Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/auth.c @ 9008:fc4f65a4ca60 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
virtual: Don't show mailboxes as \Noselect.
author Timo Sirainen <tss@iki.fi>
date Fri, 01 May 2009 14:56:52 -0400
parents 84eea1977632
children 00cd9aacd03c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
8590
b9faf4db2a9f Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents: 7086
diff changeset
1 /* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 #include "common.h"
3077
eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
4 #include "network.h"
eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
5 #include "buffer.h"
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 #include "str.h"
5439
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5038
diff changeset
7 #include "hostpid.h"
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 #include "mech.h"
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 #include "userdb.h"
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 #include "passdb.h"
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
11 #include "passdb-cache.h"
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 #include "auth.h"
3077
eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
13 #include "auth-request-handler.h"
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include <stdlib.h>
3077
eb46a5dee02d Changed the way multiple auth processes are handled. It no longer uses a pid
Timo Sirainen <tss@iki.fi>
parents: 3069
diff changeset
16 #include <unistd.h>
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 struct auth *auth_preinit(void)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19 {
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
20 struct auth *auth;
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
21 struct auth_passdb *auth_passdb, **passdb_p, **masterdb_p;
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
22 const char *driver, *args;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
23 pool_t pool;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
24 unsigned int i;
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25
3294
4600e247da86 Raised initial pool sizes.
Timo Sirainen <tss@iki.fi>
parents: 3183
diff changeset
26 pool = pool_alloconly_create("auth", 2048);
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
27 auth = p_new(pool, struct auth, 1);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
28 auth->pool = pool;
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29
3918
40a461d554e6 Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
30 auth->verbose_debug_passwords =
40a461d554e6 Added auth_debug_passwords setting. If it's not enabled, hide all password
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
31 getenv("VERBOSE_DEBUG_PASSWORDS") != NULL;
4135
c942211332a5 auth_verbose_debug_passwords=yes always sets now auth_verbose_debug=yes, and
Timo Sirainen <tss@iki.fi>
parents: 4108
diff changeset
32 auth->verbose_debug = getenv("VERBOSE_DEBUG") != NULL ||
c942211332a5 auth_verbose_debug_passwords=yes always sets now auth_verbose_debug=yes, and
Timo Sirainen <tss@iki.fi>
parents: 4108
diff changeset
33 auth->verbose_debug_passwords;
c942211332a5 auth_verbose_debug_passwords=yes always sets now auth_verbose_debug=yes, and
Timo Sirainen <tss@iki.fi>
parents: 4108
diff changeset
34 auth->verbose = getenv("VERBOSE") != NULL || auth->verbose_debug;
3069
131151e25e4b Added auth_request_log_*().
Timo Sirainen <tss@iki.fi>
parents: 3065
diff changeset
35
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
36 passdb_p = &auth->passdbs;
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
37 masterdb_p = &auth->masterdbs;
4104
77e10f1d2cb2 Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents: 4030
diff changeset
38 auth_passdb = NULL;
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
39 for (i = 1; ; i++) {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
40 driver = getenv(t_strdup_printf("PASSDB_%u_DRIVER", i));
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
41 if (driver == NULL)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
42 break;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
43
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
44 args = getenv(t_strdup_printf("PASSDB_%u_ARGS", i));
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
45 auth_passdb = passdb_preinit(auth, driver, args, i);
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
46
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
47 auth_passdb->deny =
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
48 getenv(t_strdup_printf("PASSDB_%u_DENY", i)) != NULL;
4104
77e10f1d2cb2 Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents: 4030
diff changeset
49 auth_passdb->pass =
77e10f1d2cb2 Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents: 4030
diff changeset
50 getenv(t_strdup_printf("PASSDB_%u_PASS", i)) != NULL;
3609
ea2266d0a07f Added deny password databases.
Timo Sirainen <tss@iki.fi>
parents: 3294
diff changeset
51
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
52 if (getenv(t_strdup_printf("PASSDB_%u_MASTER", i)) == NULL) {
4104
77e10f1d2cb2 Removed master_no_passdb setting. Added pass setting which can be used to do
Timo Sirainen <tss@iki.fi>
parents: 4030
diff changeset
53 *passdb_p = auth_passdb;
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
54 passdb_p = &auth_passdb->next;
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
55 } else {
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
56 if (auth_passdb->deny)
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
57 i_fatal("Master passdb can't have deny=yes");
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
58
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
59 *masterdb_p = auth_passdb;
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
60 masterdb_p = &auth_passdb->next;
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
61 }
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
62 }
6620
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
63 if (auth_passdb != NULL && auth_passdb->pass) {
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
64 if (masterdb_p != &auth_passdb->next)
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
65 i_fatal("Last passdb can't have pass=yes");
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
66 else if (auth->passdbs == NULL) {
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
67 i_fatal("Master passdb can't have pass=yes "
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
68 "if there are no passdbs");
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
69 }
2a9edc9136f9 Master passdbs are in their own list, so allow pass=yes even if a master
Timo Sirainen <tss@iki.fi>
parents: 6429
diff changeset
70 }
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
72 for (i = 1; ; i++) {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
73 driver = getenv(t_strdup_printf("USERDB_%u_DRIVER", i));
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
74 if (driver == NULL)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
75 break;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
76
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
77 args = getenv(t_strdup_printf("USERDB_%u_ARGS", i));
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
78 userdb_preinit(auth, driver, args);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
79 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
80
5878
f622396e03ef If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents: 5788
diff changeset
81 if (auth->userdbs == NULL) {
f622396e03ef If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents: 5788
diff changeset
82 /* use a dummy userdb static. */
f622396e03ef If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents: 5788
diff changeset
83 userdb_preinit(auth, "static", "");
f622396e03ef If no userdbs are defined, fallback to an empty static one.
Timo Sirainen <tss@iki.fi>
parents: 5788
diff changeset
84 }
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85 return auth;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 const string_t *auth_mechanisms_get_list(struct auth *auth)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89 {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90 struct mech_module_list *list;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91 string_t *str;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 str = t_str_new(128);
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 for (list = auth->mech_modules; list != NULL; list = list->next)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
95 str_append(str, list->module.mech_name);
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
96
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 return str;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99
5788
bdb16967be64 Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents: 5439
diff changeset
100 static void auth_mech_register(struct auth *auth, const struct mech_module *mech)
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
101 {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102 struct mech_module_list *list;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
103
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
104 list = p_new(auth->pool, struct mech_module_list, 1);
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
105 list->module = *mech;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
106
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
107 str_printfa(auth->mech_handshake, "MECH\t%s", mech->mech_name);
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
108 if ((mech->flags & MECH_SEC_PRIVATE) != 0)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 str_append(auth->mech_handshake, "\tprivate");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110 if ((mech->flags & MECH_SEC_ANONYMOUS) != 0)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111 str_append(auth->mech_handshake, "\tanonymous");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 if ((mech->flags & MECH_SEC_PLAINTEXT) != 0)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 str_append(auth->mech_handshake, "\tplaintext");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114 if ((mech->flags & MECH_SEC_DICTIONARY) != 0)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 str_append(auth->mech_handshake, "\tdictionary");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 if ((mech->flags & MECH_SEC_ACTIVE) != 0)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117 str_append(auth->mech_handshake, "\tactive");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119 str_append(auth->mech_handshake, "\tforward-secrecy");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120 if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121 str_append(auth->mech_handshake, "\tmutual-auth");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
122 str_append_c(auth->mech_handshake, '\n');
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
124 list->next = auth->mech_modules;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125 auth->mech_modules = list;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127
8605
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
128 static bool auth_passdb_list_have_verify_plain(struct auth *auth)
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
129 {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
130 struct auth_passdb *passdb;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
131
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
132 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3766
diff changeset
133 if (passdb->passdb->iface.verify_plain != NULL)
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
134 return TRUE;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
135 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
136 return FALSE;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
137 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
138
8605
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
139 static bool auth_passdb_list_have_lookup_credentials(struct auth *auth)
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
140 {
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
141 struct auth_passdb *passdb;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
142
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
143 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) {
3771
4b6d962485b9 Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents: 3766
diff changeset
144 if (passdb->passdb->iface.lookup_credentials != NULL)
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
145 return TRUE;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
146 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
147 return FALSE;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
148 }
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
149
4782
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
150 static int auth_passdb_list_have_set_credentials(struct auth *auth)
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
151 {
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
152 struct auth_passdb *passdb;
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
153
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
154 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) {
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
155 if (passdb->passdb->iface.set_credentials != NULL)
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
156 return TRUE;
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
157 }
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
158 return FALSE;
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
159 }
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4168
diff changeset
160
8605
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
161 static bool
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
162 auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list)
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
163 {
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
164 switch (list->module.passdb_need) {
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
165 case MECH_PASSDB_NEED_NOTHING:
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
166 break;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
167 case MECH_PASSDB_NEED_VERIFY_PLAIN:
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
168 if (!auth_passdb_list_have_verify_plain(auth))
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
169 return FALSE;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
170 break;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
171 case MECH_PASSDB_NEED_VERIFY_RESPONSE:
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
172 case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS:
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
173 if (!auth_passdb_list_have_lookup_credentials(auth))
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
174 return FALSE;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
175 break;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
176 case MECH_PASSDB_NEED_SET_CREDENTIALS:
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
177 if (!auth_passdb_list_have_lookup_credentials(auth))
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
178 return FALSE;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
179 if (!auth_passdb_list_have_set_credentials(auth))
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
180 return FALSE;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
181 break;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
182 }
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
183 return TRUE;
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
184 }
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
185
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
186 static void auth_mech_list_verify_passdb(struct auth *auth)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
187 {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
188 struct mech_module_list *list;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 for (list = auth->mech_modules; list != NULL; list = list->next) {
8605
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8599
diff changeset
191 if (!auth_mech_verify_passdb(auth, list))
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
192 break;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
193 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
195 if (list != NULL) {
3766
395bc6e93222 Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
196 if (auth->passdbs == NULL) {
395bc6e93222 Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
197 i_fatal("No passdbs specified in configuration file. "
395bc6e93222 Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
198 "%s mechanism needs one",
395bc6e93222 Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
199 list->module.mech_name);
395bc6e93222 Removed need_passdb from mechanism definitions. passdb_need_plain/credentials is enough to know that. Also give a better error message if no passdbs are set and a mechanism requires passdb.
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
200 }
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
201 i_fatal("%s mechanism can't be supported with given passdbs",
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
202 list->module.mech_name);
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
203 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
204 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
205
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
206 void auth_init(struct auth *auth)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207 {
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
208 struct auth_passdb *passdb;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
209 struct auth_userdb *userdb;
5788
bdb16967be64 Further const'ification of struct mech_module.
Andrey Panin <pazke@donpac.ru>
parents: 5439
diff changeset
210 const struct mech_module *mech;
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211 const char *const *mechanisms;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
212 const char *env;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
214 for (passdb = auth->masterdbs; passdb != NULL; passdb = passdb->next)
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
215 passdb_init(passdb);
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
216 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
217 passdb_init(passdb);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
218 for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
219 userdb_init(userdb);
8599
812a977d7c1a auth worker processes shouldn't duplicate the auth cache.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
220 /* caching is handled only by the main auth process */
812a977d7c1a auth worker processes shouldn't duplicate the auth cache.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
221 if (!worker)
812a977d7c1a auth worker processes shouldn't duplicate the auth cache.
Timo Sirainen <tss@iki.fi>
parents: 8590
diff changeset
222 passdb_cache_init();
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
223
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
224 auth->mech_handshake = str_new(auth->pool, 512);
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226 auth->anonymous_username = getenv("ANONYMOUS_USERNAME");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
227 if (auth->anonymous_username != NULL &&
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228 *auth->anonymous_username == '\0')
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229 auth->anonymous_username = NULL;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231 /* register wanted mechanisms */
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 env = getenv("MECHANISMS");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233 if (env == NULL)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
234 i_fatal("MECHANISMS environment is unset");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 mechanisms = t_strsplit_spaces(env, " ");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237 while (*mechanisms != NULL) {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238 if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239 if (auth->anonymous_username == NULL) {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240 i_fatal("ANONYMOUS listed in mechanisms, "
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241 "but anonymous_username not given");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
242 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
244 mech = mech_module_find(*mechanisms);
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 if (mech == NULL) {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
246 i_fatal("Unknown authentication mechanism '%s'",
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
247 *mechanisms);
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
249 auth_mech_register(auth, mech);
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 mechanisms++;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254 if (auth->mech_modules == NULL)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 i_fatal("No authentication mechanisms configured");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 auth_mech_list_verify_passdb(auth);
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258 env = getenv("REALMS");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 if (env == NULL)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260 env = "";
6936
aacc69cc267b Allocate auth_realms from auth pool instead of from data stack.
Timo Sirainen <tss@iki.fi>
parents: 6620
diff changeset
261 auth->auth_realms = p_strsplit_spaces(auth->pool, env, " ");
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262
4168
3f27bf7832a2 Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents: 4135
diff changeset
263 env = getenv("DEFAULT_REALM");
3f27bf7832a2 Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents: 4135
diff changeset
264 if (env != NULL && *env != '\0')
3f27bf7832a2 Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents: 4135
diff changeset
265 auth->default_realm = env;
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 env = getenv("USERNAME_CHARS");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 if (env == NULL || *env == '\0') {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269 /* all chars are allowed */
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270 memset(auth->username_chars, 1, sizeof(auth->username_chars));
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 } else {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272 for (; *env != '\0'; env++)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273 auth->username_chars[(int)(uint8_t)*env] = 1;
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276 env = getenv("USERNAME_TRANSLATION");
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277 if (env != NULL) {
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 for (; *env != '\0' && env[1] != '\0'; env += 2)
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 auth->username_translation[(int)(uint8_t)*env] = env[1];
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281
4168
3f27bf7832a2 Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents: 4135
diff changeset
282 env = getenv("USERNAME_FORMAT");
3f27bf7832a2 Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents: 4135
diff changeset
283 if (env != NULL && *env != '\0')
3f27bf7832a2 Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents: 4135
diff changeset
284 auth->username_format = env;
3f27bf7832a2 Added auth_username_format setting.
Timo Sirainen <tss@iki.fi>
parents: 4135
diff changeset
285
5439
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5038
diff changeset
286 env = getenv("GSSAPI_HOSTNAME");
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5038
diff changeset
287 if (env != NULL && *env != '\0')
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5038
diff changeset
288 auth->gssapi_hostname = env;
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5038
diff changeset
289 else
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5038
diff changeset
290 auth->gssapi_hostname = my_hostname;
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5038
diff changeset
291
4108
e1774d677536 Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 4105
diff changeset
292 env = getenv("MASTER_USER_SEPARATOR");
e1774d677536 Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 4105
diff changeset
293 if (env != NULL)
e1774d677536 Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 4105
diff changeset
294 auth->master_user_separator = env[0];
e1774d677536 Added auth_master_user_separator setting which allows giving the master username inside the normal username.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 4105
diff changeset
295
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296 auth->ssl_require_client_cert =
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
3635
c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
298 auth->ssl_username_from_cert =
c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents: 3609
diff changeset
299 getenv("SSL_USERNAME_FROM_CERT") != NULL;
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 }
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
302 void auth_deinit(struct auth **_auth)
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303 {
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
304 struct auth *auth = *_auth;
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
305 struct auth_passdb *passdb;
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
306 struct auth_userdb *userdb;
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
308 *_auth = NULL;
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
309
4030
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
310 for (passdb = auth->masterdbs; passdb != NULL; passdb = passdb->next)
faf83f3e19b5 Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents: 3918
diff changeset
311 passdb_deinit(passdb);
3183
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
312 for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
313 passdb_deinit(passdb);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
314 for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next)
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
315 userdb_deinit(userdb);
16ea551957ed Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents: 3166
diff changeset
316
5038
b2921478f94f Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
317 auth_request_handler_deinit();
b2921478f94f Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
318 passdb_cache_deinit();
b2921478f94f Several fixes to handling deinitialization without crashing.
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
319
6428
7cad076906eb pool_unref() now takes ** pointer.
Timo Sirainen <tss@iki.fi>
parents: 5878
diff changeset
320 pool_unref(&auth->pool);
3065
29d83a8bb50d Reorganized the code to have less global/static variables.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
321 }