Mercurial > dovecot > original-hg > dovecot-1.2

changeset 3338:e5ce49c8524a HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
USER auth command requires now service parameter and supports also others parameters. Fixes a crash in dovecot-auth with deliver+mysql.
author Timo Sirainen <tss@iki.fi>
date Tue, 26 Apr 2005 14:43:30 +0300
parents b47043d0d131
children 5cf828dbcd32
files doc/auth-protocol.txt src/auth/auth-master-connection.c src/auth/auth-request-handler.c src/auth/auth-request.c src/auth/auth-request.h src/auth/auth-worker-client.c src/deliver/deliver.c
diffstat 7 files changed, 78 insertions(+), 27 deletions(-) [+]
line wrap: on
line diff
--- a/doc/auth-protocol.txt	Tue Apr 26 14:08:16 2005 +0300
+++ b/doc/auth-protocol.txt	Tue Apr 26 14:43:30 2005 +0300
@@ -85,7 +85,7 @@
 Authentication Request
 ----------------------
 
- C: "AUTH" TAB <id> TAB <mechanism> [TAB <parameters>]
+ C: "AUTH" TAB <id> TAB <mechanism> TAB service=<service> [TAB <parameters>]
 
  S1: "FAIL" TAB <id> [TAB <parameters>]
  S2: "CONT" TAB <id> TAB <base64 data>
@@ -94,11 +94,12 @@
 ID is a connection-specific unique request identifier. It must be a 32bit
 number, so typically you'd just increment it by one.
 
+Service is the service requesting authentication, eg. POP3, IMAP, SMTP.
+
 AUTH parameters are:
 
  - lip=<local ip>    : Local IP  - in standard string format,
  - rip=<remote ip>   : Remote IP - ie. for IPv4 127.0.0.1 and for IPv6 ::1
- - service=<service> : Service name (eg. POP3, IMAP, SMTP)
  - resp=<base64>     : Initial response for authentication mechanism
  - secured           : Remote user has secured transport to auth client
                        (eg. localhost, SSL, TLS)
@@ -144,7 +145,7 @@
 ---------------
 
  M: "REQUEST" TAB <id> TAB <client-pid> TAB <client-id>
- M: "USER" TAB <id> TAB <userid>
+ M: "USER" TAB <id> TAB <userid> TAB service=<service> [TAB <parameters>]
  M: "DIE"
 
  S: "NOTFOUND" TAB <id>
@@ -154,6 +155,9 @@
 Master commands can request information about existing authentication
 request, or about a specified user.
 
+USER command's service and parameters are the same as with AUTH client
+request.
+
 ID is a connection-specific unique request identifier. It must be a 32bit
 number, so typically you'd just increment it by one.
 
--- a/src/auth/auth-master-connection.c	Tue Apr 26 14:08:16 2005 +0300
+++ b/src/auth/auth-master-connection.c	Tue Apr 26 14:43:30 2005 +0300
@@ -97,9 +97,9 @@
 master_input_user(struct auth_master_connection *conn, const char *args)
 {
 	struct auth_request *auth_request;
-	const char *const *list;
+	const char *const *list, *name, *arg;
 
-	/* <id> <userid> */
+	/* <id> <userid> [<parameters>] */
 	list = t_strsplit(args, "\t");
 	if (list[0] == NULL || list[1] == NULL) {
 		i_error("BUG: Master sent broken USER");
@@ -110,6 +110,26 @@
 	auth_request->id = (unsigned int)strtoul(list[0], NULL, 10);
 	auth_request->user = p_strdup(auth_request->pool, list[1]);
 	auth_request->context = conn;
+
+	for (list += 2; *list != NULL; list++) {
+		arg = strchr(*list, '=');
+		if (arg == NULL) {
+			name = *list;
+			arg = "";
+		} else {
+			name = t_strdup_until(*list, arg);
+			arg++;
+		}
+
+		(void)auth_request_import(auth_request, name, arg);
+	}
+
+	if (auth_request->service == NULL) {
+		i_error("BUG: Master sent USER request without service");
+		auth_request_unref(auth_request);
+		return FALSE;
+	}
+
 	auth_request_lookup_user(auth_request, user_callback);
 	return TRUE;
 }
--- a/src/auth/auth-request-handler.c	Tue Apr 26 14:08:16 2005 +0300
+++ b/src/auth/auth-request-handler.c	Tue Apr 26 14:43:30 2005 +0300
@@ -274,12 +274,8 @@
 			arg++;
 		}
 
-		if (strcmp(name, "lip") == 0)
-			(void)net_addr2ip(arg, &request->local_ip);
-		else if (strcmp(name, "rip") == 0)
-			(void)net_addr2ip(arg, &request->remote_ip);
-		else if (strcmp(name, "service") == 0)
-			request->service = p_strdup(request->pool, arg);
+		if (auth_request_import(request, name, arg))
+			;
 		else if (strcmp(name, "resp") == 0)
 			initial_resp = arg;
 		else if (strcmp(name, "valid-client-cert") == 0)
--- a/src/auth/auth-request.c	Tue Apr 26 14:08:16 2005 +0300
+++ b/src/auth/auth-request.c	Tue Apr 26 14:43:30 2005 +0300
@@ -101,10 +101,32 @@
 	str_append(str, request->user);
 	str_append(str, "\tservice=");
 	str_append(str, request->service);
-	str_append(str, "\tlip=");
-	str_append(str, net_ip2addr(&request->local_ip));
-	str_append(str, "\trip=");
-	str_append(str, net_ip2addr(&request->remote_ip));
+
+	if (request->local_ip.family != 0) {
+		str_append(str, "\tlip=");
+		str_append(str, net_ip2addr(&request->local_ip));
+	}
+	if (request->remote_ip.family != 0) {
+		str_append(str, "\trip=");
+		str_append(str, net_ip2addr(&request->remote_ip));
+	}
+}
+
+int auth_request_import(struct auth_request *request,
+			const char *key, const char *value)
+{
+	if (strcmp(key, "user") == 0)
+		request->user = p_strdup(request->pool, value);
+	if (strcmp(key, "service") == 0)
+		request->service = p_strdup(request->pool, value);
+	else if (strcmp(key, "lip") == 0)
+		net_addr2ip(value, &request->local_ip);
+	else if (strcmp(key, "rip") == 0)
+		net_addr2ip(value, &request->remote_ip);
+	else
+		return FALSE;
+
+	return TRUE;
 }
 
 void auth_request_initial(struct auth_request *request,
--- a/src/auth/auth-request.h	Tue Apr 26 14:08:16 2005 +0300
+++ b/src/auth/auth-request.h	Tue Apr 26 14:43:30 2005 +0300
@@ -73,6 +73,8 @@
 void auth_request_internal_failure(struct auth_request *request);
 
 void auth_request_export(struct auth_request *request, string_t *str);
+int auth_request_import(struct auth_request *request,
+			const char *key, const char *value);
 
 void auth_request_initial(struct auth_request *request,
 			  const unsigned char *data, size_t data_size);
--- a/src/auth/auth-worker-client.c	Tue Apr 26 14:08:16 2005 +0300
+++ b/src/auth/auth-worker-client.c	Tue Apr 26 14:43:30 2005 +0300
@@ -61,16 +61,7 @@
 		key = t_strdup_until(*tmp, value);
 		value++;
 
-		if (strcmp(key, "user") == 0) {
-			auth_request->user =
-				p_strdup(auth_request->pool, value);
-		} else if (strcmp(key, "service") == 0) {
-			auth_request->service =
-				p_strdup(auth_request->pool, value);
-		} else if (strcmp(key, "lip") == 0)
-			net_addr2ip(value, &auth_request->local_ip);
-		else if (strcmp(key, "rip") == 0)
-			net_addr2ip(value, &auth_request->remote_ip);
+		(void)auth_request_import(auth_request, key, value);
 	}
 	t_pop();
 
@@ -135,6 +126,11 @@
 	auth_request->mech_password =
 		p_strdup(auth_request->pool, password);
 
+	if (auth_request->user == NULL || auth_request->service == NULL) {
+		i_error("BUG: PASSV had missing parameters");
+		return;
+	}
+
 	for (; num > 0; num--) {
 		auth_request->passdb = auth_request->passdb->next;
 		if (auth_request->passdb == NULL) {
@@ -200,6 +196,11 @@
 	auth_request = worker_auth_request_new(client, id, args);
 	auth_request->credentials = credentials;
 
+	if (auth_request->user == NULL || auth_request->service == NULL) {
+		i_error("BUG: PASSL had missing parameters");
+		return;
+	}
+
 	for (; num > 0; num--) {
 		auth_request->passdb = auth_request->passdb->next;
 		if (auth_request->passdb == NULL) {
@@ -244,6 +245,11 @@
 
 	auth_request = worker_auth_request_new(client, id, args);
 
+	if (auth_request->user == NULL || auth_request->service == NULL) {
+		i_error("BUG: USER had missing parameters");
+		return;
+	}
+
 	for (; num > 0; num--) {
 		auth_request->userdb = auth_request->userdb->next;
 		if (auth_request->userdb == NULL) {
--- a/src/deliver/deliver.c	Tue Apr 26 14:08:16 2005 +0300
+++ b/src/deliver/deliver.c	Tue Apr 26 14:43:30 2005 +0300
@@ -233,8 +233,9 @@
 		return EX_TEMPFAIL;
 
 	o_stream_send_str(conn->output,
-			  t_strconcat("VERSION\t1\t0\nUSER\t1\t",
-				      destination, "\n", NULL));
+			  t_strconcat("VERSION\t1\t0\n"
+				      "USER\t1\t", destination, "\t"
+				      "service=deliver\n", NULL));
 
 	io_loop_run(ioloop);
 	return return_value;