dovecot/core-2.2: src/auth/db-oauth2.c annotate

annotate src/auth/db-oauth2.c @ 22614:cf66220d281e

doveadm proxy: Don't crash if remote doesn't support log proxying

author	Timo Sirainen <timo.sirainen@dovecot.fi>
date	Sat, 14 Oct 2017 12:54:18 +0300
parents	036d9f649c8b
children	cb108f786fb4

rev	line source
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	1 /* Copyright (c) 2017 Dovecot authors, see the included COPYING file */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	2
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	3 #include "lib.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	4 #include "array.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	5 #include "str.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	6 #include "var-expand.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	7 #include "env-util.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	8 #include "var-expand.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	9 #include "settings.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	10 #include "oauth2.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	11 #include "http-client.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	12 #include "iostream-ssl.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	13 #include "auth-request.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	14 #include "passdb.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	15 #include "passdb-template.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	16 #include "llist.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	17 #include "db-oauth2.h"
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	18
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	19 #include <stddef.h>
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	20
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	21 struct passdb_oauth2_settings {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	22 /* tokeninfo endpoint, format https://endpoint/somewhere?token= */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	23 const char *tokeninfo_url;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	24 /* introspection endpoint, format https://endpoint/somewhere */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	25 const char *introspection_url;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	26 /* expected scope, optional */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	27 const char *scope;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	28 /* mode of introspection, one of get, get-auth, post
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	29 - get: append token to url
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	30 - get-auth: send token with header Authorization: Bearer token
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	31 - post: send token=<token> as POST request
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	32 */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	33 const char *introspection_mode;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	34 /* normalization var-expand template for username, defaults to %Lu */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	35 const char *username_format;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	36 /* name of username attribute to lookup, mandatory */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	37 const char *username_attribute;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	38 /* name of account is active attribute, optional */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	39 const char *active_attribute;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	40 /* expected active value for active attribute, optional */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	41 const char *active_value;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	42 /* template to expand into passdb */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	43 const char *pass_attrs;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	44
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	45 /* TLS options */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	46 const char *tls_ca_cert_file;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	47 const char *tls_ca_cert_dir;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	48 const char *tls_cert_file;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	49 const char *tls_key_file;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	50 const char *tls_cipher_suite;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	51
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	52 /* HTTP rawlog directory */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	53 const char *rawlog_dir;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	54
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	55 /* HTTP client options */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	56 unsigned int timeout_msecs;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	57 unsigned int max_idle_time_msecs;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	58 unsigned int max_parallel_connections;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	59 unsigned int max_pipelined_requests;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	60 bool tls_allow_invalid_cert;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	61
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	62 bool debug;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	63 /* Should introspection be done even if not necessary */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	64 bool force_introspection;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	65 /* Should we send service and local/remote endpoints as X-Dovecot-Auth headers */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	66 bool send_auth_headers;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	67 };
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	68
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	69 struct db_oauth2 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	70 struct db_oauth2 prev,next;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	71
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	72 pool_t pool;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	73
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	74 const char *config_path;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	75 struct passdb_oauth2_settings set;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	76 struct http_client *client;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	77 struct passdb_template *tmpl;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	78 struct oauth2_settings oauth2_set;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	79
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	80 struct db_oauth2_request *head;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	81
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	82 unsigned int refcount;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	83 };
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	84
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	85 static struct db_oauth2 *db_oauth2_head = NULL;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	86
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	87 #undef DEF_STR
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	88 #undef DEF_BOOL
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	89 #undef DEF_INT
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	90
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	91 #define DEF_STR(name) DEF_STRUCT_STR(name, passdb_oauth2_settings)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	92 #define DEF_BOOL(name) DEF_STRUCT_BOOL(name, passdb_oauth2_settings)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	93 #define DEF_INT(name) DEF_STRUCT_INT(name, passdb_oauth2_settings)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	94
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	95 static struct setting_def setting_defs[] = {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	96 DEF_STR(tokeninfo_url),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	97 DEF_STR(introspection_url),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	98 DEF_STR(scope),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	99 DEF_BOOL(force_introspection),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	100 DEF_STR(introspection_mode),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	101 DEF_STR(username_format),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	102 DEF_STR(username_attribute),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	103 DEF_STR(pass_attrs),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	104 DEF_STR(active_attribute),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	105 DEF_STR(active_value),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	106 DEF_INT(timeout_msecs),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	107 DEF_INT(max_idle_time_msecs),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	108 DEF_INT(max_parallel_connections),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	109 DEF_INT(max_pipelined_requests),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	110 DEF_BOOL(send_auth_headers),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	111
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	112 DEF_STR(tls_ca_cert_file),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	113 DEF_STR(tls_ca_cert_dir),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	114 DEF_STR(tls_cert_file),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	115 DEF_STR(tls_key_file),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	116 DEF_STR(tls_cipher_suite),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	117 DEF_BOOL(tls_allow_invalid_cert),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	118
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	119 DEF_STR(rawlog_dir),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	120
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	121 DEF_BOOL(debug),
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	122
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	123 { 0, NULL, 0 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	124 };
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	125
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	126 static struct passdb_oauth2_settings default_oauth2_settings = {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	127 .tokeninfo_url = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	128 .introspection_url = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	129 .scope = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	130 .force_introspection = FALSE,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	131 .introspection_mode = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	132 .username_format = "%Lu",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	133 .username_attribute = "email",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	134 .active_attribute = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	135 .active_value = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	136 .pass_attrs = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	137 .rawlog_dir = "",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	138 .timeout_msecs = 0,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	139 .max_idle_time_msecs = 60000,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	140 .max_parallel_connections = 1,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	141 .max_pipelined_requests = 1,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	142 .tls_ca_cert_file = NULL,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	143 .tls_ca_cert_dir = NULL,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	144 .tls_cert_file = NULL,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	145 .tls_key_file = NULL,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	146 .tls_cipher_suite = "HIGH:!SSLv2",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	147 .tls_allow_invalid_cert = FALSE,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	148 .send_auth_headers = FALSE,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	149 .debug = FALSE,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	150 };
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	151
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	152 static const char parse_setting(const char key, const char *value,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	153 struct db_oauth2 *db)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	154 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	155 return parse_setting_from_defs(db->pool, setting_defs,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	156 &db->set, key, value);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	157 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	158
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	159 struct db_oauth2 db_oauth2_init(const char config_path)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	160 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	161 struct db_oauth2 *db;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	162 const char *error;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	163 struct http_client_settings http_set;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	164
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	165 for(db = db_oauth2_head; db != NULL; db = db->next) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	166 if (strcmp(db->config_path, config_path) == 0) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	167 db->refcount++;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	168 return db;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	169 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	170 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	171
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	172 pool_t pool = pool_alloconly_create("db_oauth2", 128);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	173 db = p_new(pool, struct db_oauth2, 1);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	174 db->pool = pool;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	175 db->refcount = 1;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	176 db->config_path = p_strdup(pool, config_path);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	177 db->set = default_oauth2_settings;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	178
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	179 if (!settings_read_nosection(config_path, parse_setting, db, &error))
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	180 i_fatal("oauth2 %s: %s", config_path, error);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	181
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	182 db->tmpl = passdb_template_build(pool, db->set.pass_attrs);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	183
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	184 i_zero(&http_set);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	185
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	186 http_set.ssl_ca_file = db->set.tls_ca_cert_file;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	187 http_set.ssl_ca_dir = db->set.tls_ca_cert_dir;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	188 if (db->set.tls_cert_file != NULL && *db->set.tls_cert_file != '\0') {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	189 http_set.ssl_cert = db->set.tls_cert_file;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	190 http_set.ssl_key = db->set.tls_key_file;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	191 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	192 http_set.ssl_allow_invalid_cert = db->set.tls_allow_invalid_cert;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	193
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	194 http_set.dns_client_socket_path = "dns-client";
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	195 http_set.user_agent = "dovecot-oauth2-passdb/" DOVECOT_VERSION;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	196
21648 66802cc05f4d auth: Make sure tokeninfo or introspection URL is given Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21647 diff changeset	197 if (db->set.tokeninfo_url == '\0' && db->set.introspection_url == '\0')
66802cc05f4d auth: Make sure tokeninfo or introspection URL is given Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21647 diff changeset	198 i_fatal("oauth2: Tokeninfo or introspection URL must be given");
66802cc05f4d auth: Make sure tokeninfo or introspection URL is given Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21647 diff changeset	199
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	200 if (*db->set.rawlog_dir != '\0')
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	201 http_set.rawlog_dir = db->set.rawlog_dir;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	202
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	203 http_set.max_idle_time_msecs = db->set.max_idle_time_msecs;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	204 http_set.max_parallel_connections = db->set.max_parallel_connections;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	205 http_set.max_pipelined_requests = db->set.max_pipelined_requests;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	206 http_set.no_auto_redirect = FALSE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	207 http_set.no_auto_retry = TRUE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	208 http_set.debug = db->set.debug;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	209
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	210 db->client = http_client_init(&http_set);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	211
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	212 i_zero(&db->oauth2_set);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	213 db->oauth2_set.client = db->client;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	214 db->oauth2_set.tokeninfo_url = db->set.tokeninfo_url,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	215 db->oauth2_set.introspection_url = db->set.introspection_url;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	216 db->oauth2_set.timeout_msecs = db->set.timeout_msecs;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	217 db->oauth2_set.send_auth_headers = db->set.send_auth_headers;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	218
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	219 if (*db->set.introspection_mode == '\0' \|\|
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	220 strcmp(db->set.introspection_mode, "auth") == 0) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	221 db->oauth2_set.introspection_mode = INTROSPECTION_MODE_GET_AUTH;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	222 } else if (strcmp(db->set.introspection_mode, "get") == 0) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	223 db->oauth2_set.introspection_mode = INTROSPECTION_MODE_GET;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	224 } else if (strcmp(db->set.introspection_mode, "post") == 0) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	225 db->oauth2_set.introspection_mode = INTROSPECTION_MODE_POST;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	226 } else {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	227 i_fatal("Invalid value '%s' for introspection mode, must be on auth, get or post",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	228 db->set.introspection_mode);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	229 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	230
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	231 DLLIST_PREPEND(&db_oauth2_head, db);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	232
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	233 return db;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	234 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	235
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	236 void db_oauth2_ref(struct db_oauth2 *db)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	237 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	238 i_assert(db->refcount > 0);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	239 db->refcount++;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	240 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	241
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	242 void db_oauth2_unref(struct db_oauth2 **_db)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	243 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	244 struct db_oauth2 ptr, db = *_db;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	245 i_assert(db->refcount > 0);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	246
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	247 if (--db->refcount > 0) return;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	248
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	249 for(ptr = db_oauth2_head; ptr != NULL; ptr = db->next) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	250 if (ptr == db) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	251 DLLIST_REMOVE(&db_oauth2_head, ptr);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	252 break;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	253 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	254 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	255
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	256 i_assert(ptr != NULL && ptr == db);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	257
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	258 /* make sure all requests are aborted */
21728 fb3278b43cdd auth: oauth2 - Fix aborting auth requests on deinit. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21717 diff changeset	259 while (db->head != NULL)
fb3278b43cdd auth: oauth2 - Fix aborting auth requests on deinit. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21717 diff changeset	260 oauth2_request_abort(&db->head->req);
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	261
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	262 http_client_deinit(&db->client);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	263
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	264 pool_unref(&db->pool);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	265 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	266
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	267 static bool
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	268 db_oauth2_have_all_fields(struct db_oauth2_request *req)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	269 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	270 unsigned int n,i;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	271 unsigned int size,idx;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	272 const char const args = passdb_template_get_args(req->db->tmpl, &n);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	273
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	274 if (req->fields == NULL)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	275 return FALSE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	276
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	277 for(i=1;i<n;i+=2) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	278 const char *ptr = args[i];
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	279 while(ptr != NULL) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	280 ptr = strchr(ptr, '%');
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	281 if (ptr != NULL) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	282 const char *field;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	283 ptr++;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	284 var_get_key_range(ptr, &idx, &size);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	285 ptr = ptr+idx;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	286 field = t_strndup(ptr,size);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	287 if (strncmp(field, "oauth2:", 8) == 0 &&
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	288 !auth_fields_exists(req->fields, ptr+8))
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	289 return FALSE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	290 ptr = ptr+size;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	291 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	292 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	293 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	294
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	295 if (!auth_fields_exists(req->fields, req->db->set.username_attribute))
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	296 return FALSE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	297 if (*req->db->set.active_attribute != '\0' && !auth_fields_exists(req->fields, req->db->set.active_attribute))
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	298 return FALSE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	299
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	300 return TRUE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	301 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	302
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	303 static const char field_get_default(const char data)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	304 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	305 const char *p;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	306
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	307 p = strchr(data, ':');
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	308 if (p == NULL)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	309 return "";
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	310 else {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	311 /* default value given */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	312 return p+1;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	313 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	314 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	315
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	316 static const char *
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	317 db_oauth2_var_expand_func_oauth2(const char data, void context)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	318 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	319 struct db_oauth2_request *ctx = context;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	320 const char *field_name = t_strcut(data, ':');
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	321 const char *value = NULL;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	322
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	323 if (ctx->fields != NULL)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	324 value = auth_fields_find(ctx->fields, field_name);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	325 return value != NULL ? value : field_get_default(data);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	326 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	327
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	328 static const char escape_none(const char value, const struct auth_request *req ATTR_UNUSED)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	329 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	330 return value;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	331 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	332
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	333 static const struct var_expand_table *
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	334 db_oauth2_value_get_var_expand_table(struct auth_request *auth_request,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	335 const char *oauth2_value)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	336 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	337 struct var_expand_table *table;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	338 unsigned int count = 1;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	339
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	340 table = auth_request_get_var_expand_table_full(auth_request, NULL,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	341 &count);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	342 table[0].key = '$';
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	343 table[0].value = oauth2_value;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	344 return table;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	345 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	346
21732 78b6f3032cc6 auth: oauth2 - Template expand failure should be an internal error Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21731 diff changeset	347 static bool
21731 58f7612b0658 auth: oauth2 - make db_oauth2_template_export() static Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21730 diff changeset	348 db_oauth2_template_export(struct db_oauth2_request *req,
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	349 enum passdb_result *result_r ATTR_UNUSED,
21731 58f7612b0658 auth: oauth2 - make db_oauth2_template_export() static Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21730 diff changeset	350 const char **error_r ATTR_UNUSED)
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	351 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	352 /* var=$ expands into var=${oauth2:var} */
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	353 const struct var_expand_func_table funcs_table[] = {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	354 { "oauth2", db_oauth2_var_expand_func_oauth2 },
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	355 { NULL, NULL }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	356 };
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	357 string_t *dest;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	358 const char const args, *value;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	359 struct passdb_template *tmpl = req->db->tmpl;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	360 unsigned int i, count;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	361
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	362 if (passdb_template_is_empty(tmpl))
21732 78b6f3032cc6 auth: oauth2 - Template expand failure should be an internal error Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21731 diff changeset	363 return TRUE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	364
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	365 dest = t_str_new(256);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	366 args = passdb_template_get_args(tmpl, &count);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	367 i_assert((count % 2) == 0);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	368 for (i = 0; i < count; i += 2) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	369 if (args[i+1] == NULL)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	370 value = "";
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	371 else {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	372 str_truncate(dest, 0);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	373 const struct var_expand_table *
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	374 table = db_oauth2_value_get_var_expand_table(req->auth_request,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	375 auth_fields_find(req->fields, args[i]));
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	376 var_expand_with_funcs(dest, args[i+1], table, funcs_table,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	377 req);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	378 value = str_c(dest);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	379 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	380
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	381 auth_request_set_field(req->auth_request, args[i], value,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	382 STATIC_PASS_SCHEME);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	383 }
21732 78b6f3032cc6 auth: oauth2 - Template expand failure should be an internal error Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21731 diff changeset	384 return TRUE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	385 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	386
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	387 static void db_oauth2_fields_merge(struct db_oauth2_request *req,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	388 ARRAY_TYPE(oauth2_field) *fields)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	389 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	390 const struct oauth2_field *field;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	391
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	392 if (req->fields == NULL)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	393 req->fields = auth_fields_init(req->pool);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	394
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	395 array_foreach(fields, field) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	396 auth_fields_add(req->fields, field->name, field->value, 0);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	397 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	398 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	399
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	400 static void db_oauth2_callback(struct db_oauth2_request *req,
21734 8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	401 enum passdb_result result,
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	402 const char *error)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	403 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	404 db_oauth2_lookup_callback_t *callback = req->callback;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	405 req->callback = NULL;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	406
21734 8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	407 i_assert(result == PASSDB_RESULT_OK \|\| error != NULL);
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	408
21717 1085fea7435f db-oauth2: Make sure request is removed only once Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21696 diff changeset	409 if (callback != NULL) {
1085fea7435f db-oauth2: Make sure request is removed only once Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21696 diff changeset	410 DLLIST_REMOVE(&req->db->head, req);
21737 036d9f649c8b auth: oauth2 - cleanup db_oauth2_lookup_callback_t Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21736 diff changeset	411 callback(req, result, error, req->context);
21717 1085fea7435f db-oauth2: Make sure request is removed only once Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21696 diff changeset	412 }
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	413 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	414
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	415 static bool
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	416 db_oauth2_validate_username(struct db_oauth2_request *req,
01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	417 enum passdb_result result_r, const char *error_r)
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	418 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	419 struct var_expand_table table[] = {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	420 { 'u', NULL, "user" },
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	421 { 'n', NULL, "username" },
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	422 { 'd', NULL, "domain" },
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	423 { '\0', NULL, NULL }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	424 };
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	425 const char *username_value =
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	426 auth_fields_find(req->fields, req->db->set.username_attribute);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	427
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	428 if (username_value == NULL) {
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	429 *result_r = PASSDB_RESULT_INTERNAL_FAILURE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	430 *error_r = "No username returned";
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	431 return FALSE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	432 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	433
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	434 table[0].value = username_value;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	435 table[1].value = t_strcut(username_value, '@');
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	436 table[2].value = strchr(username_value, '@');
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	437 if (table[2].value != NULL)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	438 table[2].value++;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	439
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	440 string_t *username_req = t_str_new(32);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	441 string_t *username_val = t_str_new(strlen(username_value));
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	442
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	443 auth_request_var_expand(username_req, req->db->set.username_format, req->auth_request, escape_none);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	444 var_expand(username_val, req->db->set.username_format, table);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	445
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	446 if (!str_equals(username_req, username_val)) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	447 *error_r = t_strdup_printf("Username '%s' did not match '%s'",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	448 str_c(username_req), str_c(username_val));
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	449 *result_r = PASSDB_RESULT_USER_UNKNOWN;
21734 8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	450 return FALSE;
8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	451 } else {
8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	452 return TRUE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	453 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	454 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	455
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	456 static bool
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	457 db_oauth2_user_is_enabled(struct db_oauth2_request *req,
01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	458 enum passdb_result result_r, const char *error_r)
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	459 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	460 if (*req->db->set.active_attribute != '\0') {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	461 const char *active_value = auth_fields_find(req->fields, req->db->set.active_attribute);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	462 if (active_value == NULL \|\|
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	463 (*req->db->set.active_value != '\0' &&
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	464 strcmp(req->db->set.active_value, active_value) != 0)) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	465 *error_r = "User account is not active";
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	466 *result_r = PASSDB_RESULT_USER_DISABLED;
21734 8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	467 return FALSE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	468 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	469 }
21734 8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	470 return TRUE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	471 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	472
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	473 static bool
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	474 db_oauth2_token_in_scope(struct db_oauth2_request *req,
01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	475 enum passdb_result result_r, const char *error_r)
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	476 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	477 if (*req->db->set.scope != '\0') {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	478 bool found = FALSE;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	479 const char *value = auth_fields_find(req->fields, "scope");
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	480 if (value != NULL) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	481 const char **scopes = t_strsplit_spaces(value, " ");
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	482 found = str_array_find(scopes, req->db->set.scope);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	483 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	484 if (!found) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	485 *error_r = t_strdup_printf("Token is not valid for scope '%s'",
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	486 req->db->set.scope);
21733 01ffe59436af auth: oauth2 - remove db_oauth2_request.result Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21732 diff changeset	487 *result_r = PASSDB_RESULT_USER_DISABLED;
21734 8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	488 return FALSE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	489 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	490 }
21734 8b5f6e2ff4a6 auth: oauth2 - remove db_oauth2_request.failed Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21733 diff changeset	491 return TRUE;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	492 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	493
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	494 static void db_oauth2_process_fields(struct db_oauth2_request *req,
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	495 enum passdb_result *result_r,
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	496 const char **error_r)
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	497 {
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	498 *error_r = NULL;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	499
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	500 if (db_oauth2_validate_username(req, result_r, error_r) &&
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	501 db_oauth2_user_is_enabled(req, result_r, error_r) &&
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	502 db_oauth2_token_in_scope(req, result_r, error_r) &&
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	503 db_oauth2_template_export(req, result_r, error_r)) {
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	504 *result_r = PASSDB_RESULT_OK;
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	505 } else {
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	506 i_assert(result_r != PASSDB_RESULT_OK && error_r != NULL);
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	507 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	508 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	509
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	510 static void
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	511 db_oauth2_introspect_continue(struct oauth2_introspection_result *result,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	512 struct db_oauth2_request *req)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	513 {
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	514 enum passdb_result passdb_result;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	515 const char *error;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	516
21729 dfcfdbbe1fd1 auth: oauth2 - Make sure db_oauth2_request.req is set to NULL when it gets freed. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21728 diff changeset	517 req->req = NULL;
dfcfdbbe1fd1 auth: oauth2 - Make sure db_oauth2_request.req is set to NULL when it gets freed. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21728 diff changeset	518
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	519 if (!result->success) {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	520 /* fail here */
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	521 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	522 error = result->error;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	523 } else {
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	524 db_oauth2_fields_merge(req, result->fields);
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	525 db_oauth2_process_fields(req, &passdb_result, &error);
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	526 }
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	527 db_oauth2_callback(req, passdb_result, error);
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	528 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	529
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	530 static void db_oauth2_lookup_introspect(struct db_oauth2_request *req)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	531 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	532 struct oauth2_request_input input;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	533 i_zero(&input);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	534
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	535 input.token = req->token;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	536 input.local_ip = req->auth_request->local_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	537 input.local_port = req->auth_request->local_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	538 input.remote_ip = req->auth_request->remote_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	539 input.remote_port = req->auth_request->remote_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	540 input.real_local_ip = req->auth_request->real_local_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	541 input.real_local_port = req->auth_request->real_local_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	542 input.real_remote_ip = req->auth_request->real_remote_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	543 input.real_remote_port = req->auth_request->real_remote_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	544 input.service = req->auth_request->service;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	545
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	546 req->req = oauth2_introspection_start(&req->db->oauth2_set, &input,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	547 db_oauth2_introspect_continue, req);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	548 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	549
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	550 static void
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	551 db_oauth2_lookup_continue(struct oauth2_token_validation_result *result,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	552 struct db_oauth2_request *req)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	553 {
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	554 enum passdb_result passdb_result;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	555 const char *error;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	556
21729 dfcfdbbe1fd1 auth: oauth2 - Make sure db_oauth2_request.req is set to NULL when it gets freed. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21728 diff changeset	557 req->req = NULL;
dfcfdbbe1fd1 auth: oauth2 - Make sure db_oauth2_request.req is set to NULL when it gets freed. Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21728 diff changeset	558
21735 4119b7774573 auth: oauth2 - Clarify token validation success/valid error handling Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21734 diff changeset	559 if (!result->success) {
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	560 passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	561 error = result->error;
21735 4119b7774573 auth: oauth2 - Clarify token validation success/valid error handling Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21734 diff changeset	562 } else if (!result->valid) {
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	563 passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	564 error = "Invalid token";
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	565 } else {
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	566 db_oauth2_fields_merge(req, result->fields);
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	567 if (*req->db->set.introspection_url != '\0' &&
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	568 (req->db->set.force_introspection \|\|
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	569 !db_oauth2_have_all_fields(req))) {
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	570 db_oauth2_lookup_introspect(req);
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	571 return;
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	572 }
7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	573 db_oauth2_process_fields(req, &passdb_result, &error);
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	574 }
21736 7d3ad0620805 auth: oauth2 - make it easier to see where db_oauth2_callback() is called Timo Sirainen <timo.sirainen@dovecot.fi> parents: 21735 diff changeset	575 db_oauth2_callback(req, passdb_result, error);
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	576 }
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	577
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	578 #undef db_oauth2_lookup
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	579 void db_oauth2_lookup(struct db_oauth2 db, struct db_oauth2_request req,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	580 const char token, struct auth_request request,
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	581 db_oauth2_lookup_callback_t callback, void context)
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	582 {
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	583 struct oauth2_request_input input;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	584 i_zero(&input);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	585
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	586 req->db = db;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	587 req->token = p_strdup(req->pool, token);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	588 req->callback = callback;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	589 req->context = context;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	590 req->auth_request = request;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	591
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	592 input.token = token;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	593 input.local_ip = req->auth_request->local_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	594 input.local_port = req->auth_request->local_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	595 input.remote_ip = req->auth_request->remote_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	596 input.remote_port = req->auth_request->remote_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	597 input.real_local_ip = req->auth_request->real_local_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	598 input.real_local_port = req->auth_request->real_local_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	599 input.real_remote_ip = req->auth_request->real_remote_ip;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	600 input.real_remote_port = req->auth_request->real_remote_port;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	601 input.service = req->auth_request->service;
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	602
21647 cbecd2e16979 auth: Make tokeninfo optional Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21579 diff changeset	603 if (*db->oauth2_set.tokeninfo_url == '\0') {
cbecd2e16979 auth: Make tokeninfo optional Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21579 diff changeset	604 req->req = oauth2_introspection_start(&req->db->oauth2_set, &input,
cbecd2e16979 auth: Make tokeninfo optional Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21579 diff changeset	605 db_oauth2_introspect_continue, req);
cbecd2e16979 auth: Make tokeninfo optional Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21579 diff changeset	606 } else {
cbecd2e16979 auth: Make tokeninfo optional Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21579 diff changeset	607 req->req = oauth2_token_validation_start(&db->oauth2_set, &input,
cbecd2e16979 auth: Make tokeninfo optional Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21579 diff changeset	608 db_oauth2_lookup_continue, req);
cbecd2e16979 auth: Make tokeninfo optional Aki Tuomi <aki.tuomi@dovecot.fi> parents: 21579 diff changeset	609 }
21579 0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	610 DLLIST_PREPEND(&db->head, req);
0006d9824c80 auth: Add oauth2 passdb Aki Tuomi <aki.tuomi@dovecot.fi> parents: diff changeset	611 }

Mercurial > dovecot > core-2.2

annotate src/auth/db-oauth2.c @ 22614:cf66220d281e