Mercurial > dovecot > original-hg > dovecot-1.2
view src/auth/passdb.c @ 3058:052f3a5743af HEAD
Make FAIL reply contain "temp" parameter if the authentication failed
because of temporary internal error. Also cleaned up the auth code a bit.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 07 Jan 2005 19:27:20 +0200 |
parents | 6a6e794bb6d3 |
children | 29d83a8bb50d |
line wrap: on
line source
/* Copyright (C) 2002-2003 Timo Sirainen */ #include "common.h" #include "auth-module.h" #include "password-scheme.h" #include "passdb.h" #include "passdb-cache.h" #include <stdlib.h> #ifdef HAVE_MODULES static struct auth_module *passdb_module = NULL; #endif struct passdb_module *passdbs[] = { #ifdef PASSDB_PASSWD &passdb_passwd, #endif #ifdef PASSDB_BSDAUTH &passdb_bsdauth, #endif #ifdef PASSDB_PASSWD_FILE &passdb_passwd_file, #endif #ifdef PASSDB_PAM &passdb_pam, #endif #ifdef PASSDB_CHECKPASSWORD &passdb_checkpassword, #endif #ifdef PASSDB_SHADOW &passdb_shadow, #endif #ifdef PASSDB_VPOPMAIL &passdb_vpopmail, #endif #ifdef PASSDB_LDAP &passdb_ldap, #endif #ifdef PASSDB_SQL &passdb_sql, #endif NULL }; struct passdb_module *passdb; static char *passdb_args; static const char * passdb_credentials_to_str(enum passdb_credentials credentials) { switch (credentials) { case _PASSDB_CREDENTIALS_INTERNAL: break; case PASSDB_CREDENTIALS_PLAINTEXT: return "PLAIN"; case PASSDB_CREDENTIALS_CRYPT: return "CRYPT"; case PASSDB_CREDENTIALS_CRAM_MD5: return "HMAC-MD5"; case PASSDB_CREDENTIALS_DIGEST_MD5: return "DIGEST-MD5"; case PASSDB_CREDENTIALS_LANMAN: return "LANMAN"; case PASSDB_CREDENTIALS_NTLM: return "NTLM"; case PASSDB_CREDENTIALS_RPA: return "RPA"; } return "??"; } void passdb_handle_credentials(enum passdb_result result, enum passdb_credentials credentials, const char *password, const char *scheme, lookup_credentials_callback_t *callback, struct auth_request *auth_request) { const char *wanted_scheme; if (result != PASSDB_RESULT_OK) { callback(result, NULL, auth_request); return; } i_assert(password != NULL); if (credentials == PASSDB_CREDENTIALS_CRYPT) { /* anything goes */ password = t_strdup_printf("{%s}%s", scheme, password); callback(result, password, auth_request); return; } wanted_scheme = passdb_credentials_to_str(credentials); if (strcasecmp(scheme, wanted_scheme) != 0) { if (strcasecmp(scheme, "PLAIN") != 0 && strcasecmp(scheme, "CLEARTEXT") != 0) { if (verbose) { i_info("password(%s): Requested %s " "scheme, but we have only %s", auth_request->user, wanted_scheme, scheme); } callback(PASSDB_RESULT_SCHEME_NOT_AVAILABLE, NULL, auth_request); return; } /* we can generate anything out of plaintext passwords */ password = password_generate(password, auth_request->user, wanted_scheme); i_assert(password != NULL); } callback(PASSDB_RESULT_OK, password, auth_request); } void passdb_preinit(void) { struct passdb_module **p; const char *name, *args; name = getenv("PASSDB"); if (name == NULL) i_fatal("PASSDB environment is unset"); args = strchr(name, ' '); name = t_strcut(name, ' '); if (args == NULL) args = ""; while (*args == ' ' || *args == '\t') args++; passdb_args = i_strdup(args); passdb = NULL; for (p = passdbs; *p != NULL; p++) { if (strcmp((*p)->name, name) == 0) { passdb = *p; break; } } #ifdef HAVE_MODULES passdb_module = passdb != NULL ? NULL : auth_module_open(name); if (passdb_module != NULL) { passdb = auth_module_sym(passdb_module, t_strconcat("passdb_", name, NULL)); } #endif if (passdb == NULL) i_fatal("Unknown passdb type '%s'", name); if (passdb->preinit != NULL) passdb->preinit(passdb_args); } void passdb_init(void) { passdb_cache_init(); if (passdb->init != NULL) passdb->init(passdb_args); } void passdb_deinit(void) { if (passdb != NULL && passdb->deinit != NULL) passdb->deinit(); #ifdef HAVE_MODULES if (passdb_module != NULL) auth_module_close(passdb_module); #endif passdb_cache_deinit(); i_free(passdb_args); }