diff src/lib-master/master-login-auth.c @ 15049:aa6027a0a78e

Added support to perform token-based service process authentication. Creates hidden SASL method DOVECOT-TOKEN. This method is not available on the normal auth login socket and thus never presented to clients. Creates new auth socket type 'tokenlogin'. This otherwise normal login socket only offers authentication using the DOVECOT-TOKEN mechanism. Creates new token-login directory in base_dir to separate token logins from normal logins. This directory is otherwise completely identical to the normal login dir, i.e. it contains sockets for the service backends, used to chroot login processes to, etc. Makes default login socket configurable. Performs some minor changes to src/login-common to build very sparse protocols, e.g. avoid the need to implement methods that are not needed.
author Stephan Bosch <stephan@rename-it.nl>
date Fri, 14 Sep 2012 21:48:45 +0300
parents 96fd2c3bf932
children 02451e967a06
line wrap: on
line diff
--- a/src/lib-master/master-login-auth.c	Fri Sep 14 21:31:45 2012 +0300
+++ b/src/lib-master/master-login-auth.c	Fri Sep 14 21:48:45 2012 +0300
@@ -3,6 +3,7 @@
 #include "lib.h"
 #include "network.h"
 #include "ioloop.h"
+#include "hostpid.h"
 #include "istream.h"
 #include "ostream.h"
 #include "llist.h"
@@ -53,6 +54,7 @@
 
 	pid_t auth_server_pid;
 
+	unsigned int request_auth_token:1;
 	unsigned int version_received:1;
 	unsigned int spid_received:1;
 };
@@ -60,7 +62,8 @@
 static void master_login_auth_set_timeout(struct master_login_auth *auth);
 static void master_login_auth_check_spids(struct master_login_auth *auth);
 
-struct master_login_auth *master_login_auth_init(const char *auth_socket_path)
+struct master_login_auth *
+master_login_auth_init(const char *auth_socket_path, bool request_auth_token)
 {
 	struct master_login_auth *auth;
 	pool_t pool;
@@ -69,6 +72,7 @@
 	auth = p_new(pool, struct master_login_auth, 1);
 	auth->pool = pool;
 	auth->auth_socket_path = p_strdup(pool, auth_socket_path);
+	auth->request_auth_token = request_auth_token;
 	auth->refcount = 1;
 	auth->fd = -1;
 	hash_table_create_direct(&auth->requests, pool, 0);
@@ -436,6 +440,8 @@
 	str_printfa(str, "REQUEST\t%u\t%u\t%u\t", req->id,
 		    req->client_pid, req->auth_id);
 	binary_to_hex_append(str, req->cookie, sizeof(req->cookie));
+	if (auth->request_auth_token)
+		str_printfa(str, "\tsession_pid=%s", my_pid);
 	str_append_c(str, '\n');
 	o_stream_nsend(auth->output, str_data(str), str_len(str));
 }