Mercurial > dovecot > core-2.2

view src/auth/auth-plain.c @ 765:553f050c8313 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added buffer API. Point is to hide all buffer writing behind this API which verifies that nothing overflows. Much better than doing the same checks all around the code, even if it is slightly slower. Buffer reading is still mostly done directly, that isn't such a big security risk and I can't think of a reasonable API for it anyway.
author Timo Sirainen <tss@iki.fi>
date Sun, 08 Dec 2002 07:23:07 +0200
parents 50bb42557703
children bf38c8f30a4c
line wrap: on
line source

/* Copyright (C) 2002 Timo Sirainen */

#include "common.h"
#include "auth.h"
#include "cookie.h"
#include "userinfo.h"

static void auth_plain_continue(CookieData *cookie,
				AuthContinuedRequestData *request,
				const unsigned char *data,
				AuthCallback callback, void *context)
{
	AuthCookieReplyData *cookie_reply = cookie->context;
	AuthReplyData reply;
	const char *user;
	char *pass;
	size_t i, count, len;

	/* initialize reply */
	memset(&reply, 0, sizeof(reply));
	reply.id = request->id;
	reply.result = AUTH_RESULT_FAILURE;
	memcpy(reply.cookie, cookie->cookie, AUTH_COOKIE_SIZE);

	/* data should contain user\0...\0pass */
	user = (const char *) data;
	pass = NULL;
	count = 0;
	for (i = 0; i < request->data_size; i++) {
		if (data[i] == '\0' && ++count == 2) {
			i++;
			if (i == request->data_size)
				pass = "";
			else {
				len = request->data_size - i;
				pass = t_malloc(len+1);
                                memcpy(pass, (const char *) data + i, len);
                                pass[len] = '\0';
			}
			break;
		}
	}

	if (pass != NULL) {
		if (userinfo->verify_plain(user, pass, cookie_reply)) {
			cookie_reply->success = TRUE;
			reply.result = AUTH_RESULT_SUCCESS;
		}

		if (*pass != '\0') {
			/* make sure it's cleared */
			memset(pass, 0, strlen(pass));
		}
	}

        callback(&reply, NULL, context);

	if (!cookie_reply->success) {
		/* failed, we don't need the cookie anymore */
		cookie_remove(cookie->cookie);
	}
}

static int auth_plain_fill_reply(CookieData *cookie, AuthCookieReplyData *reply)
{
	AuthCookieReplyData *cookie_reply;

	cookie_reply = cookie->context;
	if (!cookie_reply->success)
		return FALSE;

	memcpy(reply, cookie_reply, sizeof(AuthCookieReplyData));
	return TRUE;
}

static void auth_plain_free(CookieData *cookie)
{
	i_free(cookie->context);
	i_free(cookie);
}

static void auth_plain_init(AuthInitRequestData *request,
			    AuthCallback callback, void *context)
{
	CookieData *cookie;
	AuthReplyData reply;

	cookie = i_new(CookieData, 1);
	cookie->auth_fill_reply = auth_plain_fill_reply;
	cookie->auth_continue = auth_plain_continue;
	cookie->free = auth_plain_free;
	cookie->context = i_new(AuthCookieReplyData, 1);

	cookie_add(cookie);

	/* initialize reply */
	memset(&reply, 0, sizeof(reply));
	reply.id = request->id;
	reply.result = AUTH_RESULT_CONTINUE;
	memcpy(reply.cookie, cookie->cookie, AUTH_COOKIE_SIZE);

	callback(&reply, NULL, context);
}

AuthModule auth_plain = {
	AUTH_METHOD_PLAIN,
	auth_plain_init
};