Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/deliver/auth-client.c @ 9490:fd84592e817b HEAD
dovecot-example.conf: Updated dict comments.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Mon, 23 Nov 2009 13:08:47 -0500 |
| parents | 505f1b4cbd88 |
| children | 00cd9aacd03c |
| rev | line source |
|---|---|
|
8590
b9faf4db2a9f
Updated copyright notices to include year 2009.
Timo Sirainen <tss@iki.fi>
parents:
8458
diff
changeset
|
1 /* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */ |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
|
6317
3cee177eced6
Extra fields from userdb lookup should override everything. Fixed the code
Timo Sirainen <tss@iki.fi>
parents:
6162
diff
changeset
|
4 #include "array.h" |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 #include "ioloop.h" |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 #include "network.h" |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 #include "istream.h" |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 #include "ostream.h" |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 #include "env-util.h" |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "restrict-access.h" |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "auth-client.h" |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
12 #include "auth-master.h" |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include <stdlib.h> |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include <unistd.h> |
|
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
16 #include <pwd.h> |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
17 #include <grp.h> |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 #include <sysexits.h> |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 |
|
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
20 static bool parse_uid(const char *str, uid_t *uid_r) |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
21 { |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
22 struct passwd *pw; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
23 char *p; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
24 |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
25 if (*str >= '0' && *str <= '9') { |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
26 *uid_r = (uid_t)strtoul(str, &p, 10); |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
27 if (*p == '\0') |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
28 return TRUE; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
29 } |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
30 |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
31 pw = getpwnam(str); |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
32 if (pw == NULL) |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
33 return FALSE; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
34 |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
35 *uid_r = pw->pw_uid; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
36 return TRUE; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
37 } |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
38 |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
39 static bool parse_gid(const char *str, gid_t *gid_r) |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
40 { |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
41 struct group *gr; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
42 char *p; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
43 |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
44 if (*str >= '0' && *str <= '9') { |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
45 *gid_r = (gid_t)strtoul(str, &p, 10); |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
46 if (*p == '\0') |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
47 return TRUE; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
48 } |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
49 |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
50 gr = getgrnam(str); |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
51 if (gr == NULL) |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
52 return FALSE; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
53 |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
54 *gid_r = gr->gr_gid; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
55 return TRUE; |
|
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
56 } |
|
6581
d4b2df823ca5
If connect to auth socket fails with a temporary error, retry max. 10 times.
Timo Sirainen <tss@iki.fi>
parents:
6497
diff
changeset
|
57 |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
58 static int set_env(struct auth_user_reply *reply, |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
59 const char *user, uid_t euid) |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 { |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
61 const char *extra_groups; |
|
7486
9edaf878bb96
If mail_chroot ends with "/.", remove chroot prefix from home directory.
Timo Sirainen <tss@iki.fi>
parents:
7473
diff
changeset
|
62 unsigned int len; |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
64 if (reply->uid == 0) { |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
65 i_error("userdb(%s) returned 0 as uid", user); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
66 return -1; |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
67 } else if (reply->uid == (uid_t)-1) { |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
68 if (getenv("MAIL_UID") != NULL) { |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
69 if (!parse_uid(getenv("MAIL_UID"), &reply->uid) || |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
70 reply->uid == 0) { |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
71 i_error("mail_uid setting is invalid"); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
72 return -1; |
|
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
73 } |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
74 } else { |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
75 i_error("User %s is missing UID (set mail_uid)", user); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
76 return -1; |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
77 } |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
78 } |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
79 if (reply->gid == 0) { |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
80 i_error("userdb(%s) returned 0 as gid", user); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
81 return -1; |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
82 } else if (reply->gid == (gid_t)-1) { |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
83 if (getenv("MAIL_GID") != NULL) { |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
84 if (!parse_gid(getenv("MAIL_GID"), &reply->gid) || |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
85 reply->gid == 0) { |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
86 i_error("mail_gid setting is invalid"); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
87 return -1; |
|
4389
16b28625cb79
If USER query doesn't return non-zero uid and gid, give a nice error message.
Timo Sirainen <tss@iki.fi>
parents:
4347
diff
changeset
|
88 } |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 } else { |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
90 i_error("User %s is missing GID (set mail_gid)", user); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
91 return -1; |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 } |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 } |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
95 if (euid != reply->uid) { |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
96 env_put(t_strconcat("RESTRICT_SETUID=", |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
97 dec2str(reply->uid), NULL)); |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
98 } |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
99 if (euid == 0 || getegid() != reply->gid) { |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
100 env_put(t_strconcat("RESTRICT_SETGID=", |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
101 dec2str(reply->gid), NULL)); |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
102 } |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
103 |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
104 if (reply->chroot == NULL) |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
105 reply->chroot = getenv("MAIL_CHROOT"); |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
106 if (reply->chroot != NULL) { |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
107 len = strlen(reply->chroot); |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
108 if (len > 2 && strcmp(reply->chroot + len - 2, "/.") == 0 && |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
109 reply->home != NULL && |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
110 strncmp(reply->home, reply->chroot, len - 2) == 0) { |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
111 /* strip chroot dir from home dir */ |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
112 reply->home += len - 2; |
|
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
113 } |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
114 env_put(t_strconcat("RESTRICT_CHROOT=", reply->chroot, NULL)); |
|
6497
79176ff12ad8
Use mail_uid/gid settings if userdb didn't return uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
6465
diff
changeset
|
115 } |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
116 if (reply->home != NULL) |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
117 env_put(t_strconcat("HOME=", reply->home, NULL)); |
| 4683 | 118 |
|
8916
505f1b4cbd88
deliver should have used mail_access_groups setting, not mail_extra_groups.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
119 extra_groups = getenv("MAIL_ACCESS_GROUPS"); |
| 6365 | 120 if (extra_groups != NULL) { |
| 121 env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=", | |
| 122 extra_groups, NULL)); | |
| 123 } | |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
124 return 0; |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 } |
|
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
127 int auth_client_lookup_and_restrict(const char *auth_socket, |
|
8458
ed4d6f6e4da7
deliver: Allow userdb to change the username.
Timo Sirainen <tss@iki.fi>
parents:
8373
diff
changeset
|
128 const char **user, uid_t euid, pool_t pool, |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
129 ARRAY_TYPE(const_string) *extra_fields_r) |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 { |
| 8373 | 131 struct auth_master_connection *conn; |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
132 struct auth_user_reply reply; |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
133 bool debug = getenv("DEBUG") != NULL; |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
134 int ret = EX_TEMPFAIL; |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
136 conn = auth_master_init(auth_socket, debug); |
|
8458
ed4d6f6e4da7
deliver: Allow userdb to change the username.
Timo Sirainen <tss@iki.fi>
parents:
8373
diff
changeset
|
137 switch (auth_master_user_lookup(conn, *user, "deliver", pool, &reply)) { |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
138 case 0: |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
139 ret = EX_NOUSER; |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
140 break; |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
141 case 1: |
|
8458
ed4d6f6e4da7
deliver: Allow userdb to change the username.
Timo Sirainen <tss@iki.fi>
parents:
8373
diff
changeset
|
142 if (set_env(&reply, *user, euid) == 0) { |
|
ed4d6f6e4da7
deliver: Allow userdb to change the username.
Timo Sirainen <tss@iki.fi>
parents:
8373
diff
changeset
|
143 *user = p_strdup(pool, reply.user); |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
144 restrict_access_by_env(TRUE); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
145 ret = EX_OK; |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
146 } |
|
8365
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
147 break; |
|
f97099eb4dee
New generic userdb lookup api `auth-master' in lib-auth.
Sascha Wilde <wilde@intevation.de>
parents:
8285
diff
changeset
|
148 } |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
149 |
|
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
150 *extra_fields_r = reply.extra_fields; |
| 8369 | 151 auth_master_deinit(&conn); |
|
8368
9babcdc6f4f7
Cleanups and fixes to auth-master API.
Timo Sirainen <tss@iki.fi>
parents:
8365
diff
changeset
|
152 return ret; |
|
4347
a73d2867f6e1
Moved all the non-Sieve code from dovecot-lda in here and rewrote parts of
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 } |