Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/passdb.h @ 9658:8ba4253adc9b HEAD tip
*-login: SSL connections didn't get closed when the client got destroyed.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 08 May 2014 16:41:29 +0300 |
parents | e4eb71ae8e96 |
children |
rev | line source |
---|---|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
6213
diff
changeset
|
1 #ifndef PASSDB_H |
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
6213
diff
changeset
|
2 #define PASSDB_H |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 #define IS_VALID_PASSWD(pass) \ |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 ((pass)[0] != '\0' && (pass)[0] != '*' && (pass)[0] != '!') |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 |
3068 | 7 struct auth_request; |
8 | |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 enum passdb_result { |
4374
96fd7a3f9bfe
If password is expired, give "Password expired" error. Currently works only
Timo Sirainen <tss@iki.fi>
parents:
4051
diff
changeset
|
10 PASSDB_RESULT_INTERNAL_FAILURE = -1, |
96fd7a3f9bfe
If password is expired, give "Password expired" error. Currently works only
Timo Sirainen <tss@iki.fi>
parents:
4051
diff
changeset
|
11 PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2, |
96fd7a3f9bfe
If password is expired, give "Password expired" error. Currently works only
Timo Sirainen <tss@iki.fi>
parents:
4051
diff
changeset
|
12 |
96fd7a3f9bfe
If password is expired, give "Password expired" error. Currently works only
Timo Sirainen <tss@iki.fi>
parents:
4051
diff
changeset
|
13 PASSDB_RESULT_USER_UNKNOWN = -3, |
96fd7a3f9bfe
If password is expired, give "Password expired" error. Currently works only
Timo Sirainen <tss@iki.fi>
parents:
4051
diff
changeset
|
14 PASSDB_RESULT_USER_DISABLED = -4, |
96fd7a3f9bfe
If password is expired, give "Password expired" error. Currently works only
Timo Sirainen <tss@iki.fi>
parents:
4051
diff
changeset
|
15 PASSDB_RESULT_PASS_EXPIRED = -5, |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 PASSDB_RESULT_PASSWORD_MISMATCH = 0, |
4051 | 18 PASSDB_RESULT_OK = 1 |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 }; |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
21 typedef void verify_plain_callback_t(enum passdb_result result, |
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
22 struct auth_request *request); |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
23 typedef void lookup_credentials_callback_t(enum passdb_result result, |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
24 const unsigned char *credentials, |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
25 size_t size, |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
26 struct auth_request *request); |
6213
e33a87152c41
Changed set_credentials() callback to take a bool success instead of
Timo Sirainen <tss@iki.fi>
parents:
6187
diff
changeset
|
27 typedef void set_credentials_callback_t(bool success, |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4374
diff
changeset
|
28 struct auth_request *request); |
1046
561da07883b6
Async userdb and passdb interface.
Timo Sirainen <tss@iki.fi>
parents:
1035
diff
changeset
|
29 |
3657
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
30 struct passdb_module_interface { |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
31 const char *name; |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
32 |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
33 struct passdb_module * |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
34 (*preinit)(struct auth_passdb *auth_passdb, const char *args); |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
35 void (*init)(struct passdb_module *module, const char *args); |
0c10475d9968
Separated passdb_module's interface and the actual data struct. Now it's
Timo Sirainen <tss@iki.fi>
parents:
3655
diff
changeset
|
36 void (*deinit)(struct passdb_module *module); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 /* Check if plaintext password matches */ |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
39 void (*verify_plain)(struct auth_request *request, const char *password, |
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
40 verify_plain_callback_t *callback); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
42 /* Return authentication credentials, set in |
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
43 auth_request->credentials. */ |
1075
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
44 void (*lookup_credentials)(struct auth_request *request, |
f1401fa7ab03
auth process fixes, LDAP seems to be working (with the kludge define or
Timo Sirainen <tss@iki.fi>
parents:
1046
diff
changeset
|
45 lookup_credentials_callback_t *callback); |
4782
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4374
diff
changeset
|
46 |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4374
diff
changeset
|
47 /* Update credentials */ |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4374
diff
changeset
|
48 int (*set_credentials)(struct auth_request *request, |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4374
diff
changeset
|
49 const char *new_credentials, |
2c1cc5bbc260
Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents:
4374
diff
changeset
|
50 set_credentials_callback_t *callback); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 }; |
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
53 struct passdb_module { |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
54 /* The caching key for this module, or NULL if caching isn't wanted. */ |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
55 const char *cache_key; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
56 /* Default password scheme for this module. |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
57 If cache_key is set, must not be NULL. */ |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
58 const char *default_pass_scheme; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
59 /* If blocking is set to TRUE, use child processes to access |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
60 this passdb. */ |
3863
55df57c028d4
Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents:
3771
diff
changeset
|
61 bool blocking; |
3771
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
62 |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
63 struct passdb_module_interface iface; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
64 }; |
4b6d962485b9
Added authentication bind support. Patch by J.M. Maurer.
Timo Sirainen <tss@iki.fi>
parents:
3657
diff
changeset
|
65 |
5598
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
66 /* Try to get credentials in wanted scheme (request->credentials_scheme) from |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
67 given input. Returns FALSE if this wasn't possible (unknown scheme, |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
68 conversion not possible or invalid credentials). |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
69 |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
70 If wanted scheme is "", the credentials are returned as-is without any |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
71 checks. This is useful mostly just to see if there exist any credentials |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
72 at all. */ |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
73 bool passdb_get_credentials(struct auth_request *auth_request, |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
74 const char *input, const char *input_scheme, |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
75 const unsigned char **credentials_r, |
971050640e3b
All password schemes can now be encoded with base64 or hex. The encoding is
Timo Sirainen <tss@iki.fi>
parents:
5593
diff
changeset
|
76 size_t *size_r); |
3655
62fc6883faeb
Fixes and cleanups to credentials handling. Also fixed auth caching to work
Timo Sirainen <tss@iki.fi>
parents:
3609
diff
changeset
|
77 |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
78 void passdb_handle_credentials(enum passdb_result result, |
2798
54b29901a793
Added simple LRU cache for auth requests. Currently only for sql passdb.
Timo Sirainen <tss@iki.fi>
parents:
2754
diff
changeset
|
79 const char *password, const char *scheme, |
1191
65e48854491d
Added default_pass_scheme to LDAP. Support for more password schemes. Merged
Timo Sirainen <tss@iki.fi>
parents:
1135
diff
changeset
|
80 lookup_credentials_callback_t *callback, |
5475
769aaaee6821
Reverted accidental commit. This code isn't ready yet.
Timo Sirainen <tss@iki.fi>
parents:
5462
diff
changeset
|
81 struct auth_request *auth_request); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 |
3609 | 83 struct auth_passdb *passdb_preinit(struct auth *auth, const char *driver, |
4030
faf83f3e19b5
Added support for "master users" who can log in as other people. Currently works only with SASL PLAIN authentication by giving it authorization ID string.
Timo Sirainen <timo.sirainen@movial.fi>
parents:
3863
diff
changeset
|
84 const char *args, unsigned int id); |
3183
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
85 void passdb_init(struct auth_passdb *passdb); |
16ea551957ed
Replaced userdb/passdb settings with blocks so it's possible to give
Timo Sirainen <tss@iki.fi>
parents:
3166
diff
changeset
|
86 void passdb_deinit(struct auth_passdb *passdb); |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 |
6187
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
88 void passdb_register_module(struct passdb_module_interface *iface); |
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
89 void passdb_unregister_module(struct passdb_module_interface *iface); |
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
90 |
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
91 void passdbs_init(void); |
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
92 void passdbs_deinit(void); |
7c81e6d848f6
Added pass/userdb_register_module() functions and used them to register the
Timo Sirainen <tss@iki.fi>
parents:
5598
diff
changeset
|
93 |
3068 | 94 #include "auth-request.h" |
95 | |
1035
fe49ece0f3ea
We have now separate "userdb" and "passdb". They aren't tied to each others
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 #endif |