Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/passdb-blocking.c @ 4704:3bfd724bb37a HEAD
Fixes to handling blocking passdb (ie. MySQL) failures. It ignored any
non-password related checks, such as allow_nets.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 17 Oct 2006 14:26:43 +0300 |
parents | 7728291a7f52 |
children | 2c1cc5bbc260 |
rev | line source |
---|---|
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* Copyright (C) 2005 Timo Sirainen */ |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #include "str.h" |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "auth-worker-server.h" |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "password-scheme.h" |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "passdb.h" |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "passdb-blocking.h" |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include <stdlib.h> |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 static enum passdb_result |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 check_failure(struct auth_request *request, const char **reply) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 { |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
15 enum passdb_result ret; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
16 const char *p; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
17 |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 /* OK / FAIL */ |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 if (strncmp(*reply, "OK\t", 3) == 0) { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 *reply += 3; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 return PASSDB_RESULT_OK; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
24 /* FAIL \t result \t password */ |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
25 if (strncmp(*reply, "FAIL\t", 5) == 0) { |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
26 *reply += 5; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
27 ret = atoi(t_strcut(*reply, '\t')); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
28 |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
29 p = strchr(*reply, '\t'); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
30 if (p == NULL) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
31 *reply += strlen(*reply); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
32 else |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
33 *reply = p + 1; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
34 if (ret != PASSDB_RESULT_OK) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
35 return ret; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
36 |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
37 auth_request_log_error(request, "blocking", |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
38 "Received invalid FAIL result from worker: %d", ret); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
39 return PASSDB_RESULT_INTERNAL_FAILURE; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
40 } else { |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 auth_request_log_error(request, "blocking", |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 "Received unknown reply from worker: %s", *reply); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 return PASSDB_RESULT_INTERNAL_FAILURE; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 static int get_pass_reply(struct auth_request *request, const char *reply, |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 const char **password_r, const char **scheme_r) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 { |
3666
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
50 const char *p, *p2, **tmp; |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 |
3257
92c16e82b806
passdb can now change the username that was used to log in. This is mostly
Timo Sirainen <tss@iki.fi>
parents:
3183
diff
changeset
|
52 /* user \t {scheme}password [\t extra] */ |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 p = strchr(reply, '\t'); |
4692
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
54 |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
55 /* username may have changed, update it */ |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
56 auth_request_set_field(request, "user", p == NULL ? reply : |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
57 t_strdup_until(reply, p), NULL); |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
58 if (p == NULL) { |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
59 /* we didn't get a password. */ |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 *password_r = NULL; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 *scheme_r = NULL; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 return 0; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 } |
4692
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
64 p2 = strchr(++p, '\t'); |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
65 if (p2 == NULL) { |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
66 *password_r = p; |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
67 reply = ""; |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
68 } else { |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
69 *password_r = t_strdup_until(p, p2); |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
70 reply = p2 + 1; |
7728291a7f52
If blocking passdb (ie. MySQL) didn't return any extra fields, we didn't
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
71 } |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 if (**password_r == '\0') { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 *password_r = NULL; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 *scheme_r = NULL; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 } else { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 request->passdb_password = |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 p_strdup(request->pool, *password_r); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 *scheme_r = password_get_scheme(password_r); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 if (*scheme_r == NULL) { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 auth_request_log_error(request, "blocking", |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 "Received reply from worker without " |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 "password scheme"); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 return -1; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 if (*reply != '\0') { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 i_assert(request->extra_fields == NULL); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 |
3666
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
92 for (tmp = t_strsplit(reply, "\t"); *tmp != NULL; tmp++) { |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
93 p = strchr(*tmp, '='); |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
94 if (p == NULL) |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
95 p = ""; |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
96 else { |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
97 *tmp = t_strdup_until(*tmp, p); |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
98 p++; |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
99 } |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
100 auth_request_set_field(request, *tmp, p, NULL); |
b381c9b899a2
Blocking passdb didn't set nologin/proxy/nodelay flags for the request.
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
101 } |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 return 0; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 static void |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 verify_plain_callback(struct auth_request *request, const char *reply) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 enum passdb_result result; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 const char *password, *scheme; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 result = check_failure(request, &reply); |
4704
3bfd724bb37a
Fixes to handling blocking passdb (ie. MySQL) failures. It ignored any
Timo Sirainen <tss@iki.fi>
parents:
4692
diff
changeset
|
113 if (result > 0) { |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 if (get_pass_reply(request, reply, &password, &scheme) < 0) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 result = PASSDB_RESULT_INTERNAL_FAILURE; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 auth_request_verify_plain_callback(result, request); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 void passdb_blocking_verify_plain(struct auth_request *request) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 string_t *str; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3168
diff
changeset
|
125 i_assert(request->extra_fields == NULL); |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3168
diff
changeset
|
126 |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 str = t_str_new(64); |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3666
diff
changeset
|
128 str_printfa(str, "PASSV\t%u\t", request->passdb->id); |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 str_append(str, request->mech_password); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 str_append_c(str, '\t'); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 auth_request_export(request, str); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 auth_worker_call(request, str_c(str), verify_plain_callback); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 static void |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 lookup_credentials_callback(struct auth_request *request, const char *reply) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 enum passdb_result result; |
4704
3bfd724bb37a
Fixes to handling blocking passdb (ie. MySQL) failures. It ignored any
Timo Sirainen <tss@iki.fi>
parents:
4692
diff
changeset
|
140 const char *password = NULL, *scheme = NULL; |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 result = check_failure(request, &reply); |
4704
3bfd724bb37a
Fixes to handling blocking passdb (ie. MySQL) failures. It ignored any
Timo Sirainen <tss@iki.fi>
parents:
4692
diff
changeset
|
143 if (result > 0) { |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 if (get_pass_reply(request, reply, &password, &scheme) < 0) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 result = PASSDB_RESULT_INTERNAL_FAILURE; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 |
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
148 passdb_handle_credentials(result, password, scheme, |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 auth_request_lookup_credentials_callback, |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 request); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 } |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 void passdb_blocking_lookup_credentials(struct auth_request *request) |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 { |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 string_t *str; |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 |
3171
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3168
diff
changeset
|
157 i_assert(request->extra_fields == NULL); |
8a3b57385eca
Added state variable for auth_request and several assertions to make sure
Timo Sirainen <tss@iki.fi>
parents:
3168
diff
changeset
|
158 |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 str = t_str_new(64); |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3171
diff
changeset
|
160 str_printfa(str, "PASSL\t%u\t%d\t", |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3666
diff
changeset
|
161 request->passdb->id, request->credentials); |
3168
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 auth_request_export(request, str); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 auth_worker_call(request, str_c(str), lookup_credentials_callback); |
62f8366cb89c
Forgot to add for blocking passdb/userdb workers..
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 } |