Mercurial > dovecot > original-hg > dovecot-1.2
changeset 3065:29d83a8bb50d HEAD
Reorganized the code to have less global/static variables.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 07 Jan 2005 21:55:49 +0200 |
parents | 2d33734b16d5 |
children | 34c1cf646467 |
files | src/auth/Makefile.am src/auth/auth-client-connection.c src/auth/auth-client-connection.h src/auth/auth-master-connection.c src/auth/auth-master-connection.h src/auth/auth-request.c src/auth/auth-request.h src/auth/auth.c src/auth/auth.h src/auth/common.h src/auth/main.c src/auth/mech-anonymous.c src/auth/mech-apop.c src/auth/mech-cram-md5.c src/auth/mech-digest-md5.c src/auth/mech-login.c src/auth/mech-ntlm.c src/auth/mech-plain.c src/auth/mech-rpa.c src/auth/mech.c src/auth/mech.h src/auth/passdb.c src/auth/passdb.h src/auth/userdb.c src/auth/userdb.h |
diffstat | 25 files changed, 375 insertions(+), 341 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/Makefile.am Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/Makefile.am Fri Jan 07 21:55:49 2005 +0200 @@ -32,6 +32,7 @@ $(MODULE_LIBS) dovecot_auth_SOURCES = \ + auth.c \ auth-cache.c \ auth-client-connection.c \ auth-master-connection.c \ @@ -71,6 +72,7 @@ userdb-sql.c noinst_HEADERS = \ + auth.h \ auth-cache.h \ auth-client-connection.h \ auth-client-interface.h \
--- a/src/auth/auth-client-connection.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/auth-client-connection.c Fri Jan 07 21:55:49 2005 +0200 @@ -234,7 +234,7 @@ return FALSE; } - request = auth_request_new(mech); + request = auth_request_new(conn->auth, mech); if (request == NULL) return TRUE; hash_insert(conn->auth_requests, POINTER_CAST(id), request); @@ -276,7 +276,7 @@ return FALSE; } - if (ssl_require_client_cert && !valid_client_cert) { + if (request->auth->ssl_require_client_cert && !valid_client_cert) { /* we fail without valid certificate */ if (verbose) { i_info("ssl-cert-check(%s): " @@ -450,6 +450,7 @@ pool = pool_alloconly_create("Auth client", 4096); conn = p_new(pool, struct auth_client_connection, 1); conn->pool = pool; + conn->auth = master->auth; conn->master = master; conn->refcount = 1; conn->connect_uid = ++connect_uid_counter; @@ -474,8 +475,8 @@ AUTH_CLIENT_PROTOCOL_MINOR_VERSION, master->pid, conn->connect_uid); - iov[0].iov_base = str_data(mech_handshake); - iov[0].iov_len = str_len(mech_handshake); + iov[0].iov_base = str_data(conn->auth->mech_handshake); + iov[0].iov_len = str_len(conn->auth->mech_handshake); iov[1].iov_base = str_data(str); iov[1].iov_len = str_len(str);
--- a/src/auth/auth-client-connection.h Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/auth-client-connection.h Fri Jan 07 21:55:49 2005 +0200 @@ -4,6 +4,7 @@ struct auth_client_connection { struct auth_client_connection *next; + struct auth *auth; struct auth_master_connection *master; int refcount;
--- a/src/auth/auth-master-connection.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/auth-master-connection.c Fri Jan 07 21:55:49 2005 +0200 @@ -149,7 +149,8 @@ master_request->auth_request = request; conn->refcount++; - userdb->lookup(request, userdb_callback, master_request); + request->auth->userdb->lookup(request, userdb_callback, + master_request); } return TRUE; } @@ -256,11 +257,12 @@ } struct auth_master_connection * -auth_master_connection_create(int fd, unsigned int pid) +auth_master_connection_create(struct auth *auth, int fd, unsigned int pid) { struct auth_master_connection *conn; conn = i_new(struct auth_master_connection, 1); + conn->auth = auth; conn->refcount = 1; conn->pid = pid; conn->fd = fd;
--- a/src/auth/auth-master-connection.h Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/auth-master-connection.h Fri Jan 07 21:55:49 2005 +0200 @@ -2,6 +2,8 @@ #define __AUTH_MASTER_CONNECTION_H struct auth_master_connection { + struct auth *auth; + unsigned int pid; int refcount; @@ -21,7 +23,7 @@ #define AUTH_MASTER_IS_DUMMY(master) (master->fd == -1) struct auth_master_connection * -auth_master_connection_create(int fd, unsigned int pid); +auth_master_connection_create(struct auth *auth, int fd, unsigned int pid); void auth_master_connection_send_handshake(struct auth_master_connection *conn); void auth_master_connection_destroy(struct auth_master_connection *conn);
--- a/src/auth/auth-request.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/auth-request.c Fri Jan 07 21:55:49 2005 +0200 @@ -23,7 +23,8 @@ static buffer_t *auth_failures_buf; static struct timeout *to_auth_failures; -struct auth_request *auth_request_new(struct mech_module *mech) +struct auth_request *auth_request_new(struct auth *auth, + struct mech_module *mech) { struct auth_request *request; @@ -31,6 +32,7 @@ if (request == NULL) return NULL; + request->auth = auth; request->mech = mech; request->created = ioloop_time; return request; @@ -115,6 +117,37 @@ return FALSE; } +int auth_request_set_username(struct auth_request *request, + const char *username, const char **error_r) +{ + unsigned char *p; + + if (*username == '\0') { + /* Some PAM plugins go nuts with empty usernames */ + *error_r = "Empty username"; + return FALSE; + } + + if (strchr(username, '@') == NULL && + request->auth->default_realm != NULL) { + request->user = p_strconcat(request->pool, username, "@", + request->auth->default_realm, NULL); + } else { + request->user = p_strdup(request->pool, username); + } + + for (p = (unsigned char *)request->user; *p != '\0'; p++) { + if (request->auth->username_translation[*p & 0xff] != 0) + *p = request->auth->username_translation[*p & 0xff]; + if (request->auth->username_chars[*p & 0xff] == 0) { + *error_r = "Username contains disallowed characters"; + return FALSE; + } + } + + return TRUE; +} + struct auth_request_extra * auth_request_extra_begin(struct auth_request *request, const char *user_password)
--- a/src/auth/auth-request.h Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/auth-request.h Fri Jan 07 21:55:49 2005 +0200 @@ -14,6 +14,7 @@ const char *extra_fields; struct mech_module *mech; + struct auth *auth; struct auth_client_connection *conn; unsigned int id; @@ -38,11 +39,15 @@ void auth_request_fail(struct auth_request *request); void auth_request_internal_failure(struct auth_request *request); -struct auth_request *auth_request_new(struct mech_module *mech); +struct auth_request *auth_request_new(struct auth *auth, + struct mech_module *mech); void auth_request_destroy(struct auth_request *request); void auth_request_ref(struct auth_request *request); int auth_request_unref(struct auth_request *request); +int auth_request_set_username(struct auth_request *request, + const char *username, const char **error_r); + struct auth_request_extra * auth_request_extra_begin(struct auth_request *request, const char *password); void auth_request_extra_next(struct auth_request_extra *extra,
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/auth/auth.c Fri Jan 07 21:55:49 2005 +0200 @@ -0,0 +1,170 @@ +/* Copyright (C) 2005 Timo Sirainen */ + +#include "common.h" +#include "str.h" +#include "mech.h" +#include "userdb.h" +#include "passdb.h" +#include "auth.h" + +#include <stdlib.h> + +struct auth *auth_preinit(void) +{ + struct auth *auth; + const char *env; + + auth = i_new(struct auth, 1); + + env = getenv("PASSDB"); + if (env == NULL) + i_fatal("PASSDB environment is unset"); + passdb_preinit(auth, env); + + env = getenv("USERDB"); + if (env == NULL) + i_fatal("USERDB environment is unset"); + userdb_preinit(auth, env); + return auth; +} + +const string_t *auth_mechanisms_get_list(struct auth *auth) +{ + struct mech_module_list *list; + string_t *str; + + str = t_str_new(128); + for (list = auth->mech_modules; list != NULL; list = list->next) + str_append(str, list->module.mech_name); + + return str; +} + +static void auth_mech_register(struct auth *auth, struct mech_module *mech) +{ + struct mech_module_list *list; + + list = i_new(struct mech_module_list, 1); + list->module = *mech; + + str_printfa(auth->mech_handshake, "MECH\t%s", mech->mech_name); + if ((mech->flags & MECH_SEC_PRIVATE) != 0) + str_append(auth->mech_handshake, "\tprivate"); + if ((mech->flags & MECH_SEC_ANONYMOUS) != 0) + str_append(auth->mech_handshake, "\tanonymous"); + if ((mech->flags & MECH_SEC_PLAINTEXT) != 0) + str_append(auth->mech_handshake, "\tplaintext"); + if ((mech->flags & MECH_SEC_DICTIONARY) != 0) + str_append(auth->mech_handshake, "\tdictionary"); + if ((mech->flags & MECH_SEC_ACTIVE) != 0) + str_append(auth->mech_handshake, "\tactive"); + if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0) + str_append(auth->mech_handshake, "\tforward-secrecy"); + if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0) + str_append(auth->mech_handshake, "\tmutual-auth"); + str_append_c(auth->mech_handshake, '\n'); + + list->next = auth->mech_modules; + auth->mech_modules = list; +} + +static void auth_mech_list_verify_passdb(struct auth *auth) +{ + struct mech_module_list *list; + + for (list = auth->mech_modules; list != NULL; list = list->next) { + if (list->module.passdb_need_plain && + auth->passdb->verify_plain == NULL) + break; + if (list->module.passdb_need_credentials && + auth->passdb->lookup_credentials == NULL) + break; + } + + if (list != NULL) { + i_fatal("Passdb %s doesn't support %s method", + auth->passdb->name, list->module.mech_name); + } +} + +void auth_init(struct auth *auth) +{ + struct mech_module *mech; + const char *const *mechanisms; + const char *env; + + passdb_init(auth); + userdb_init(auth); + + auth->mech_handshake = str_new(default_pool, 512); + + auth->anonymous_username = getenv("ANONYMOUS_USERNAME"); + if (auth->anonymous_username != NULL && + *auth->anonymous_username == '\0') + auth->anonymous_username = NULL; + + /* register wanted mechanisms */ + env = getenv("MECHANISMS"); + if (env == NULL) + i_fatal("MECHANISMS environment is unset"); + + mechanisms = t_strsplit_spaces(env, " "); + while (*mechanisms != NULL) { + if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) { + if (auth->anonymous_username == NULL) { + i_fatal("ANONYMOUS listed in mechanisms, " + "but anonymous_username not given"); + } + } + mech = mech_module_find(*mechanisms); + if (mech == NULL) { + i_fatal("Unknown authentication mechanism '%s'", + *mechanisms); + } + auth_mech_register(auth, mech); + + mechanisms++; + } + + if (auth->mech_modules == NULL) + i_fatal("No authentication mechanisms configured"); + auth_mech_list_verify_passdb(auth); + + /* get our realm - note that we allocate from data stack so + this function should never be called inside I/O loop or anywhere + else where t_pop() is called */ + env = getenv("REALMS"); + if (env == NULL) + env = ""; + auth->auth_realms = t_strsplit_spaces(env, " "); + + auth->default_realm = getenv("DEFAULT_REALM"); + if (auth->default_realm != NULL && *auth->default_realm == '\0') + auth->default_realm = NULL; + + env = getenv("USERNAME_CHARS"); + if (env == NULL || *env == '\0') { + /* all chars are allowed */ + memset(auth->username_chars, 1, sizeof(auth->username_chars)); + } else { + for (; *env != '\0'; env++) + auth->username_chars[(int)(uint8_t)*env] = 1; + } + + env = getenv("USERNAME_TRANSLATION"); + if (env != NULL) { + for (; *env != '\0' && env[1] != '\0'; env += 2) + auth->username_translation[(int)(uint8_t)*env] = env[1]; + } + + auth->ssl_require_client_cert = + getenv("SSL_REQUIRE_CLIENT_CERT") != NULL; +} + +void auth_deinit(struct auth *auth) +{ + userdb_deinit(auth); + passdb_deinit(auth); + + str_free(auth->mech_handshake); +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/auth/auth.h Fri Jan 07 21:55:49 2005 +0200 @@ -0,0 +1,32 @@ +#ifndef __AUTH_H +#define __AUTH_H + +struct auth { + struct mech_module_list *mech_modules; + buffer_t *mech_handshake; + + struct passdb_module *passdb; + struct userdb_module *userdb; + +#ifdef HAVE_MODULES + struct auth_module *passdb_module; + struct auth_module *userdb_module; +#endif + + char *passdb_args, *userdb_args; + + const char *const *auth_realms; + const char *default_realm; + const char *anonymous_username; + char username_chars[256]; + char username_translation[256]; + int ssl_require_client_cert; +}; + +const string_t *auth_mechanisms_get_list(struct auth *auth); + +struct auth *auth_preinit(void); +void auth_init(struct auth *auth); +void auth_deinit(struct auth *auth); + +#endif
--- a/src/auth/common.h Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/common.h Fri Jan 07 21:55:49 2005 +0200 @@ -2,6 +2,7 @@ #define __COMMON_H #include "lib.h" +#include "auth.h" #define MASTER_SOCKET_FD 0 #define LOGIN_LISTEN_FD 3
--- a/src/auth/main.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/main.c Fri Jan 07 21:55:49 2005 +0200 @@ -8,10 +8,9 @@ #include "restrict-access.h" #include "fd-close-on-exec.h" #include "randgen.h" +#include "password-scheme.h" #include "mech.h" -#include "userdb.h" -#include "passdb.h" -#include "password-scheme.h" +#include "auth.h" #include "auth-request.h" #include "auth-master-connection.h" #include "auth-client-connection.h" @@ -29,6 +28,7 @@ int standalone = FALSE; static buffer_t *masters_buf; +static struct auth *auth; static void sig_quit(int signo __attr_unused__) { @@ -153,7 +153,7 @@ str = t_strdup_printf("AUTH_%u_MASTER", i); master_fd = create_unix_listener(str); - master = auth_master_connection_create(-1, getpid()); + master = auth_master_connection_create(auth, -1, getpid()); if (master_fd != -1) { auth_master_connection_add_listener(master, master_fd, master_path, FALSE); @@ -180,8 +180,7 @@ /* Initialize databases so their configuration files can be readable only by root. Also load all modules here. */ - userdb_preinit(); - passdb_preinit(); + auth = auth_preinit(); password_schemes_init(); masters_buf = buffer_create_dynamic(default_pool, 64); @@ -198,12 +197,11 @@ const char *env; unsigned int pid; - userdb_init(); - passdb_init(); + mech_init(); + auth_init(auth); + auth_requests_init(); lib_init_signals(sig_quit); - mech_init(); - auth_requests_init(); env = getenv("AUTH_PROCESS"); standalone = env == NULL; @@ -237,7 +235,8 @@ if (pid == 0) i_fatal("AUTH_PROCESS can't be 0"); - master = auth_master_connection_create(MASTER_SOCKET_FD, pid); + master = auth_master_connection_create(auth, MASTER_SOCKET_FD, + pid); auth_master_connection_add_listener(master, LOGIN_LISTEN_FD, NULL, TRUE); auth_client_connections_init(master); @@ -267,9 +266,8 @@ auth_master_connection_destroy(master[i]); password_schemes_deinit(); - passdb_deinit(); - userdb_deinit(); auth_requests_deinit(); + auth_deinit(auth); mech_deinit(); random_deinit();
--- a/src/auth/mech-anonymous.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-anonymous.c Fri Jan 07 21:55:49 2005 +0200 @@ -8,7 +8,7 @@ const unsigned char *data, size_t data_size, mech_callback_t *callback) { - i_assert(anonymous_username != NULL); + i_assert(request->auth->anonymous_username != NULL); if (verbose) { /* temporarily set the user to the one that was given, @@ -20,7 +20,8 @@ } request->callback = callback; - request->user = p_strdup(request->pool, anonymous_username); + request->user = p_strdup(request->pool, + request->auth->anonymous_username); auth_request_success(request, NULL, 0); }
--- a/src/auth/mech-apop.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-apop.c Fri Jan 07 21:55:49 2005 +0200 @@ -129,8 +129,8 @@ } tmp++; - auth_request->user = p_strdup(request->pool, (const char *)username); - if (!mech_fix_username(auth_request->user, &error)) { + if (!auth_request_set_username(auth_request, (const char *)username, + &error)) { if (verbose) { i_info("apop(%s): %s", get_log_prefix(auth_request), error); @@ -141,7 +141,8 @@ memcpy(request->digest, tmp, sizeof(request->digest)); - passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_PLAINTEXT, + auth_request->auth->passdb-> + lookup_credentials(auth_request, PASSDB_CREDENTIALS_PLAINTEXT, apop_credentials_callback); }
--- a/src/auth/mech-cram-md5.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-cram-md5.c Fri Jan 07 21:55:49 2005 +0200 @@ -144,11 +144,10 @@ if (parse_cram_response(request, data, data_size, &error)) { auth_request->callback = callback; - auth_request->user = - p_strdup(auth_request->pool, request->username); - - if (mech_fix_username(auth_request->user, &error)) { - passdb->lookup_credentials(auth_request, + if (auth_request_set_username(auth_request, request->username, + &error)) { + auth_request->auth->passdb-> + lookup_credentials(auth_request, PASSDB_CREDENTIALS_CRAM_MD5, credentials_callback); return;
--- a/src/auth/mech-digest-md5.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-digest-md5.c Fri Jan 07 21:55:49 2005 +0200 @@ -54,6 +54,7 @@ static string_t *get_digest_challenge(struct digest_auth_request *request) { + struct auth *auth = request->auth_request.auth; buffer_t *buf; string_t *str; const char *const *tmp; @@ -84,7 +85,7 @@ str = t_str_new(256); - for (tmp = auth_realms; *tmp != NULL; tmp++) { + for (tmp = auth->auth_realms; *tmp != NULL; tmp++) { str_printfa(str, "realm=\"%s\"", *tmp); str_append_c(str, ','); } @@ -225,14 +226,15 @@ return TRUE; } -static int verify_realm(const char *realm) +static int verify_realm(struct digest_auth_request *request, const char *realm) { const char *const *tmp; if (*realm == '\0') return TRUE; - for (tmp = auth_realms; *tmp != NULL; tmp++) { + tmp = request->auth_request.auth->auth_realms; + for (; *tmp != NULL; tmp++) { if (strcasecmp(realm, *tmp) == 0) return TRUE; } @@ -301,7 +303,7 @@ str_lcase(key); if (strcmp(key, "realm") == 0) { - if (!verify_realm(value)) { + if (!verify_realm(request, value)) { *error = "Invalid realm"; return FALSE; } @@ -550,7 +552,7 @@ { struct digest_auth_request *request = (struct digest_auth_request *)auth_request; - const char *error, *realm; + const char *username, *error; if (request->authenticated) { /* authentication is done, we were just waiting the last @@ -562,18 +564,13 @@ if (parse_digest_response(request, data, data_size, &error)) { auth_request->callback = callback; - realm = request->realm != NULL ? request->realm : default_realm; - if (realm == NULL) { - auth_request->user = p_strdup(auth_request->pool, - request->username); - } else { - auth_request->user = p_strconcat(auth_request->pool, - request->username, "@", - realm, NULL); - } + username = request->realm == NULL ? request->username : + t_strconcat(request->username, "@", + request->realm, NULL); - if (mech_fix_username(auth_request->user, &error)) { - passdb->lookup_credentials(auth_request, + if (auth_request_set_username(auth_request, username, &error)) { + auth_request->auth->passdb-> + lookup_credentials(auth_request, PASSDB_CREDENTIALS_DIGEST_MD5, credentials_callback); return;
--- a/src/auth/mech-login.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-login.c Fri Jan 07 21:55:49 2005 +0200 @@ -36,14 +36,14 @@ mech_callback_t *callback) { static const char prompt2[] = "Password:"; - const char *error; + const char *username, *error; request->callback = callback; if (request->user == NULL) { - request->user = p_strndup(request->pool, data, data_size); + username = t_strndup(data, data_size); - if (!mech_fix_username(request->user, &error)) { + if (!auth_request_set_username(request, username, &error)) { if (verbose) { i_info("login(%s): %s", get_log_prefix(request), error); @@ -56,7 +56,8 @@ prompt2, strlen(prompt2)); } else { char *pass = p_strndup(unsafe_data_stack_pool, data, data_size); - passdb->verify_plain(request, pass, verify_callback); + request->auth->passdb->verify_plain(request, pass, + verify_callback); safe_memset(pass, 0, strlen(pass)); } }
--- a/src/auth/mech-ntlm.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-ntlm.c Fri Jan 07 21:55:49 2005 +0200 @@ -175,7 +175,8 @@ /* NTLM credentials not found or didn't want to use them, try with LM credentials */ - passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN, + auth_request->auth->passdb-> + lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN, lm_credentials_callback); } @@ -220,7 +221,7 @@ } else { const struct ntlmssp_response *response = (struct ntlmssp_response *)data; - char *username; + const char *username; if (!ntlmssp_check_response(response, data_size, &error)) { if (verbose) { @@ -235,11 +236,10 @@ request->response = p_malloc(request->pool, data_size); memcpy(request->response, response, data_size); - username = p_strdup(auth_request->pool, - ntlmssp_t_str(request->response, user, - request->unicode_negotiated)); + username = ntlmssp_t_str(request->response, user, + request->unicode_negotiated); - if (!mech_fix_username(username, &error)) { + if (!auth_request_set_username(auth_request, username, &error)) { if (verbose) { i_info("ntlm(%s): %s", get_log_prefix(auth_request), error); @@ -248,8 +248,8 @@ return; } - auth_request->user = username; - passdb->lookup_credentials(auth_request, + auth_request->auth->passdb-> + lookup_credentials(auth_request, PASSDB_CREDENTIALS_NTLM, ntlm_credentials_callback); }
--- a/src/auth/mech-plain.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-plain.c Fri Jan 07 21:55:49 2005 +0200 @@ -60,16 +60,7 @@ } auth_request_fail(request); } else { - /* split and save user/realm */ - if (strchr(authenid, '@') == NULL && default_realm != NULL) { - request->user = p_strconcat(request->pool, - authenid, "@", - default_realm, NULL); - } else { - request->user = p_strdup(request->pool, authenid); - } - - if (!mech_fix_username(request->user, &error)) { + if (!auth_request_set_username(request, authenid, &error)) { /* invalid username */ if (verbose) { i_info("plain(%s): %s", @@ -77,7 +68,8 @@ } auth_request_fail(request); } else { - passdb->verify_plain(request, pass, verify_callback); + request->auth->passdb->verify_plain(request, pass, + verify_callback); } /* make sure it's cleared */
--- a/src/auth/mech-rpa.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech-rpa.c Fri Jan 07 21:55:49 2005 +0200 @@ -238,15 +238,6 @@ return len; } -static char * -rpa_parse_username(pool_t pool, const char *username) -{ - const char *p = strrchr(username, '@'); - - return p == NULL ? p_strdup(pool, username) : - p_strdup_until(pool, username, p); -} - static int rpa_parse_token3(struct rpa_auth_request *request, const void *data, size_t data_size, const char **error) @@ -274,10 +265,11 @@ } p += 2; - user = t_strndup(p, len); + user = t_strcut(t_strndup(p, len), '@'); p += len; - auth_request->user = rpa_parse_username(request->pool, user); + if (!auth_request_set_username(auth_request, user, error)) + return FALSE; request->username_ucs2be = ucs2be_str(request->pool, auth_request->user, &request->username_len); @@ -494,16 +486,8 @@ return; } - if (!mech_fix_username(auth_request->user, &error)) { - if (verbose) { - i_info("rpa(%s): %s", - get_log_prefix(auth_request), error); - } - auth_request_fail(auth_request); - return; - } - - passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA, + auth_request->auth->passdb-> + lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA, rpa_credentials_callback); }
--- a/src/auth/mech.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech.c Fri Jan 07 21:55:49 2005 +0200 @@ -8,14 +8,7 @@ #include <stdlib.h> -struct mech_module_list *mech_modules; -string_t *mech_handshake; - -const char *const *auth_realms; -const char *default_realm; -const char *anonymous_username; -char username_chars[256], username_translation[256]; -int ssl_require_client_cert; +static struct mech_module_list *mech_modules; void mech_register_module(struct mech_module *module) { @@ -24,23 +17,6 @@ list = i_new(struct mech_module_list, 1); list->module = *module; - str_printfa(mech_handshake, "MECH\t%s", module->mech_name); - if ((module->flags & MECH_SEC_PRIVATE) != 0) - str_append(mech_handshake, "\tprivate"); - if ((module->flags & MECH_SEC_ANONYMOUS) != 0) - str_append(mech_handshake, "\tanonymous"); - if ((module->flags & MECH_SEC_PLAINTEXT) != 0) - str_append(mech_handshake, "\tplaintext"); - if ((module->flags & MECH_SEC_DICTIONARY) != 0) - str_append(mech_handshake, "\tdictionary"); - if ((module->flags & MECH_SEC_ACTIVE) != 0) - str_append(mech_handshake, "\tactive"); - if ((module->flags & MECH_SEC_FORWARD_SECRECY) != 0) - str_append(mech_handshake, "\tforward-secrecy"); - if ((module->flags & MECH_SEC_MUTUAL_AUTH) != 0) - str_append(mech_handshake, "\tmutual-auth"); - str_append_c(mech_handshake, '\n'); - list->next = mech_modules; mech_modules = list; } @@ -59,18 +35,6 @@ } } -const string_t *auth_mechanisms_get_list(void) -{ - struct mech_module_list *list; - string_t *str; - - str = t_str_new(128); - for (list = mech_modules; list != NULL; list = list->next) - str_append(str, list->module.mech_name); - - return str; -} - struct mech_module *mech_module_find(const char *name) { struct mech_module_list *list; @@ -82,46 +46,6 @@ return NULL; } -int mech_fix_username(char *username, const char **error_r) -{ - unsigned char *p; - - if (*username == '\0') { - /* Some PAM plugins go nuts with empty usernames */ - *error_r = "Empty username"; - return FALSE; - } - - for (p = (unsigned char *)username; *p != '\0'; p++) { - if (username_translation[*p & 0xff] != 0) - *p = username_translation[*p & 0xff]; - if (username_chars[*p & 0xff] == 0) { - *error_r = "Username contains disallowed characters"; - return FALSE; - } - } - - return TRUE; -} - -static void mech_list_verify_passdb(struct passdb_module *passdb) -{ - struct mech_module_list *list; - - for (list = mech_modules; list != NULL; list = list->next) { - if (list->module.passdb_need_plain && - passdb->verify_plain == NULL) - break; - if (list->module.passdb_need_credentials && - passdb->lookup_credentials == NULL) - break; - } - - if (list != NULL) { - i_fatal("Passdb %s doesn't support %s method", - passdb->name, list->module.mech_name); - } -} extern struct mech_module mech_plain; extern struct mech_module mech_login; extern struct mech_module mech_apop; @@ -133,87 +57,14 @@ void mech_init(void) { - const char *const *mechanisms; - const char *env; - - mech_modules = NULL; - mech_handshake = str_new(default_pool, 512); - - anonymous_username = getenv("ANONYMOUS_USERNAME"); - if (anonymous_username != NULL && *anonymous_username == '\0') - anonymous_username = NULL; - - /* register wanted mechanisms */ - env = getenv("MECHANISMS"); - if (env == NULL || *env == '\0') - i_fatal("MECHANISMS environment is unset"); - - mechanisms = t_strsplit_spaces(env, " "); - while (*mechanisms != NULL) { - if (strcasecmp(*mechanisms, "PLAIN") == 0) - mech_register_module(&mech_plain); - else if (strcasecmp(*mechanisms, "LOGIN") == 0) - mech_register_module(&mech_login); - else if (strcasecmp(*mechanisms, "APOP") == 0) - mech_register_module(&mech_apop); - else if (strcasecmp(*mechanisms, "CRAM-MD5") == 0) - mech_register_module(&mech_cram_md5); - else if (strcasecmp(*mechanisms, "DIGEST-MD5") == 0) - mech_register_module(&mech_digest_md5); - else if (strcasecmp(*mechanisms, "NTLM") == 0) - mech_register_module(&mech_ntlm); - else if (strcasecmp(*mechanisms, "RPA") == 0) - mech_register_module(&mech_rpa); - else if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) { - if (anonymous_username == NULL) { - i_fatal("ANONYMOUS listed in mechanisms, " - "but anonymous_username not given"); - } - mech_register_module(&mech_anonymous); - } else { - i_fatal("Unknown authentication mechanism '%s'", - *mechanisms); - } - - mechanisms++; - } - - if (mech_modules == NULL) - i_fatal("No authentication mechanisms configured"); - mech_list_verify_passdb(passdb); - - /* get our realm - note that we allocate from data stack so - this function should never be called inside I/O loop or anywhere - else where t_pop() is called */ - env = getenv("REALMS"); - if (env == NULL) - env = ""; - auth_realms = t_strsplit_spaces(env, " "); - - default_realm = getenv("DEFAULT_REALM"); - if (default_realm != NULL && *default_realm == '\0') - default_realm = NULL; - - env = getenv("USERNAME_CHARS"); - if (env == NULL || *env == '\0') { - /* all chars are allowed */ - memset(username_chars, 1, sizeof(username_chars)); - } else { - memset(username_chars, 0, sizeof(username_chars)); - for (; *env != '\0'; env++) - username_chars[((unsigned char)*env) & 0xff] = 1; - } - - env = getenv("USERNAME_TRANSLATION"); - memset(username_translation, 0, sizeof(username_translation)); - if (env != NULL) { - for (; *env != '\0' && env[1] != '\0'; env += 2) { - username_translation[((unsigned char)*env) & 0xff] = - env[1]; - } - } - - ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL; + mech_register_module(&mech_plain); + mech_register_module(&mech_login); + mech_register_module(&mech_apop); + mech_register_module(&mech_cram_md5); + mech_register_module(&mech_digest_md5); + mech_register_module(&mech_ntlm); + mech_register_module(&mech_rpa); + mech_register_module(&mech_anonymous); } void mech_deinit(void) @@ -226,6 +77,4 @@ mech_unregister_module(&mech_ntlm); mech_unregister_module(&mech_rpa); mech_unregister_module(&mech_anonymous); - - str_free(mech_handshake); }
--- a/src/auth/mech.h Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/mech.h Fri Jan 07 21:55:49 2005 +0200 @@ -40,23 +40,10 @@ struct mech_module module; }; -extern struct mech_module_list *mech_modules; -extern buffer_t *mech_handshake; - -extern const char *const *auth_realms; -extern const char *default_realm; -extern const char *anonymous_username; -extern char username_chars[256]; -extern int ssl_require_client_cert; - void mech_register_module(struct mech_module *module); void mech_unregister_module(struct mech_module *module); struct mech_module *mech_module_find(const char *name); -const string_t *auth_mechanisms_get_list(void); - -int mech_fix_username(char *username, const char **error_r); - void mech_init(void); void mech_deinit(void);
--- a/src/auth/passdb.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/passdb.c Fri Jan 07 21:55:49 2005 +0200 @@ -8,10 +8,6 @@ #include <stdlib.h> -#ifdef HAVE_MODULES -static struct auth_module *passdb_module = NULL; -#endif - struct passdb_module *passdbs[] = { #ifdef PASSDB_PASSWD &passdb_passwd, @@ -43,9 +39,6 @@ NULL }; -struct passdb_module *passdb; -static char *passdb_args; - static const char * passdb_credentials_to_str(enum passdb_credentials credentials) { @@ -116,62 +109,59 @@ callback(PASSDB_RESULT_OK, password, auth_request); } -void passdb_preinit(void) +void passdb_preinit(struct auth *auth, const char *data) { struct passdb_module **p; const char *name, *args; - name = getenv("PASSDB"); - if (name == NULL) - i_fatal("PASSDB environment is unset"); - - args = strchr(name, ' '); - name = t_strcut(name, ' '); + args = strchr(data, ' '); + name = t_strcut(data, ' '); if (args == NULL) args = ""; while (*args == ' ' || *args == '\t') args++; - passdb_args = i_strdup(args); + auth->passdb_args = i_strdup(args); - passdb = NULL; for (p = passdbs; *p != NULL; p++) { if (strcmp((*p)->name, name) == 0) { - passdb = *p; + auth->passdb = *p; break; } } #ifdef HAVE_MODULES - passdb_module = passdb != NULL ? NULL : auth_module_open(name); - if (passdb_module != NULL) { - passdb = auth_module_sym(passdb_module, - t_strconcat("passdb_", name, NULL)); + auth->passdb_module = auth->passdb != NULL ? NULL : + auth_module_open(name); + if (auth->passdb_module != NULL) { + auth->passdb = auth_module_sym(auth->passdb_module, + t_strconcat("passdb_", name, + NULL)); } #endif - if (passdb == NULL) + if (auth->passdb == NULL) i_fatal("Unknown passdb type '%s'", name); - if (passdb->preinit != NULL) - passdb->preinit(passdb_args); + if (auth->passdb->preinit != NULL) + auth->passdb->preinit(auth->passdb_args); } -void passdb_init(void) +void passdb_init(struct auth *auth) { passdb_cache_init(); - if (passdb->init != NULL) - passdb->init(passdb_args); + if (auth->passdb->init != NULL) + auth->passdb->init(auth->passdb_args); } -void passdb_deinit(void) +void passdb_deinit(struct auth *auth) { - if (passdb != NULL && passdb->deinit != NULL) - passdb->deinit(); + if (auth->passdb->deinit != NULL) + auth->passdb->deinit(); #ifdef HAVE_MODULES - if (passdb_module != NULL) - auth_module_close(passdb_module); + if (auth->passdb_module != NULL) + auth_module_close(auth->passdb_module); #endif passdb_cache_deinit(); - i_free(passdb_args); + i_free(auth->passdb_args); }
--- a/src/auth/passdb.h Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/passdb.h Fri Jan 07 21:55:49 2005 +0200 @@ -58,8 +58,6 @@ lookup_credentials_callback_t *callback, struct auth_request *auth_request); -extern struct passdb_module *passdb; - extern struct passdb_module passdb_passwd; extern struct passdb_module passdb_bsdauth; extern struct passdb_module passdb_shadow; @@ -70,8 +68,8 @@ extern struct passdb_module passdb_ldap; extern struct passdb_module passdb_sql; -void passdb_preinit(void); -void passdb_init(void); -void passdb_deinit(void); +void passdb_preinit(struct auth *auth, const char *data); +void passdb_init(struct auth *auth); +void passdb_deinit(struct auth *auth); #endif
--- a/src/auth/userdb.c Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/userdb.c Fri Jan 07 21:55:49 2005 +0200 @@ -8,10 +8,6 @@ #include <pwd.h> #include <grp.h> -#ifdef HAVE_MODULES -static struct auth_module *userdb_module = NULL; -#endif - struct userdb_module *userdbs[] = { #ifdef USERDB_PASSWD &userdb_passwd, @@ -37,9 +33,6 @@ NULL }; -struct userdb_module *userdb; -static char *userdb_args; - uid_t userdb_parse_uid(struct auth_request *request, const char *str) { struct passwd *pw; @@ -76,59 +69,56 @@ return gr->gr_gid; } -void userdb_preinit(void) +void userdb_preinit(struct auth *auth, const char *data) { struct userdb_module **p; const char *name, *args; - name = getenv("USERDB"); - if (name == NULL) - i_fatal("USERDB environment is unset"); - - args = strchr(name, ' '); - name = t_strcut(name, ' '); + args = strchr(data, ' '); + name = t_strcut(data, ' '); if (args == NULL) args = ""; while (*args == ' ' || *args == '\t') args++; - userdb_args = i_strdup(args); + auth->userdb_args = i_strdup(args); - userdb = NULL; for (p = userdbs; *p != NULL; p++) { if (strcmp((*p)->name, name) == 0) { - userdb = *p; + auth->userdb = *p; break; } } #ifdef HAVE_MODULES - userdb_module = userdb != NULL ? NULL : auth_module_open(name); - if (userdb_module != NULL) { - userdb = auth_module_sym(userdb_module, - t_strconcat("userdb_", name, NULL)); + auth->userdb_module = auth->userdb != NULL ? NULL : + auth_module_open(name); + if (auth->userdb_module != NULL) { + auth->userdb = auth_module_sym(auth->userdb_module, + t_strconcat("userdb_", name, + NULL)); } #endif - if (userdb == NULL) + if (auth->userdb == NULL) i_fatal("Unknown userdb type '%s'", name); - if (userdb->preinit != NULL) - userdb->preinit(args); + if (auth->userdb->preinit != NULL) + auth->userdb->preinit(args); } -void userdb_init(void) +void userdb_init(struct auth *auth) { - if (userdb->init != NULL) - userdb->init(userdb_args); + if (auth->userdb->init != NULL) + auth->userdb->init(auth->userdb_args); } -void userdb_deinit(void) +void userdb_deinit(struct auth *auth) { - if (userdb != NULL && userdb->deinit != NULL) - userdb->deinit(); + if (auth->userdb->deinit != NULL) + auth->userdb->deinit(); #ifdef HAVE_MODULES - if (userdb_module != NULL) - auth_module_close(userdb_module); + if (auth->userdb_module != NULL) + auth_module_close(auth->userdb_module); #endif - i_free(userdb_args); + i_free(auth->userdb_args); }
--- a/src/auth/userdb.h Fri Jan 07 20:51:10 2005 +0200 +++ b/src/auth/userdb.h Fri Jan 07 21:55:49 2005 +0200 @@ -26,8 +26,6 @@ userdb_callback_t *callback, void *context); }; -extern struct userdb_module *userdb; - extern struct userdb_module userdb_passdb; extern struct userdb_module userdb_static; extern struct userdb_module userdb_passwd; @@ -39,8 +37,8 @@ uid_t userdb_parse_uid(struct auth_request *request, const char *str); gid_t userdb_parse_gid(struct auth_request *request, const char *str); -void userdb_preinit(void); -void userdb_init(void); -void userdb_deinit(void); +void userdb_preinit(struct auth *auth, const char *data); +void userdb_init(struct auth *auth); +void userdb_deinit(struct auth *auth); #endif