Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/deliver/auth-client.c @ 6497:79176ff12ad8 HEAD
Use mail_uid/gid settings if userdb didn't return uid/gid.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 25 Sep 2007 17:41:11 +0300 |
parents | da4867da38c2 |
children | d4b2df823ca5 |
rev | line source |
---|---|
6429
65c69a53a7be
Replaced my Copyright notices. The year range always ends with 2007 now.
Timo Sirainen <tss@iki.fi>
parents:
6365
diff
changeset
|
1 /* Copyright (c) 2005-2007 Dovecot authors, see the included COPYING file */ |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
6317
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
4 #include "array.h" |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "ioloop.h" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "network.h" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "istream.h" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ostream.h" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "env-util.h" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "restrict-access.h" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "auth-client.h" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include <stdlib.h> |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include <unistd.h> |
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
15 #include <pwd.h> |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
16 #include <grp.h> |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include <sysexits.h> |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 |
4723
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
19 #define AUTH_REQUEST_TIMEOUT 60 |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 #define MAX_INBUF_SIZE 8192 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 #define MAX_OUTBUF_SIZE 512 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 static int return_value; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 struct auth_connection { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 int fd; |
4723
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
27 struct timeout *to; |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 struct io *io; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 struct istream *input; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 struct ostream *output; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 struct ioloop *ioloop; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 uid_t euid; |
6465
da4867da38c2
If we're connecting to client socket instead of a master socket, log an
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
34 const char *auth_socket; |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
35 const char *user; |
6317
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
36 ARRAY_TYPE(string) *extra_fields; |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 unsigned int handshaked:1; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 }; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 static void auth_connection_destroy(struct auth_connection *conn) |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 io_loop_stop(conn->ioloop); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 |
4723
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
45 if (conn->to != NULL) |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
46 timeout_remove(&conn->to); |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 io_remove(&conn->io); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 i_stream_unref(&conn->input); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 o_stream_unref(&conn->output); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 if (close(conn->fd) < 0) |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 i_error("close() failed: %m"); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 i_free(conn); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 |
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
55 static bool parse_uid(const char *str, uid_t *uid_r) |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
56 { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
57 struct passwd *pw; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
58 char *p; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
59 |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
60 if (*str >= '0' && *str <= '9') { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
61 *uid_r = (uid_t)strtoul(str, &p, 10); |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
62 if (*p == '\0') |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
63 return TRUE; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
64 } |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
65 |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
66 pw = getpwnam(str); |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
67 if (pw == NULL) |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
68 return FALSE; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
69 |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
70 *uid_r = pw->pw_uid; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
71 return TRUE; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
72 } |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
73 |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
74 static bool parse_gid(const char *str, gid_t *gid_r) |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
75 { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
76 struct group *gr; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
77 char *p; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
78 |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
79 if (*str >= '0' && *str <= '9') { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
80 *gid_r = (gid_t)strtoul(str, &p, 10); |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
81 if (*p == '\0') |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
82 return TRUE; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
83 } |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
84 |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
85 gr = getgrnam(str); |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
86 if (gr == NULL) |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
87 return FALSE; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
88 |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
89 *gid_r = gr->gr_gid; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
90 return TRUE; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
91 } |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 static void auth_parse_input(struct auth_connection *conn, const char *args) |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 { |
6365 | 94 const char *const *tmp, *extra_groups; |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
95 uid_t uid = 0; |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
96 gid_t gid = 0; |
4683 | 97 const char *chroot = getenv("MAIL_CHROOT"); |
4652
3da6580bb0ed
Don't require home directory to be given. If debug is enabled, log what we
Timo Sirainen <tss@iki.fi>
parents:
4389
diff
changeset
|
98 bool debug = getenv("DEBUG") != NULL; |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 for (tmp = t_strsplit(args, "\t"); *tmp != NULL; tmp++) { |
4652
3da6580bb0ed
Don't require home directory to be given. If debug is enabled, log what we
Timo Sirainen <tss@iki.fi>
parents:
4389
diff
changeset
|
101 if (debug) |
3da6580bb0ed
Don't require home directory to be given. If debug is enabled, log what we
Timo Sirainen <tss@iki.fi>
parents:
4389
diff
changeset
|
102 i_info("auth input: %s", *tmp); |
3da6580bb0ed
Don't require home directory to be given. If debug is enabled, log what we
Timo Sirainen <tss@iki.fi>
parents:
4389
diff
changeset
|
103 |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 if (strncmp(*tmp, "uid=", 4) == 0) { |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
105 uid = strtoul(*tmp + 4, NULL, 10); |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
106 |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
107 if (uid == 0) { |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
108 i_error("userdb(%s) returned 0 as uid", |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
109 conn->user); |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
110 return_value = EX_TEMPFAIL; |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
111 } |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
112 if (conn->euid != uid) { |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 env_put(t_strconcat("RESTRICT_SETUID=", |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
114 dec2str(uid), NULL)); |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 } else if (strncmp(*tmp, "gid=", 4) == 0) { |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
117 gid = strtoul(*tmp + 4, NULL, 10); |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
118 |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
119 if (gid == 0) { |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
120 i_error("userdb(%s) returned 0 as gid", |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
121 conn->user); |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
122 return_value = EX_TEMPFAIL; |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
123 } |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 if (conn->euid == 0 || getegid() != gid) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 env_put(t_strconcat("RESTRICT_SETGID=", |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 *tmp + 4, NULL)); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 } else if (strncmp(*tmp, "chroot=", 7) == 0) { |
4683 | 130 chroot = *tmp + 7; |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 } else { |
6317
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
132 char *field = i_strdup(*tmp); |
6358
6bd13d514294
Fixed home directory handling which got broken by previous changes.
Timo Sirainen <tss@iki.fi>
parents:
6317
diff
changeset
|
133 |
6bd13d514294
Fixed home directory handling which got broken by previous changes.
Timo Sirainen <tss@iki.fi>
parents:
6317
diff
changeset
|
134 if (strncmp(field, "home=", 5) == 0) |
6bd13d514294
Fixed home directory handling which got broken by previous changes.
Timo Sirainen <tss@iki.fi>
parents:
6317
diff
changeset
|
135 env_put(t_strconcat("HOME=", field + 5, NULL)); |
6bd13d514294
Fixed home directory handling which got broken by previous changes.
Timo Sirainen <tss@iki.fi>
parents:
6317
diff
changeset
|
136 |
6317
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
137 array_append(conn->extra_fields, &field, 1); |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 |
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
141 if (uid == 0 && getenv("MAIL_UID")) { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
142 if (!parse_uid(getenv("MAIL_UID"), &uid) || uid == 0) { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
143 i_error("mail_uid setting is invalid"); |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
144 return_value = EX_TEMPFAIL; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
145 return; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
146 } |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
147 } |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
148 if (uid == 0) { |
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
149 i_error("User %s is missing UID (set mail_uid)", conn->user); |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
150 return_value = EX_TEMPFAIL; |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
151 return; |
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
152 } |
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
153 if (gid == 0 && getenv("MAIL_GID")) { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
154 if (!parse_gid(getenv("MAIL_GID"), &gid) || gid == 0) { |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
155 i_error("mail_gid setting is invalid"); |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
156 return_value = EX_TEMPFAIL; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
157 return; |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
158 } |
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
159 } |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
160 if (gid == 0) { |
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
161 i_error("User %s is missing GID (set mail_gid)", conn->user); |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 return_value = EX_TEMPFAIL; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 return; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 |
4683 | 166 if (chroot != NULL) |
167 env_put(t_strconcat("RESTRICT_CHROOT=", chroot, NULL)); | |
168 | |
6365 | 169 extra_groups = getenv("MAIL_EXTRA_GROUPS"); |
170 if (extra_groups != NULL) { | |
171 env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=", | |
172 extra_groups, NULL)); | |
173 } | |
174 | |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 restrict_access_by_env(TRUE); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 return_value = EX_OK; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4723
diff
changeset
|
179 static void auth_input(struct auth_connection *conn) |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 const char *line; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 switch (i_stream_read(conn->input)) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 case 0: |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 return; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 case -1: |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 /* disconnected */ |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 auth_connection_destroy(conn); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 return; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 case -2: |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 /* buffer full */ |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 i_error("BUG: Auth master sent us more than %d bytes", |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 MAX_INBUF_SIZE); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 auth_connection_destroy(conn); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 return; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 if (!conn->handshaked) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 while ((line = i_stream_next_line(conn->input)) != NULL) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 if (strncmp(line, "VERSION\t", 8) == 0) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 if (strncmp(line + 8, "1\t", 2) != 0) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 i_error("Auth master version mismatch"); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 auth_connection_destroy(conn); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 return; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 } else if (strncmp(line, "SPID\t", 5) == 0) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 conn->handshaked = TRUE; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 break; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 line = i_stream_next_line(conn->input); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 if (line != NULL) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 if (strncmp(line, "USER\t1\t", 7) == 0) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 auth_parse_input(conn, line + 7); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 } else if (strcmp(line, "NOTFOUND\t1") == 0) |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 return_value = EX_NOUSER; |
5370
c1d53e221cb2
FAIL reply doesn't necessarily have parameters. Don't give "BUG: Unexpected
Timo Sirainen <tss@iki.fi>
parents:
4907
diff
changeset
|
219 else if (strncmp(line, "FAIL\t1", 6) == 0) |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 return_value = EX_TEMPFAIL; |
6465
da4867da38c2
If we're connecting to client socket instead of a master socket, log an
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
221 else if (strncmp(line, "CUID\t", 5) == 0) { |
da4867da38c2
If we're connecting to client socket instead of a master socket, log an
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
222 i_error("%s is an auth client socket. " |
da4867da38c2
If we're connecting to client socket instead of a master socket, log an
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
223 "It should be a master socket.", |
da4867da38c2
If we're connecting to client socket instead of a master socket, log an
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
224 conn->auth_socket); |
da4867da38c2
If we're connecting to client socket instead of a master socket, log an
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
225 } else { |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 i_error("BUG: Unexpected input from auth master: %s", |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 line); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 auth_connection_destroy(conn); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 static struct auth_connection *auth_connection_new(const char *auth_socket) |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 struct auth_connection *conn; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 int fd; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 fd = net_connect_unix(auth_socket); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 if (fd < 0) { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 i_error("net_connect(%s) failed: %m", auth_socket); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 return NULL; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 conn = i_new(struct auth_connection, 1); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 conn->fd = fd; |
6162
896cc473c1f0
Renamed i_stream_create_file() to i_stream_create_fd().
Timo Sirainen <tss@iki.fi>
parents:
6161
diff
changeset
|
246 conn->input = i_stream_create_fd(fd, MAX_INBUF_SIZE, FALSE); |
6161
c62f7ee79446
Split o_stream_create_file() to _create_fd() and _create_fd_file().
Timo Sirainen <tss@iki.fi>
parents:
6142
diff
changeset
|
247 conn->output = o_stream_create_fd(fd, MAX_OUTBUF_SIZE, FALSE); |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 conn->io = io_add(fd, IO_READ, auth_input, conn); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 return conn; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 } |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 |
4907
5b4c9b20eba0
Replaced void *context from a lot of callbacks with the actual context
Timo Sirainen <tss@iki.fi>
parents:
4723
diff
changeset
|
252 static void auth_client_timeout(struct auth_connection *conn) |
4723
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
253 { |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
254 if (!conn->handshaked) |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
255 i_error("Connecting to dovecot-auth timed out"); |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
256 else |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
257 i_error("User request from dovecot-auth timed out"); |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
258 auth_connection_destroy(conn); |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
259 } |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
260 |
6317
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
261 int auth_client_lookup_and_restrict(struct ioloop *ioloop, |
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
262 const char *auth_socket, |
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
263 const char *user, uid_t euid, |
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
264 ARRAY_TYPE(string) *extra_fields_r) |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 { |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 struct auth_connection *conn; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 conn = auth_connection_new(auth_socket); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 if (conn == NULL) |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 return EX_TEMPFAIL; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 conn->ioloop = ioloop; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 conn->euid = euid; |
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
274 conn->user = user; |
6465
da4867da38c2
If we're connecting to client socket instead of a master socket, log an
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
275 conn->auth_socket = auth_socket; |
4723
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
276 conn->to = timeout_add(1000*AUTH_REQUEST_TIMEOUT, |
921d365e6bca
If we can't get auth user reply in a minute log timeout error and quit.
Timo Sirainen <tss@iki.fi>
parents:
4683
diff
changeset
|
277 auth_client_timeout, conn); |
6317
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
278 conn->extra_fields = extra_fields_r; |
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 o_stream_send_str(conn->output, |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 t_strconcat("VERSION\t1\t0\n" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 "USER\t1\t", user, "\t" |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 "service=deliver\n", NULL)); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 return_value = EX_TEMPFAIL; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 io_loop_run(ioloop); |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 return return_value; |
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 } |