Mercurial > dovecot > core-2.2
changeset 10578:a2ed5c020cfa HEAD
auth: Don't use section names for passdb/userdb driver names.
When using section names, it wasn't possible to use the same driver more
than once without an error.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 25 Jan 2010 00:59:34 +0200 |
parents | 3117e9f35e45 |
children | 28f35797059a |
files | doc/example-config/conf.d/auth.conf src/auth/auth-settings.c |
diffstat | 2 files changed, 92 insertions(+), 70 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/example-config/conf.d/auth.conf Mon Jan 25 00:38:22 2010 +0200 +++ b/doc/example-config/conf.d/auth.conf Mon Jan 25 00:59:34 2010 +0200 @@ -112,19 +112,21 @@ # The deny passdb should always be specified before others, so it gets # checked first. Here's an example: -#passdb passwd-file { +#passdb { + #driver = passwd-file # File contains a list of usernames, one per line #args = /etc/dovecot.deny #deny = yes #} -# PAM authentication. Preferred nowadays by most systems. -# Note that PAM can only be used to verify if user's password is correct, -# so it can't be used as userdb. If you don't want to use a separate user -# database (passwd usually), you can use static userdb. -# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM -# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> -passdb pam { +passdb { + # PAM authentication. Preferred nowadays by most systems. + # Note that PAM can only be used to verify if user's password is correct, + # so it can't be used as userdb. If you don't want to use a separate user + # database (passwd usually), you can use static userdb. + # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM + # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> + driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] # @@ -157,61 +159,53 @@ # args = session=yes %Ls # args = cache_key=%u dovecot #args = dovecot -} -# System users (NSS, /etc/passwd, or similiar) -# In many systems nowadays this uses Name Service Switch, which is -# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> -#passdb passwd { + # System users (NSS, /etc/passwd, or similiar) + # In many systems nowadays this uses Name Service Switch, which is + # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> + #driver = passwd # [blocking=yes] - See userdb passwd for explanation #args = -#} -# Shadow passwords for system users (NSS, /etc/shadow or similiar). -# Deprecated by PAM nowadays. -# <doc/wiki/PasswordDatabase.Shadow.txt> -#passdb shadow { + # Shadow passwords for system users (NSS, /etc/shadow or similiar). + # Deprecated by PAM nowadays. + # <doc/wiki/PasswordDatabase.Shadow.txt> + #driver = shadow # [blocking=yes] - See userdb passwd for explanation #args = -#} -# PAM-like authentication for OpenBSD. -# <doc/wiki/PasswordDatabase.BSDAuth.txt> -#passdb bsdauth { + # PAM-like authentication for OpenBSD. + # <doc/wiki/PasswordDatabase.BSDAuth.txt> + #driver = bsdauth # [cache_key=<key>] - See cache_key in PAM for explanation. #args = -#} -# passwd-like file with specified location -# <doc/wiki/AuthDatabase.PasswdFile.txt> -#passdb passwd-file { + # passwd-like file with specified location + # <doc/wiki/AuthDatabase.PasswdFile.txt> + #driver = passwd-file # [scheme=<default password scheme>] [username_format=<format>] # <Path for passwd-file> #args = -#} -# checkpassword executable authentication -# NOTE: You will probably want to use "userdb prefetch" with this. -# <doc/wiki/AuthDatabase.CheckPassword.txt> -#passdb checkpassword { + # checkpassword executable authentication + # NOTE: You will probably want to use "userdb prefetch" with this. + # <doc/wiki/AuthDatabase.CheckPassword.txt> + #driver = checkpassword # Path for checkpassword binary #args = -#} -# SQL database <doc/wiki/AuthDatabase.SQL.txt> -#passdb sql { + # SQL database <doc/wiki/AuthDatabase.SQL.txt> + #driver = sql # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext #args = -#} -# LDAP database <doc/wiki/AuthDatabase.LDAP.txt> -#passdb ldap { + # LDAP database <doc/wiki/AuthDatabase.LDAP.txt> + #driver = ldap # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext #args = -#} -# vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt> -#passdb vpopmail { + # vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt> + #driver = vpopmail # [cache_key=<key>] - See cache_key in PAM for explanation. # [quota_template=<template>] - %q expands to Maildir++ quota # (eg. quota_template=quota_rule=*:backend=%q) @@ -234,37 +228,36 @@ # This can be made to work with SQL and LDAP databases, see their example # configuration files for more information how to do it. # <doc/wiki/UserDatabase.Prefetch.txt> -#userdb prefetch { +#userdb { + #driver = prefetch #} -# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this -# uses Name Service Switch, which is configured in /etc/nsswitch.conf. -# <doc/wiki/AuthDatabase.Passwd.txt> -userdb passwd { +userdb { + # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this + # uses Name Service Switch, which is configured in /etc/nsswitch.conf. + # <doc/wiki/AuthDatabase.Passwd.txt> + driver = passwd # [blocking=yes] - By default the lookups are done in the main dovecot-auth # process. This setting causes the lookups to be done in auth worker # proceses. Useful with remote NSS lookups that may block. # NOTE: Be sure to use this setting with nss_ldap or users might get # logged in as each others! #args = -} -# passwd-like file with specified location -# <doc/wiki/AuthDatabase.PasswdFile.txt> -#userdb passwd-file { + # passwd-like file with specified location + # <doc/wiki/AuthDatabase.PasswdFile.txt> + #driver = passwd-file # [username_format=<format>] <Path for passwd-file> #args = -#} -# checkpassword executable user database lookup -# <doc/wiki/AuthDatabase.CheckPassword.txt> -#userdb checkpassword { + # checkpassword executable user database lookup + # <doc/wiki/AuthDatabase.CheckPassword.txt> + #driver = checkpassword # Path for checkpassword binary #args = -#} -# static settings generated from template <doc/wiki/UserDatabase.Static.txt> -#userdb static { + # static settings generated from template <doc/wiki/UserDatabase.Static.txt> + #driver = static # Template for the fields. Can return anything a userdb could normally # return. For example: # @@ -278,20 +271,17 @@ # the args in which case the passdb lookup is skipped. # #args = -#} -# SQL database <doc/wiki/AuthDatabase.SQL.txt> -#userdb sql { + # SQL database <doc/wiki/AuthDatabase.SQL.txt> + #driver = sql # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext #args = -#} -# LDAP database <doc/wiki/AuthDatabase.LDAP.txt> -#userdb ldap { + # LDAP database <doc/wiki/AuthDatabase.LDAP.txt> + #driver = ldap # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext #args = + + # vpopmail <doc/wiki/AuthDatabase.VPopMail.txt> + #driver = vpopmail #} - -# vpopmail <doc/wiki/AuthDatabase.VPopMail.txt> -#userdb vpopmail { -#}
--- a/src/auth/auth-settings.c Mon Jan 25 00:38:22 2010 +0200 +++ b/src/auth/auth-settings.c Mon Jan 25 00:59:34 2010 +0200 @@ -13,6 +13,8 @@ extern const struct setting_parser_info auth_root_setting_parser_info; static bool auth_settings_check(void *_set, pool_t pool, const char **error_r); +static bool auth_passdb_settings_check(void *_set, pool_t pool, const char **error_r); +static bool auth_userdb_settings_check(void *_set, pool_t pool, const char **error_r); /* <settings checks> */ static struct file_listener_settings auth_unix_listeners_array[] = { @@ -109,11 +111,13 @@ const struct setting_parser_info auth_passdb_setting_parser_info = { .defines = auth_passdb_setting_defines, - .type_offset = offsetof(struct auth_passdb_settings, driver), + .type_offset = (size_t)-1, .struct_size = sizeof(struct auth_passdb_settings), .parent_offset = (size_t)-1, - .parent = &auth_setting_parser_info + .parent = &auth_setting_parser_info, + + .check_func = auth_passdb_settings_check }; #undef DEF @@ -130,11 +134,13 @@ const struct setting_parser_info auth_userdb_setting_parser_info = { .defines = auth_userdb_setting_defines, - .type_offset = offsetof(struct auth_userdb_settings, driver), + .type_offset = (size_t)-1, .struct_size = sizeof(struct auth_userdb_settings), .parent_offset = (size_t)-1, - .parent = &auth_setting_parser_info + .parent = &auth_setting_parser_info, + + .check_func = auth_userdb_settings_check }; /* we're kind of kludging here to avoid "auth_" prefix in the struct fields */ @@ -232,6 +238,32 @@ set->verbose = TRUE; return TRUE; } + +static bool +auth_passdb_settings_check(void *_set, pool_t pool ATTR_UNUSED, + const char **error_r) +{ + struct auth_passdb_settings *set = _set; + + if (set->driver == NULL || *set->driver == '\0') { + *error_r = "passdb is missing driver"; + return FALSE; + } + return TRUE; +} + +static bool +auth_userdb_settings_check(void *_set, pool_t pool ATTR_UNUSED, + const char **error_r) +{ + struct auth_userdb_settings *set = _set; + + if (set->driver == NULL || *set->driver == '\0') { + *error_r = "passdb is missing driver"; + return FALSE; + } + return TRUE; +} /* </settings checks> */ struct auth_settings *