Mercurial > dovecot > original-hg > dovecot-1.2

view src/auth/passdb-passwd-file.c @ 3257:92c16e82b806 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
passdb can now change the username that was used to log in. This is mostly useful to support case-insensitive username lookups.
author Timo Sirainen <tss@iki.fi>
date Sun, 03 Apr 2005 01:00:49 +0300
parents e6a487d80288
children 9096b7957413
line wrap: on
line source

/* Copyright (C) 2002-2003 Timo Sirainen */

#include "config.h"
#undef HAVE_CONFIG_H

#ifdef PASSDB_PASSWD_FILE

#include "common.h"
#include "passdb.h"
#include "password-scheme.h"
#include "db-passwd-file.h"

struct passwd_file *passdb_pwf = NULL;

static void
passwd_file_verify_plain(struct auth_request *request, const char *password,
			 verify_plain_callback_t *callback)
{
	struct passwd_user *pu;
	const char *scheme, *crypted_pass;
	int ret;

	pu = db_passwd_file_lookup(passdb_pwf, request);
	if (pu == NULL) {
		callback(PASSDB_RESULT_USER_UNKNOWN, request);
		return;
	}

	/* we use case-sensitive lookups. otherwise we'd have to update
	   request->user to pu->user */
	i_assert(strcmp(request->user, pu->user_realm) == 0);

	crypted_pass = pu->password;
	scheme = password_get_scheme(&crypted_pass);
	if (scheme == NULL) scheme = "CRYPT";

	ret = password_verify(password, crypted_pass, scheme,
			      request->user);
	if (ret > 0)
		callback(PASSDB_RESULT_OK, request);
	else {
		if (ret < 0) {
			auth_request_log_error(request, "passwd-file",
				"unknown password scheme %s", scheme);
		} else {
			auth_request_log_info(request, "passwd-file",
					      "password mismatch");
		}
		callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
	}
}

static void
passwd_file_lookup_credentials(struct auth_request *request,
			       enum passdb_credentials credentials,
			       lookup_credentials_callback_t *callback)
{
	struct passwd_user *pu;
	const char *crypted_pass, *scheme;

	pu = db_passwd_file_lookup(passdb_pwf, request);
	if (pu == NULL) {
		callback(PASSDB_RESULT_USER_UNKNOWN, NULL, request);
		return;
	}

	crypted_pass = pu->password;
	scheme = password_get_scheme(&crypted_pass);

	passdb_handle_credentials(PASSDB_RESULT_OK, credentials, crypted_pass,
				  scheme, callback, request);
}

static void passwd_file_init(const char *args)
{
	if (userdb_pwf != NULL && strcmp(userdb_pwf->path, args) == 0) {
		passdb_pwf = userdb_pwf;
                passdb_pwf->refcount++;
	} else {
		passdb_pwf = db_passwd_file_parse(args, FALSE);
	}
}

static void passwd_file_deinit(void)
{
	db_passwd_file_unref(passdb_pwf);
}

struct passdb_module passdb_passwd_file = {
	"passwd-file",
	NULL, NULL, FALSE,

	NULL,
	passwd_file_init,
	passwd_file_deinit,

	passwd_file_verify_plain,
	passwd_file_lookup_credentials
};

#endif