dovecot/original-hg/dovecot-1.2: src/auth/auth-request-handler.c annotate

annotate src/auth/auth-request-handler.c @ 9266:cd29b745c8dd HEAD

configure: clock_gettime()'s -lrt adding dropped everything else from $LIBS.

author	Timo Sirainen <tss@iki.fi>
date	Mon, 27 Jul 2009 06:32:42 -0400
parents	ee173ea99ea6
children	00cd9aacd03c

rev	line source
8590 b9faf4db2a9f Updated copyright notices to include year 2009. Timo Sirainen <tss@iki.fi> parents: 8574 diff changeset	1 /* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	2
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	3 #include "common.h"
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	4 #include "ioloop.h"
7087 a281705a2360 Converted some buffers to arrays. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	5 #include "array.h"
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	6 #include "aqueue.h"
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	7 #include "base64.h"
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	8 #include "hash.h"
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	9 #include "str.h"
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	10 #include "str-sanitize.h"
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	11 #include "auth-request.h"
5038 b2921478f94f Several fixes to handling deinitialization without crashing. Timo Sirainen <tss@iki.fi> parents: 5005 diff changeset	12 #include "auth-master-connection.h"
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	13 #include "auth-request-handler.h"
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	14
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	15 #include <stdlib.h>
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	16
7089 10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	17 #define DEFAULT_AUTH_FAILURE_DELAY 2
10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	18 #define AUTH_FAILURE_DELAY_CHECK_MSECS 500
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	19
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	20 struct auth_request_handler {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	21 int refcount;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	22 pool_t pool;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	23 struct hash_table *requests;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	24
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	25 struct auth *auth;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	26 unsigned int connect_uid, client_pid;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	27
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	28 auth_request_callback_t *callback;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	29 void *context;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	30
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	31 auth_request_callback_t *master_callback;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	32 };
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	33
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	34 static ARRAY_DEFINE(auth_failures_arr, struct auth_request *);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	35 static struct aqueue *auth_failures;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	36 static struct timeout *to_auth_failures;
7089 10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	37 static unsigned int auth_failure_delay;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	38
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	39 static void auth_failure_timeout(void *context);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	40
4903 204d7edc7cdc Added context parameter type safety checks for most callback APIs. Timo Sirainen <tss@iki.fi> parents: 4880 diff changeset	41 #undef auth_request_handler_create
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	42 struct auth_request_handler *
3518 c444e76648e8 Removed unused code Timo Sirainen <tss@iki.fi> parents: 3432 diff changeset	43 auth_request_handler_create(struct auth *auth,
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	44 auth_request_callback_t callback, void context,
3308 3f090bcaffcc Allow multiple master connections for a single listener. Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	45 auth_request_callback_t *master_callback)
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	46 {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	47 struct auth_request_handler *handler;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	48 pool_t pool;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	49
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	50 pool = pool_alloconly_create("auth request handler", 4096);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	51
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	52 handler = p_new(pool, struct auth_request_handler, 1);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	53 handler->refcount = 1;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	54 handler->pool = pool;
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	55 handler->requests = hash_table_create(default_pool, pool, 0, NULL, NULL);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	56 handler->auth = auth;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	57 handler->callback = callback;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	58 handler->context = context;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	59 handler->master_callback = master_callback;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	60 return handler;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	61 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	62
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	63 void auth_request_handler_unref(struct auth_request_handler **_handler)
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	64 {
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	65 struct auth_request_handler handler = _handler;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	66 struct hash_iterate_context *iter;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	67 void key, value;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	68
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	69 *_handler = NULL;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	70 i_assert(handler->refcount > 0);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	71 if (--handler->refcount > 0)
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	72 return;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	73
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	74 iter = hash_table_iterate_init(handler->requests);
f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	75 while (hash_table_iterate(iter, &key, &value)) {
3952 d7a0354861b8 If authentication client disconnects while it still has pending requests, Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	76 struct auth_request *auth_request = value;
d7a0354861b8 If authentication client disconnects while it still has pending requests, Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	77
d7a0354861b8 If authentication client disconnects while it still has pending requests, Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	78 auth_request_unref(&auth_request);
d7a0354861b8 If authentication client disconnects while it still has pending requests, Timo Sirainen <tss@iki.fi> parents: 3879 diff changeset	79 }
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	80 hash_table_iterate_deinit(&iter);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	81
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	82 /* notify parent that we're done with all requests */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	83 handler->callback(NULL, handler->context);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	84
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	85 hash_table_destroy(&handler->requests);
6428 7cad076906eb pool_unref() now takes ** pointer. Timo Sirainen <tss@iki.fi> parents: 6417 diff changeset	86 pool_unref(&handler->pool);
3077 eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid Timo Sirainen <tss@iki.fi> parents: 3074 diff changeset	87 }
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	88
3077 eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid Timo Sirainen <tss@iki.fi> parents: 3074 diff changeset	89 void auth_request_handler_set(struct auth_request_handler *handler,
eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid Timo Sirainen <tss@iki.fi> parents: 3074 diff changeset	90 unsigned int connect_uid,
eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid Timo Sirainen <tss@iki.fi> parents: 3074 diff changeset	91 unsigned int client_pid)
eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid Timo Sirainen <tss@iki.fi> parents: 3074 diff changeset	92 {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	93 handler->connect_uid = connect_uid;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	94 handler->client_pid = client_pid;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	95 }
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	96
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	97 static void auth_request_handler_remove(struct auth_request_handler *handler,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	98 struct auth_request *request)
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	99 {
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	100 hash_table_remove(handler->requests, POINTER_CAST(request->id));
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	101 auth_request_unref(&request);
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	102 }
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	103
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	104 void auth_request_handler_check_timeouts(struct auth_request_handler *handler)
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	105 {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	106 struct hash_iterate_context *iter;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	107 void key, value;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	108
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	109 iter = hash_table_iterate_init(handler->requests);
f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	110 while (hash_table_iterate(iter, &key, &value)) {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	111 struct auth_request *request = value;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	112
5586 dad0e22b735a Changed auth_request->created to last_access and update it a bit more often. Timo Sirainen <tss@iki.fi> parents: 5089 diff changeset	113 if (request->last_access + AUTH_REQUEST_TIMEOUT < ioloop_time)
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	114 auth_request_handler_remove(handler, request);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	115 }
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	116 hash_table_iterate_deinit(&iter);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	117 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	118
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	119 static void get_client_extra_fields(struct auth_request *request,
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	120 struct auth_stream_reply *reply)
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	121 {
3520 e2fe8222449d s/occured/occurred/ Timo Sirainen <tss@iki.fi> parents: 3518 diff changeset	122 const char *fields, extra_fields;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	123 unsigned int src, dest;
4758 2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	124 bool seen_pass = FALSE;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	125
5085 dd4c4a0c0aae code cleanup Timo Sirainen <tss@iki.fi> parents: 5038 diff changeset	126 if (auth_stream_is_empty(request->extra_fields))
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	127 return;
5085 dd4c4a0c0aae code cleanup Timo Sirainen <tss@iki.fi> parents: 5038 diff changeset	128
dd4c4a0c0aae code cleanup Timo Sirainen <tss@iki.fi> parents: 5038 diff changeset	129 extra_fields = auth_stream_reply_export(request->extra_fields);
3520 e2fe8222449d s/occured/occurred/ Timo Sirainen <tss@iki.fi> parents: 3518 diff changeset	130
3432 079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	131 if (!request->proxy) {
079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	132 /* we only wish to remove all fields prefixed with "userdb_" */
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	133 if (strstr(extra_fields, "userdb_") == NULL) {
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	134 auth_stream_reply_import(reply, extra_fields);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	135 return;
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	136 }
3432 079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	137 }
079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	138
4758 2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	139 fields = t_strsplit(extra_fields, "\t");
2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	140 for (src = dest = 0; fields[src] != NULL; src++) {
2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	141 if (strncmp(fields[src], "userdb_", 7) != 0) {
2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	142 if (!seen_pass && strncmp(fields[src], "pass=", 5) == 0)
2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	143 seen_pass = TRUE;
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	144 auth_stream_reply_import(reply, fields[src]);
4758 2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	145 }
2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	146 }
2fc38c1e48c4 Don't send "pass" back if it's already set, or if it's not known. Timo Sirainen <tss@iki.fi> parents: 4739 diff changeset	147
8546 50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	148 if (request->proxy) {
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	149 /* we're proxying */
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	150 if (!seen_pass && request->mech_password != NULL) {
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	151 /* send back the password that was sent by user
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	152 (not the password in passdb). */
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	153 auth_stream_reply_add(reply, "pass",
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	154 request->mech_password);
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	155 }
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	156 if (request->master_user != NULL) {
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	157 /* the master username needs to be forwarded */
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	158 auth_stream_reply_add(reply, "master",
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	159 request->master_user);
50f49805b13b imap/pop3 proxy: Support master user logins. Timo Sirainen <tss@iki.fi> parents: 8413 diff changeset	160 }
3432 079ec5c2d665 Last change caused user-given passwords to be cached, and later the password Timo Sirainen <tss@iki.fi> parents: 3338 diff changeset	161 }
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	162 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	163
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	164 static void
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	165 auth_request_handle_failure(struct auth_request *request,
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	166 struct auth_stream_reply *reply)
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	167 {
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	168 struct auth_request_handler *handler = request->context;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	169
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	170 if (request->delayed_failure) {
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	171 /* we came here from flush_failures() */
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	172 handler->callback(reply, handler->context);
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	173 return;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	174 }
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	175
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	176 /* remove the request from requests-list */
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	177 auth_request_ref(request);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	178 auth_request_handler_remove(handler, request);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	179
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	180 if (request->no_failure_delay) {
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	181 /* passdb specifically requested not to delay the
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	182 reply. */
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	183 handler->callback(reply, handler->context);
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	184 auth_request_unref(&request);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	185 return;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	186 }
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	187
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	188 /* failure. don't announce it immediately to avoid
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	189 a) timing attacks, b) flooding */
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	190 request->delayed_failure = TRUE;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	191 handler->refcount++;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	192
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	193 request->last_access = ioloop_time;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	194 aqueue_append(auth_failures, &request);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	195 if (to_auth_failures == NULL) {
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	196 to_auth_failures =
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	197 timeout_add(AUTH_FAILURE_DELAY_CHECK_MSECS,
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	198 auth_failure_timeout, NULL);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	199 }
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	200 }
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	201
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	202 static void auth_callback(struct auth_request *request,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	203 enum auth_client_result result,
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	204 const void *auth_reply, size_t reply_size)
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	205 {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	206 struct auth_request_handler *handler = request->context;
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	207 struct auth_stream_reply *reply;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	208 string_t *str;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	209
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	210 reply = auth_stream_reply_init(pool_datastack_create());
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	211 switch (result) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	212 case AUTH_CLIENT_RESULT_CONTINUE:
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	213 auth_stream_reply_add(reply, "CONT", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	214 auth_stream_reply_add(reply, NULL, dec2str(request->id));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	215
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	216 str = t_str_new(MAX_BASE64_ENCODED_SIZE(reply_size));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	217 base64_encode(auth_reply, reply_size, str);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	218 auth_stream_reply_add(reply, NULL, str_c(str));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	219
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	220 request->accept_input = TRUE;
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	221 handler->callback(reply, handler->context);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	222 break;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	223 case AUTH_CLIENT_RESULT_SUCCESS:
7123 25e7c37c7c10 If proxy user has a password and authentication fails, don't return the Timo Sirainen <tss@iki.fi> parents: 7122 diff changeset	224 auth_request_proxy_finish(request, TRUE);
7122 fb03422c0760 Added "proxy_maybe" field. If it's used instead of "proxy" and the Timo Sirainen <tss@iki.fi> parents: 7089 diff changeset	225
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	226 auth_stream_reply_add(reply, "OK", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	227 auth_stream_reply_add(reply, NULL, dec2str(request->id));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	228 auth_stream_reply_add(reply, "user", request->user);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	229 if (reply_size > 0) {
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	230 str = t_str_new(MAX_BASE64_ENCODED_SIZE(reply_size));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	231 base64_encode(auth_reply, reply_size, str);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	232 auth_stream_reply_add(reply, "resp", str_c(str));
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	233 }
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	234 get_client_extra_fields(request, reply);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	235 if (request->no_login \|\| handler->master_callback == NULL) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	236 /* this request doesn't have to wait for master
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	237 process to pick it up. delete it */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	238 auth_request_handler_remove(handler, request);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	239 }
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	240 handler->callback(reply, handler->context);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	241 break;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	242 case AUTH_CLIENT_RESULT_FAILURE:
7123 25e7c37c7c10 If proxy user has a password and authentication fails, don't return the Timo Sirainen <tss@iki.fi> parents: 7122 diff changeset	243 auth_request_proxy_finish(request, FALSE);
25e7c37c7c10 If proxy user has a password and authentication fails, don't return the Timo Sirainen <tss@iki.fi> parents: 7122 diff changeset	244
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	245 auth_stream_reply_add(reply, "FAIL", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	246 auth_stream_reply_add(reply, NULL, dec2str(request->id));
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	247 if (request->user != NULL)
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	248 auth_stream_reply_add(reply, "user", request->user);
8413 24c8bc8098ee Give a different error message if authentication succeeds but authorization fails. Timo Sirainen <tss@iki.fi> parents: 8320 diff changeset	249
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	250 if (request->internal_failure)
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	251 auth_stream_reply_add(reply, "temp", NULL);
8413 24c8bc8098ee Give a different error message if authentication succeeds but authorization fails. Timo Sirainen <tss@iki.fi> parents: 8320 diff changeset	252 else if (request->master_user != NULL) {
24c8bc8098ee Give a different error message if authentication succeeds but authorization fails. Timo Sirainen <tss@iki.fi> parents: 8320 diff changeset	253 /* authentication succeeded, but we can't log in
24c8bc8098ee Give a different error message if authentication succeeds but authorization fails. Timo Sirainen <tss@iki.fi> parents: 8320 diff changeset	254 as the wanted user */
24c8bc8098ee Give a different error message if authentication succeeds but authorization fails. Timo Sirainen <tss@iki.fi> parents: 8320 diff changeset	255 auth_stream_reply_add(reply, "authz", NULL);
24c8bc8098ee Give a different error message if authentication succeeds but authorization fails. Timo Sirainen <tss@iki.fi> parents: 8320 diff changeset	256 }
8574 1b744c38bcac Increase failed login's reply delay by 5 seconds for each failure. Timo Sirainen <tss@iki.fi> parents: 8573 diff changeset	257 if (request->no_failure_delay)
1b744c38bcac Increase failed login's reply delay by 5 seconds for each failure. Timo Sirainen <tss@iki.fi> parents: 8573 diff changeset	258 auth_stream_reply_add(reply, "nodelay", NULL);
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	259 get_client_extra_fields(request, reply);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	260
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	261 auth_request_handle_failure(request, reply);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	262 break;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	263 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	264 /* NOTE: request may be destroyed now */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	265
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	266 auth_request_handler_unref(&handler);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	267 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	268
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	269 static void auth_request_handler_auth_fail(struct auth_request_handler *handler,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	270 struct auth_request *request,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	271 const char *reason)
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	272 {
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	273 struct auth_stream_reply *reply;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	274
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	275 auth_request_log_info(request, request->mech->mech_name, "%s", reason);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	276
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	277 reply = auth_stream_reply_init(pool_datastack_create());
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	278 auth_stream_reply_add(reply, "FAIL", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	279 auth_stream_reply_add(reply, NULL, dec2str(request->id));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	280 auth_stream_reply_add(reply, "reason", reason);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	281
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	282 handler->callback(reply, handler->context);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	283 auth_request_handler_remove(handler, request);
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	284 }
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	285
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3520 diff changeset	286 bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3520 diff changeset	287 const char *args)
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	288 {
5788 bdb16967be64 Further const'ification of struct mech_module. Andrey Panin <pazke@donpac.ru> parents: 5586 diff changeset	289 const struct mech_module *mech;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	290 struct auth_request *request;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	291 const char const list, name, arg, *initial_resp;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	292 const void *initial_resp_data;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	293 size_t initial_resp_len;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	294 unsigned int id;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	295 buffer_t *buf;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	296
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	297 /* <id> <mechanism> [...] */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	298 list = t_strsplit(args, "\t");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	299 if (list[0] == NULL \|\| list[1] == NULL) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	300 i_error("BUG: Authentication client %u "
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	301 "sent broken AUTH request", handler->client_pid);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	302 return FALSE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	303 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	304
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	305 id = (unsigned int)strtoul(list[0], NULL, 10);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	306
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	307 mech = mech_module_find(list[1]);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	308 if (mech == NULL) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	309 /* unsupported mechanism */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	310 i_error("BUG: Authentication client %u requested unsupported "
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	311 "authentication mechanism %s", handler->client_pid,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	312 str_sanitize(list[1], MAX_MECH_NAME_LEN));
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	313 return FALSE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	314 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	315
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	316 request = auth_request_new(handler->auth, mech, auth_callback, handler);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	317 request->connect_uid = handler->connect_uid;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	318 request->client_pid = handler->client_pid;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	319 request->id = id;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	320
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	321 /* parse optional parameters */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	322 initial_resp = NULL;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	323 for (list += 2; *list != NULL; list++) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	324 arg = strchr(*list, '=');
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	325 if (arg == NULL) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	326 name = *list;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	327 arg = "";
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	328 } else {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	329 name = t_strdup_until(*list, arg);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	330 arg++;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	331 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	332
3338 e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3308 diff changeset	333 if (auth_request_import(request, name, arg))
e5ce49c8524a USER auth command requires now service parameter and supports also others Timo Sirainen <tss@iki.fi> parents: 3308 diff changeset	334 ;
4682 bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	335 else if (strcmp(name, "resp") == 0) {
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	336 initial_resp = arg;
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	337 /* this must be the last parameter */
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	338 list++;
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	339 break;
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	340 }
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	341 }
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	342
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	343 if (*list != NULL) {
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	344 i_error("BUG: Authentication client %u "
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	345 "sent AUTH parameters after 'resp'",
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	346 handler->client_pid);
bc071307fc2a Require that the "resp" parameter for AUTH command is the last. Timo Sirainen <tss@iki.fi> parents: 4532 diff changeset	347 return FALSE;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	348 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	349
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	350 if (request->service == NULL) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	351 i_error("BUG: Authentication client %u "
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	352 "didn't specify service in request",
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	353 handler->client_pid);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	354 return FALSE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	355 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	356
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	357 hash_table_insert(handler->requests, POINTER_CAST(id), request);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	358
8320 d49aa6720fb2 Added %k variable to display valid-client-cert status. It expands to "valid" or empty. Timo Sirainen <tss@iki.fi> parents: 7388 diff changeset	359 if (request->auth->ssl_require_client_cert &&
d49aa6720fb2 Added %k variable to display valid-client-cert status. It expands to "valid" or empty. Timo Sirainen <tss@iki.fi> parents: 7388 diff changeset	360 !request->valid_client_cert) {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	361 /* we fail without valid certificate */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	362 auth_request_handler_auth_fail(handler, request,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	363 "Client didn't present valid SSL certificate");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	364 return TRUE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	365 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	366
9189 ee173ea99ea6 auth: Ignore empty initial response strings. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	367 /* Empty initial response is a "=" base64 string. Completely empty
ee173ea99ea6 auth: Ignore empty initial response strings. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	368 string shouldn't really be sent, but at least Exim does it,
ee173ea99ea6 auth: Ignore empty initial response strings. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	369 so just allow it for backwards compatibility.. */
ee173ea99ea6 auth: Ignore empty initial response strings. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	370 if (initial_resp == NULL \|\| *initial_resp == '\0') {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	371 initial_resp_data = NULL;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	372 initial_resp_len = 0;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	373 } else {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	374 size_t len = strlen(initial_resp);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	375 buf = buffer_create_dynamic(pool_datastack_create(),
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	376 MAX_BASE64_DECODED_SIZE(len));
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	377 if (base64_decode(initial_resp, len, NULL, buf) < 0) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	378 auth_request_handler_auth_fail(handler, request,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	379 "Invalid base64 data in initial response");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	380 return TRUE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	381 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	382 initial_resp_data = buf->data;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	383 initial_resp_len = buf->used;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	384 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	385
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	386 /* handler is referenced until auth_callback is called. */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	387 handler->refcount++;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	388 auth_request_initial(request, initial_resp_data, initial_resp_len);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	389 return TRUE;
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	390 }
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	391
3863 55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3520 diff changeset	392 bool auth_request_handler_auth_continue(struct auth_request_handler *handler,
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool. Timo Sirainen <tss@iki.fi> parents: 3520 diff changeset	393 const char *args)
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	394 {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	395 struct auth_request *request;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	396 const char *data;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	397 size_t data_len;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	398 buffer_t *buf;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	399 unsigned int id;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	400
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	401 data = strchr(args, '\t');
5089 18559c7e3a15 Cleanups and minor fixes Timo Sirainen <tss@iki.fi> parents: 5085 diff changeset	402 if (data == NULL) {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	403 i_error("BUG: Authentication client sent broken CONT request");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	404 return FALSE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	405 }
5089 18559c7e3a15 Cleanups and minor fixes Timo Sirainen <tss@iki.fi> parents: 5085 diff changeset	406 data++;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	407
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	408 id = (unsigned int)strtoul(args, NULL, 10);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	409
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	410 request = hash_table_lookup(handler->requests, POINTER_CAST(id));
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	411 if (request == NULL) {
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	412 struct auth_stream_reply *reply;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	413
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	414 reply = auth_stream_reply_init(pool_datastack_create());
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	415 auth_stream_reply_add(reply, "FAIL", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	416 auth_stream_reply_add(reply, NULL, dec2str(id));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	417 auth_stream_reply_add(reply, "reason", "Timeouted");
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	418 handler->callback(reply, handler->context);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	419 return TRUE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	420 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	421
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	422 /* accept input only once after mechanism has sent a CONT reply */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	423 if (!request->accept_input) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	424 auth_request_handler_auth_fail(handler, request,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	425 "Unexpected continuation");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	426 return TRUE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	427 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	428 request->accept_input = FALSE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	429
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	430 data_len = strlen(data);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	431 buf = buffer_create_dynamic(pool_datastack_create(),
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	432 MAX_BASE64_DECODED_SIZE(data_len));
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	433 if (base64_decode(data, data_len, NULL, buf) < 0) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	434 auth_request_handler_auth_fail(handler, request,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	435 "Invalid base64 data in continued response");
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	436 return TRUE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	437 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	438
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	439 /* handler is referenced until auth_callback is called. */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	440 handler->refcount++;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	441 auth_request_continue(request, buf->data, buf->used);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	442 return TRUE;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	443 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	444
4880 4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	445 static void userdb_callback(enum userdb_result result,
3520 e2fe8222449d s/occured/occurred/ Timo Sirainen <tss@iki.fi> parents: 3518 diff changeset	446 struct auth_request *request)
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	447 {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	448 struct auth_request_handler *handler = request->context;
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	449 struct auth_stream_reply *reply;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	450
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	451 i_assert(request->state == AUTH_REQUEST_STATE_USERDB);
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	452
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	453 request->state = AUTH_REQUEST_STATE_FINISHED;
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	454
5872 93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	455 if (request->userdb_lookup_failed)
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	456 result = USERDB_RESULT_INTERNAL_FAILURE;
93bd157917ca Changed userdb callback API. Don't require uid/gid to be returned by userdb. Timo Sirainen <tss@iki.fi> parents: 5788 diff changeset	457
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	458 reply = auth_stream_reply_init(pool_datastack_create());
4880 4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	459 switch (result) {
4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	460 case USERDB_RESULT_INTERNAL_FAILURE:
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	461 auth_stream_reply_add(reply, "FAIL", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	462 auth_stream_reply_add(reply, NULL, dec2str(request->id));
4880 4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	463 break;
4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	464 case USERDB_RESULT_USER_UNKNOWN:
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	465 auth_stream_reply_add(reply, "NOTFOUND", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	466 auth_stream_reply_add(reply, NULL, dec2str(request->id));
4880 4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	467 break;
4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	468 case USERDB_RESULT_OK:
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	469 auth_stream_reply_add(reply, "USER", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	470 auth_stream_reply_add(reply, NULL, dec2str(request->id));
4532 d83f2a6e1f45 When logging in as master user, send it as "master_user" field to master Timo Sirainen <tss@iki.fi> parents: 4451 diff changeset	471 if (request->master_user != NULL) {
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	472 auth_stream_reply_add(request->userdb_reply,
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	473 "master_user",
4532 d83f2a6e1f45 When logging in as master user, send it as "master_user" field to master Timo Sirainen <tss@iki.fi> parents: 4451 diff changeset	474 request->master_user);
d83f2a6e1f45 When logging in as master user, send it as "master_user" field to master Timo Sirainen <tss@iki.fi> parents: 4451 diff changeset	475 }
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	476 auth_stream_reply_import(reply,
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	477 auth_stream_reply_export(request->userdb_reply));
4880 4ec6a4def05b We treated internal userdb lookup errors as "user unknown" errors. In such Timo Sirainen <tss@iki.fi> parents: 4767 diff changeset	478 break;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	479 }
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	480 handler->master_callback(reply, request->master);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	481
5038 b2921478f94f Several fixes to handling deinitialization without crashing. Timo Sirainen <tss@iki.fi> parents: 5005 diff changeset	482 auth_master_connection_unref(&request->master);
3879 928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	483 auth_request_unref(&request);
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	484 auth_request_handler_unref(&handler);
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	485 }
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	486
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	487 void auth_request_handler_master_request(struct auth_request_handler *handler,
3308 3f090bcaffcc Allow multiple master connections for a single listener. Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	488 struct auth_master_connection *master,
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	489 unsigned int id,
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	490 unsigned int client_id)
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	491 {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	492 struct auth_request *request;
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	493 struct auth_stream_reply *reply;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	494
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	495 reply = auth_stream_reply_init(pool_datastack_create());
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	496
8573 f9166a09423a Renamed hash_() to hash_table_() to avoid conflicts with OSX's strhash.h Timo Sirainen <tss@iki.fi> parents: 8546 diff changeset	497 request = hash_table_lookup(handler->requests, POINTER_CAST(client_id));
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	498 if (request == NULL) {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	499 i_error("Master request %u.%u not found",
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	500 handler->client_pid, client_id);
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	501 auth_stream_reply_add(reply, "NOTFOUND", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	502 auth_stream_reply_add(reply, NULL, dec2str(id));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	503 handler->master_callback(reply, master);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	504 return;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	505 }
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	506
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	507 auth_request_ref(request);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	508 auth_request_handler_remove(handler, request);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	509
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	510 if (request->state != AUTH_REQUEST_STATE_FINISHED \|\|
8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	511 !request->successful) {
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	512 i_error("Master requested unfinished authentication request "
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	513 "%u.%u", handler->client_pid, client_id);
7388 08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	514 auth_stream_reply_add(reply, "NOTFOUND", NULL);
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	515 auth_stream_reply_add(reply, NULL, dec2str(id));
08d31d752893 Use auth-stream API to build all TAB-delimited strings to make sure strings Timo Sirainen <tss@iki.fi> parents: 7384 diff changeset	516 handler->master_callback(reply, master);
4401 10cdcfe98cfc Fixed memory leak in error handling. Timo Sirainen <tss@iki.fi> parents: 3952 diff changeset	517 auth_request_unref(&request);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	518 } else {
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	519 /* the request isn't being referenced anywhere anymore,
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	520 so we can do a bit of kludging.. replace the request's
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	521 old client_id with master's id. */
3171 8a3b57385eca Added state variable for auth_request and several assertions to make sure Timo Sirainen <tss@iki.fi> parents: 3166 diff changeset	522 request->state = AUTH_REQUEST_STATE_USERDB;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	523 request->id = id;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	524 request->context = handler;
3308 3f090bcaffcc Allow multiple master connections for a single listener. Timo Sirainen <tss@iki.fi> parents: 3171 diff changeset	525 request->master = master;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	526
5038 b2921478f94f Several fixes to handling deinitialization without crashing. Timo Sirainen <tss@iki.fi> parents: 5005 diff changeset	527 /* master and handler are referenced until userdb_callback i
b2921478f94f Several fixes to handling deinitialization without crashing. Timo Sirainen <tss@iki.fi> parents: 5005 diff changeset	528 s called. */
b2921478f94f Several fixes to handling deinitialization without crashing. Timo Sirainen <tss@iki.fi> parents: 5005 diff changeset	529 auth_master_connection_ref(master);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	530 handler->refcount++;
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	531 auth_request_lookup_user(request, userdb_callback);
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	532 }
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	533 }
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	534
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	535 void auth_request_handler_flush_failures(bool flush_all)
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	536 {
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	537 struct auth_request *auth_requests, auth_request;
7087 a281705a2360 Converted some buffers to arrays. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	538 unsigned int i, count;
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	539 time_t diff;
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	540
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	541 count = aqueue_count(auth_failures);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	542 if (count == 0) {
7089 10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	543 if (to_auth_failures != NULL)
10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	544 timeout_remove(&to_auth_failures);
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	545 return;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	546 }
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	547
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	548 auth_requests = array_idx_modifiable(&auth_failures_arr, 0);
7087 a281705a2360 Converted some buffers to arrays. Timo Sirainen <tss@iki.fi> parents: 7086 diff changeset	549 for (i = 0; i < count; i++) {
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	550 auth_request = auth_requests[aqueue_idx(auth_failures, 0)];
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	551
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	552 diff = ioloop_time - auth_request->last_access;
7384 899127b7c7e6 Compiler warning fixes Timo Sirainen <tss@iki.fi> parents: 7123 diff changeset	553 if (diff < (time_t)auth_failure_delay && !flush_all)
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	554 break;
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	555
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	556 aqueue_delete_tail(auth_failures);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	557
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	558 i_assert(auth_request->state == AUTH_REQUEST_STATE_FINISHED);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	559 auth_request->callback(auth_request,
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	560 AUTH_CLIENT_RESULT_FAILURE, NULL, 0);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	561 auth_request_unref(&auth_request);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	562 }
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	563 }
3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	564
6411 6a64e64fa3a3 Renamed __attr___ to ATTR_. Renamed __attrs_used__ to ATTRS_DEFINED. Timo Sirainen <tss@iki.fi> parents: 5872 diff changeset	565 static void auth_failure_timeout(void *context ATTR_UNUSED)
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	566 {
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	567 auth_request_handler_flush_failures(FALSE);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	568 }
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	569
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	570 void auth_request_handler_init(void)
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	571 {
7089 10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	572 const char *env;
10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	573
10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	574 env = getenv("FAILURE_DELAY");
10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	575 auth_failure_delay = env != NULL ? atoi(env) :
10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	576 DEFAULT_AUTH_FAILURE_DELAY;
10d49a20b04e Added auth_failure_delay setting. Timo Sirainen <tss@iki.fi> parents: 7088 diff changeset	577
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	578 i_array_init(&auth_failures_arr, 128);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	579 auth_failures = aqueue_init(&auth_failures_arr.arr);
3074 3feb38ff17f5 Moving code around. Timo Sirainen <tss@iki.fi> parents: diff changeset	580 }
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	581
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	582 void auth_request_handler_deinit(void)
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	583 {
7088 958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	584 auth_request_handler_flush_failures(TRUE);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	585 array_free(&auth_failures_arr);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	586 aqueue_deinit(&auth_failures);
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	587
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	588 if (to_auth_failures != NULL)
958500009336 Make sure failed auth requests stay in failure buffer for at least a second. Timo Sirainen <tss@iki.fi> parents: 7087 diff changeset	589 timeout_remove(&to_auth_failures);
3166 e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually Timo Sirainen <tss@iki.fi> parents: 3077 diff changeset	590 }

Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/auth-request-handler.c @ 9266:cd29b745c8dd HEAD