Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/passdb-shadow.c @ 9354:687ac828b964 HEAD
lib-index: modseqs weren't tracked properly within session when changes were done.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Tue, 01 Sep 2009 13:05:03 -0400 |
| parents | b9faf4db2a9f |
| children | 00cd9aacd03c |
| rev | line source |
|---|---|
|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8522
diff
changeset
|
1 /* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */ |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
|
3474
9096b7957413
Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents:
3257
diff
changeset
|
3 #include "common.h" |
|
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
4 #include "passdb.h" |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 |
| 1090 | 6 #ifdef PASSDB_SHADOW |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "safe-memset.h" |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include <shadow.h> |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
12 #define SHADOW_CACHE_KEY "%u" |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
13 #define SHADOW_PASS_SCHEME "CRYPT" |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
14 |
|
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
15 static void |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
16 shadow_verify_plain(struct auth_request *request, const char *password, |
|
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
17 verify_plain_callback_t *callback) |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 { |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 struct spwd *spw; |
|
5429
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
20 int ret; |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 |
| 5259 | 22 auth_request_log_debug(request, "shadow", "lookup"); |
| 23 | |
|
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1090
diff
changeset
|
24 spw = getspnam(request->user); |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 if (spw == NULL) { |
| 3069 | 26 auth_request_log_info(request, "shadow", "unknown user"); |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
27 callback(PASSDB_RESULT_USER_UNKNOWN, request); |
|
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
28 return; |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 } |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 if (!IS_VALID_PASSWD(spw->sp_pwdp)) { |
| 3069 | 32 auth_request_log_info(request, "shadow", |
| 33 "invalid password field"); | |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
34 callback(PASSDB_RESULT_USER_DISABLED, request); |
|
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
35 return; |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 } |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
|
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
38 /* save the password so cache can use it */ |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
39 auth_request_set_field(request, "password", spw->sp_pwdp, |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
40 SHADOW_PASS_SCHEME); |
|
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
41 |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 /* check if the password is valid */ |
|
5429
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
43 ret = auth_request_password_verify(request, password, spw->sp_pwdp, |
|
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
44 SHADOW_PASS_SCHEME, "shadow"); |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 /* clear the passwords from memory */ |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp)); |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 |
|
5429
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
49 if (ret <= 0) { |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
50 callback(PASSDB_RESULT_PASSWORD_MISMATCH, request); |
|
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
51 return; |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 } |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 |
|
3257
92c16e82b806
passdb can now change the username that was used to log in. This is mostly
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
54 /* make sure we're using the username exactly as it's in the database */ |
|
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
55 auth_request_set_field(request, "user", spw->sp_namp, NULL); |
|
3257
92c16e82b806
passdb can now change the username that was used to log in. This is mostly
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
56 |
|
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
57 callback(PASSDB_RESULT_OK, request); |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 } |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 |
|
5381
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
60 static void shadow_init(struct passdb_module *module, const char *args) |
|
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
61 { |
|
5381
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
62 if (strcmp(args, "blocking=yes") == 0) |
|
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
63 module->blocking = TRUE; |
|
8522
b80ef0ddd1d3
Previous "Unknown setting" in passdb check changes were a bit broken.
Timo Sirainen <tss@iki.fi>
parents:
8513
diff
changeset
|
64 else if (*args != '\0') |
|
8513
0691f5294bb9
Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents:
8217
diff
changeset
|
65 i_fatal("passdb shadow: Unknown setting: %s", args); |
|
5381
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
66 |
|
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
67 module->cache_key = SHADOW_CACHE_KEY; |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
68 module->default_pass_scheme = SHADOW_PASS_SCHEME; |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
69 } |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
70 |
|
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
5429
diff
changeset
|
71 static void shadow_deinit(struct passdb_module *module ATTR_UNUSED) |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 { |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 endspent(); |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 } |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 |
|
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
76 struct passdb_module_interface passdb_shadow = { |
|
2942
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2648
diff
changeset
|
77 "shadow", |
|
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2648
diff
changeset
|
78 |
|
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
79 NULL, |
|
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
80 shadow_init, |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 shadow_deinit, |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 shadow_verify_plain, |
|
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
84 NULL, |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 NULL |
|
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 }; |
|
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
87 #else |
|
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
88 struct passdb_module_interface passdb_shadow = { |
|
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
89 MEMBER(name) "shadow" |
|
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
90 }; |
|
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 #endif |