# HG changeset patch # User Timo Sirainen # Date 1114515810 -10800 # Node ID e5ce49c8524ad0d32393805d46acd6f69575fd6a # Parent b47043d0d131af6fe5967e2a11d157ba6b9d19d5 USER auth command requires now service parameter and supports also others parameters. Fixes a crash in dovecot-auth with deliver+mysql. diff -r b47043d0d131 -r e5ce49c8524a doc/auth-protocol.txt --- a/doc/auth-protocol.txt Tue Apr 26 14:08:16 2005 +0300 +++ b/doc/auth-protocol.txt Tue Apr 26 14:43:30 2005 +0300 @@ -85,7 +85,7 @@ Authentication Request ---------------------- - C: "AUTH" TAB TAB  [TAB ] + C: "AUTH" TAB TAB TAB service= [TAB ] S1: "FAIL" TAB [TAB ] S2: "CONT" TAB TAB @@ -94,11 +94,12 @@ ID is a connection-specific unique request identifier. It must be a 32bit number, so typically you'd just increment it by one. +Service is the service requesting authentication, eg. POP3, IMAP, SMTP. + AUTH parameters are: - lip= : Local IP - in standard string format, - rip= : Remote IP - ie. for IPv4 127.0.0.1 and for IPv6 ::1 - - service= : Service name (eg. POP3, IMAP, SMTP) - resp= : Initial response for authentication mechanism - secured : Remote user has secured transport to auth client (eg. localhost, SSL, TLS) @@ -144,7 +145,7 @@ --------------- M: "REQUEST" TAB TAB TAB - M: "USER" TAB TAB + M: "USER" TAB TAB TAB service= [TAB ] M: "DIE" S: "NOTFOUND" TAB @@ -154,6 +155,9 @@ Master commands can request information about existing authentication request, or about a specified user. +USER command's service and parameters are the same as with AUTH client +request. + ID is a connection-specific unique request identifier. It must be a 32bit number, so typically you'd just increment it by one. diff -r b47043d0d131 -r e5ce49c8524a src/auth/auth-master-connection.c --- a/src/auth/auth-master-connection.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-master-connection.c Tue Apr 26 14:43:30 2005 +0300 @@ -97,9 +97,9 @@ master_input_user(struct auth_master_connection *conn, const char *args) { struct auth_request *auth_request; - const char *const *list; + const char *const *list, *name, *arg; - /* */ + /* [] */ list = t_strsplit(args, "\t"); if (list[0] == NULL || list[1] == NULL) { i_error("BUG: Master sent broken USER"); @@ -110,6 +110,26 @@ auth_request->id = (unsigned int)strtoul(list[0], NULL, 10); auth_request->user = p_strdup(auth_request->pool, list[1]); auth_request->context = conn; + + for (list += 2; *list != NULL; list++) { + arg = strchr(*list, '='); + if (arg == NULL) { + name = *list; + arg = ""; + } else { + name = t_strdup_until(*list, arg); + arg++; + } + + (void)auth_request_import(auth_request, name, arg); + } + + if (auth_request->service == NULL) { + i_error("BUG: Master sent USER request without service"); + auth_request_unref(auth_request); + return FALSE; + } + auth_request_lookup_user(auth_request, user_callback); return TRUE; } diff -r b47043d0d131 -r e5ce49c8524a src/auth/auth-request-handler.c --- a/src/auth/auth-request-handler.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-request-handler.c Tue Apr 26 14:43:30 2005 +0300 @@ -274,12 +274,8 @@ arg++; } - if (strcmp(name, "lip") == 0) - (void)net_addr2ip(arg, &request->local_ip); - else if (strcmp(name, "rip") == 0) - (void)net_addr2ip(arg, &request->remote_ip); - else if (strcmp(name, "service") == 0) - request->service = p_strdup(request->pool, arg); + if (auth_request_import(request, name, arg)) + ; else if (strcmp(name, "resp") == 0) initial_resp = arg; else if (strcmp(name, "valid-client-cert") == 0) diff -r b47043d0d131 -r e5ce49c8524a src/auth/auth-request.c --- a/src/auth/auth-request.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-request.c Tue Apr 26 14:43:30 2005 +0300 @@ -101,10 +101,32 @@ str_append(str, request->user); str_append(str, "\tservice="); str_append(str, request->service); - str_append(str, "\tlip="); - str_append(str, net_ip2addr(&request->local_ip)); - str_append(str, "\trip="); - str_append(str, net_ip2addr(&request->remote_ip)); + + if (request->local_ip.family != 0) { + str_append(str, "\tlip="); + str_append(str, net_ip2addr(&request->local_ip)); + } + if (request->remote_ip.family != 0) { + str_append(str, "\trip="); + str_append(str, net_ip2addr(&request->remote_ip)); + } +} + +int auth_request_import(struct auth_request *request, + const char *key, const char *value) +{ + if (strcmp(key, "user") == 0) + request->user = p_strdup(request->pool, value); + if (strcmp(key, "service") == 0) + request->service = p_strdup(request->pool, value); + else if (strcmp(key, "lip") == 0) + net_addr2ip(value, &request->local_ip); + else if (strcmp(key, "rip") == 0) + net_addr2ip(value, &request->remote_ip); + else + return FALSE; + + return TRUE; } void auth_request_initial(struct auth_request *request, diff -r b47043d0d131 -r e5ce49c8524a src/auth/auth-request.h --- a/src/auth/auth-request.h Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-request.h Tue Apr 26 14:43:30 2005 +0300 @@ -73,6 +73,8 @@ void auth_request_internal_failure(struct auth_request *request); void auth_request_export(struct auth_request *request, string_t *str); +int auth_request_import(struct auth_request *request, + const char *key, const char *value); void auth_request_initial(struct auth_request *request, const unsigned char *data, size_t data_size); diff -r b47043d0d131 -r e5ce49c8524a src/auth/auth-worker-client.c --- a/src/auth/auth-worker-client.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-worker-client.c Tue Apr 26 14:43:30 2005 +0300 @@ -61,16 +61,7 @@ key = t_strdup_until(*tmp, value); value++; - if (strcmp(key, "user") == 0) { - auth_request->user = - p_strdup(auth_request->pool, value); - } else if (strcmp(key, "service") == 0) { - auth_request->service = - p_strdup(auth_request->pool, value); - } else if (strcmp(key, "lip") == 0) - net_addr2ip(value, &auth_request->local_ip); - else if (strcmp(key, "rip") == 0) - net_addr2ip(value, &auth_request->remote_ip); + (void)auth_request_import(auth_request, key, value); } t_pop(); @@ -135,6 +126,11 @@ auth_request->mech_password = p_strdup(auth_request->pool, password); + if (auth_request->user == NULL || auth_request->service == NULL) { + i_error("BUG: PASSV had missing parameters"); + return; + } + for (; num > 0; num--) { auth_request->passdb = auth_request->passdb->next; if (auth_request->passdb == NULL) { @@ -200,6 +196,11 @@ auth_request = worker_auth_request_new(client, id, args); auth_request->credentials = credentials; + if (auth_request->user == NULL || auth_request->service == NULL) { + i_error("BUG: PASSL had missing parameters"); + return; + } + for (; num > 0; num--) { auth_request->passdb = auth_request->passdb->next; if (auth_request->passdb == NULL) { @@ -244,6 +245,11 @@ auth_request = worker_auth_request_new(client, id, args); + if (auth_request->user == NULL || auth_request->service == NULL) { + i_error("BUG: USER had missing parameters"); + return; + } + for (; num > 0; num--) { auth_request->userdb = auth_request->userdb->next; if (auth_request->userdb == NULL) { diff -r b47043d0d131 -r e5ce49c8524a src/deliver/deliver.c --- a/src/deliver/deliver.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/deliver/deliver.c Tue Apr 26 14:43:30 2005 +0300 @@ -233,8 +233,9 @@ return EX_TEMPFAIL; o_stream_send_str(conn->output, - t_strconcat("VERSION\t1\t0\nUSER\t1\t", - destination, "\n", NULL)); + t_strconcat("VERSION\t1\t0\n" + "USER\t1\t", destination, "\t" + "service=deliver\n", NULL)); io_loop_run(ioloop); return return_value;