[dovecot-cvs]
dovecot/src/auth Makefile.am, 1.40, 1.41 auth-cache.c,
1.7, 1.8 auth-client-connection.c, 1.25,
1.26 auth-master-connection.c, 1.20, 1.21 auth-request.c, NONE,
1.1 auth-request.h, NONE, 1.1 main.c, 1.32,
1.33 mech-anonymous.c, 1.7, 1.8 mech-apop.c, 1.7,
1.8 mech-cram-md5.c, 1.14, 1.15 mech-digest-md5.c, 1.28,
1.29 mech-login.c, 1.5, 1.6 mech-ntlm.c, 1.11,
1.12 mech-plain.c, 1.23, 1.24 mech-rpa.c, 1.10, 1.11 mech.c,
1.52, 1.53 mech.h, 1.30, 1.31 userdb.h, 1.15, 1.16
cras at dovecot.org
cras at dovecot.org
Fri Jan 7 20:51:12 EET 2005
- Previous message: [dovecot-cvs] dovecot/src/auth checkpassword-reply.c, 1.1,
1.2 passdb-checkpassword.c, 1.4, 1.5
- Next message: [dovecot-cvs] dovecot/src/auth Makefile.am, 1.41,
1.42 auth-client-connection.c, 1.26,
1.27 auth-client-connection.h, 1.6,
1.7 auth-master-connection.c, 1.21,
1.22 auth-master-connection.h, 1.6, 1.7 auth-request.c, 1.1,
1.2 auth-request.h, 1.1, 1.2 auth.c, 1.10, 1.11 auth.h, 1.8,
1.9 common.h, 1.7, 1.8 main.c, 1.33, 1.34 mech-anonymous.c,
1.8, 1.9 mech-apop.c, 1.8, 1.9 mech-cram-md5.c, 1.15,
1.16 mech-digest-md5.c, 1.29, 1.30 mech-login.c, 1.6,
1.7 mech-ntlm.c, 1.12, 1.13 mech-plain.c, 1.24,
1.25 mech-rpa.c, 1.11, 1.12 mech.c, 1.53, 1.54 mech.h, 1.31,
1.32 passdb.c, 1.28, 1.29 passdb.h, 1.18, 1.19 userdb.c, 1.15,
1.16 userdb.h, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv12872
Modified Files:
Makefile.am auth-cache.c auth-client-connection.c
auth-master-connection.c main.c mech-anonymous.c mech-apop.c
mech-cram-md5.c mech-digest-md5.c mech-login.c mech-ntlm.c
mech-plain.c mech-rpa.c mech.c mech.h userdb.h
Added Files:
auth-request.c auth-request.h
Log Message:
Split auth_request* functions from mech.c to auth-request.c
Index: Makefile.am
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/Makefile.am,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -d -r1.40 -r1.41
--- Makefile.am 7 Jan 2005 18:15:15 -0000 1.40
+++ Makefile.am 7 Jan 2005 18:51:10 -0000 1.41
@@ -36,6 +36,7 @@
auth-client-connection.c \
auth-master-connection.c \
auth-module.c \
+ auth-request.c \
db-ldap.c \
db-sql.c \
db-passwd-file.c \
@@ -76,6 +77,7 @@
auth-master-interface.h \
auth-master-connection.h \
auth-module.h \
+ auth-request.h \
db-ldap.h \
db-sql.h \
db-passwd-file.h \
Index: auth-cache.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-cache.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- auth-cache.c 15 Dec 2004 19:31:06 -0000 1.7
+++ auth-cache.c 7 Jan 2005 18:51:10 -0000 1.8
@@ -6,7 +6,7 @@
#include "str.h"
#include "strescape.h"
#include "var-expand.h"
-#include "mech.h"
+#include "auth-request.h"
#include "auth-cache.h"
#include <time.h>
Index: auth-client-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-client-connection.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- auth-client-connection.c 7 Jan 2005 18:15:15 -0000 1.25
+++ auth-client-connection.c 7 Jan 2005 18:51:10 -0000 1.26
@@ -11,7 +11,7 @@
#include "str.h"
#include "str-sanitize.h"
#include "safe-memset.h"
-#include "mech.h"
+#include "auth-request.h"
#include "auth-client-connection.h"
#include "auth-master-connection.h"
Index: auth-master-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- auth-master-connection.c 6 Jan 2005 15:41:53 -0000 1.20
+++ auth-master-connection.c 7 Jan 2005 18:51:10 -0000 1.21
@@ -8,8 +8,8 @@
#include "istream.h"
#include "ostream.h"
#include "network.h"
-#include "mech.h"
#include "userdb.h"
+#include "auth-request.h"
#include "auth-master-interface.h"
#include "auth-client-connection.h"
#include "auth-master-connection.h"
--- NEW FILE: auth-request.c ---
/* Copyright (C) 2002-2005 Timo Sirainen */
#include "common.h"
#include "ioloop.h"
#include "buffer.h"
#include "hash.h"
#include "str.h"
#include "safe-memset.h"
#include "str-sanitize.h"
#include "var-expand.h"
#include "auth-request.h"
#include "auth-client-connection.h"
#include "auth-master-connection.h"
#include "passdb.h"
#include "passdb-cache.h"
struct auth_request_extra {
struct auth_request *request;
string_t *str;
char *user_password, *password;
};
static buffer_t *auth_failures_buf;
static struct timeout *to_auth_failures;
struct auth_request *auth_request_new(struct mech_module *mech)
{
struct auth_request *request;
request = mech->auth_new();
if (request == NULL)
return NULL;
request->mech = mech;
request->created = ioloop_time;
return request;
}
void auth_request_destroy(struct auth_request *request)
{
i_assert(request->refcount > 0);
if (request->destroyed)
return;
request->destroyed = TRUE;
if (request->conn != NULL) {
hash_remove(request->conn->auth_requests,
POINTER_CAST(request->id));
}
auth_request_unref(request);
}
void auth_request_success(struct auth_request *request,
const void *data, size_t data_size)
{
request->successful = TRUE;
if (request->conn != NULL) {
request->callback(request, AUTH_CLIENT_RESULT_SUCCESS,
data, data_size);
}
if (request->no_login || request->conn == NULL ||
AUTH_MASTER_IS_DUMMY(request->conn->master)) {
/* we don't have master process, the request is no longer
needed */
auth_request_destroy(request);
}
}
void auth_request_fail(struct auth_request *request)
{
if (request->no_failure_delay) {
/* passdb specifically requested to to delay the reply. */
request->callback(request, AUTH_CLIENT_RESULT_FAILURE, NULL, 0);
auth_request_destroy(request);
return;
}
/* failure. don't announce it immediately to avoid
a) timing attacks, b) flooding */
if (auth_failures_buf->used > 0) {
const struct auth_request *const *requests;
requests = auth_failures_buf->data;
requests += auth_failures_buf->used/sizeof(*requests)-1;
i_assert(*requests != request);
}
buffer_append(auth_failures_buf, &request, sizeof(request));
/* make sure the request isn't found anymore */
auth_request_ref(request);
auth_request_destroy(request);
}
void auth_request_internal_failure(struct auth_request *request)
{
request->internal_failure = TRUE;
auth_request_fail(request);
}
void auth_request_ref(struct auth_request *request)
{
request->refcount++;
}
int auth_request_unref(struct auth_request *request)
{
i_assert(request->refcount > 0);
if (--request->refcount > 0)
return TRUE;
request->mech->auth_free(request);
return FALSE;
}
struct auth_request_extra *
auth_request_extra_begin(struct auth_request *request,
const char *user_password)
{
struct auth_request_extra *extra;
extra = i_new(struct auth_request_extra, 1);
extra->request = request;
extra->user_password = i_strdup(user_password);
return extra;
}
void auth_request_extra_next(struct auth_request_extra *extra,
const char *name, const char *value)
{
string_t *str;
i_assert(value != NULL);
if (strcmp(name, "password") == 0) {
i_assert(extra->password == NULL);
extra->password = i_strdup(value);
return;
}
if (strcmp(name, "nodelay") == 0) {
/* don't delay replying to client of the failure */
extra->request->no_failure_delay = TRUE;
return;
}
str = extra->str;
if (str == NULL)
extra->str = str = str_new(extra->request->pool, 64);
if (strcmp(name, "nologin") == 0) {
/* user can't actually login - don't keep this
reply for master */
extra->request->no_login = TRUE;
if (str_len(str) > 0)
str_append_c(str, '\t');
str_append(str, name);
} else if (strcmp(name, "proxy") == 0) {
/* we're proxying authentication for this user. send
password back if using plaintext authentication. */
extra->request->proxy = TRUE;
if (str_len(str) > 0)
str_append_c(str, '\t');
str_append(str, name);
} else {
if (str_len(str) > 0)
str_append_c(str, '\t');
str_printfa(str, "%s=%s", name, value);
}
}
void auth_request_extra_finish(struct auth_request_extra *extra,
const char *cache_key)
{
string_t *str;
if (passdb_cache != NULL && cache_key != NULL) {
str = t_str_new(64);
if (extra->str != NULL)
str_append_str(str, extra->str);
if (extra->request->no_failure_delay) {
if (str_len(str) > 0)
str_append_c(str, '\t');
str_append(str, "nodelay");
}
auth_cache_insert(passdb_cache, extra->request, cache_key,
t_strconcat(extra->password == NULL ? "" :
extra->password,
str_len(str) > 0 ? "\t" : "",
str_c(str), NULL));
}
if (extra->user_password != NULL) {
if (extra->request->proxy) {
/* we're proxying - send back the password that was
sent by user (not the password in passdb). */
str_printfa(extra->str, "\tpass=%s",
extra->user_password);
}
safe_memset(extra->user_password, 0,
strlen(extra->user_password));
i_free(extra->user_password);
}
if (extra->str != NULL)
extra->request->extra_fields = str_c(extra->str);
if (extra->password != NULL) {
safe_memset(extra->password, 0, strlen(extra->password));
i_free(extra->password);
}
i_free(extra);
}
static const char *escape_none(const char *str)
{
return str;
}
const struct var_expand_table *
auth_request_get_var_expand_table(const struct auth_request *auth_request,
const char *(*escape_func)(const char *))
{
static struct var_expand_table static_tab[] = {
{ 'u', NULL },
{ 'n', NULL },
{ 'd', NULL },
{ 's', NULL },
{ 'h', NULL },
{ 'l', NULL },
{ 'r', NULL },
{ 'p', NULL },
{ '\0', NULL }
};
struct var_expand_table *tab;
if (escape_func == NULL)
escape_func = escape_none;
tab = t_malloc(sizeof(static_tab));
memcpy(tab, static_tab, sizeof(static_tab));
tab[0].value = escape_func(auth_request->user);
tab[1].value = escape_func(t_strcut(auth_request->user, '@'));
tab[2].value = strchr(auth_request->user, '@');
if (tab[2].value != NULL)
tab[2].value = escape_func(tab[2].value+1);
tab[3].value = auth_request->service;
/* tab[4] = we have no home dir */
if (auth_request->local_ip.family != 0)
tab[5].value = net_ip2addr(&auth_request->local_ip);
if (auth_request->remote_ip.family != 0)
tab[6].value = net_ip2addr(&auth_request->remote_ip);
tab[7].value = dec2str(auth_request->conn->pid);
return tab;
}
const char *get_log_prefix(const struct auth_request *auth_request)
{
#define MAX_LOG_USERNAME_LEN 64
const char *ip;
string_t *str;
str = t_str_new(64);
if (auth_request->user == NULL)
str_append(str, "?");
else {
str_sanitize_append(str, auth_request->user,
MAX_LOG_USERNAME_LEN);
}
ip = net_ip2addr(&auth_request->remote_ip);
if (ip != NULL) {
str_append_c(str, ',');
str_append(str, ip);
}
return str_c(str);
}
void auth_failure_buf_flush(void)
{
struct auth_request **auth_request;
size_t i, size;
auth_request = buffer_get_modifyable_data(auth_failures_buf, &size);
size /= sizeof(*auth_request);
for (i = 0; i < size; i++) {
if (auth_request[i]->conn != NULL) {
auth_request[i]->callback(auth_request[i],
AUTH_CLIENT_RESULT_FAILURE,
NULL, 0);
}
auth_request_destroy(auth_request[i]);
}
buffer_set_used_size(auth_failures_buf, 0);
}
static void auth_failure_timeout(void *context __attr_unused__)
{
auth_failure_buf_flush();
}
void auth_requests_init(void)
{
auth_failures_buf = buffer_create_dynamic(default_pool, 1024);
to_auth_failures = timeout_add(2000, auth_failure_timeout, NULL);
}
void auth_requests_deinit(void)
{
buffer_free(auth_failures_buf);
timeout_remove(to_auth_failures);
}
--- NEW FILE: auth-request.h ---
#ifndef __AUTH_REQUEST_H
#define __AUTH_REQUEST_H
#include "network.h"
#include "mech.h"
struct auth_client_connection;
struct auth_request {
int refcount;
pool_t pool;
char *user;
const char *extra_fields;
struct mech_module *mech;
struct auth_client_connection *conn;
unsigned int id;
time_t created;
const char *service;
struct ip_addr local_ip, remote_ip;
mech_callback_t *callback;
unsigned int successful:1;
unsigned int internal_failure:1;
unsigned int accept_input:1;
unsigned int no_failure_delay:1;
unsigned int no_login:1;
unsigned int proxy:1;
unsigned int destroyed:1;
/* ... mechanism specific data ... */
};
void auth_request_success(struct auth_request *request,
const void *data, size_t data_size);
void auth_request_fail(struct auth_request *request);
void auth_request_internal_failure(struct auth_request *request);
struct auth_request *auth_request_new(struct mech_module *mech);
void auth_request_destroy(struct auth_request *request);
void auth_request_ref(struct auth_request *request);
int auth_request_unref(struct auth_request *request);
struct auth_request_extra *
auth_request_extra_begin(struct auth_request *request, const char *password);
void auth_request_extra_next(struct auth_request_extra *extra,
const char *name, const char *value);
void auth_request_extra_finish(struct auth_request_extra *extra,
const char *cache_key);
const struct var_expand_table *
auth_request_get_var_expand_table(const struct auth_request *auth_request,
const char *(*escape_func)(const char *));
const char *get_log_prefix(const struct auth_request *auth_request);
void auth_failure_buf_flush(void);
void auth_requests_init(void);
void auth_requests_deinit(void);
#endif
Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/main.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- main.c 6 Jan 2005 19:08:17 -0000 1.32
+++ main.c 7 Jan 2005 18:51:10 -0000 1.33
@@ -12,6 +12,7 @@
#include "userdb.h"
#include "passdb.h"
#include "password-scheme.h"
+#include "auth-request.h"
#include "auth-master-connection.h"
#include "auth-client-connection.h"
@@ -202,6 +203,7 @@
lib_init_signals(sig_quit);
mech_init();
+ auth_requests_init();
env = getenv("AUTH_PROCESS");
standalone = env == NULL;
@@ -267,6 +269,7 @@
password_schemes_deinit();
passdb_deinit();
userdb_deinit();
+ auth_requests_deinit();
mech_deinit();
random_deinit();
Index: mech-anonymous.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-anonymous.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- mech-anonymous.c 7 Jan 2005 17:27:20 -0000 1.7
+++ mech-anonymous.c 7 Jan 2005 18:51:10 -0000 1.8
@@ -22,7 +22,7 @@
request->callback = callback;
request->user = p_strdup(request->pool, anonymous_username);
- mech_auth_success(request, NULL, 0);
+ auth_request_success(request, NULL, 0);
}
static void
Index: mech-apop.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-apop.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- mech-apop.c 7 Jan 2005 17:27:20 -0000 1.7
+++ mech-apop.c 7 Jan 2005 18:51:10 -0000 1.8
@@ -56,15 +56,15 @@
switch (result) {
case PASSDB_RESULT_OK:
if (verify_credentials(request, credentials))
- mech_auth_success(auth_request, NULL, 0);
+ auth_request_success(auth_request, NULL, 0);
else
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(auth_request);
+ auth_request_internal_failure(auth_request);
break;
default:
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
}
}
@@ -87,7 +87,7 @@
i_info("apop(%s): no initial respone",
get_log_prefix(auth_request));
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
@@ -107,7 +107,7 @@
i_info("apop(%s): invalid challenge",
get_log_prefix(auth_request));
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
request->challenge = p_strdup(request->pool, (const char *)data);
@@ -124,7 +124,7 @@
i_info("apop(%s): malformed data",
get_log_prefix(auth_request));
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
tmp++;
@@ -135,7 +135,7 @@
i_info("apop(%s): %s",
get_log_prefix(auth_request), error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
Index: mech-cram-md5.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-cram-md5.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- mech-cram-md5.c 7 Jan 2005 17:27:20 -0000 1.14
+++ mech-cram-md5.c 7 Jan 2005 18:51:10 -0000 1.15
@@ -119,15 +119,15 @@
switch (result) {
case PASSDB_RESULT_OK:
if (verify_credentials(request, credentials))
- mech_auth_success(auth_request, NULL, 0);
+ auth_request_success(auth_request, NULL, 0);
else
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(auth_request);
+ auth_request_internal_failure(auth_request);
break;
default:
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
}
}
@@ -160,7 +160,7 @@
if (verbose)
i_info("cram-md5(%s): %s", get_log_prefix(auth_request), error);
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
}
static void
Index: mech-digest-md5.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-digest-md5.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- mech-digest-md5.c 7 Jan 2005 17:27:20 -0000 1.28
+++ mech-digest-md5.c 7 Jan 2005 18:51:10 -0000 1.29
@@ -524,19 +524,21 @@
switch (result) {
case PASSDB_RESULT_OK:
if (!verify_credentials(request, credentials)) {
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
request->authenticated = TRUE;
- auth_request->callback(auth_request, AUTH_CLIENT_RESULT_CONTINUE,
- request->rspauth, strlen(request->rspauth));
+ auth_request->callback(auth_request,
+ AUTH_CLIENT_RESULT_CONTINUE,
+ request->rspauth,
+ strlen(request->rspauth));
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(auth_request);
+ auth_request_internal_failure(auth_request);
break;
default:
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
}
}
@@ -553,7 +555,7 @@
if (request->authenticated) {
/* authentication is done, we were just waiting the last
word from client */
- mech_auth_success(auth_request, NULL, 0);
+ auth_request_success(auth_request, NULL, 0);
return;
}
@@ -583,7 +585,7 @@
get_log_prefix(auth_request), error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
}
static void
Index: mech-login.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-login.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- mech-login.c 7 Jan 2005 17:27:20 -0000 1.5
+++ mech-login.c 7 Jan 2005 18:51:10 -0000 1.6
@@ -19,13 +19,13 @@
{
switch (result) {
case PASSDB_RESULT_OK:
- mech_auth_success(request, NULL, 0);
+ auth_request_success(request, NULL, 0);
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(request);
+ auth_request_internal_failure(request);
break;
default:
- mech_auth_fail(request);
+ auth_request_fail(request);
break;
}
}
@@ -48,7 +48,7 @@
i_info("login(%s): %s",
get_log_prefix(request), error);
}
- mech_auth_fail(request);
+ auth_request_fail(request);
return;
}
Index: mech-ntlm.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-ntlm.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- mech-ntlm.c 7 Jan 2005 17:27:20 -0000 1.11
+++ mech-ntlm.c 7 Jan 2005 18:51:10 -0000 1.12
@@ -75,15 +75,15 @@
switch (result) {
case PASSDB_RESULT_OK:
if (lm_verify_credentials(request, credentials))
- mech_auth_success(auth_request, NULL, 0);
+ auth_request_success(auth_request, NULL, 0);
else
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(auth_request);
+ auth_request_internal_failure(auth_request);
break;
default:
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
}
}
@@ -158,16 +158,16 @@
case PASSDB_RESULT_OK:
ret = ntlm_verify_credentials(request, credentials);
if (ret > 0) {
- mech_auth_success(auth_request, NULL, 0);
+ auth_request_success(auth_request, NULL, 0);
return;
}
if (ret < 0) {
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(auth_request);
+ auth_request_internal_failure(auth_request);
return;
default:
break;
@@ -203,7 +203,7 @@
get_log_prefix(auth_request),
error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
@@ -228,7 +228,7 @@
get_log_prefix(auth_request),
error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
@@ -244,7 +244,7 @@
i_info("ntlm(%s): %s",
get_log_prefix(auth_request), error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
Index: mech-plain.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-plain.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- mech-plain.c 7 Jan 2005 17:27:20 -0000 1.23
+++ mech-plain.c 7 Jan 2005 18:51:10 -0000 1.24
@@ -10,13 +10,13 @@
{
switch (result) {
case PASSDB_RESULT_OK:
- mech_auth_success(request, NULL, 0);
+ auth_request_success(request, NULL, 0);
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(request);
+ auth_request_internal_failure(request);
break;
default:
- mech_auth_fail(request);
+ auth_request_fail(request);
break;
}
}
@@ -58,7 +58,7 @@
i_info("plain(%s): invalid input",
get_log_prefix(request));
}
- mech_auth_fail(request);
+ auth_request_fail(request);
} else {
/* split and save user/realm */
if (strchr(authenid, '@') == NULL && default_realm != NULL) {
@@ -75,7 +75,7 @@
i_info("plain(%s): %s",
get_log_prefix(request), error);
}
- mech_auth_fail(request);
+ auth_request_fail(request);
} else {
passdb->verify_plain(request, pass, verify_callback);
}
Index: mech-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-rpa.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- mech-rpa.c 7 Jan 2005 17:27:20 -0000 1.10
+++ mech-rpa.c 7 Jan 2005 18:51:10 -0000 1.11
@@ -425,7 +425,7 @@
switch (result) {
case PASSDB_RESULT_OK:
if (!verify_credentials(request, credentials))
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
else {
token4 = mech_rpa_build_token4(request, &token4_size);
auth_request->callback(auth_request,
@@ -435,10 +435,10 @@
}
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- mech_auth_internal_failure(auth_request);
+ auth_request_internal_failure(auth_request);
break;
default:
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
}
}
@@ -458,7 +458,7 @@
i_info("rpa(%s): invalid token 1, %s",
get_log_prefix(auth_request), error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
@@ -490,7 +490,7 @@
i_info("rpa(%s): invalid token 3, %s",
get_log_prefix(auth_request), error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
@@ -499,7 +499,7 @@
i_info("rpa(%s): %s",
get_log_prefix(auth_request), error);
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
return;
}
@@ -519,9 +519,9 @@
i_info("rpa(%s): invalid token 5 or client rejects us",
get_log_prefix(auth_request));
}
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
} else {
- mech_auth_success(auth_request, NULL, 0);
+ auth_request_success(auth_request, NULL, 0);
}
}
@@ -546,7 +546,7 @@
mech_rpa_auth_phase3(auth_request, data, data_size);
break;
default:
- mech_auth_fail(auth_request);
+ auth_request_fail(auth_request);
break;
}
}
Index: mech.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech.c,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -d -r1.52 -r1.53
--- mech.c 7 Jan 2005 17:27:20 -0000 1.52
+++ mech.c 7 Jan 2005 18:51:10 -0000 1.53
@@ -2,28 +2,14 @@
#include "common.h"
#include "ioloop.h"
-#include "buffer.h"
-#include "hash.h"
#include "mech.h"
-#include "safe-memset.h"
#include "str.h"
-#include "str-sanitize.h"
-#include "var-expand.h"
-#include "auth-client-connection.h"
-#include "auth-master-connection.h"
#include "passdb.h"
-#include "passdb-cache.h"
#include <stdlib.h>
-struct auth_request_extra {
- struct auth_request *request;
- string_t *str;
- char *user_password, *password;
-};
-
struct mech_module_list *mech_modules;
-buffer_t *mech_handshake;
+string_t *mech_handshake;
const char *const *auth_realms;
const char *default_realm;
@@ -31,9 +17,6 @@
char username_chars[256], username_translation[256];
int ssl_require_client_cert;
-static buffer_t *auth_failures_buf;
-static struct timeout *to_auth_failures;
-
void mech_register_module(struct mech_module *module)
{
struct mech_module_list *list;
@@ -99,83 +82,6 @@
return NULL;
}
-struct auth_request *auth_request_new(struct mech_module *mech)
-{
- struct auth_request *request;
-
- request = mech->auth_new();
- if (request == NULL)
- return NULL;
-
- request->mech = mech;
- request->created = ioloop_time;
- return request;
-}
-
-void auth_request_destroy(struct auth_request *request)
-{
- i_assert(request->refcount > 0);
-
- if (request->destroyed)
- return;
- request->destroyed = TRUE;
-
- if (request->conn != NULL) {
- hash_remove(request->conn->auth_requests,
- POINTER_CAST(request->id));
- }
- auth_request_unref(request);
-}
-
-void mech_auth_success(struct auth_request *request,
- const void *data, size_t data_size)
-{
- request->successful = TRUE;
- if (request->conn != NULL) {
- request->callback(request, AUTH_CLIENT_RESULT_SUCCESS,
- data, data_size);
- }
-
- if (request->no_login || request->conn == NULL ||
- AUTH_MASTER_IS_DUMMY(request->conn->master)) {
- /* we don't have master process, the request is no longer
- needed */
- auth_request_destroy(request);
- }
-}
-
-void mech_auth_fail(struct auth_request *request)
-{
- if (request->no_failure_delay) {
- /* passdb specifically requested to to delay the reply. */
- request->callback(request, AUTH_CLIENT_RESULT_FAILURE, NULL, 0);
- auth_request_destroy(request);
- return;
- }
-
- /* failure. don't announce it immediately to avoid
- a) timing attacks, b) flooding */
- if (auth_failures_buf->used > 0) {
- const struct auth_request *const *requests;
-
- requests = auth_failures_buf->data;
- requests += auth_failures_buf->used/sizeof(*requests)-1;
- i_assert(*requests != request);
- }
-
- buffer_append(auth_failures_buf, &request, sizeof(request));
-
- /* make sure the request isn't found anymore */
- auth_request_ref(request);
- auth_request_destroy(request);
-}
-
-void mech_auth_internal_failure(struct auth_request *request)
-{
- request->internal_failure = TRUE;
- mech_auth_fail(request);
-}
-
int mech_fix_username(char *username, const char **error_r)
{
unsigned char *p;
@@ -198,210 +104,6 @@
return TRUE;
}
-void auth_request_ref(struct auth_request *request)
-{
- request->refcount++;
-}
-
-int auth_request_unref(struct auth_request *request)
-{
- i_assert(request->refcount > 0);
- if (--request->refcount > 0)
- return TRUE;
-
- request->mech->auth_free(request);
- return FALSE;
-}
-
-struct auth_request_extra *
-auth_request_extra_begin(struct auth_request *request,
- const char *user_password)
-{
- struct auth_request_extra *extra;
-
- extra = i_new(struct auth_request_extra, 1);
- extra->request = request;
- extra->user_password = i_strdup(user_password);
- return extra;
-}
-
-void auth_request_extra_next(struct auth_request_extra *extra,
- const char *name, const char *value)
-{
- string_t *str;
-
- i_assert(value != NULL);
-
- if (strcmp(name, "password") == 0) {
- i_assert(extra->password == NULL);
- extra->password = i_strdup(value);
- return;
- }
-
- if (strcmp(name, "nodelay") == 0) {
- /* don't delay replying to client of the failure */
- extra->request->no_failure_delay = TRUE;
- return;
- }
-
- str = extra->str;
- if (str == NULL)
- extra->str = str = str_new(extra->request->pool, 64);
-
- if (strcmp(name, "nologin") == 0) {
- /* user can't actually login - don't keep this
- reply for master */
- extra->request->no_login = TRUE;
- if (str_len(str) > 0)
- str_append_c(str, '\t');
- str_append(str, name);
- } else if (strcmp(name, "proxy") == 0) {
- /* we're proxying authentication for this user. send
- password back if using plaintext authentication. */
- extra->request->proxy = TRUE;
- if (str_len(str) > 0)
- str_append_c(str, '\t');
- str_append(str, name);
- } else {
- if (str_len(str) > 0)
- str_append_c(str, '\t');
- str_printfa(str, "%s=%s", name, value);
- }
-}
-
-void auth_request_extra_finish(struct auth_request_extra *extra,
- const char *cache_key)
-{
- string_t *str;
-
- if (passdb_cache != NULL && cache_key != NULL) {
- str = t_str_new(64);
- if (extra->str != NULL)
- str_append_str(str, extra->str);
- if (extra->request->no_failure_delay) {
- if (str_len(str) > 0)
- str_append_c(str, '\t');
- str_append(str, "nodelay");
- }
- auth_cache_insert(passdb_cache, extra->request, cache_key,
- t_strconcat(extra->password == NULL ? "" :
- extra->password,
- str_len(str) > 0 ? "\t" : "",
- str_c(str), NULL));
- }
-
- if (extra->user_password != NULL) {
- if (extra->request->proxy) {
- /* we're proxying - send back the password that was
- sent by user (not the password in passdb). */
- str_printfa(extra->str, "\tpass=%s",
- extra->user_password);
- }
- safe_memset(extra->user_password, 0,
- strlen(extra->user_password));
- i_free(extra->user_password);
- }
-
- if (extra->str != NULL)
- extra->request->extra_fields = str_c(extra->str);
-
- if (extra->password != NULL) {
- safe_memset(extra->password, 0, strlen(extra->password));
- i_free(extra->password);
- }
- i_free(extra);
-}
-
-static const char *escape_none(const char *str)
-{
- return str;
-}
-
-const struct var_expand_table *
-auth_request_get_var_expand_table(const struct auth_request *auth_request,
- const char *(*escape_func)(const char *))
-{
- static struct var_expand_table static_tab[] = {
- { 'u', NULL },
- { 'n', NULL },
- { 'd', NULL },
- { 's', NULL },
- { 'h', NULL },
- { 'l', NULL },
- { 'r', NULL },
- { 'p', NULL },
- { '\0', NULL }
- };
- struct var_expand_table *tab;
-
- if (escape_func == NULL)
- escape_func = escape_none;
-
- tab = t_malloc(sizeof(static_tab));
- memcpy(tab, static_tab, sizeof(static_tab));
-
- tab[0].value = escape_func(auth_request->user);
- tab[1].value = escape_func(t_strcut(auth_request->user, '@'));
- tab[2].value = strchr(auth_request->user, '@');
- if (tab[2].value != NULL)
- tab[2].value = escape_func(tab[2].value+1);
- tab[3].value = auth_request->service;
- /* tab[4] = we have no home dir */
- if (auth_request->local_ip.family != 0)
- tab[5].value = net_ip2addr(&auth_request->local_ip);
- if (auth_request->remote_ip.family != 0)
- tab[6].value = net_ip2addr(&auth_request->remote_ip);
- tab[7].value = dec2str(auth_request->conn->pid);
- return tab;
-}
-
-const char *get_log_prefix(const struct auth_request *auth_request)
-{
-#define MAX_LOG_USERNAME_LEN 64
- const char *ip;
- string_t *str;
-
- str = t_str_new(64);
-
- if (auth_request->user == NULL)
- str_append(str, "?");
- else {
- str_sanitize_append(str, auth_request->user,
- MAX_LOG_USERNAME_LEN);
- }
-
- ip = net_ip2addr(&auth_request->remote_ip);
- if (ip != NULL) {
- str_append_c(str, ',');
- str_append(str, ip);
- }
- return str_c(str);
-}
-
-void auth_failure_buf_flush(void)
-{
- struct auth_request **auth_request;
- size_t i, size;
-
- auth_request = buffer_get_modifyable_data(auth_failures_buf, &size);
- size /= sizeof(*auth_request);
-
- for (i = 0; i < size; i++) {
- if (auth_request[i]->conn != NULL) {
- auth_request[i]->callback(auth_request[i],
- AUTH_CLIENT_RESULT_FAILURE,
- NULL, 0);
- }
- auth_request_destroy(auth_request[i]);
- }
- buffer_set_used_size(auth_failures_buf, 0);
-}
-
-static void auth_failure_timeout(void *context __attr_unused__)
-{
- auth_failure_buf_flush();
-}
-
static void mech_list_verify_passdb(struct passdb_module *passdb)
{
struct mech_module_list *list;
@@ -512,15 +214,10 @@
}
ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
-
- auth_failures_buf = buffer_create_dynamic(default_pool, 1024);
- to_auth_failures = timeout_add(2000, auth_failure_timeout, NULL);
}
void mech_deinit(void)
{
- timeout_remove(to_auth_failures);
-
mech_unregister_module(&mech_plain);
mech_unregister_module(&mech_login);
mech_unregister_module(&mech_apop);
Index: mech.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech.h,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -d -r1.30 -r1.31
--- mech.h 7 Jan 2005 17:27:20 -0000 1.30
+++ mech.h 7 Jan 2005 18:51:10 -0000 1.31
@@ -1,7 +1,6 @@
#ifndef __MECH_H
#define __MECH_H
-#include "network.h"
#include "auth-client-interface.h"
enum auth_client_result {
@@ -11,38 +10,12 @@
};
struct auth_request;
-struct auth_client_connection;
typedef void mech_callback_t(struct auth_request *request,
enum auth_client_result result,
const void *reply, size_t reply_size);
-struct auth_request {
- int refcount;
-
- pool_t pool;
- char *user;
- const char *extra_fields;
-
- struct mech_module *mech;
- struct auth_client_connection *conn;
-
- unsigned int id;
- time_t created;
-
- const char *service;
- struct ip_addr local_ip, remote_ip;
- mech_callback_t *callback;
-
- unsigned int successful:1;
- unsigned int internal_failure:1;
- unsigned int accept_input:1;
- unsigned int no_failure_delay:1;
- unsigned int no_login:1;
- unsigned int proxy:1;
- unsigned int destroyed:1;
- /* ... mechanism specific data ... */
-};
+#include "auth-request.h"
struct mech_module {
const char *mech_name;
@@ -82,33 +55,8 @@
const string_t *auth_mechanisms_get_list(void);
-void mech_auth_success(struct auth_request *request,
- const void *data, size_t data_size);
-void mech_auth_fail(struct auth_request *request);
-void mech_auth_internal_failure(struct auth_request *request);
-
int mech_fix_username(char *username, const char **error_r);
-struct auth_request *auth_request_new(struct mech_module *mech);
-void auth_request_destroy(struct auth_request *request);
-void auth_request_ref(struct auth_request *request);
-int auth_request_unref(struct auth_request *request);
-
-struct auth_request_extra *
-auth_request_extra_begin(struct auth_request *request, const char *password);
-void auth_request_extra_next(struct auth_request_extra *extra,
- const char *name, const char *value);
-void auth_request_extra_finish(struct auth_request_extra *extra,
- const char *cache_key);
-
-const struct var_expand_table *
-auth_request_get_var_expand_table(const struct auth_request *auth_request,
- const char *(*escape_func)(const char *));
-
-const char *get_log_prefix(const struct auth_request *auth_request);
-
-void auth_failure_buf_flush(void);
-
void mech_init(void);
void mech_deinit(void);
Index: userdb.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb.h,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- userdb.h 7 Jan 2005 18:15:15 -0000 1.15
+++ userdb.h 7 Jan 2005 18:51:10 -0000 1.16
@@ -1,7 +1,7 @@
#ifndef __USERDB_H
#define __USERDB_H
-#include "mech.h"
+#include "auth-request.h"
struct user_data {
const char *virtual_user;
- Previous message: [dovecot-cvs] dovecot/src/auth checkpassword-reply.c, 1.1,
1.2 passdb-checkpassword.c, 1.4, 1.5
- Next message: [dovecot-cvs] dovecot/src/auth Makefile.am, 1.41,
1.42 auth-client-connection.c, 1.26,
1.27 auth-client-connection.h, 1.6,
1.7 auth-master-connection.c, 1.21,
1.22 auth-master-connection.h, 1.6, 1.7 auth-request.c, 1.1,
1.2 auth-request.h, 1.1, 1.2 auth.c, 1.10, 1.11 auth.h, 1.8,
1.9 common.h, 1.7, 1.8 main.c, 1.33, 1.34 mech-anonymous.c,
1.8, 1.9 mech-apop.c, 1.8, 1.9 mech-cram-md5.c, 1.15,
1.16 mech-digest-md5.c, 1.29, 1.30 mech-login.c, 1.6,
1.7 mech-ntlm.c, 1.12, 1.13 mech-plain.c, 1.24,
1.25 mech-rpa.c, 1.11, 1.12 mech.c, 1.53, 1.54 mech.h, 1.31,
1.32 passdb.c, 1.28, 1.29 passdb.h, 1.18, 1.19 userdb.c, 1.15,
1.16 userdb.h, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list