Mercurial > dovecot > original-hg > dovecot-1.2

diff src/master/login-process.c @ 1035:fe49ece0f3ea HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
We have now separate "userdb" and "passdb". They aren't tied to each others in any way, so it's possible to use whatever user database with whatever password database. Added "static" userdb, which uses same uid/gid for everyone and generates home directory from given template. This could be useful with PAM, although insecure since everyone uses same uid. Not too well tested, and userdb/passdb API still needs to be changed to asynchronous for sql/ldap/etc lookups.
author Timo Sirainen <tss@iki.fi>
date Mon, 27 Jan 2003 03:33:40 +0200
parents 0fbafade2d85
children f782b3319553
line wrap: on
line diff
--- a/src/master/login-process.c	Mon Jan 27 03:27:51 2003 +0200
+++ b/src/master/login-process.c	Mon Jan 27 03:33:40 2003 +0200
@@ -11,7 +11,8 @@
 #include "restrict-process-size.h"
 #include "login-process.h"
 #include "auth-process.h"
-#include "master-interface.h"
+#include "imap-process.h"
+#include "master-login-interface.h"
 
 #include <unistd.h>
 #include <syslog.h>
@@ -31,12 +32,12 @@
 
 struct login_auth_request {
 	struct login_process *process;
-	unsigned int login_id;
-	unsigned int auth_id;
+	unsigned int tag;
+
+	unsigned int login_tag;
 	int fd;
 
 	struct ip_addr ip;
-	char login_tag[LOGIN_TAG_SIZE];
 };
 
 static unsigned int auth_id_counter;
@@ -51,38 +52,30 @@
 static void login_process_destroy(struct login_process *p);
 static void login_process_unref(struct login_process *p);
 
-static void auth_callback(struct auth_cookie_reply_data *cookie_reply,
-			  void *context)
+void auth_master_callback(struct auth_master_reply *reply,
+			  const unsigned char *data, void *context)
 {
 	struct login_auth_request *request = context;
-        struct login_process *process;
-	struct master_reply reply;
+	struct master_login_reply master_reply;
 
-	if (cookie_reply == NULL || !cookie_reply->success)
-		reply.result = MASTER_RESULT_FAILURE;
+	if (reply == NULL || !reply->success)
+		master_reply.success = FALSE;
 	else {
-		reply.result = create_imap_process(request->fd,
-						   &request->ip,
-						   cookie_reply->system_user,
-						   cookie_reply->virtual_user,
-						   cookie_reply->uid,
-						   cookie_reply->gid,
-						   cookie_reply->home,
-						   cookie_reply->chroot,
-						   cookie_reply->mail,
-						   request->login_tag);
+		master_reply.success = create_imap_process(request->fd,
+							   &request->ip,
+							   reply, data);
 	}
 
 	/* reply to login */
-	reply.id = request->login_id;
+	master_reply.tag = request->login_tag;
 
-	process = request->process;
-	if (o_stream_send(process->output, &reply, sizeof(reply)) < 0)
-		login_process_destroy(process);
+	if (o_stream_send(request->process->output, &master_reply,
+			  sizeof(master_reply)) < 0)
+		login_process_destroy(request->process);
 
 	if (close(request->fd) < 0)
 		i_error("close(imap client) failed: %m");
-	login_process_unref(process);
+	login_process_unref(request->process);
 	i_free(request);
 }
 
@@ -113,7 +106,7 @@
 	struct login_process *p = context;
 	struct auth_process *auth_process;
 	struct login_auth_request *authreq;
-	struct master_request req;
+	struct master_login_request req;
 	int client_fd, ret;
 
 	ret = fd_read(p->fd, &req, sizeof(req), &client_fd);
@@ -148,36 +141,25 @@
 		return;
 	}
 
-	/* login process isn't trusted, validate all data to make sure
-	   it's not trying to exploit us */
-	if (!VALIDATE_STR(req.login_tag)) {
-		i_error("login: Received corrupted data");
-		if (close(client_fd) < 0)
-			i_error("close(imap client) failed: %m");
-		login_process_destroy(p);
-		return;
-	}
+	fd_close_on_exec(client_fd, TRUE);
 
 	/* ask the cookie from the auth process */
 	authreq = i_new(struct login_auth_request, 1);
 	p->refcount++;
 	authreq->process = p;
-	authreq->login_id = req.id;
-	authreq->auth_id = ++auth_id_counter;
+	authreq->tag = ++auth_id_counter;
+	authreq->login_tag = req.tag;
 	authreq->fd = client_fd;
-	memcpy(&authreq->ip, &req.ip, sizeof(struct ip_addr));
-	if (strocpy(authreq->login_tag, req.login_tag,
-		    sizeof(authreq->login_tag)) < 0)
-		i_panic("login_tag overflow");
+	authreq->ip = req.ip;
 
-	auth_process = auth_process_find(req.auth_process);
+	auth_process = auth_process_find(req.auth_pid);
 	if (auth_process == NULL) {
 		i_error("login: Authentication process %u doesn't exist",
-			req.auth_process);
-		auth_callback(NULL, authreq);
+			req.auth_pid);
+		auth_master_callback(NULL, NULL, authreq);
 	} else {
-		auth_process_request(p->pid, auth_process, authreq->auth_id,
-				     req.cookie, auth_callback, authreq);
+		auth_process_request(auth_process, p->pid,
+				     req.auth_id, authreq);
 	}
 }
 
@@ -194,7 +176,7 @@
 	p->listening = TRUE;
 	p->io = io_add(fd, IO_READ, login_process_input, p);
 	p->output = o_stream_create_file(fd, default_pool,
-					 sizeof(struct master_reply)*10,
+					 sizeof(struct master_login_reply)*10,
 					 IO_PRIORITY_DEFAULT, FALSE);
 
 	hash_insert(processes, POINTER_CAST(pid), p);
@@ -223,7 +205,7 @@
 		return;
 	p->destroyed = TRUE;
 
-	if (!p->initialized) {
+	if (!p->initialized && io_loop_is_running(ioloop)) {
 		i_error("Login process died too early - shutting down");
 		io_loop_stop(ioloop);
 	}