Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/auth-request-handler.c @ 5089:18559c7e3a15 HEAD
Cleanups and minor fixes
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 26 Jan 2007 15:58:48 +0200 |
parents | dd4c4a0c0aae |
children | dad0e22b735a |
rev | line source |
---|---|
3074 | 1 /* Copyright (C) 2005 Timo Sirainen */ |
2 | |
3 #include "common.h" | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
4 #include "ioloop.h" |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
5 #include "buffer.h" |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
6 #include "base64.h" |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
7 #include "hash.h" |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
8 #include "str.h" |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
9 #include "str-sanitize.h" |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
10 #include "auth-request.h" |
5038
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
5005
diff
changeset
|
11 #include "auth-master-connection.h" |
3074 | 12 #include "auth-request-handler.h" |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
13 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
14 #include <stdlib.h> |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
15 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
16 struct auth_request_handler { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
17 int refcount; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
18 pool_t pool; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
19 struct hash_table *requests; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
20 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
21 struct auth *auth; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
22 unsigned int connect_uid, client_pid; |
3074 | 23 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
24 auth_request_callback_t *callback; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
25 void *context; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
26 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
27 auth_request_callback_t *master_callback; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
28 }; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
29 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
30 static buffer_t *auth_failures_buf; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
31 static struct timeout *to_auth_failures; |
3074 | 32 |
4903
204d7edc7cdc
Added context parameter type safety checks for most callback APIs.
Timo Sirainen <tss@iki.fi>
parents:
4880
diff
changeset
|
33 #undef auth_request_handler_create |
3074 | 34 struct auth_request_handler * |
3518 | 35 auth_request_handler_create(struct auth *auth, |
3074 | 36 auth_request_callback_t *callback, void *context, |
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
37 auth_request_callback_t *master_callback) |
3074 | 38 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
39 struct auth_request_handler *handler; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
40 pool_t pool; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
41 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
42 pool = pool_alloconly_create("auth request handler", 4096); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
43 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
44 handler = p_new(pool, struct auth_request_handler, 1); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
45 handler->refcount = 1; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
46 handler->pool = pool; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
47 handler->requests = hash_create(default_pool, pool, 0, NULL, NULL); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
48 handler->auth = auth; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
49 handler->callback = callback; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
50 handler->context = context; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
51 handler->master_callback = master_callback; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
52 return handler; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
53 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
54 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
55 void auth_request_handler_unref(struct auth_request_handler **_handler) |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
56 { |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
57 struct auth_request_handler *handler = *_handler; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
58 struct hash_iterate_context *iter; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
59 void *key, *value; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
60 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
61 *_handler = NULL; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
62 i_assert(handler->refcount > 0); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
63 if (--handler->refcount > 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
64 return; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
65 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
66 iter = hash_iterate_init(handler->requests); |
3952
d7a0354861b8
If authentication client disconnects while it still has pending requests,
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
67 while (hash_iterate(iter, &key, &value)) { |
d7a0354861b8
If authentication client disconnects while it still has pending requests,
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
68 struct auth_request *auth_request = value; |
d7a0354861b8
If authentication client disconnects while it still has pending requests,
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
69 |
d7a0354861b8
If authentication client disconnects while it still has pending requests,
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
70 auth_request_unref(&auth_request); |
d7a0354861b8
If authentication client disconnects while it still has pending requests,
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
71 } |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
72 hash_iterate_deinit(iter); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
73 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
74 /* notify parent that we're done with all requests */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
75 handler->callback(NULL, handler->context); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
76 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
77 hash_destroy(handler->requests); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
78 pool_unref(handler->pool); |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3074
diff
changeset
|
79 } |
3074 | 80 |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3074
diff
changeset
|
81 void auth_request_handler_set(struct auth_request_handler *handler, |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3074
diff
changeset
|
82 unsigned int connect_uid, |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3074
diff
changeset
|
83 unsigned int client_pid) |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3074
diff
changeset
|
84 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
85 handler->connect_uid = connect_uid; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
86 handler->client_pid = client_pid; |
3074 | 87 } |
88 | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
89 static void auth_request_handler_remove(struct auth_request_handler *handler, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
90 struct auth_request *request) |
3074 | 91 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
92 hash_remove(handler->requests, POINTER_CAST(request->id)); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
93 auth_request_unref(&request); |
3074 | 94 } |
95 | |
96 void auth_request_handler_check_timeouts(struct auth_request_handler *handler) | |
97 { | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
98 struct hash_iterate_context *iter; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
99 void *key, *value; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
100 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
101 iter = hash_iterate_init(handler->requests); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
102 while (hash_iterate(iter, &key, &value)) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
103 struct auth_request *request = value; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
104 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
105 if (request->created + AUTH_REQUEST_TIMEOUT < ioloop_time) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
106 auth_request_handler_remove(handler, request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
107 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
108 hash_iterate_deinit(iter); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
109 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
110 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
111 static const char *get_client_extra_fields(struct auth_request *request) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
112 { |
3432
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
113 string_t *str; |
3520 | 114 const char **fields, *extra_fields; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
115 unsigned int src, dest; |
4758
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
116 bool seen_pass = FALSE; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
117 |
5085 | 118 if (auth_stream_is_empty(request->extra_fields)) |
119 return NULL; | |
120 | |
121 extra_fields = auth_stream_reply_export(request->extra_fields); | |
3520 | 122 |
3432
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
123 if (!request->proxy) { |
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
124 /* we only wish to remove all fields prefixed with "userdb_" */ |
3520 | 125 if (strstr(extra_fields, "userdb_") == NULL) |
126 return extra_fields; | |
3432
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
127 } |
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
128 |
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
129 str = t_str_new(128); |
4758
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
130 fields = t_strsplit(extra_fields, "\t"); |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
131 for (src = dest = 0; fields[src] != NULL; src++) { |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
132 if (strncmp(fields[src], "userdb_", 7) != 0) { |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
133 if (str_len(str) > 0) |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
134 str_append_c(str, '\t'); |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
135 if (!seen_pass && strncmp(fields[src], "pass=", 5) == 0) |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
136 seen_pass = TRUE; |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
137 str_append(str, fields[src]); |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
138 } |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
139 } |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
140 |
2fc38c1e48c4
Don't send "pass" back if it's already set, or if it's not known.
Timo Sirainen <tss@iki.fi>
parents:
4739
diff
changeset
|
141 if (request->proxy && !seen_pass && request->mech_password != NULL) { |
3432
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
142 /* we're proxying - send back the password that was |
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
143 sent by user (not the password in passdb). */ |
4767
f7fa27e435ef
Missing TAB before "pass" broke proxying.
Timo Sirainen <tss@iki.fi>
parents:
4758
diff
changeset
|
144 str_printfa(str, "\tpass=%s", request->mech_password); |
3432
079ec5c2d665
Last change caused user-given passwords to be cached, and later the password
Timo Sirainen <tss@iki.fi>
parents:
3338
diff
changeset
|
145 } |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
146 |
4739
1d042234c9f9
If passdb returned only userdb_ prefixed extra fields, don't add an extra
Timo Sirainen <tss@iki.fi>
parents:
4682
diff
changeset
|
147 return str_len(str) == 0 ? NULL : str_c(str); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
148 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
149 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
150 static void auth_callback(struct auth_request *request, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
151 enum auth_client_result result, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
152 const void *reply, size_t reply_size) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
153 { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
154 struct auth_request_handler *handler = request->context; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
155 string_t *str; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
156 const char *fields; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
157 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
158 t_push(); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
159 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
160 str = t_str_new(128 + MAX_BASE64_ENCODED_SIZE(reply_size)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
161 switch (result) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
162 case AUTH_CLIENT_RESULT_CONTINUE: |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
163 str_printfa(str, "CONT\t%u\t", request->id); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
164 base64_encode(reply, reply_size, str); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
165 request->accept_input = TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
166 handler->callback(str_c(str), handler->context); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
167 break; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
168 case AUTH_CLIENT_RESULT_SUCCESS: |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
169 str_printfa(str, "OK\t%u\tuser=%s", request->id, request->user); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
170 if (reply_size > 0) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
171 str_append(str, "\tresp="); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
172 base64_encode(reply, reply_size, str); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
173 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
174 fields = get_client_extra_fields(request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
175 if (fields != NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
176 str_append_c(str, '\t'); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
177 str_append(str, fields); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
178 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
179 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
180 if (request->no_login || handler->master_callback == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
181 /* this request doesn't have to wait for master |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
182 process to pick it up. delete it */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
183 auth_request_handler_remove(handler, request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
184 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
185 handler->callback(str_c(str), handler->context); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
186 break; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
187 case AUTH_CLIENT_RESULT_FAILURE: |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
188 str_printfa(str, "FAIL\t%u", request->id); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
189 if (request->user != NULL) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
190 str_printfa(str, "\tuser=%s", request->user); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
191 if (request->internal_failure) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
192 str_append(str, "\ttemp"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
193 fields = get_client_extra_fields(request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
194 if (fields != NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
195 str_append_c(str, '\t'); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
196 str_append(str, fields); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
197 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
198 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
199 if (request->delayed_failure) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
200 /* we came here from flush_failures() */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
201 handler->callback(str_c(str), handler->context); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
202 break; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
203 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
204 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
205 /* remove the request from requests-list */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
206 auth_request_ref(request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
207 auth_request_handler_remove(handler, request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
208 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
209 if (request->no_failure_delay) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
210 /* passdb specifically requested not to delay the |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
211 reply. */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
212 handler->callback(str_c(str), handler->context); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
213 auth_request_unref(&request); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
214 } else { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
215 /* failure. don't announce it immediately to avoid |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
216 a) timing attacks, b) flooding */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
217 request->delayed_failure = TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
218 handler->refcount++; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
219 buffer_append(auth_failures_buf, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
220 &request, sizeof(request)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
221 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
222 break; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
223 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
224 /* NOTE: request may be destroyed now */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
225 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
226 auth_request_handler_unref(&handler); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
227 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
228 t_pop(); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
229 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
230 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
231 static void auth_request_handler_auth_fail(struct auth_request_handler *handler, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
232 struct auth_request *request, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
233 const char *reason) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
234 { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
235 string_t *reply = t_str_new(64); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
236 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
237 auth_request_log_info(request, request->mech->mech_name, "%s", reason); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
238 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
239 str_printfa(reply, "FAIL\t%u\treason=%s", request->id, reason); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
240 handler->callback(str_c(reply), handler->context); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
241 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
242 auth_request_handler_remove(handler, request); |
3074 | 243 } |
244 | |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
245 bool auth_request_handler_auth_begin(struct auth_request_handler *handler, |
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
246 const char *args) |
3074 | 247 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
248 struct mech_module *mech; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
249 struct auth_request *request; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
250 const char *const *list, *name, *arg, *initial_resp; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
251 const void *initial_resp_data; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
252 size_t initial_resp_len; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
253 unsigned int id; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
254 buffer_t *buf; |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
255 bool valid_client_cert; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
256 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
257 /* <id> <mechanism> [...] */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
258 list = t_strsplit(args, "\t"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
259 if (list[0] == NULL || list[1] == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
260 i_error("BUG: Authentication client %u " |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
261 "sent broken AUTH request", handler->client_pid); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
262 return FALSE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
263 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
264 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
265 id = (unsigned int)strtoul(list[0], NULL, 10); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
266 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
267 mech = mech_module_find(list[1]); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
268 if (mech == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
269 /* unsupported mechanism */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
270 i_error("BUG: Authentication client %u requested unsupported " |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
271 "authentication mechanism %s", handler->client_pid, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
272 str_sanitize(list[1], MAX_MECH_NAME_LEN)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
273 return FALSE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
274 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
275 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
276 request = auth_request_new(handler->auth, mech, auth_callback, handler); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
277 request->connect_uid = handler->connect_uid; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
278 request->client_pid = handler->client_pid; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
279 request->id = id; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
280 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
281 /* parse optional parameters */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
282 initial_resp = NULL; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
283 valid_client_cert = FALSE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
284 for (list += 2; *list != NULL; list++) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
285 arg = strchr(*list, '='); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
286 if (arg == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
287 name = *list; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
288 arg = ""; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
289 } else { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
290 name = t_strdup_until(*list, arg); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
291 arg++; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
292 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
293 |
3338
e5ce49c8524a
USER auth command requires now service parameter and supports also others
Timo Sirainen <tss@iki.fi>
parents:
3308
diff
changeset
|
294 if (auth_request_import(request, name, arg)) |
e5ce49c8524a
USER auth command requires now service parameter and supports also others
Timo Sirainen <tss@iki.fi>
parents:
3308
diff
changeset
|
295 ; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
296 else if (strcmp(name, "valid-client-cert") == 0) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
297 valid_client_cert = TRUE; |
4682
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
298 else if (strcmp(name, "resp") == 0) { |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
299 initial_resp = arg; |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
300 /* this must be the last parameter */ |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
301 list++; |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
302 break; |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
303 } |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
304 } |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
305 |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
306 if (*list != NULL) { |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
307 i_error("BUG: Authentication client %u " |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
308 "sent AUTH parameters after 'resp'", |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
309 handler->client_pid); |
bc071307fc2a
Require that the "resp" parameter for AUTH command is the last.
Timo Sirainen <tss@iki.fi>
parents:
4532
diff
changeset
|
310 return FALSE; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
311 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
312 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
313 if (request->service == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
314 i_error("BUG: Authentication client %u " |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
315 "didn't specify service in request", |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
316 handler->client_pid); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
317 return FALSE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
318 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
319 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
320 hash_insert(handler->requests, POINTER_CAST(id), request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
321 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
322 if (request->auth->ssl_require_client_cert && !valid_client_cert) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
323 /* we fail without valid certificate */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
324 auth_request_handler_auth_fail(handler, request, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
325 "Client didn't present valid SSL certificate"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
326 return TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
327 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
328 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
329 if (initial_resp == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
330 initial_resp_data = NULL; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
331 initial_resp_len = 0; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
332 } else { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
333 size_t len = strlen(initial_resp); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
334 buf = buffer_create_dynamic(pool_datastack_create(), |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
335 MAX_BASE64_DECODED_SIZE(len)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
336 if (base64_decode(initial_resp, len, NULL, buf) < 0) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
337 auth_request_handler_auth_fail(handler, request, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
338 "Invalid base64 data in initial response"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
339 return TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
340 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
341 initial_resp_data = buf->data; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
342 initial_resp_len = buf->used; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
343 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
344 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
345 /* handler is referenced until auth_callback is called. */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
346 handler->refcount++; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
347 auth_request_initial(request, initial_resp_data, initial_resp_len); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
348 return TRUE; |
3074 | 349 } |
350 | |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
351 bool auth_request_handler_auth_continue(struct auth_request_handler *handler, |
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3520
diff
changeset
|
352 const char *args) |
3074 | 353 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
354 struct auth_request *request; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
355 const char *data; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
356 size_t data_len; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
357 buffer_t *buf; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
358 unsigned int id; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
359 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
360 data = strchr(args, '\t'); |
5089 | 361 if (data == NULL) { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
362 i_error("BUG: Authentication client sent broken CONT request"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
363 return FALSE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
364 } |
5089 | 365 data++; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
366 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
367 id = (unsigned int)strtoul(args, NULL, 10); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
368 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
369 request = hash_lookup(handler->requests, POINTER_CAST(id)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
370 if (request == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
371 string_t *reply = t_str_new(64); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
372 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
373 str_printfa(reply, "FAIL\t%u\treason=Timeouted", id); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
374 handler->callback(str_c(reply), handler->context); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
375 return TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
376 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
377 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
378 /* accept input only once after mechanism has sent a CONT reply */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
379 if (!request->accept_input) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
380 auth_request_handler_auth_fail(handler, request, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
381 "Unexpected continuation"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
382 return TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
383 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
384 request->accept_input = FALSE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
385 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
386 data_len = strlen(data); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
387 buf = buffer_create_dynamic(pool_datastack_create(), |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
388 MAX_BASE64_DECODED_SIZE(data_len)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
389 if (base64_decode(data, data_len, NULL, buf) < 0) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
390 auth_request_handler_auth_fail(handler, request, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
391 "Invalid base64 data in continued response"); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
392 return TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
393 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
394 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
395 /* handler is referenced until auth_callback is called. */ |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
396 handler->refcount++; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
397 auth_request_continue(request, buf->data, buf->used); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
398 return TRUE; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
399 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
400 |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
401 static void userdb_callback(enum userdb_result result, |
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
402 struct auth_stream_reply *reply, |
3520 | 403 struct auth_request *request) |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
404 { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
405 struct auth_request_handler *handler = request->context; |
3520 | 406 string_t *str; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
407 |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
408 i_assert(request->state == AUTH_REQUEST_STATE_USERDB); |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
409 |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
410 request->state = AUTH_REQUEST_STATE_FINISHED; |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
411 |
3520 | 412 str = t_str_new(256); |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
413 switch (result) { |
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
414 case USERDB_RESULT_INTERNAL_FAILURE: |
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
415 str_printfa(str, "FAIL\t%u", request->id); |
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
416 break; |
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
417 case USERDB_RESULT_USER_UNKNOWN: |
3520 | 418 str_printfa(str, "NOTFOUND\t%u", request->id); |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
419 break; |
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
420 case USERDB_RESULT_OK: |
4532
d83f2a6e1f45
When logging in as master user, send it as "master_user" field to master
Timo Sirainen <tss@iki.fi>
parents:
4451
diff
changeset
|
421 if (request->master_user != NULL) { |
d83f2a6e1f45
When logging in as master user, send it as "master_user" field to master
Timo Sirainen <tss@iki.fi>
parents:
4451
diff
changeset
|
422 auth_stream_reply_add(reply, "master_user", |
d83f2a6e1f45
When logging in as master user, send it as "master_user" field to master
Timo Sirainen <tss@iki.fi>
parents:
4451
diff
changeset
|
423 request->master_user); |
d83f2a6e1f45
When logging in as master user, send it as "master_user" field to master
Timo Sirainen <tss@iki.fi>
parents:
4451
diff
changeset
|
424 } |
3520 | 425 str_printfa(str, "USER\t%u\t", request->id); |
426 str_append(str, auth_stream_reply_export(reply)); | |
4880
4ec6a4def05b
We treated internal userdb lookup errors as "user unknown" errors. In such
Timo Sirainen <tss@iki.fi>
parents:
4767
diff
changeset
|
427 break; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
428 } |
3520 | 429 handler->master_callback(str_c(str), request->master); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
430 |
5038
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
5005
diff
changeset
|
431 auth_master_connection_unref(&request->master); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
432 auth_request_unref(&request); |
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
433 auth_request_handler_unref(&handler); |
3074 | 434 } |
435 | |
436 void auth_request_handler_master_request(struct auth_request_handler *handler, | |
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
437 struct auth_master_connection *master, |
3074 | 438 unsigned int id, |
439 unsigned int client_id) | |
440 { | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
441 struct auth_request *request; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
442 string_t *reply; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
443 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
444 reply = t_str_new(64); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
445 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
446 request = hash_lookup(handler->requests, POINTER_CAST(client_id)); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
447 if (request == NULL) { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
448 i_error("Master request %u.%u not found", |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
449 handler->client_pid, client_id); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
450 str_printfa(reply, "NOTFOUND\t%u", id); |
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
451 handler->master_callback(str_c(reply), master); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
452 return; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
453 } |
3074 | 454 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
455 auth_request_ref(request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
456 auth_request_handler_remove(handler, request); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
457 |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
458 if (request->state != AUTH_REQUEST_STATE_FINISHED || |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
459 !request->successful) { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
460 i_error("Master requested unfinished authentication request " |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
461 "%u.%u", handler->client_pid, client_id); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
462 str_printfa(reply, "NOTFOUND\t%u", id); |
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
463 handler->master_callback(str_c(reply), master); |
4401
10cdcfe98cfc
Fixed memory leak in error handling.
Timo Sirainen <tss@iki.fi>
parents:
3952
diff
changeset
|
464 auth_request_unref(&request); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
465 } else { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
466 /* the request isn't being referenced anywhere anymore, |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
467 so we can do a bit of kludging.. replace the request's |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
468 old client_id with master's id. */ |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
469 request->state = AUTH_REQUEST_STATE_USERDB; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
470 request->id = id; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
471 request->context = handler; |
3308
3f090bcaffcc
Allow multiple master connections for a single listener.
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
472 request->master = master; |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
473 |
5038
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
5005
diff
changeset
|
474 /* master and handler are referenced until userdb_callback i |
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
5005
diff
changeset
|
475 s called. */ |
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
5005
diff
changeset
|
476 auth_master_connection_ref(master); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
477 handler->refcount++; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
478 auth_request_lookup_user(request, userdb_callback); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
479 } |
3074 | 480 } |
481 | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
482 void auth_request_handler_flush_failures(void) |
3074 | 483 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
484 struct auth_request **auth_request; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
485 size_t i, size; |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
486 |
4451
1a35d53c18fc
Array API redesigned to work using unions. It now provides type safety
Timo Sirainen <tss@iki.fi>
parents:
4401
diff
changeset
|
487 auth_request = buffer_get_modifiable_data(auth_failures_buf, &size); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
488 size /= sizeof(*auth_request); |
3074 | 489 |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
490 for (i = 0; i < size; i++) { |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
491 i_assert(auth_request[i]->state == AUTH_REQUEST_STATE_FINISHED); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
492 auth_request[i]->callback(auth_request[i], |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
493 AUTH_CLIENT_RESULT_FAILURE, NULL, 0); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
494 auth_request_unref(&auth_request[i]); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
495 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
496 buffer_set_used_size(auth_failures_buf, 0); |
3074 | 497 } |
498 | |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
499 static void auth_failure_timeout(void *context __attr_unused__) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
500 { |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
501 auth_request_handler_flush_failures(); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
502 } |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
503 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
504 void auth_request_handler_init(void) |
3074 | 505 { |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
506 auth_failures_buf = buffer_create_dynamic(default_pool, 1024); |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
507 to_auth_failures = timeout_add(2000, auth_failure_timeout, NULL); |
3074 | 508 } |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
509 |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
510 void auth_request_handler_deinit(void) |
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
511 { |
5038
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
5005
diff
changeset
|
512 auth_request_handler_flush_failures(); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
513 buffer_free(auth_failures_buf); |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
514 timeout_remove(&to_auth_failures); |
3166
e6a487d80288
Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents:
3077
diff
changeset
|
515 } |