Mercurial > dovecot > core-2.2
annotate src/auth/passdb.c @ 22614:cf66220d281e
doveadm proxy: Don't crash if remote doesn't support log proxying
| author | Timo Sirainen <timo.sirainen@dovecot.fi> |
|---|---|
| date | Sat, 14 Oct 2017 12:54:18 +0300 |
| parents | 700d5e6f041d |
| children | cb108f786fb4 |
| rev | line source |
|---|---|
|
21390
2e2563132d5f
Updated copyright notices to include the year 2017.
Stephan Bosch <stephan.bosch@dovecot.fi>
parents:
20517
diff
changeset
|
1 /* Copyright (c) 2002-2017 Dovecot authors, see the included COPYING file */ |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
|
9219
97cdfeb57129
Renamed headers to prevent collision if they were flattened on an install.
Mark Washenberger
parents:
9015
diff
changeset
|
3 #include "auth-common.h" |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
4 #include "array.h" |
|
1192
76321f65960d
Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents:
1191
diff
changeset
|
5 #include "password-scheme.h" |
|
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3161
diff
changeset
|
6 #include "auth-worker-server.h" |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "passdb.h" |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 |
|
14920
a097ef0a9d6d
Array API changed: ARRAY_DEFINE(name, type) -> ARRAY(type) name
Timo Sirainen <tss@iki.fi>
parents:
14784
diff
changeset
|
9 static ARRAY(struct passdb_module_interface *) passdb_interfaces; |
|
a097ef0a9d6d
Array API changed: ARRAY_DEFINE(name, type) -> ARRAY(type) name
Timo Sirainen <tss@iki.fi>
parents:
14784
diff
changeset
|
10 static ARRAY(struct passdb_module *) passdb_modules; |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
11 |
|
11498
190a5278e58b
auth: Changed how auth deinitilization works.
Timo Sirainen <tss@iki.fi>
parents:
11454
diff
changeset
|
12 static const struct passdb_module_interface passdb_iface_deinit = { |
|
190a5278e58b
auth: Changed how auth deinitilization works.
Timo Sirainen <tss@iki.fi>
parents:
11454
diff
changeset
|
13 .name = "deinit" |
|
190a5278e58b
auth: Changed how auth deinitilization works.
Timo Sirainen <tss@iki.fi>
parents:
11454
diff
changeset
|
14 }; |
|
190a5278e58b
auth: Changed how auth deinitilization works.
Timo Sirainen <tss@iki.fi>
parents:
11454
diff
changeset
|
15 |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
16 static struct passdb_module_interface *passdb_interface_find(const char *name) |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
17 { |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
18 struct passdb_module_interface *const *ifaces; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
19 |
| 10406 | 20 array_foreach(&passdb_interfaces, ifaces) { |
| 21 struct passdb_module_interface *iface = *ifaces; | |
| 22 | |
| 23 if (strcmp(iface->name, name) == 0) | |
| 24 return iface; | |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
25 } |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
26 return NULL; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
27 } |
|
3066
34c1cf646467
Moved extern userdb/passdb declarations to .c files.
Timo Sirainen <tss@iki.fi>
parents:
3065
diff
changeset
|
28 |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
29 void passdb_register_module(struct passdb_module_interface *iface) |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
30 { |
|
8888
4aa05d7d8b07
auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
31 struct passdb_module_interface *old_iface; |
|
4aa05d7d8b07
auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
32 |
|
4aa05d7d8b07
auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
33 old_iface = passdb_interface_find(iface->name); |
|
4aa05d7d8b07
auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
34 if (old_iface != NULL && old_iface->verify_plain == NULL) { |
|
4aa05d7d8b07
auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
35 /* replacing a "support not compiled in" passdb */ |
|
4aa05d7d8b07
auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
36 passdb_unregister_module(old_iface); |
|
4aa05d7d8b07
auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
8766
diff
changeset
|
37 } else if (old_iface != NULL) { |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
38 i_panic("passdb_register_module(%s): Already registered", |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
39 iface->name); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
40 } |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
41 array_append(&passdb_interfaces, &iface, 1); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
42 } |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
43 |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
44 void passdb_unregister_module(struct passdb_module_interface *iface) |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
45 { |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
46 struct passdb_module_interface *const *ifaces; |
| 10406 | 47 unsigned int idx; |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
48 |
| 10406 | 49 array_foreach(&passdb_interfaces, ifaces) { |
| 50 if (*ifaces == iface) { | |
| 51 idx = array_foreach_idx(&passdb_interfaces, ifaces); | |
| 52 array_delete(&passdb_interfaces, idx, 1); | |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
53 return; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
54 } |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
55 } |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
56 i_panic("passdb_unregister_module(%s): Not registered", iface->name); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
57 } |
|
2942
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2798
diff
changeset
|
58 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
59 bool passdb_get_credentials(struct auth_request *auth_request, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
60 const char *input, const char *input_scheme, |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
61 const unsigned char **credentials_r, size_t *size_r) |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1156
diff
changeset
|
62 { |
|
5593
f8dc0bdb06a7
Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents:
5475
diff
changeset
|
63 const char *wanted_scheme = auth_request->credentials_scheme; |
|
13566
c9894346b1a3
auth: If password data isn't valid for specified scheme, give a better error message.
Timo Sirainen <tss@iki.fi>
parents:
13330
diff
changeset
|
64 const char *plaintext, *username, *error; |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
65 int ret; |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1156
diff
changeset
|
66 |
|
8765
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8764
diff
changeset
|
67 if (auth_request->prefer_plain_credentials && |
|
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8764
diff
changeset
|
68 password_scheme_is_alias(input_scheme, "PLAIN")) { |
|
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8764
diff
changeset
|
69 /* we've a plaintext scheme and we prefer to get it instead |
|
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8764
diff
changeset
|
70 of converting it to the fallback scheme */ |
|
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8764
diff
changeset
|
71 wanted_scheme = ""; |
|
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8764
diff
changeset
|
72 } |
|
d69763bee853
auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents:
8764
diff
changeset
|
73 |
|
13566
c9894346b1a3
auth: If password data isn't valid for specified scheme, give a better error message.
Timo Sirainen <tss@iki.fi>
parents:
13330
diff
changeset
|
74 ret = password_decode(input, input_scheme, |
|
c9894346b1a3
auth: If password data isn't valid for specified scheme, give a better error message.
Timo Sirainen <tss@iki.fi>
parents:
13330
diff
changeset
|
75 credentials_r, size_r, &error); |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
76 if (ret <= 0) { |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
77 if (ret < 0) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
78 auth_request_log_error(auth_request, AUTH_SUBSYS_DB, |
|
13566
c9894346b1a3
auth: If password data isn't valid for specified scheme, give a better error message.
Timo Sirainen <tss@iki.fi>
parents:
13330
diff
changeset
|
79 "Password data is not valid for scheme %s: %s", |
|
c9894346b1a3
auth: If password data isn't valid for specified scheme, give a better error message.
Timo Sirainen <tss@iki.fi>
parents:
13330
diff
changeset
|
80 input_scheme, error); |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
81 } else { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
82 auth_request_log_error(auth_request, AUTH_SUBSYS_DB, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
83 "Unknown scheme %s", input_scheme); |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
84 } |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
85 return FALSE; |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
86 } |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
87 |
|
5631
139416ee311e
If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
88 if (*wanted_scheme == '\0') { |
|
139416ee311e
If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
89 /* anything goes. change the credentials_scheme to what we |
|
139416ee311e
If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
90 actually got, so blocking passdbs work. */ |
|
139416ee311e
If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
91 auth_request->credentials_scheme = |
|
16770
ed1f5b4f38be
auth: Fixed non-auth passdb lookup when password had ".<encoding>" suffix.
Timo Sirainen <tss@iki.fi>
parents:
15715
diff
changeset
|
92 p_strdup(auth_request->pool, t_strcut(input_scheme, '.')); |
|
5631
139416ee311e
If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
93 return TRUE; |
|
139416ee311e
If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
94 } |
|
139416ee311e
If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
95 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
96 if (!password_scheme_is_alias(input_scheme, wanted_scheme)) { |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
97 if (!password_scheme_is_alias(input_scheme, "PLAIN")) { |
|
7607
ff3adeb71d47
auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
98 const char *error = t_strdup_printf( |
| 3069 | 99 "Requested %s scheme, but we have only %s", |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
100 wanted_scheme, input_scheme); |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
101 if (auth_request->set->debug_passwords) { |
|
7607
ff3adeb71d47
auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
102 error = t_strdup_printf("%s (input: %s)", |
|
ff3adeb71d47
auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
103 error, input); |
|
ff3adeb71d47
auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
104 } |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
105 auth_request_log_info(auth_request, AUTH_SUBSYS_DB, |
|
7607
ff3adeb71d47
auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
106 "%s", error); |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
107 return FALSE; |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1156
diff
changeset
|
108 } |
|
3058
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2943
diff
changeset
|
109 |
|
052f3a5743af
Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents:
2943
diff
changeset
|
110 /* we can generate anything out of plaintext passwords */ |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
111 plaintext = t_strndup(*credentials_r, *size_r); |
|
8766
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
112 username = auth_request->original_username; |
|
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
113 if (!auth_request->domain_is_realm && |
|
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
114 strchr(username, '@') != NULL) { |
|
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
115 /* domain must not be used as realm. add the @realm. */ |
|
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
116 username = t_strconcat(username, "@", |
|
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
117 auth_request->realm, NULL); |
|
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
118 } |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
119 if (auth_request->set->debug_passwords) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
120 auth_request_log_debug(auth_request, AUTH_SUBSYS_DB, |
|
8766
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
121 "Generating %s from user '%s', password '%s'", |
|
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
122 wanted_scheme, username, plaintext); |
|
8348
88a6a193e288
auth_debug_passwords: When converting plaintext password to another scheme, log how it's done.
Timo Sirainen <tss@iki.fi>
parents:
8347
diff
changeset
|
123 } |
|
8766
888f57b1bf9c
DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents:
8765
diff
changeset
|
124 if (!password_generate(plaintext, username, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
125 wanted_scheme, credentials_r, size_r)) { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
126 auth_request_log_error(auth_request, AUTH_SUBSYS_DB, |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
127 "Requested unknown scheme %s", wanted_scheme); |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
128 return FALSE; |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
129 } |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1156
diff
changeset
|
130 } |
|
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1156
diff
changeset
|
131 |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
132 return TRUE; |
|
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
133 } |
|
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
134 |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
135 void passdb_handle_credentials(enum passdb_result result, |
|
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
136 const char *password, const char *scheme, |
|
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
137 lookup_credentials_callback_t *callback, |
|
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
138 struct auth_request *auth_request) |
|
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
139 { |
|
11046
53c6cbb2932b
auth: Don't pass uninitialized value to callback function.
Timo Sirainen <tss@iki.fi>
parents:
10924
diff
changeset
|
140 const unsigned char *credentials = NULL; |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
141 size_t size = 0; |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
142 |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
143 if (result != PASSDB_RESULT_OK) { |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
144 callback(result, NULL, 0, auth_request); |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
145 return; |
|
20517
c4a1368cd868
passdb: Skip credentials handling for noauthenticate
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20328
diff
changeset
|
146 } else if (auth_fields_exists(auth_request->extra_fields, "noauthenticate")) { |
|
c4a1368cd868
passdb: Skip credentials handling for noauthenticate
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20328
diff
changeset
|
147 callback(PASSDB_RESULT_NEXT, NULL, 0, auth_request); |
|
c4a1368cd868
passdb: Skip credentials handling for noauthenticate
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20328
diff
changeset
|
148 return; |
|
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
149 } |
|
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
150 |
|
12691
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
151 if (password != NULL) { |
|
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
152 if (!passdb_get_credentials(auth_request, password, scheme, |
|
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
153 &credentials, &size)) |
|
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
154 result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE; |
|
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
155 } else if (*auth_request->credentials_scheme == '\0') { |
|
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
156 /* We're doing a passdb lookup (not authenticating). |
|
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
157 Pass through a NULL password without an error. */ |
|
18163
20acc7cc5b11
auth: Changed passdb { continue-ok } handling for credentials lookups.
Timo Sirainen <tss@iki.fi>
parents:
18137
diff
changeset
|
158 } else if (auth_request->delayed_credentials != NULL) { |
|
20acc7cc5b11
auth: Changed passdb { continue-ok } handling for credentials lookups.
Timo Sirainen <tss@iki.fi>
parents:
18137
diff
changeset
|
159 /* We already have valid credentials from an earlier |
|
20acc7cc5b11
auth: Changed passdb { continue-ok } handling for credentials lookups.
Timo Sirainen <tss@iki.fi>
parents:
18137
diff
changeset
|
160 passdb lookup. auth_request_lookup_credentials_finish() |
|
20acc7cc5b11
auth: Changed passdb { continue-ok } handling for credentials lookups.
Timo Sirainen <tss@iki.fi>
parents:
18137
diff
changeset
|
161 will use them. */ |
|
12691
ed675e34dfa7
auth: Don't give an error if doing a passdb lookup and the result has NULL password.
Timo Sirainen <tss@iki.fi>
parents:
11498
diff
changeset
|
162 } else { |
|
17235
9b095cec9332
auth: Use special AUTH_SUBSYS_DB/MECH parameters as auth_request_log*() subsystem.
Timo Sirainen <tss@iki.fi>
parents:
17130
diff
changeset
|
163 auth_request_log_info(auth_request, AUTH_SUBSYS_DB, |
|
8764
90e2a21a4298
auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
164 "Requested %s scheme, but we have a NULL password", |
|
90e2a21a4298
auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
165 auth_request->credentials_scheme); |
|
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
166 result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE; |
|
8764
90e2a21a4298
auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
167 } |
|
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
168 |
|
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
169 callback(result, credentials, size, auth_request); |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1156
diff
changeset
|
170 } |
|
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1156
diff
changeset
|
171 |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
172 static struct passdb_module * |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
173 passdb_find(const char *driver, const char *args, unsigned int *idx_r) |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
174 { |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
175 struct passdb_module *const *passdbs; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
176 unsigned int i, count; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
177 |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
178 passdbs = array_get(&passdb_modules, &count); |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
179 for (i = 0; i < count; i++) { |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
180 if (strcmp(passdbs[i]->iface.name, driver) == 0 && |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
181 strcmp(passdbs[i]->args, args) == 0) { |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
182 *idx_r = i; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
183 return passdbs[i]; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
184 } |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
185 } |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
186 return NULL; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
187 } |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
188 |
|
10900
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
189 struct passdb_module * |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
190 passdb_preinit(pool_t pool, const struct auth_passdb_settings *set) |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 { |
|
10897
52eb8317514f
auth: Cleaned up struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10893
diff
changeset
|
192 static unsigned int auth_passdb_id = 0; |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
193 struct passdb_module_interface *iface; |
|
10900
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
194 struct passdb_module *passdb; |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
195 unsigned int idx; |
|
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2428
diff
changeset
|
196 |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
197 iface = passdb_interface_find(set->driver); |
|
13936
352d3f2f8bb7
auth: Fixed loading passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents:
13571
diff
changeset
|
198 if (iface == NULL || iface->verify_plain == NULL) { |
|
13571
695e9d58ed17
auth: Lazily load authdb_* and mech_* plugins only when they're needed.
Timo Sirainen <tss@iki.fi>
parents:
13566
diff
changeset
|
199 /* maybe it's a plugin. try to load it. */ |
|
695e9d58ed17
auth: Lazily load authdb_* and mech_* plugins only when they're needed.
Timo Sirainen <tss@iki.fi>
parents:
13566
diff
changeset
|
200 auth_module_load(t_strconcat("authdb_", set->driver, NULL)); |
|
695e9d58ed17
auth: Lazily load authdb_* and mech_* plugins only when they're needed.
Timo Sirainen <tss@iki.fi>
parents:
13566
diff
changeset
|
201 iface = passdb_interface_find(set->driver); |
|
695e9d58ed17
auth: Lazily load authdb_* and mech_* plugins only when they're needed.
Timo Sirainen <tss@iki.fi>
parents:
13566
diff
changeset
|
202 } |
|
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
8200
diff
changeset
|
203 if (iface == NULL) |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
204 i_fatal("Unknown passdb driver '%s'", set->driver); |
|
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
8200
diff
changeset
|
205 if (iface->verify_plain == NULL) { |
|
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
8200
diff
changeset
|
206 i_fatal("Support not compiled in for passdb driver '%s'", |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
207 set->driver); |
|
3748
1649ca519b7d
Give a few helpul suggestions with "Unknown passdb/usedb driver" errors.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
208 } |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
209 if (iface->preinit == NULL && iface->init == NULL && |
|
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
210 *set->args != '\0') { |
|
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
211 i_fatal("passdb %s: No args are supported: %s", |
|
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
212 set->driver, set->args); |
|
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
213 } |
|
8513
0691f5294bb9
Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents:
8348
diff
changeset
|
214 |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
215 passdb = passdb_find(set->driver, set->args, &idx); |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
216 if (passdb != NULL) |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
217 return passdb; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
218 |
|
10900
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
219 if (iface->preinit == NULL) |
|
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
220 passdb = p_new(pool, struct passdb_module, 1); |
|
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
221 else |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
222 passdb = iface->preinit(pool, set->args); |
|
10900
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
223 passdb->id = ++auth_passdb_id; |
|
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
224 passdb->iface = *iface; |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
225 passdb->args = p_strdup(pool, set->args); |
|
21577
5c390ae4f640
auth: Add mechanism filter for passdbs
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21390
diff
changeset
|
226 if (*set->mechanisms == '\0') { |
|
5c390ae4f640
auth: Add mechanism filter for passdbs
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21390
diff
changeset
|
227 passdb->mechanisms = NULL; |
|
5c390ae4f640
auth: Add mechanism filter for passdbs
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21390
diff
changeset
|
228 } else if (strcasecmp(set->mechanisms, "none") == 0) { |
|
5c390ae4f640
auth: Add mechanism filter for passdbs
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21390
diff
changeset
|
229 passdb->mechanisms = (const char *const[]){NULL}; |
|
5c390ae4f640
auth: Add mechanism filter for passdbs
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21390
diff
changeset
|
230 } else { |
|
5c390ae4f640
auth: Add mechanism filter for passdbs
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21390
diff
changeset
|
231 passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,"); |
|
5c390ae4f640
auth: Add mechanism filter for passdbs
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21390
diff
changeset
|
232 } |
|
13330
83ac50d3b76f
auth: Added default_fields and override_fields settings to all passdbs and userdbs.
Timo Sirainen <tss@iki.fi>
parents:
12782
diff
changeset
|
233 |
|
22008
700d5e6f041d
auth: Add username_filter for passdb block
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21579
diff
changeset
|
234 if (*set->username_filter == '\0') { |
|
700d5e6f041d
auth: Add username_filter for passdb block
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21579
diff
changeset
|
235 passdb->username_filter = NULL; |
|
700d5e6f041d
auth: Add username_filter for passdb block
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21579
diff
changeset
|
236 } else { |
|
700d5e6f041d
auth: Add username_filter for passdb block
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21579
diff
changeset
|
237 passdb->username_filter = (const char* const*)p_strsplit_spaces(pool, set->username_filter, " ,"); |
|
700d5e6f041d
auth: Add username_filter for passdb block
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
21579
diff
changeset
|
238 } |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
239 array_append(&passdb_modules, &passdb, 1); |
|
10900
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
240 return passdb; |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 } |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 |
|
10901
ac58cc0c71aa
auth: Store args in passdb/userdb_module, so init() doesn't need it as parameter.
Timo Sirainen <tss@iki.fi>
parents:
10900
diff
changeset
|
243 void passdb_init(struct passdb_module *passdb) |
|
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2428
diff
changeset
|
244 { |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
245 if (passdb->iface.init != NULL && passdb->init_refcount == 0) |
|
10901
ac58cc0c71aa
auth: Store args in passdb/userdb_module, so init() doesn't need it as parameter.
Timo Sirainen <tss@iki.fi>
parents:
10900
diff
changeset
|
246 passdb->iface.init(passdb); |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
247 passdb->init_refcount++; |
|
2648
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2428
diff
changeset
|
248 } |
|
cc2e39912eb3
Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents:
2428
diff
changeset
|
249 |
|
10898
3d085b851db8
auth: passdb/userdb backends no longer know about struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
250 void passdb_deinit(struct passdb_module *passdb) |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 { |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
252 unsigned int idx; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
253 |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
254 i_assert(passdb->init_refcount > 0); |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
255 |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
256 if (--passdb->init_refcount > 0) |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
257 return; |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
258 |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
259 if (passdb_find(passdb->iface.name, passdb->args, &idx) == NULL) |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
260 i_unreached(); |
|
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
261 array_delete(&passdb_modules, idx, 1); |
|
10900
7909611180a8
auth: Completely removed struct auth_*db from *db.c
Timo Sirainen <tss@iki.fi>
parents:
10899
diff
changeset
|
262 |
|
10898
3d085b851db8
auth: passdb/userdb backends no longer know about struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
263 if (passdb->iface.deinit != NULL) |
|
3d085b851db8
auth: passdb/userdb backends no longer know about struct auth_passdb/auth_userdb.
Timo Sirainen <tss@iki.fi>
parents:
10897
diff
changeset
|
264 passdb->iface.deinit(passdb); |
|
11498
190a5278e58b
auth: Changed how auth deinitilization works.
Timo Sirainen <tss@iki.fi>
parents:
11454
diff
changeset
|
265 |
|
190a5278e58b
auth: Changed how auth deinitilization works.
Timo Sirainen <tss@iki.fi>
parents:
11454
diff
changeset
|
266 /* make sure passdb isn't accessed again */ |
|
190a5278e58b
auth: Changed how auth deinitilization works.
Timo Sirainen <tss@iki.fi>
parents:
11454
diff
changeset
|
267 passdb->iface = passdb_iface_deinit; |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 } |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
269 |
|
20328
7e016f5e8cb4
[LEN] to [static LEN] on some function parameters
Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi>
parents:
19755
diff
changeset
|
270 void passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]) |
|
10924
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
271 { |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
272 struct md5_context ctx; |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
273 struct passdb_module *const *passdbs; |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
274 unsigned int i, count; |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
275 |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
276 md5_init(&ctx); |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
277 passdbs = array_get(&passdb_modules, &count); |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
278 for (i = 0; i < count; i++) { |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
279 md5_update(&ctx, &passdbs[i]->id, sizeof(passdbs[i]->id)); |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
280 md5_update(&ctx, passdbs[i]->iface.name, |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
281 strlen(passdbs[i]->iface.name)); |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
282 md5_update(&ctx, passdbs[i]->args, strlen(passdbs[i]->args)); |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
283 } |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
284 md5_final(&ctx, md5); |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
285 } |
|
91ae9577aca9
auth worker: Verify that both client and server see the same passdb/userdb IDs.
Timo Sirainen <tss@iki.fi>
parents:
10903
diff
changeset
|
286 |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
287 extern struct passdb_module_interface passdb_passwd; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
288 extern struct passdb_module_interface passdb_bsdauth; |
|
14784
523c19238a8b
auth: Added "dict" passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
289 extern struct passdb_module_interface passdb_dict; |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
290 extern struct passdb_module_interface passdb_shadow; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
291 extern struct passdb_module_interface passdb_passwd_file; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
292 extern struct passdb_module_interface passdb_pam; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
293 extern struct passdb_module_interface passdb_checkpassword; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
294 extern struct passdb_module_interface passdb_vpopmail; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
295 extern struct passdb_module_interface passdb_ldap; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
296 extern struct passdb_module_interface passdb_sql; |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
297 extern struct passdb_module_interface passdb_sia; |
| 11454 | 298 extern struct passdb_module_interface passdb_static; |
| 21579 | 299 extern struct passdb_module_interface passdb_oauth2; |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
300 |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
301 void passdbs_init(void) |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
302 { |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
303 i_array_init(&passdb_interfaces, 16); |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
304 i_array_init(&passdb_modules, 16); |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
305 passdb_register_module(&passdb_passwd); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
306 passdb_register_module(&passdb_bsdauth); |
|
14784
523c19238a8b
auth: Added "dict" passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents:
14133
diff
changeset
|
307 passdb_register_module(&passdb_dict); |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
308 passdb_register_module(&passdb_passwd_file); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
309 passdb_register_module(&passdb_pam); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
310 passdb_register_module(&passdb_checkpassword); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
311 passdb_register_module(&passdb_shadow); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
312 passdb_register_module(&passdb_vpopmail); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
313 passdb_register_module(&passdb_ldap); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
314 passdb_register_module(&passdb_sql); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
315 passdb_register_module(&passdb_sia); |
| 11454 | 316 passdb_register_module(&passdb_static); |
| 21579 | 317 passdb_register_module(&passdb_oauth2); |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
318 } |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
319 |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
320 void passdbs_deinit(void) |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
321 { |
|
10903
6e639833c3fc
auth: Initial support for per-protocol auth settings.
Timo Sirainen <tss@iki.fi>
parents:
10901
diff
changeset
|
322 array_free(&passdb_modules); |
|
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
323 array_free(&passdb_interfaces); |
|
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5631
diff
changeset
|
324 } |