Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/passdb-shadow.c @ 9354:687ac828b964 HEAD
lib-index: modseqs weren't tracked properly within session when changes were done.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 01 Sep 2009 13:05:03 -0400 |
parents | b9faf4db2a9f |
children | 00cd9aacd03c |
rev | line source |
---|---|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8522
diff
changeset
|
1 /* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */ |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
3474
9096b7957413
Removed direct config.h including. I'm not sure why it was done before,
Timo Sirainen <tss@iki.fi>
parents:
3257
diff
changeset
|
3 #include "common.h" |
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
4 #include "passdb.h" |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 |
1090 | 6 #ifdef PASSDB_SHADOW |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "safe-memset.h" |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include <shadow.h> |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 |
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
12 #define SHADOW_CACHE_KEY "%u" |
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
13 #define SHADOW_PASS_SCHEME "CRYPT" |
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
14 |
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
15 static void |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
16 shadow_verify_plain(struct auth_request *request, const char *password, |
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
17 verify_plain_callback_t *callback) |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 { |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 struct spwd *spw; |
5429
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
20 int ret; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 |
5259 | 22 auth_request_log_debug(request, "shadow", "lookup"); |
23 | |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1090
diff
changeset
|
24 spw = getspnam(request->user); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 if (spw == NULL) { |
3069 | 26 auth_request_log_info(request, "shadow", "unknown user"); |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
27 callback(PASSDB_RESULT_USER_UNKNOWN, request); |
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
28 return; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 } |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 if (!IS_VALID_PASSWD(spw->sp_pwdp)) { |
3069 | 32 auth_request_log_info(request, "shadow", |
33 "invalid password field"); | |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
34 callback(PASSDB_RESULT_USER_DISABLED, request); |
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
35 return; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 } |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
3656
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
38 /* save the password so cache can use it */ |
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
39 auth_request_set_field(request, "password", spw->sp_pwdp, |
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
40 SHADOW_PASS_SCHEME); |
fda241fa5d77
Make auth caching work with non-sql/ldap passdbs too.
Timo Sirainen <tss@iki.fi>
parents:
3635
diff
changeset
|
41 |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 /* check if the password is valid */ |
5429
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
43 ret = auth_request_password_verify(request, password, spw->sp_pwdp, |
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
44 SHADOW_PASS_SCHEME, "shadow"); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 /* clear the passwords from memory */ |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 safe_memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp)); |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 |
5429
088b4934a8f0
Verify the password with auth_request_password_verify() so passwd and shadow
Timo Sirainen <tss@iki.fi>
parents:
5381
diff
changeset
|
49 if (ret <= 0) { |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
50 callback(PASSDB_RESULT_PASSWORD_MISMATCH, request); |
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
51 return; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 } |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 |
3257
92c16e82b806
passdb can now change the username that was used to log in. This is mostly
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
54 /* make sure we're using the username exactly as it's in the database */ |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3474
diff
changeset
|
55 auth_request_set_field(request, "user", spw->sp_namp, NULL); |
3257
92c16e82b806
passdb can now change the username that was used to log in. This is mostly
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
56 |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
57 callback(PASSDB_RESULT_OK, request); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 } |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 |
5381
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
60 static void shadow_init(struct passdb_module *module, const char *args) |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
61 { |
5381
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
62 if (strcmp(args, "blocking=yes") == 0) |
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
63 module->blocking = TRUE; |
8522
b80ef0ddd1d3
Previous "Unknown setting" in passdb check changes were a bit broken.
Timo Sirainen <tss@iki.fi>
parents:
8513
diff
changeset
|
64 else if (*args != '\0') |
8513
0691f5294bb9
Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents:
8217
diff
changeset
|
65 i_fatal("passdb shadow: Unknown setting: %s", args); |
5381
ba8da13e71da
Added blocking=yes setting for passdb passwd and shadow also.
Timo Sirainen <tss@iki.fi>
parents:
5259
diff
changeset
|
66 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
67 module->cache_key = SHADOW_CACHE_KEY; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
68 module->default_pass_scheme = SHADOW_PASS_SCHEME; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
69 } |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
70 |
6411
6a64e64fa3a3
Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents:
5429
diff
changeset
|
71 static void shadow_deinit(struct passdb_module *module ATTR_UNUSED) |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 { |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 endspent(); |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 } |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
76 struct passdb_module_interface passdb_shadow = { |
2942
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2648
diff
changeset
|
77 "shadow", |
c7d426f8cb58
Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents:
2648
diff
changeset
|
78 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
79 NULL, |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3656
diff
changeset
|
80 shadow_init, |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 shadow_deinit, |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 shadow_verify_plain, |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
84 NULL, |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 NULL |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 }; |
8217
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
87 #else |
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
88 struct passdb_module_interface passdb_shadow = { |
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
89 MEMBER(name) "shadow" |
c47b78e843aa
Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
90 }; |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 #endif |