Mercurial > dovecot > original-hg > dovecot-1.2
changeset 3338:e5ce49c8524a HEAD
USER auth command requires now service parameter and supports also others
parameters. Fixes a crash in dovecot-auth with deliver+mysql.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 26 Apr 2005 14:43:30 +0300 |
parents | b47043d0d131 |
children | 5cf828dbcd32 |
files | doc/auth-protocol.txt src/auth/auth-master-connection.c src/auth/auth-request-handler.c src/auth/auth-request.c src/auth/auth-request.h src/auth/auth-worker-client.c src/deliver/deliver.c |
diffstat | 7 files changed, 78 insertions(+), 27 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/auth-protocol.txt Tue Apr 26 14:08:16 2005 +0300 +++ b/doc/auth-protocol.txt Tue Apr 26 14:43:30 2005 +0300 @@ -85,7 +85,7 @@ Authentication Request ---------------------- - C: "AUTH" TAB <id> TAB <mechanism> [TAB <parameters>] + C: "AUTH" TAB <id> TAB <mechanism> TAB service=<service> [TAB <parameters>] S1: "FAIL" TAB <id> [TAB <parameters>] S2: "CONT" TAB <id> TAB <base64 data> @@ -94,11 +94,12 @@ ID is a connection-specific unique request identifier. It must be a 32bit number, so typically you'd just increment it by one. +Service is the service requesting authentication, eg. POP3, IMAP, SMTP. + AUTH parameters are: - lip=<local ip> : Local IP - in standard string format, - rip=<remote ip> : Remote IP - ie. for IPv4 127.0.0.1 and for IPv6 ::1 - - service=<service> : Service name (eg. POP3, IMAP, SMTP) - resp=<base64> : Initial response for authentication mechanism - secured : Remote user has secured transport to auth client (eg. localhost, SSL, TLS) @@ -144,7 +145,7 @@ --------------- M: "REQUEST" TAB <id> TAB <client-pid> TAB <client-id> - M: "USER" TAB <id> TAB <userid> + M: "USER" TAB <id> TAB <userid> TAB service=<service> [TAB <parameters>] M: "DIE" S: "NOTFOUND" TAB <id> @@ -154,6 +155,9 @@ Master commands can request information about existing authentication request, or about a specified user. +USER command's service and parameters are the same as with AUTH client +request. + ID is a connection-specific unique request identifier. It must be a 32bit number, so typically you'd just increment it by one.
--- a/src/auth/auth-master-connection.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-master-connection.c Tue Apr 26 14:43:30 2005 +0300 @@ -97,9 +97,9 @@ master_input_user(struct auth_master_connection *conn, const char *args) { struct auth_request *auth_request; - const char *const *list; + const char *const *list, *name, *arg; - /* <id> <userid> */ + /* <id> <userid> [<parameters>] */ list = t_strsplit(args, "\t"); if (list[0] == NULL || list[1] == NULL) { i_error("BUG: Master sent broken USER"); @@ -110,6 +110,26 @@ auth_request->id = (unsigned int)strtoul(list[0], NULL, 10); auth_request->user = p_strdup(auth_request->pool, list[1]); auth_request->context = conn; + + for (list += 2; *list != NULL; list++) { + arg = strchr(*list, '='); + if (arg == NULL) { + name = *list; + arg = ""; + } else { + name = t_strdup_until(*list, arg); + arg++; + } + + (void)auth_request_import(auth_request, name, arg); + } + + if (auth_request->service == NULL) { + i_error("BUG: Master sent USER request without service"); + auth_request_unref(auth_request); + return FALSE; + } + auth_request_lookup_user(auth_request, user_callback); return TRUE; }
--- a/src/auth/auth-request-handler.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-request-handler.c Tue Apr 26 14:43:30 2005 +0300 @@ -274,12 +274,8 @@ arg++; } - if (strcmp(name, "lip") == 0) - (void)net_addr2ip(arg, &request->local_ip); - else if (strcmp(name, "rip") == 0) - (void)net_addr2ip(arg, &request->remote_ip); - else if (strcmp(name, "service") == 0) - request->service = p_strdup(request->pool, arg); + if (auth_request_import(request, name, arg)) + ; else if (strcmp(name, "resp") == 0) initial_resp = arg; else if (strcmp(name, "valid-client-cert") == 0)
--- a/src/auth/auth-request.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-request.c Tue Apr 26 14:43:30 2005 +0300 @@ -101,10 +101,32 @@ str_append(str, request->user); str_append(str, "\tservice="); str_append(str, request->service); - str_append(str, "\tlip="); - str_append(str, net_ip2addr(&request->local_ip)); - str_append(str, "\trip="); - str_append(str, net_ip2addr(&request->remote_ip)); + + if (request->local_ip.family != 0) { + str_append(str, "\tlip="); + str_append(str, net_ip2addr(&request->local_ip)); + } + if (request->remote_ip.family != 0) { + str_append(str, "\trip="); + str_append(str, net_ip2addr(&request->remote_ip)); + } +} + +int auth_request_import(struct auth_request *request, + const char *key, const char *value) +{ + if (strcmp(key, "user") == 0) + request->user = p_strdup(request->pool, value); + if (strcmp(key, "service") == 0) + request->service = p_strdup(request->pool, value); + else if (strcmp(key, "lip") == 0) + net_addr2ip(value, &request->local_ip); + else if (strcmp(key, "rip") == 0) + net_addr2ip(value, &request->remote_ip); + else + return FALSE; + + return TRUE; } void auth_request_initial(struct auth_request *request,
--- a/src/auth/auth-request.h Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-request.h Tue Apr 26 14:43:30 2005 +0300 @@ -73,6 +73,8 @@ void auth_request_internal_failure(struct auth_request *request); void auth_request_export(struct auth_request *request, string_t *str); +int auth_request_import(struct auth_request *request, + const char *key, const char *value); void auth_request_initial(struct auth_request *request, const unsigned char *data, size_t data_size);
--- a/src/auth/auth-worker-client.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/auth/auth-worker-client.c Tue Apr 26 14:43:30 2005 +0300 @@ -61,16 +61,7 @@ key = t_strdup_until(*tmp, value); value++; - if (strcmp(key, "user") == 0) { - auth_request->user = - p_strdup(auth_request->pool, value); - } else if (strcmp(key, "service") == 0) { - auth_request->service = - p_strdup(auth_request->pool, value); - } else if (strcmp(key, "lip") == 0) - net_addr2ip(value, &auth_request->local_ip); - else if (strcmp(key, "rip") == 0) - net_addr2ip(value, &auth_request->remote_ip); + (void)auth_request_import(auth_request, key, value); } t_pop(); @@ -135,6 +126,11 @@ auth_request->mech_password = p_strdup(auth_request->pool, password); + if (auth_request->user == NULL || auth_request->service == NULL) { + i_error("BUG: PASSV had missing parameters"); + return; + } + for (; num > 0; num--) { auth_request->passdb = auth_request->passdb->next; if (auth_request->passdb == NULL) { @@ -200,6 +196,11 @@ auth_request = worker_auth_request_new(client, id, args); auth_request->credentials = credentials; + if (auth_request->user == NULL || auth_request->service == NULL) { + i_error("BUG: PASSL had missing parameters"); + return; + } + for (; num > 0; num--) { auth_request->passdb = auth_request->passdb->next; if (auth_request->passdb == NULL) { @@ -244,6 +245,11 @@ auth_request = worker_auth_request_new(client, id, args); + if (auth_request->user == NULL || auth_request->service == NULL) { + i_error("BUG: USER had missing parameters"); + return; + } + for (; num > 0; num--) { auth_request->userdb = auth_request->userdb->next; if (auth_request->userdb == NULL) {
--- a/src/deliver/deliver.c Tue Apr 26 14:08:16 2005 +0300 +++ b/src/deliver/deliver.c Tue Apr 26 14:43:30 2005 +0300 @@ -233,8 +233,9 @@ return EX_TEMPFAIL; o_stream_send_str(conn->output, - t_strconcat("VERSION\t1\t0\nUSER\t1\t", - destination, "\n", NULL)); + t_strconcat("VERSION\t1\t0\n" + "USER\t1\t", destination, "\t" + "service=deliver\n", NULL)); io_loop_run(ioloop); return return_value;