Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/auth.c @ 9008:fc4f65a4ca60 HEAD
virtual: Don't show mailboxes as \Noselect.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 01 May 2009 14:56:52 -0400 |
parents | 84eea1977632 |
children | 00cd9aacd03c |
rev | line source |
---|---|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
7086
diff
changeset
|
1 /* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */ |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "common.h" |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
4 #include "network.h" |
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
5 #include "buffer.h" |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "str.h" |
5439
c5401a8f4679
Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
7 #include "hostpid.h" |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "mech.h" |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "userdb.h" |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "passdb.h" |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
11 #include "passdb-cache.h" |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "auth.h" |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
13 #include "auth-request-handler.h" |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include <stdlib.h> |
3077
eb46a5dee02d
Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents:
3069
diff
changeset
|
16 #include <unistd.h> |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 struct auth *auth_preinit(void) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 { |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
20 struct auth *auth; |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
21 struct auth_passdb *auth_passdb, **passdb_p, **masterdb_p; |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
22 const char *driver, *args; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
23 pool_t pool; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
24 unsigned int i; |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 |
3294 | 26 pool = pool_alloconly_create("auth", 2048); |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
27 auth = p_new(pool, struct auth, 1); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
28 auth->pool = pool; |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 |
3918
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
30 auth->verbose_debug_passwords = |
40a461d554e6
Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents:
3879
diff
changeset
|
31 getenv("VERBOSE_DEBUG_PASSWORDS") != NULL; |
4135
c942211332a5
auth_verbose_debug_passwords=yes always sets now auth_verbose_debug=yes, and
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
32 auth->verbose_debug = getenv("VERBOSE_DEBUG") != NULL || |
c942211332a5
auth_verbose_debug_passwords=yes always sets now auth_verbose_debug=yes, and
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
33 auth->verbose_debug_passwords; |
c942211332a5
auth_verbose_debug_passwords=yes always sets now auth_verbose_debug=yes, and
Timo Sirainen <tss@iki.fi>
parents:
4108
diff
changeset
|
34 auth->verbose = getenv("VERBOSE") != NULL || auth->verbose_debug; |
3069 | 35 |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
36 passdb_p = &auth->passdbs; |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
37 masterdb_p = &auth->masterdbs; |
4104
77e10f1d2cb2
Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
38 auth_passdb = NULL; |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
39 for (i = 1; ; i++) { |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
40 driver = getenv(t_strdup_printf("PASSDB_%u_DRIVER", i)); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
41 if (driver == NULL) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
42 break; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
43 |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
44 args = getenv(t_strdup_printf("PASSDB_%u_ARGS", i)); |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
45 auth_passdb = passdb_preinit(auth, driver, args, i); |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
46 |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
47 auth_passdb->deny = |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
48 getenv(t_strdup_printf("PASSDB_%u_DENY", i)) != NULL; |
4104
77e10f1d2cb2
Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
49 auth_passdb->pass = |
77e10f1d2cb2
Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
50 getenv(t_strdup_printf("PASSDB_%u_PASS", i)) != NULL; |
3609 | 51 |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
52 if (getenv(t_strdup_printf("PASSDB_%u_MASTER", i)) == NULL) { |
4104
77e10f1d2cb2
Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents:
4030
diff
changeset
|
53 *passdb_p = auth_passdb; |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
54 passdb_p = &auth_passdb->next; |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
55 } else { |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
56 if (auth_passdb->deny) |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
57 i_fatal("Master passdb can't have deny=yes"); |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
58 |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
59 *masterdb_p = auth_passdb; |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
60 masterdb_p = &auth_passdb->next; |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
61 } |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
62 } |
6620
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
63 if (auth_passdb != NULL && auth_passdb->pass) { |
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
64 if (masterdb_p != &auth_passdb->next) |
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
65 i_fatal("Last passdb can't have pass=yes"); |
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
66 else if (auth->passdbs == NULL) { |
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
67 i_fatal("Master passdb can't have pass=yes " |
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
68 "if there are no passdbs"); |
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
69 } |
2a9edc9136f9
Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
70 } |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
72 for (i = 1; ; i++) { |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
73 driver = getenv(t_strdup_printf("USERDB_%u_DRIVER", i)); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
74 if (driver == NULL) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
75 break; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
76 |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
77 args = getenv(t_strdup_printf("USERDB_%u_ARGS", i)); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
78 userdb_preinit(auth, driver, args); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
79 } |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
80 |
5878
f622396e03ef
If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
81 if (auth->userdbs == NULL) { |
f622396e03ef
If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
82 /* use a dummy userdb static. */ |
f622396e03ef
If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
83 userdb_preinit(auth, "static", ""); |
f622396e03ef
If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents:
5788
diff
changeset
|
84 } |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 return auth; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 const string_t *auth_mechanisms_get_list(struct auth *auth) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 struct mech_module_list *list; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 string_t *str; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 str = t_str_new(128); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 for (list = auth->mech_modules; list != NULL; list = list->next) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 str_append(str, list->module.mech_name); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 return str; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 |
5788
bdb16967be64
Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5439
diff
changeset
|
100 static void auth_mech_register(struct auth *auth, const struct mech_module *mech) |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 struct mech_module_list *list; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
104 list = p_new(auth->pool, struct mech_module_list, 1); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 list->module = *mech; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 str_printfa(auth->mech_handshake, "MECH\t%s", mech->mech_name); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 if ((mech->flags & MECH_SEC_PRIVATE) != 0) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 str_append(auth->mech_handshake, "\tprivate"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 if ((mech->flags & MECH_SEC_ANONYMOUS) != 0) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 str_append(auth->mech_handshake, "\tanonymous"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 if ((mech->flags & MECH_SEC_PLAINTEXT) != 0) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 str_append(auth->mech_handshake, "\tplaintext"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 if ((mech->flags & MECH_SEC_DICTIONARY) != 0) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 str_append(auth->mech_handshake, "\tdictionary"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 if ((mech->flags & MECH_SEC_ACTIVE) != 0) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 str_append(auth->mech_handshake, "\tactive"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 str_append(auth->mech_handshake, "\tforward-secrecy"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 str_append(auth->mech_handshake, "\tmutual-auth"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 str_append_c(auth->mech_handshake, '\n'); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 list->next = auth->mech_modules; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 auth->mech_modules = list; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 |
8605
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
128 static bool auth_passdb_list_have_verify_plain(struct auth *auth) |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
129 { |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
130 struct auth_passdb *passdb; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
131 |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
132 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) { |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
133 if (passdb->passdb->iface.verify_plain != NULL) |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
134 return TRUE; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
135 } |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
136 return FALSE; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
137 } |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
138 |
8605
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
139 static bool auth_passdb_list_have_lookup_credentials(struct auth *auth) |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
140 { |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
141 struct auth_passdb *passdb; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
142 |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
143 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) { |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3766
diff
changeset
|
144 if (passdb->passdb->iface.lookup_credentials != NULL) |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
145 return TRUE; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
146 } |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
147 return FALSE; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
148 } |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
149 |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
150 static int auth_passdb_list_have_set_credentials(struct auth *auth) |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
151 { |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
152 struct auth_passdb *passdb; |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
153 |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
154 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) { |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
155 if (passdb->passdb->iface.set_credentials != NULL) |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
156 return TRUE; |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
157 } |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
158 return FALSE; |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
159 } |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4168
diff
changeset
|
160 |
8605
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
161 static bool |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
162 auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list) |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
163 { |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
164 switch (list->module.passdb_need) { |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
165 case MECH_PASSDB_NEED_NOTHING: |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
166 break; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
167 case MECH_PASSDB_NEED_VERIFY_PLAIN: |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
168 if (!auth_passdb_list_have_verify_plain(auth)) |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
169 return FALSE; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
170 break; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
171 case MECH_PASSDB_NEED_VERIFY_RESPONSE: |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
172 case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS: |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
173 if (!auth_passdb_list_have_lookup_credentials(auth)) |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
174 return FALSE; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
175 break; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
176 case MECH_PASSDB_NEED_SET_CREDENTIALS: |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
177 if (!auth_passdb_list_have_lookup_credentials(auth)) |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
178 return FALSE; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
179 if (!auth_passdb_list_have_set_credentials(auth)) |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
180 return FALSE; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
181 break; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
182 } |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
183 return TRUE; |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
184 } |
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
185 |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 static void auth_mech_list_verify_passdb(struct auth *auth) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 struct mech_module_list *list; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 for (list = auth->mech_modules; list != NULL; list = list->next) { |
8605
84eea1977632
auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents:
8599
diff
changeset
|
191 if (!auth_mech_verify_passdb(auth, list)) |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 break; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 if (list != NULL) { |
3766
395bc6e93222
Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
196 if (auth->passdbs == NULL) { |
395bc6e93222
Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
197 i_fatal("No passdbs specified in configuration file. " |
395bc6e93222
Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
198 "%s mechanism needs one", |
395bc6e93222
Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
199 list->module.mech_name); |
395bc6e93222
Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents:
3683
diff
changeset
|
200 } |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
201 i_fatal("%s mechanism can't be supported with given passdbs", |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
202 list->module.mech_name); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 void auth_init(struct auth *auth) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 { |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
208 struct auth_passdb *passdb; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
209 struct auth_userdb *userdb; |
5788
bdb16967be64
Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents:
5439
diff
changeset
|
210 const struct mech_module *mech; |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 const char *const *mechanisms; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 const char *env; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
214 for (passdb = auth->masterdbs; passdb != NULL; passdb = passdb->next) |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
215 passdb_init(passdb); |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
216 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
217 passdb_init(passdb); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
218 for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
219 userdb_init(userdb); |
8599
812a977d7c1a
auth worker processes shouldn't duplicate the auth cache.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
220 /* caching is handled only by the main auth process */ |
812a977d7c1a
auth worker processes shouldn't duplicate the auth cache.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
221 if (!worker) |
812a977d7c1a
auth worker processes shouldn't duplicate the auth cache.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
222 passdb_cache_init(); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
224 auth->mech_handshake = str_new(auth->pool, 512); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 auth->anonymous_username = getenv("ANONYMOUS_USERNAME"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 if (auth->anonymous_username != NULL && |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 *auth->anonymous_username == '\0') |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 auth->anonymous_username = NULL; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 /* register wanted mechanisms */ |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 env = getenv("MECHANISMS"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 if (env == NULL) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 i_fatal("MECHANISMS environment is unset"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 mechanisms = t_strsplit_spaces(env, " "); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 while (*mechanisms != NULL) { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 if (auth->anonymous_username == NULL) { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 i_fatal("ANONYMOUS listed in mechanisms, " |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 "but anonymous_username not given"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 mech = mech_module_find(*mechanisms); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 if (mech == NULL) { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 i_fatal("Unknown authentication mechanism '%s'", |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 *mechanisms); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 auth_mech_register(auth, mech); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 mechanisms++; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 if (auth->mech_modules == NULL) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 i_fatal("No authentication mechanisms configured"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 auth_mech_list_verify_passdb(auth); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 env = getenv("REALMS"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 if (env == NULL) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 env = ""; |
6936
aacc69cc267b
Allocate auth_realms from auth pool instead of from data stack.
Timo Sirainen <tss@iki.fi>
parents:
6620
diff
changeset
|
261 auth->auth_realms = p_strsplit_spaces(auth->pool, env, " "); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 |
4168
3f27bf7832a2
Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents:
4135
diff
changeset
|
263 env = getenv("DEFAULT_REALM"); |
3f27bf7832a2
Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents:
4135
diff
changeset
|
264 if (env != NULL && *env != '\0') |
3f27bf7832a2
Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents:
4135
diff
changeset
|
265 auth->default_realm = env; |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 env = getenv("USERNAME_CHARS"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 if (env == NULL || *env == '\0') { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 /* all chars are allowed */ |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 memset(auth->username_chars, 1, sizeof(auth->username_chars)); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 } else { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 for (; *env != '\0'; env++) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 auth->username_chars[(int)(uint8_t)*env] = 1; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 env = getenv("USERNAME_TRANSLATION"); |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 if (env != NULL) { |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 for (; *env != '\0' && env[1] != '\0'; env += 2) |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 auth->username_translation[(int)(uint8_t)*env] = env[1]; |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 |
4168
3f27bf7832a2
Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents:
4135
diff
changeset
|
282 env = getenv("USERNAME_FORMAT"); |
3f27bf7832a2
Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents:
4135
diff
changeset
|
283 if (env != NULL && *env != '\0') |
3f27bf7832a2
Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents:
4135
diff
changeset
|
284 auth->username_format = env; |
3f27bf7832a2
Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents:
4135
diff
changeset
|
285 |
5439
c5401a8f4679
Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
286 env = getenv("GSSAPI_HOSTNAME"); |
c5401a8f4679
Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
287 if (env != NULL && *env != '\0') |
c5401a8f4679
Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
288 auth->gssapi_hostname = env; |
c5401a8f4679
Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
289 else |
c5401a8f4679
Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
290 auth->gssapi_hostname = my_hostname; |
c5401a8f4679
Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents:
5038
diff
changeset
|
291 |
4108
e1774d677536
Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4105
diff
changeset
|
292 env = getenv("MASTER_USER_SEPARATOR"); |
e1774d677536
Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4105
diff
changeset
|
293 if (env != NULL) |
e1774d677536
Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4105
diff
changeset
|
294 auth->master_user_separator = env[0]; |
e1774d677536
Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
4105
diff
changeset
|
295 |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
296 auth->ssl_require_client_cert = |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 getenv("SSL_REQUIRE_CLIENT_CERT") != NULL; |
3635
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
298 auth->ssl_username_from_cert = |
c12df370e1b2
Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
299 getenv("SSL_USERNAME_FROM_CERT") != NULL; |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 } |
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
302 void auth_deinit(struct auth **_auth) |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 { |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
304 struct auth *auth = *_auth; |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
305 struct auth_passdb *passdb; |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
306 struct auth_userdb *userdb; |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
307 |
3879
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
308 *_auth = NULL; |
928229f8b3e6
deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
309 |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
310 for (passdb = auth->masterdbs; passdb != NULL; passdb = passdb->next) |
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3918
diff
changeset
|
311 passdb_deinit(passdb); |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
312 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
313 passdb_deinit(passdb); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
314 for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next) |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
315 userdb_deinit(userdb); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
316 |
5038
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
317 auth_request_handler_deinit(); |
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
318 passdb_cache_deinit(); |
b2921478f94f
Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents:
4782
diff
changeset
|
319 |
6428
7cad076906eb
pool_unref() now takes ** pointer.
Timo Sirainen <tss@iki.fi>
parents:
5878
diff
changeset
|
320 pool_unref(&auth->pool); |
3065
29d83a8bb50d
Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
321 } |