = callback;
|
|
133 strcpy(pgsql_request->password, password);
|
|
134
|
|
135 pgsql_lookup_pass(request, &pgsql_request->request);
|
|
136 }
|
|
137
|
|
138 static void pgsql_lookup_credentials(struct auth_request *request,
|
|
139 enum passdb_credentials credentials,
|
|
140 lookup_credentials_callback_t *callback)
|
|
141 {
|
|
142 struct passdb_pgsql_request *pgsql_request;
|
|
143
|
|
144 pgsql_request = i_new(struct passdb_pgsql_request, 1);
|
|
145 pgsql_request->credentials = credentials;
|
|
146 pgsql_request->callback.lookup_credentials = callback;
|
|
147
|
|
148 pgsql_lookup_pass(request, &pgsql_request->request);
|
|
149 }
|
|
150
|
|
151 static void passdb_pgsql_init(const char *args)
|
|
152 {
|
|
153 struct pgsql_connection *conn;
|
|
154
|
|
155 passdb_pgsql_conn = i_new(struct passdb_pgsql_connection, 1);
|
|
156 passdb_pgsql_conn->conn = conn = db_pgsql_init(args);
|
|
157 }
|
|
158
|
|
159 static void passdb_pgsql_deinit(void)
|
|
160 {
|
|
161 db_pgsql_unref(passdb_pgsql_conn->conn);
|
|
162 i_free(passdb_pgsql_conn);
|
|
163 }
|
|
164
|
|
165 struct passdb_module passdb_pgsql = {
|
|
166 passdb_pgsql_init,
|
|
167 passdb_pgsql_deinit,
|
|
168
|
|
169 pgsql_verify_plain,
|
|
170 pgsql_lookup_credentials
|
|
171 };
|
|
172
|
|
173 #endif
|