Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/passdb.c @ 9608:f30e6a345d73 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tag 1.2.14 for changeset eb04e2b13e3d
author Timo Sirainen <tss@iki.fi>
date Tue, 24 Aug 2010 18:10:29 +0100
parents 00cd9aacd03c
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
9532
00cd9aacd03c Updated copyright notices to include year 2010.
Timo Sirainen <tss@iki.fi>
parents: 9093
diff changeset
1 /* Copyright (c) 2002-2010 Dovecot authors, see the included COPYING file */
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
6187
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
4 #include "array.h"
1192
76321f65960d Fix realm usage with DIGEST-MD5. Support generating other password schemes
Timo Sirainen <tss@iki.fi>
parents: 1191
diff changeset
5 #include "password-scheme.h"
3166
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents: 3161
diff changeset
6 #include "auth-worker-server.h"
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 #include "passdb.h"
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #include <stdlib.h>
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10
6187
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
11 static ARRAY_DEFINE(passdb_interfaces, struct passdb_module_interface *);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
12
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
13 static struct passdb_module_interface *passdb_interface_find(const char *name)
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
14 {
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
15 struct passdb_module_interface *const *ifaces;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
16 unsigned int i, count;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
17
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
18 ifaces = array_get(&passdb_interfaces, &count);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
19 for (i = 0; i < count; i++) {
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
20 if (strcmp(ifaces[i]->name, name) == 0)
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
21 return ifaces[i];
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
22 }
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
23 return NULL;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
24 }
3066
34c1cf646467 Moved extern userdb/passdb declarations to .c files.
Timo Sirainen <tss@iki.fi>
parents: 3065
diff changeset
25
6187
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
26 void passdb_register_module(struct passdb_module_interface *iface)
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
27 {
8888
4aa05d7d8b07 auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents: 8766
diff changeset
28 struct passdb_module_interface *old_iface;
4aa05d7d8b07 auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents: 8766
diff changeset
29
4aa05d7d8b07 auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents: 8766
diff changeset
30 old_iface = passdb_interface_find(iface->name);
4aa05d7d8b07 auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents: 8766
diff changeset
31 if (old_iface != NULL && old_iface->verify_plain == NULL) {
4aa05d7d8b07 auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents: 8766
diff changeset
32 /* replacing a "support not compiled in" passdb */
4aa05d7d8b07 auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents: 8766
diff changeset
33 passdb_unregister_module(old_iface);
4aa05d7d8b07 auth: Fixed loading known passdb/userdb plugins.
Timo Sirainen <tss@iki.fi>
parents: 8766
diff changeset
34 } else if (old_iface != NULL) {
6187
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
35 i_panic("passdb_register_module(%s): Already registered",
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
36 iface->name);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
37 }
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
38 array_append(&passdb_interfaces, &iface, 1);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
39 }
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
40
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
41 void passdb_unregister_module(struct passdb_module_interface *iface)
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
42 {
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
43 struct passdb_module_interface *const *ifaces;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
44 unsigned int i, count;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
45
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
46 ifaces = array_get(&passdb_interfaces, &count);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
47 for (i = 0; i < count; i++) {
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
48 if (ifaces[i] == iface) {
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
49 array_delete(&passdb_interfaces, i, 1);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
50 return;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
51 }
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
52 }
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
53 i_panic("passdb_unregister_module(%s): Not registered", iface->name);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
54 }
2942
c7d426f8cb58 Added name variable for userdb_module and passdb_module and changed their
Timo Sirainen <tss@iki.fi>
parents: 2798
diff changeset
55
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
56 bool passdb_get_credentials(struct auth_request *auth_request,
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
57 const char *input, const char *input_scheme,
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
58 const unsigned char **credentials_r, size_t *size_r)
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1156
diff changeset
59 {
5593
f8dc0bdb06a7 Removed enum passdb_credentials. Use scheme strings directly instead. This
Timo Sirainen <tss@iki.fi>
parents: 5475
diff changeset
60 const char *wanted_scheme = auth_request->credentials_scheme;
8766
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
61 const char *plaintext, *username;
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
62 int ret;
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1156
diff changeset
63
8765
d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents: 8764
diff changeset
64 if (auth_request->prefer_plain_credentials &&
d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents: 8764
diff changeset
65 password_scheme_is_alias(input_scheme, "PLAIN")) {
d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents: 8764
diff changeset
66 /* we've a plaintext scheme and we prefer to get it instead
d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents: 8764
diff changeset
67 of converting it to the fallback scheme */
d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents: 8764
diff changeset
68 wanted_scheme = "";
d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents: 8764
diff changeset
69 }
d69763bee853 auth workers: Return plaintext credentials to parent process if possible, so it gets cached instead of some other scheme.
Timo Sirainen <tss@iki.fi>
parents: 8764
diff changeset
70
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
71 ret = password_decode(input, input_scheme, credentials_r, size_r);
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
72 if (ret <= 0) {
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
73 if (ret < 0) {
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
74 auth_request_log_error(auth_request, "password",
9093
a4bdf6d119f6 auth: Improved "Password not in expected scheme" error message.
Timo Sirainen <tss@iki.fi>
parents: 8888
diff changeset
75 "Password in passdb is not in expected scheme %s",
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
76 input_scheme);
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
77 } else {
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
78 auth_request_log_error(auth_request, "password",
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
79 "Unknown scheme %s", input_scheme);
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
80 }
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
81 return FALSE;
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
82 }
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
83
5631
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
84 if (*wanted_scheme == '\0') {
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
85 /* anything goes. change the credentials_scheme to what we
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
86 actually got, so blocking passdbs work. */
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
87 auth_request->credentials_scheme =
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
88 p_strdup(auth_request->pool, input_scheme);
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
89 return TRUE;
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
90 }
139416ee311e If wanted scheme is "" (userdb static lookup), switch it to the actual
Timo Sirainen <tss@iki.fi>
parents: 5598
diff changeset
91
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
92 if (!password_scheme_is_alias(input_scheme, wanted_scheme)) {
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
93 if (!password_scheme_is_alias(input_scheme, "PLAIN")) {
7607
ff3adeb71d47 auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
94 const char *error = t_strdup_printf(
3069
131151e25e4b Added auth_request_log_*().
Timo Sirainen <tss@iki.fi>
parents: 3066
diff changeset
95 "Requested %s scheme, but we have only %s",
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
96 wanted_scheme, input_scheme);
7607
ff3adeb71d47 auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
97 if (auth_request->auth->verbose_debug_passwords) {
ff3adeb71d47 auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
98 error = t_strdup_printf("%s (input: %s)",
ff3adeb71d47 auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
99 error, input);
ff3adeb71d47 auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
100 }
ff3adeb71d47 auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
101 auth_request_log_info(auth_request, "password",
ff3adeb71d47 auth_debug_passwords: Include the password when logging about "Requested x
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
102 "%s", error);
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
103 return FALSE;
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1156
diff changeset
104 }
3058
052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents: 2943
diff changeset
105
052f3a5743af Make FAIL reply contain "temp" parameter if the authentication failed
Timo Sirainen <tss@iki.fi>
parents: 2943
diff changeset
106 /* we can generate anything out of plaintext passwords */
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
107 plaintext = t_strndup(*credentials_r, *size_r);
8766
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
108 username = auth_request->original_username;
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
109 if (!auth_request->domain_is_realm &&
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
110 strchr(username, '@') != NULL) {
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
111 /* domain must not be used as realm. add the @realm. */
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
112 username = t_strconcat(username, "@",
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
113 auth_request->realm, NULL);
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
114 }
8348
88a6a193e288 auth_debug_passwords: When converting plaintext password to another scheme, log how it's done.
Timo Sirainen <tss@iki.fi>
parents: 8347
diff changeset
115 if (auth_request->auth->verbose_debug_passwords) {
88a6a193e288 auth_debug_passwords: When converting plaintext password to another scheme, log how it's done.
Timo Sirainen <tss@iki.fi>
parents: 8347
diff changeset
116 auth_request_log_info(auth_request, "password",
8766
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
117 "Generating %s from user '%s', password '%s'",
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
118 wanted_scheme, username, plaintext);
8348
88a6a193e288 auth_debug_passwords: When converting plaintext password to another scheme, log how it's done.
Timo Sirainen <tss@iki.fi>
parents: 8347
diff changeset
119 }
8766
888f57b1bf9c DIGEST-MD5: Fixed authentication with user@domain usernames.
Timo Sirainen <tss@iki.fi>
parents: 8765
diff changeset
120 if (!password_generate(plaintext, username,
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
121 wanted_scheme, credentials_r, size_r)) {
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
122 auth_request_log_error(auth_request, "password",
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
123 "Requested unknown scheme %s", wanted_scheme);
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
124 return FALSE;
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
125 }
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1156
diff changeset
126 }
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1156
diff changeset
127
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
128 return TRUE;
3655
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
129 }
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
130
5475
769aaaee6821 Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents: 5462
diff changeset
131 void passdb_handle_credentials(enum passdb_result result,
3655
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
132 const char *password, const char *scheme,
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
133 lookup_credentials_callback_t *callback,
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
134 struct auth_request *auth_request)
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
135 {
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
136 const unsigned char *credentials;
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
137 size_t size = 0;
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
138
5475
769aaaee6821 Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents: 5462
diff changeset
139 if (result != PASSDB_RESULT_OK) {
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
140 callback(result, NULL, 0, auth_request);
5475
769aaaee6821 Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents: 5462
diff changeset
141 return;
769aaaee6821 Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents: 5462
diff changeset
142 }
3655
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
143
8764
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
144 if (password == NULL) {
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
145 auth_request_log_info(auth_request, "password",
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
146 "Requested %s scheme, but we have a NULL password",
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
147 auth_request->credentials_scheme);
3655
62fc6883faeb Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
148 result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
8764
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
149 } else if (!passdb_get_credentials(auth_request, password, scheme,
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
150 &credentials, &size)) {
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
151 result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
90e2a21a4298 auth: Improved logging for "password scheme not available" failures.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
152 }
5598
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
153
971050640e3b All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents: 5593
diff changeset
154 callback(result, credentials, size, auth_request);
1191
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1156
diff changeset
155 }
65e48854491d Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents: 1156
diff changeset
156
3609
ea2266d0a07f Added deny password databases.
Timo Sirainen <tss@iki.fi>
parents: 3213
diff changeset
157 struct auth_passdb *passdb_preinit(struct auth *auth, const char *driver,
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3879
diff changeset
158 const char *args, unsigned int id)
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 {
6187
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
160 struct passdb_module_interface *iface;
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3879
diff changeset
161 struct auth_passdb *auth_passdb;
1062
0522a0315d2f Cleanups, LDAP support compiles again and generally looks ok, even if it
Timo Sirainen <tss@iki.fi>
parents: 1035
diff changeset
162
2234
60802bea8f32 Default to "" args instead of NULL to avoid some crashes
Timo Sirainen <tss@iki.fi>
parents: 2232
diff changeset
163 if (args == NULL) args = "";
2232
e5684c8c60f9 skip extra whitespace between "dbtype arguments"
Timo Sirainen <tss@iki.fi>
parents: 2162
diff changeset
164
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
165 auth_passdb = p_new(auth->pool, struct auth_passdb, 1);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
166 auth_passdb->auth = auth;
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3879
diff changeset
167 auth_passdb->args = p_strdup(auth->pool, args);
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3879
diff changeset
168 auth_passdb->id = id;
2648
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2428
diff changeset
169
6187
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
170 iface = passdb_interface_find(driver);
8217
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 8200
diff changeset
171 if (iface == NULL)
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 8200
diff changeset
172 i_fatal("Unknown passdb driver '%s'", driver);
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 8200
diff changeset
173 if (iface->verify_plain == NULL) {
c47b78e843aa Separate "unknown passdb/userdb X" and "support for X not compiled in" error messages.
Timo Sirainen <tss@iki.fi>
parents: 8200
diff changeset
174 i_fatal("Support not compiled in for passdb driver '%s'",
3748
1649ca519b7d Give a few helpul suggestions with "Unknown passdb/usedb driver" errors.
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
175 driver);
1649ca519b7d Give a few helpul suggestions with "Unknown passdb/usedb driver" errors.
Timo Sirainen <tss@iki.fi>
parents: 3657
diff changeset
176 }
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177
8513
0691f5294bb9 Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents: 8348
diff changeset
178 if (iface->preinit == NULL && iface->init == NULL &&
0691f5294bb9 Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents: 8348
diff changeset
179 *auth_passdb->args != '\0') {
0691f5294bb9 Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents: 8348
diff changeset
180 i_fatal("passdb %s: No args are supported: %s",
0691f5294bb9 Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents: 8348
diff changeset
181 driver, auth_passdb->args);
0691f5294bb9 Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents: 8348
diff changeset
182 }
0691f5294bb9 Fail if trying to give unknown parameters to passdb/userdb.
Timo Sirainen <tss@iki.fi>
parents: 8348
diff changeset
183
3657
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
184 if (iface->preinit == NULL) {
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
185 auth_passdb->passdb =
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
186 p_new(auth->pool, struct passdb_module, 1);
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
187 } else {
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
188 auth_passdb->passdb =
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
189 iface->preinit(auth_passdb, auth_passdb->args);
0c10475d9968 Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents: 3655
diff changeset
190 }
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3748
diff changeset
191 auth_passdb->passdb->iface = *iface;
3609
ea2266d0a07f Added deny password databases.
Timo Sirainen <tss@iki.fi>
parents: 3213
diff changeset
192 return auth_passdb;
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
193 }
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
195 void passdb_init(struct auth_passdb *passdb)
2648
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2428
diff changeset
196 {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3748
diff changeset
197 if (passdb->passdb->iface.init != NULL)
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3748
diff changeset
198 passdb->passdb->iface.init(passdb->passdb, passdb->args);
3161
6a3254e3c3de Moved cache handling from sql/ldap-specific code to generic auth-request
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
199
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
200 i_assert(passdb->passdb->default_pass_scheme != NULL ||
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
201 passdb->passdb->cache_key == NULL);
3166
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents: 3161
diff changeset
202
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
203 if (passdb->passdb->blocking && !worker) {
3166
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents: 3161
diff changeset
204 /* blocking passdb - we need an auth server */
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents: 3161
diff changeset
205 auth_worker_server_init();
e6a487d80288 Restructuring of auth code. Balancer auth processes were a bad idea. Usually
Timo Sirainen <tss@iki.fi>
parents: 3161
diff changeset
206 }
2648
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2428
diff changeset
207 }
cc2e39912eb3 Added preinit() call to userdb/passdbs, which is called before dropping
Timo Sirainen <tss@iki.fi>
parents: 2428
diff changeset
208
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
209 void passdb_deinit(struct auth_passdb *passdb)
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3748
diff changeset
211 if (passdb->passdb->iface.deinit != NULL)
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3748
diff changeset
212 passdb->passdb->iface.deinit(passdb->passdb);
1035
fe49ece0f3ea We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213 }
6187
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
214
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
215 extern struct passdb_module_interface passdb_passwd;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
216 extern struct passdb_module_interface passdb_bsdauth;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
217 extern struct passdb_module_interface passdb_shadow;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
218 extern struct passdb_module_interface passdb_passwd_file;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
219 extern struct passdb_module_interface passdb_pam;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
220 extern struct passdb_module_interface passdb_checkpassword;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
221 extern struct passdb_module_interface passdb_vpopmail;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
222 extern struct passdb_module_interface passdb_ldap;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
223 extern struct passdb_module_interface passdb_sql;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
224 extern struct passdb_module_interface passdb_sia;
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
225
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
226 void passdbs_init(void)
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
227 {
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
228 i_array_init(&passdb_interfaces, 16);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
229 passdb_register_module(&passdb_passwd);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
230 passdb_register_module(&passdb_bsdauth);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
231 passdb_register_module(&passdb_passwd_file);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
232 passdb_register_module(&passdb_pam);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
233 passdb_register_module(&passdb_checkpassword);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
234 passdb_register_module(&passdb_shadow);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
235 passdb_register_module(&passdb_vpopmail);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
236 passdb_register_module(&passdb_ldap);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
237 passdb_register_module(&passdb_sql);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
238 passdb_register_module(&passdb_sia);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
239 }
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
240
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
241 void passdbs_deinit(void)
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
242 {
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
243 array_free(&passdb_interfaces);
7c81e6d848f6 Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents: 5631
diff changeset
244 }