[dovecot-cvs] dovecot/src/auth Makefile.am, 1.41, 1.42 auth-client-connection.c, 1.26, 1.27 auth-client-connection.h, 1.6, 1.7 auth-master-connection.c, 1.21, 1.22 auth-master-connection.h, 1.6, 1.7 auth-request.c, 1.1, 1.2 auth-request.h, 1.1, 1.2 auth.c, 1.10, 1.11 auth.h, 1.8, 1.9 common.h, 1.7, 1.8 main.c, 1.33, 1.34 mech-anonymous.c, 1.8, 1.9 mech-apop.c, 1.8, 1.9 mech-cram-md5.c, 1.15, 1.16 mech-digest-md5.c, 1.29, 1.30 mech-login.c, 1.6, 1.7 mech-ntlm.c, 1.12, 1.13 mech-plain.c, 1.24, 1.25 mech-rpa.c, 1.11, 1.12 mech.c, 1.53, 1.54 mech.h, 1.31, 1.32 passdb.c, 1.28, 1.29 passdb.h, 1.18, 1.19 userdb.c, 1.15, 1.16 userdb.h, 1.16, 1.17

cras at dovecot.org cras at dovecot.org
Fri Jan 7 21:55:52 EET 2005 

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv13695

Modified Files:
	Makefile.am auth-client-connection.c auth-client-connection.h 
	auth-master-connection.c auth-master-connection.h 
	auth-request.c auth-request.h common.h main.c mech-anonymous.c 
	mech-apop.c mech-cram-md5.c mech-digest-md5.c mech-login.c 
	mech-ntlm.c mech-plain.c mech-rpa.c mech.c mech.h passdb.c 
	passdb.h userdb.c userdb.h 
Added Files:
	auth.c auth.h 
Log Message:
Reorganized the code to have less global/static variables.



Index: Makefile.am
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/Makefile.am,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- Makefile.am	7 Jan 2005 18:51:10 -0000	1.41
+++ Makefile.am	7 Jan 2005 19:55:49 -0000	1.42
@@ -32,6 +32,7 @@
 	$(MODULE_LIBS)
 
 dovecot_auth_SOURCES = \
+	auth.c \
 	auth-cache.c \
 	auth-client-connection.c \
 	auth-master-connection.c \
@@ -71,6 +72,7 @@
 	userdb-sql.c
 
 noinst_HEADERS = \
+	auth.h \
 	auth-cache.h \
 	auth-client-connection.h \
 	auth-client-interface.h \

Index: auth-client-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-client-connection.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- auth-client-connection.c	7 Jan 2005 18:51:10 -0000	1.26
+++ auth-client-connection.c	7 Jan 2005 19:55:49 -0000	1.27
@@ -234,7 +234,7 @@
 		return FALSE;
 	}
 
-	request = auth_request_new(mech);
+	request = auth_request_new(conn->auth, mech);
 	if (request == NULL)
 		return TRUE;
 	hash_insert(conn->auth_requests, POINTER_CAST(id), request);
@@ -276,7 +276,7 @@
 		return FALSE;
 	}
 
-	if (ssl_require_client_cert && !valid_client_cert) {
+	if (request->auth->ssl_require_client_cert && !valid_client_cert) {
 		/* we fail without valid certificate */
 		if (verbose) {
 			i_info("ssl-cert-check(%s): "
@@ -450,6 +450,7 @@
 	pool = pool_alloconly_create("Auth client", 4096);
 	conn = p_new(pool, struct auth_client_connection, 1);
 	conn->pool = pool;
+	conn->auth = master->auth;
 	conn->master = master;
 	conn->refcount = 1;
 	conn->connect_uid = ++connect_uid_counter;
@@ -474,8 +475,8 @@
                     AUTH_CLIENT_PROTOCOL_MINOR_VERSION,
 		    master->pid, conn->connect_uid);
 
-	iov[0].iov_base = str_data(mech_handshake);
-	iov[0].iov_len = str_len(mech_handshake);
+	iov[0].iov_base = str_data(conn->auth->mech_handshake);
+	iov[0].iov_len = str_len(conn->auth->mech_handshake);
 	iov[1].iov_base = str_data(str);
 	iov[1].iov_len = str_len(str);
 

Index: auth-client-connection.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-client-connection.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- auth-client-connection.h	19 Oct 2004 02:51:37 -0000	1.6
+++ auth-client-connection.h	7 Jan 2005 19:55:49 -0000	1.7
@@ -4,6 +4,7 @@
 struct auth_client_connection {
 	struct auth_client_connection *next;
 
+	struct auth *auth;
 	struct auth_master_connection *master;
 	int refcount;
 

Index: auth-master-connection.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- auth-master-connection.c	7 Jan 2005 18:51:10 -0000	1.21
+++ auth-master-connection.c	7 Jan 2005 19:55:49 -0000	1.22
@@ -149,7 +149,8 @@
 		master_request->auth_request = request;
 
 		conn->refcount++;
-		userdb->lookup(request, userdb_callback, master_request);
+		request->auth->userdb->lookup(request, userdb_callback,
+					      master_request);
 	}
 	return TRUE;
 }
@@ -256,11 +257,12 @@
 }
 
 struct auth_master_connection *
-auth_master_connection_create(int fd, unsigned int pid)
+auth_master_connection_create(struct auth *auth, int fd, unsigned int pid)
 {
 	struct auth_master_connection *conn;
 
 	conn = i_new(struct auth_master_connection, 1);
+	conn->auth = auth;
 	conn->refcount = 1;
 	conn->pid = pid;
 	conn->fd = fd;

Index: auth-master-connection.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-master-connection.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- auth-master-connection.h	19 Oct 2004 00:51:21 -0000	1.6
+++ auth-master-connection.h	7 Jan 2005 19:55:49 -0000	1.7
@@ -2,6 +2,8 @@
 #define __AUTH_MASTER_CONNECTION_H
 
 struct auth_master_connection {
+	struct auth *auth;
+
 	unsigned int pid;
 	int refcount;
 
@@ -21,7 +23,7 @@
 #define AUTH_MASTER_IS_DUMMY(master) (master->fd == -1)
 
 struct auth_master_connection *
-auth_master_connection_create(int fd, unsigned int pid);
+auth_master_connection_create(struct auth *auth, int fd, unsigned int pid);
 void auth_master_connection_send_handshake(struct auth_master_connection *conn);
 void auth_master_connection_destroy(struct auth_master_connection *conn);
 

Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- auth-request.c	7 Jan 2005 18:51:10 -0000	1.1
+++ auth-request.c	7 Jan 2005 19:55:49 -0000	1.2
@@ -23,7 +23,8 @@
 static buffer_t *auth_failures_buf;
 static struct timeout *to_auth_failures;
 
-struct auth_request *auth_request_new(struct mech_module *mech)
+struct auth_request *auth_request_new(struct auth *auth,
+				      struct mech_module *mech)
 {
 	struct auth_request *request;
 
@@ -31,6 +32,7 @@
 	if (request == NULL)
 		return NULL;
 
+	request->auth = auth;
 	request->mech = mech;
 	request->created = ioloop_time;
 	return request;
@@ -115,6 +117,37 @@
 	return FALSE;
 }
 
+int auth_request_set_username(struct auth_request *request,
+			      const char *username, const char **error_r)
+{
+	unsigned char *p;
+
+	if (*username == '\0') {
+		/* Some PAM plugins go nuts with empty usernames */
+		*error_r = "Empty username";
+		return FALSE;
+	}
+
+	if (strchr(username, '@') == NULL &&
+	    request->auth->default_realm != NULL) {
+		request->user = p_strconcat(request->pool, username, "@",
+					    request->auth->default_realm, NULL);
+	} else {
+		request->user = p_strdup(request->pool, username);
+	}
+
+	for (p = (unsigned char *)request->user; *p != '\0'; p++) {
+		if (request->auth->username_translation[*p & 0xff] != 0)
+			*p = request->auth->username_translation[*p & 0xff];
+		if (request->auth->username_chars[*p & 0xff] == 0) {
+			*error_r = "Username contains disallowed characters";
+			return FALSE;
+		}
+	}
+
+	return TRUE;
+}
+
 struct auth_request_extra *
 auth_request_extra_begin(struct auth_request *request,
 			 const char *user_password)

Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- auth-request.h	7 Jan 2005 18:51:10 -0000	1.1
+++ auth-request.h	7 Jan 2005 19:55:49 -0000	1.2
@@ -14,6 +14,7 @@
 	const char *extra_fields;
 
 	struct mech_module *mech;
+	struct auth *auth;
 	struct auth_client_connection *conn;
 
 	unsigned int id;
@@ -38,11 +39,15 @@
 void auth_request_fail(struct auth_request *request);
 void auth_request_internal_failure(struct auth_request *request);
 
-struct auth_request *auth_request_new(struct mech_module *mech);
+struct auth_request *auth_request_new(struct auth *auth,
+				      struct mech_module *mech);
 void auth_request_destroy(struct auth_request *request);
 void auth_request_ref(struct auth_request *request);
 int auth_request_unref(struct auth_request *request);
 
+int auth_request_set_username(struct auth_request *request,
+			      const char *username, const char **error_r);
+
 struct auth_request_extra *
 auth_request_extra_begin(struct auth_request *request, const char *password);
 void auth_request_extra_next(struct auth_request_extra *extra,



Index: common.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/common.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- common.h	23 Jun 2004 17:50:44 -0000	1.7
+++ common.h	7 Jan 2005 19:55:50 -0000	1.8
@@ -2,6 +2,7 @@
 #define __COMMON_H
 
 #include "lib.h"
+#include "auth.h"
 
 #define MASTER_SOCKET_FD 0
 #define LOGIN_LISTEN_FD 3

Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/main.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- main.c	7 Jan 2005 18:51:10 -0000	1.33
+++ main.c	7 Jan 2005 19:55:50 -0000	1.34
@@ -8,10 +8,9 @@
 #include "restrict-access.h"
 #include "fd-close-on-exec.h"
 #include "randgen.h"
-#include "mech.h"
-#include "userdb.h"
-#include "passdb.h"
 #include "password-scheme.h"
+#include "mech.h"
+#include "auth.h"
 #include "auth-request.h"
 #include "auth-master-connection.h"
 #include "auth-client-connection.h"
@@ -29,6 +28,7 @@
 int standalone = FALSE;
 
 static buffer_t *masters_buf;
+static struct auth *auth;
 
 static void sig_quit(int signo __attr_unused__)
 {
@@ -153,7 +153,7 @@
 		str = t_strdup_printf("AUTH_%u_MASTER", i);
 		master_fd = create_unix_listener(str);
 
-		master = auth_master_connection_create(-1, getpid());
+		master = auth_master_connection_create(auth, -1, getpid());
 		if (master_fd != -1) {
 			auth_master_connection_add_listener(master, master_fd,
 							    master_path, FALSE);
@@ -180,8 +180,7 @@
 
 	/* Initialize databases so their configuration files can be readable
 	   only by root. Also load all modules here. */
-	userdb_preinit();
-	passdb_preinit();
+	auth = auth_preinit();
         password_schemes_init();
 
 	masters_buf = buffer_create_dynamic(default_pool, 64);
@@ -198,13 +197,12 @@
 	const char *env;
 	unsigned int pid;
 
-	userdb_init();
-	passdb_init();
-
-	lib_init_signals(sig_quit);
 	mech_init();
+	auth_init(auth);
 	auth_requests_init();
 
+	lib_init_signals(sig_quit);
+
 	env = getenv("AUTH_PROCESS");
 	standalone = env == NULL;
 	if (standalone) {
@@ -237,7 +235,8 @@
 		if (pid == 0)
 			i_fatal("AUTH_PROCESS can't be 0");
 
-		master = auth_master_connection_create(MASTER_SOCKET_FD, pid);
+		master = auth_master_connection_create(auth, MASTER_SOCKET_FD,
+						       pid);
 		auth_master_connection_add_listener(master, LOGIN_LISTEN_FD,
 						    NULL, TRUE);
 		auth_client_connections_init(master);
@@ -267,9 +266,8 @@
 		auth_master_connection_destroy(master[i]);
 
         password_schemes_deinit();
-	passdb_deinit();
-	userdb_deinit();
 	auth_requests_deinit();
+	auth_deinit(auth);
 	mech_deinit();
 
 	random_deinit();

Index: mech-anonymous.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-anonymous.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- mech-anonymous.c	7 Jan 2005 18:51:10 -0000	1.8
+++ mech-anonymous.c	7 Jan 2005 19:55:50 -0000	1.9
@@ -8,7 +8,7 @@
 			     const unsigned char *data, size_t data_size,
 			     mech_callback_t *callback)
 {
-	i_assert(anonymous_username != NULL);
+	i_assert(request->auth->anonymous_username != NULL);
 
 	if (verbose) {
 		/* temporarily set the user to the one that was given,
@@ -20,7 +20,8 @@
 	}
 
 	request->callback = callback;
-	request->user = p_strdup(request->pool, anonymous_username);
+	request->user = p_strdup(request->pool,
+				 request->auth->anonymous_username);
 
 	auth_request_success(request, NULL, 0);
 }

Index: mech-apop.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-apop.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- mech-apop.c	7 Jan 2005 18:51:10 -0000	1.8
+++ mech-apop.c	7 Jan 2005 19:55:50 -0000	1.9
@@ -129,8 +129,8 @@
 	}
 	tmp++;
 
-	auth_request->user = p_strdup(request->pool, (const char *)username);
-	if (!mech_fix_username(auth_request->user, &error)) {
+	if (!auth_request_set_username(auth_request, (const char *)username,
+				       &error)) {
 		if (verbose) {
 			i_info("apop(%s): %s",
 			       get_log_prefix(auth_request), error);
@@ -141,7 +141,8 @@
 
 	memcpy(request->digest, tmp, sizeof(request->digest));
 
-	passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_PLAINTEXT,
+	auth_request->auth->passdb->
+		lookup_credentials(auth_request, PASSDB_CREDENTIALS_PLAINTEXT,
 				   apop_credentials_callback);
 }
 

Index: mech-cram-md5.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-cram-md5.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- mech-cram-md5.c	7 Jan 2005 18:51:10 -0000	1.15
+++ mech-cram-md5.c	7 Jan 2005 19:55:50 -0000	1.16
@@ -144,11 +144,10 @@
 	if (parse_cram_response(request, data, data_size, &error)) {
 		auth_request->callback = callback;
 
-		auth_request->user =
-			p_strdup(auth_request->pool, request->username);
-
-		if (mech_fix_username(auth_request->user, &error)) {
-			passdb->lookup_credentials(auth_request,
+		if (auth_request_set_username(auth_request, request->username,
+					      &error)) {
+			auth_request->auth->passdb->
+				lookup_credentials(auth_request,
 						   PASSDB_CREDENTIALS_CRAM_MD5,
 						   credentials_callback);
 			return;

Index: mech-digest-md5.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-digest-md5.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30
--- mech-digest-md5.c	7 Jan 2005 18:51:10 -0000	1.29
+++ mech-digest-md5.c	7 Jan 2005 19:55:50 -0000	1.30
@@ -54,6 +54,7 @@
 
 static string_t *get_digest_challenge(struct digest_auth_request *request)
 {
+	struct auth *auth = request->auth_request.auth;
 	buffer_t *buf;
 	string_t *str;
 	const char *const *tmp;
@@ -84,7 +85,7 @@
 
 	str = t_str_new(256);
 
-	for (tmp = auth_realms; *tmp != NULL; tmp++) {
+	for (tmp = auth->auth_realms; *tmp != NULL; tmp++) {
 		str_printfa(str, "realm=\"%s\"", *tmp);
 		str_append_c(str, ',');
 	}
@@ -225,14 +226,15 @@
 	return TRUE;
 }
 
-static int verify_realm(const char *realm)
+static int verify_realm(struct digest_auth_request *request, const char *realm)
 {
 	const char *const *tmp;
 
 	if (*realm == '\0')
 		return TRUE;
 
-	for (tmp = auth_realms; *tmp != NULL; tmp++) {
+        tmp = request->auth_request.auth->auth_realms;
+	for (; *tmp != NULL; tmp++) {
 		if (strcasecmp(realm, *tmp) == 0)
 			return TRUE;
 	}
@@ -301,7 +303,7 @@
 	str_lcase(key);
 
 	if (strcmp(key, "realm") == 0) {
-		if (!verify_realm(value)) {
+		if (!verify_realm(request, value)) {
 			*error = "Invalid realm";
 			return FALSE;
 		}
@@ -550,7 +552,7 @@
 {
 	struct digest_auth_request *request =
 		(struct digest_auth_request *)auth_request;
-	const char *error, *realm;
+	const char *username, *error;
 
 	if (request->authenticated) {
 		/* authentication is done, we were just waiting the last
@@ -562,18 +564,13 @@
 	if (parse_digest_response(request, data, data_size, &error)) {
 		auth_request->callback = callback;
 
-		realm = request->realm != NULL ? request->realm : default_realm;
-		if (realm == NULL) {
-			auth_request->user = p_strdup(auth_request->pool,
-						      request->username);
-		} else {
-			auth_request->user = p_strconcat(auth_request->pool,
-							 request->username, "@",
-							 realm, NULL);
-		}
+		username = request->realm == NULL ? request->username :
+			t_strconcat(request->username, "@",
+				    request->realm, NULL);
 
-		if (mech_fix_username(auth_request->user, &error)) {
-			passdb->lookup_credentials(auth_request,
+		if (auth_request_set_username(auth_request, username, &error)) {
+			auth_request->auth->passdb->
+				lookup_credentials(auth_request,
 						PASSDB_CREDENTIALS_DIGEST_MD5,
 						credentials_callback);
 			return;

Index: mech-login.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-login.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- mech-login.c	7 Jan 2005 18:51:10 -0000	1.6
+++ mech-login.c	7 Jan 2005 19:55:50 -0000	1.7
@@ -36,14 +36,14 @@
 			 mech_callback_t *callback)
 {
 	static const char prompt2[] = "Password:";
-	const char *error;
+	const char *username, *error;
 
 	request->callback = callback;
 
 	if (request->user == NULL) {
-		request->user = p_strndup(request->pool, data, data_size);
+		username = t_strndup(data, data_size);
 
-		if (!mech_fix_username(request->user, &error)) {
+		if (!auth_request_set_username(request, username, &error)) {
 			if (verbose) {
 				i_info("login(%s): %s",
 				       get_log_prefix(request), error);
@@ -56,7 +56,8 @@
 			 prompt2, strlen(prompt2));
 	} else {
 		char *pass = p_strndup(unsafe_data_stack_pool, data, data_size);
-		passdb->verify_plain(request, pass, verify_callback);
+		request->auth->passdb->verify_plain(request, pass,
+						    verify_callback);
 		safe_memset(pass, 0, strlen(pass));
 	}
 }

Index: mech-ntlm.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-ntlm.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- mech-ntlm.c	7 Jan 2005 18:51:10 -0000	1.12
+++ mech-ntlm.c	7 Jan 2005 19:55:50 -0000	1.13
@@ -175,7 +175,8 @@
 
 	/* NTLM credentials not found or didn't want to use them,
 	   try with LM credentials */
-	passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN,
+	auth_request->auth->passdb->
+		lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN,
 				   lm_credentials_callback);
 }
 
@@ -220,7 +221,7 @@
 	} else {
 		const struct ntlmssp_response *response =
 			(struct ntlmssp_response *)data;
-		char *username;
+		const char *username;
 
 		if (!ntlmssp_check_response(response, data_size, &error)) {
 			if (verbose) {
@@ -235,11 +236,10 @@
 		request->response = p_malloc(request->pool, data_size);
 		memcpy(request->response, response, data_size);
 
-		username = p_strdup(auth_request->pool,
-				    ntlmssp_t_str(request->response, user, 
-				    request->unicode_negotiated));
+		username = ntlmssp_t_str(request->response, user, 
+					 request->unicode_negotiated);
 
-		if (!mech_fix_username(username, &error)) {
+		if (!auth_request_set_username(auth_request, username, &error)) {
 			if (verbose) {
 				i_info("ntlm(%s): %s",
 				       get_log_prefix(auth_request), error);
@@ -248,8 +248,8 @@
 			return;
 		}
 
-		auth_request->user = username;
-		passdb->lookup_credentials(auth_request,
+		auth_request->auth->passdb->
+			lookup_credentials(auth_request,
 					   PASSDB_CREDENTIALS_NTLM,
 					   ntlm_credentials_callback);
 	}

Index: mech-plain.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-plain.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- mech-plain.c	7 Jan 2005 18:51:10 -0000	1.24
+++ mech-plain.c	7 Jan 2005 19:55:50 -0000	1.25
@@ -60,16 +60,7 @@
 		}
 		auth_request_fail(request);
 	} else {
-		/* split and save user/realm */
-		if (strchr(authenid, '@') == NULL && default_realm != NULL) {
-			request->user = p_strconcat(request->pool,
-						    authenid, "@",
-						    default_realm, NULL);
-		} else {
-			request->user = p_strdup(request->pool, authenid);
-		}
-
-		if (!mech_fix_username(request->user, &error)) {
+		if (!auth_request_set_username(request, authenid, &error)) {
 			/* invalid username */
 			if (verbose) {
 				i_info("plain(%s): %s",
@@ -77,7 +68,8 @@
 			}
 			auth_request_fail(request);
 		} else {
-			passdb->verify_plain(request, pass, verify_callback);
+			request->auth->passdb->verify_plain(request, pass,
+							    verify_callback);
 		}
 
 		/* make sure it's cleared */

Index: mech-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-rpa.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- mech-rpa.c	7 Jan 2005 18:51:10 -0000	1.11
+++ mech-rpa.c	7 Jan 2005 19:55:50 -0000	1.12
@@ -238,15 +238,6 @@
 	return len;
 }
 
-static char *
-rpa_parse_username(pool_t pool, const char *username)
-{
-	const char *p = strrchr(username, '@');
-
-	return p == NULL ? p_strdup(pool, username) :
-		p_strdup_until(pool, username, p);
-}
-
 static int
 rpa_parse_token3(struct rpa_auth_request *request, const void *data,
 		 size_t data_size, const char **error)
@@ -274,10 +265,11 @@
 	}
 	p += 2;
 
-	user = t_strndup(p, len);
+	user = t_strcut(t_strndup(p, len), '@');
 	p += len;
 
-	auth_request->user = rpa_parse_username(request->pool, user);
+	if (!auth_request_set_username(auth_request, user, error))
+		return FALSE;
 
 	request->username_ucs2be = ucs2be_str(request->pool, auth_request->user,
 					      &request->username_len);
@@ -494,16 +486,8 @@
 		return;
 	}
 
-	if (!mech_fix_username(auth_request->user, &error)) {
-		if (verbose) {
-			i_info("rpa(%s): %s",
-			       get_log_prefix(auth_request), error);
-		}
-		auth_request_fail(auth_request);
-		return;
-	}
-
-	passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA,
+	auth_request->auth->passdb->
+		lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA,
 				   rpa_credentials_callback);
 }
 

Index: mech.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech.c,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -d -r1.53 -r1.54
--- mech.c	7 Jan 2005 18:51:10 -0000	1.53
+++ mech.c	7 Jan 2005 19:55:50 -0000	1.54
@@ -8,14 +8,7 @@
 
 #include <stdlib.h>
 
-struct mech_module_list *mech_modules;
-string_t *mech_handshake;
-
-const char *const *auth_realms;
-const char *default_realm;
-const char *anonymous_username;
-char username_chars[256], username_translation[256];
-int ssl_require_client_cert;
+static struct mech_module_list *mech_modules;
 
 void mech_register_module(struct mech_module *module)
 {
@@ -24,23 +17,6 @@
 	list = i_new(struct mech_module_list, 1);
 	list->module = *module;
 
-	str_printfa(mech_handshake, "MECH\t%s", module->mech_name);
-	if ((module->flags & MECH_SEC_PRIVATE) != 0)
-		str_append(mech_handshake, "\tprivate");
-	if ((module->flags & MECH_SEC_ANONYMOUS) != 0)
-		str_append(mech_handshake, "\tanonymous");
-	if ((module->flags & MECH_SEC_PLAINTEXT) != 0)
-		str_append(mech_handshake, "\tplaintext");
-	if ((module->flags & MECH_SEC_DICTIONARY) != 0)
-		str_append(mech_handshake, "\tdictionary");
-	if ((module->flags & MECH_SEC_ACTIVE) != 0)
-		str_append(mech_handshake, "\tactive");
-	if ((module->flags & MECH_SEC_FORWARD_SECRECY) != 0)
-		str_append(mech_handshake, "\tforward-secrecy");
-	if ((module->flags & MECH_SEC_MUTUAL_AUTH) != 0)
-		str_append(mech_handshake, "\tmutual-auth");
-	str_append_c(mech_handshake, '\n');
-
 	list->next = mech_modules;
 	mech_modules = list;
 }
@@ -59,18 +35,6 @@
 	}
 }
 
-const string_t *auth_mechanisms_get_list(void)
-{
-	struct mech_module_list *list;
-	string_t *str;
-
-	str = t_str_new(128);
-	for (list = mech_modules; list != NULL; list = list->next)
-		str_append(str, list->module.mech_name);
-
-	return str;
-}
-
 struct mech_module *mech_module_find(const char *name)
 {
 	struct mech_module_list *list;
@@ -82,46 +46,6 @@
 	return NULL;
 }
 
-int mech_fix_username(char *username, const char **error_r)
-{
-	unsigned char *p;
-
-	if (*username == '\0') {
-		/* Some PAM plugins go nuts with empty usernames */
-		*error_r = "Empty username";
-		return FALSE;
-	}
-
-	for (p = (unsigned char *)username; *p != '\0'; p++) {
-		if (username_translation[*p & 0xff] != 0)
-			*p = username_translation[*p & 0xff];
-		if (username_chars[*p & 0xff] == 0) {
-			*error_r = "Username contains disallowed characters";
-			return FALSE;
-		}
-	}
-
-	return TRUE;
-}
-
-static void mech_list_verify_passdb(struct passdb_module *passdb)
-{
-	struct mech_module_list *list;
-
-	for (list = mech_modules; list != NULL; list = list->next) {
-		if (list->module.passdb_need_plain &&
-		    passdb->verify_plain == NULL)
-			break;
-		if (list->module.passdb_need_credentials &&
-		    passdb->lookup_credentials == NULL)
-			break;
-	}
-
-	if (list != NULL) {
-		i_fatal("Passdb %s doesn't support %s method",
-			passdb->name, list->module.mech_name);
-	}
-}
 extern struct mech_module mech_plain;
 extern struct mech_module mech_login;
 extern struct mech_module mech_apop;
@@ -133,87 +57,14 @@
 
 void mech_init(void)
 {
-	const char *const *mechanisms;
-	const char *env;
-
-	mech_modules = NULL;
-	mech_handshake = str_new(default_pool, 512);
-
-	anonymous_username = getenv("ANONYMOUS_USERNAME");
-	if (anonymous_username != NULL && *anonymous_username == '\0')
-                anonymous_username = NULL;
-
-	/* register wanted mechanisms */
-	env = getenv("MECHANISMS");
-	if (env == NULL || *env == '\0')
-		i_fatal("MECHANISMS environment is unset");
-
-	mechanisms = t_strsplit_spaces(env, " ");
-	while (*mechanisms != NULL) {
-		if (strcasecmp(*mechanisms, "PLAIN") == 0)
-			mech_register_module(&mech_plain);
-		else if (strcasecmp(*mechanisms, "LOGIN") == 0)
-			mech_register_module(&mech_login);
-		else if (strcasecmp(*mechanisms, "APOP") == 0)
-			mech_register_module(&mech_apop);
-		else if (strcasecmp(*mechanisms, "CRAM-MD5") == 0)
-			mech_register_module(&mech_cram_md5);
-		else if (strcasecmp(*mechanisms, "DIGEST-MD5") == 0)
-			mech_register_module(&mech_digest_md5);
-		else if (strcasecmp(*mechanisms, "NTLM") == 0)
-			mech_register_module(&mech_ntlm);
-		else if (strcasecmp(*mechanisms, "RPA") == 0)
-			mech_register_module(&mech_rpa);
-		else if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
-			if (anonymous_username == NULL) {
-				i_fatal("ANONYMOUS listed in mechanisms, "
-					"but anonymous_username not given");
-			}
-			mech_register_module(&mech_anonymous);
-		} else {
-			i_fatal("Unknown authentication mechanism '%s'",
-				*mechanisms);
-		}
-
-		mechanisms++;
-	}
-
-	if (mech_modules == NULL)
-		i_fatal("No authentication mechanisms configured");
-	mech_list_verify_passdb(passdb);
-
-	/* get our realm - note that we allocate from data stack so
-	   this function should never be called inside I/O loop or anywhere
-	   else where t_pop() is called */
-	env = getenv("REALMS");
-	if (env == NULL)
-		env = "";
-	auth_realms = t_strsplit_spaces(env, " ");
-
-	default_realm = getenv("DEFAULT_REALM");
-	if (default_realm != NULL && *default_realm == '\0')
-		default_realm = NULL;
-
-	env = getenv("USERNAME_CHARS");
-	if (env == NULL || *env == '\0') {
-		/* all chars are allowed */
-		memset(username_chars, 1, sizeof(username_chars));
-	} else {
-		memset(username_chars, 0, sizeof(username_chars));
-		for (; *env != '\0'; env++)
-			username_chars[((unsigned char)*env) & 0xff] = 1;
-	}
-
-	env = getenv("USERNAME_TRANSLATION");
-	memset(username_translation, 0, sizeof(username_translation));
-	if (env != NULL) {
-		for (; *env != '\0' && env[1] != '\0'; env += 2) {
-			username_translation[((unsigned char)*env) & 0xff] =
-				env[1];
-		}
-	}
-
-	ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
+	mech_register_module(&mech_plain);
+	mech_register_module(&mech_login);
+	mech_register_module(&mech_apop);
+	mech_register_module(&mech_cram_md5);
+	mech_register_module(&mech_digest_md5);
+	mech_register_module(&mech_ntlm);
+	mech_register_module(&mech_rpa);
+	mech_register_module(&mech_anonymous);
 }
 
 void mech_deinit(void)
@@ -226,6 +77,4 @@
 	mech_unregister_module(&mech_ntlm);
 	mech_unregister_module(&mech_rpa);
 	mech_unregister_module(&mech_anonymous);
-
-	str_free(mech_handshake);
 }

Index: mech.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech.h,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -d -r1.31 -r1.32
--- mech.h	7 Jan 2005 18:51:10 -0000	1.31
+++ mech.h	7 Jan 2005 19:55:50 -0000	1.32
@@ -40,23 +40,10 @@
 	struct mech_module module;
 };
 
-extern struct mech_module_list *mech_modules;
-extern buffer_t *mech_handshake;
-
-extern const char *const *auth_realms;
-extern const char *default_realm;
-extern const char *anonymous_username;
-extern char username_chars[256];
-extern int ssl_require_client_cert;
-
 void mech_register_module(struct mech_module *module);
 void mech_unregister_module(struct mech_module *module);
 struct mech_module *mech_module_find(const char *name);
 
-const string_t *auth_mechanisms_get_list(void);
-
-int mech_fix_username(char *username, const char **error_r);
-
 void mech_init(void);
 void mech_deinit(void);
 

Index: passdb.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- passdb.c	7 Jan 2005 17:27:20 -0000	1.28
+++ passdb.c	7 Jan 2005 19:55:50 -0000	1.29
@@ -8,10 +8,6 @@
 
 #include <stdlib.h>
 
-#ifdef HAVE_MODULES
-static struct auth_module *passdb_module = NULL;
-#endif
-
 struct passdb_module *passdbs[] = {
 #ifdef PASSDB_PASSWD
 	&passdb_passwd,
@@ -43,9 +39,6 @@
 	NULL
 };
 
-struct passdb_module *passdb;
-static char *passdb_args;
-
 static const char *
 passdb_credentials_to_str(enum passdb_credentials credentials)
 {
@@ -116,62 +109,59 @@
 	callback(PASSDB_RESULT_OK, password, auth_request);
 }
 
-void passdb_preinit(void)
+void passdb_preinit(struct auth *auth, const char *data)
 {
 	struct passdb_module **p;
 	const char *name, *args;
 
-	name = getenv("PASSDB");
-	if (name == NULL)
-		i_fatal("PASSDB environment is unset");
-
-	args = strchr(name, ' ');
-	name = t_strcut(name, ' ');
+	args = strchr(data, ' ');
+	name = t_strcut(data, ' ');
 
 	if (args == NULL) args = "";
 	while (*args == ' ' || *args == '\t')
 		args++;
 
-	passdb_args = i_strdup(args);
+	auth->passdb_args = i_strdup(args);
 
-	passdb = NULL;
 	for (p = passdbs; *p != NULL; p++) {
 		if (strcmp((*p)->name, name) == 0) {
-			passdb = *p;
+			auth->passdb = *p;
 			break;
 		}
 	}
 	
 #ifdef HAVE_MODULES
-	passdb_module = passdb != NULL ? NULL : auth_module_open(name);
-	if (passdb_module != NULL) {
-		passdb = auth_module_sym(passdb_module,
-					 t_strconcat("passdb_", name, NULL));
+	auth->passdb_module = auth->passdb != NULL ? NULL :
+		auth_module_open(name);
+	if (auth->passdb_module != NULL) {
+		auth->passdb = auth_module_sym(auth->passdb_module,
+					       t_strconcat("passdb_", name,
+							   NULL));
 	}
 #endif
 
-	if (passdb == NULL)
+	if (auth->passdb == NULL)
 		i_fatal("Unknown passdb type '%s'", name);
 
-	if (passdb->preinit != NULL)
-		passdb->preinit(passdb_args);
+	if (auth->passdb->preinit != NULL)
+		auth->passdb->preinit(auth->passdb_args);
 }
 
-void passdb_init(void)
+void passdb_init(struct auth *auth)
 {
 	passdb_cache_init();
-	if (passdb->init != NULL)
-		passdb->init(passdb_args);
+	if (auth->passdb->init != NULL)
+		auth->passdb->init(auth->passdb_args);
 }
 
-void passdb_deinit(void)
+void passdb_deinit(struct auth *auth)
 {
-	if (passdb != NULL && passdb->deinit != NULL)
-		passdb->deinit();
+	if (auth->passdb->deinit != NULL)
+		auth->passdb->deinit();
 #ifdef HAVE_MODULES
-	if (passdb_module != NULL)
-                auth_module_close(passdb_module);
+	if (auth->passdb_module != NULL)
+                auth_module_close(auth->passdb_module);
 #endif
 	passdb_cache_deinit();
-	i_free(passdb_args);
+	i_free(auth->passdb_args);
 }

Index: passdb.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb.h,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- passdb.h	7 Jan 2005 17:27:20 -0000	1.18
+++ passdb.h	7 Jan 2005 19:55:50 -0000	1.19
@@ -58,8 +58,6 @@
 			       lookup_credentials_callback_t *callback,
                                struct auth_request *auth_request);
 
-extern struct passdb_module *passdb;
-
 extern struct passdb_module passdb_passwd;
 extern struct passdb_module passdb_bsdauth;
 extern struct passdb_module passdb_shadow;
@@ -70,8 +68,8 @@
 extern struct passdb_module passdb_ldap;
 extern struct passdb_module passdb_sql;
 
-void passdb_preinit(void);
-void passdb_init(void);
-void passdb_deinit(void);
+void passdb_preinit(struct auth *auth, const char *data);
+void passdb_init(struct auth *auth);
+void passdb_deinit(struct auth *auth);
 
 #endif

Index: userdb.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- userdb.c	7 Jan 2005 18:15:15 -0000	1.15
+++ userdb.c	7 Jan 2005 19:55:50 -0000	1.16
@@ -8,10 +8,6 @@
 #include <pwd.h>
 #include <grp.h>
 
-#ifdef HAVE_MODULES
-static struct auth_module *userdb_module = NULL;
-#endif
-
 struct userdb_module *userdbs[] = {
 #ifdef USERDB_PASSWD
 	&userdb_passwd,
@@ -37,9 +33,6 @@
 	NULL
 };
 
-struct userdb_module *userdb;
-static char *userdb_args;
-
 uid_t userdb_parse_uid(struct auth_request *request, const char *str)
 {
 	struct passwd *pw;
@@ -76,59 +69,56 @@
 	return gr->gr_gid;
 }
 
-void userdb_preinit(void)
+void userdb_preinit(struct auth *auth, const char *data)
 {
 	struct userdb_module **p;
 	const char *name, *args;
 
-	name = getenv("USERDB");
-	if (name == NULL)
-		i_fatal("USERDB environment is unset");
-
-	args = strchr(name, ' ');
-	name = t_strcut(name, ' ');
+	args = strchr(data, ' ');
+	name = t_strcut(data, ' ');
 
 	if (args == NULL) args = "";
 	while (*args == ' ' || *args == '\t')
 		args++;
 
-	userdb_args = i_strdup(args);
+	auth->userdb_args = i_strdup(args);
 
-	userdb = NULL;
 	for (p = userdbs; *p != NULL; p++) {
 		if (strcmp((*p)->name, name) == 0) {
-			userdb = *p;
+			auth->userdb = *p;
 			break;
 		}
 	}
 #ifdef HAVE_MODULES
-	userdb_module = userdb != NULL ? NULL : auth_module_open(name);
-	if (userdb_module != NULL) {
-		userdb = auth_module_sym(userdb_module,
-					 t_strconcat("userdb_", name, NULL));
+	auth->userdb_module = auth->userdb != NULL ? NULL :
+		auth_module_open(name);
+	if (auth->userdb_module != NULL) {
+		auth->userdb = auth_module_sym(auth->userdb_module,
+					       t_strconcat("userdb_", name,
+							   NULL));
 	}
 #endif
 
-	if (userdb == NULL)
+	if (auth->userdb == NULL)
 		i_fatal("Unknown userdb type '%s'", name);
 
-	if (userdb->preinit != NULL)
-		userdb->preinit(args);
+	if (auth->userdb->preinit != NULL)
+		auth->userdb->preinit(args);
 }
 
-void userdb_init(void)
+void userdb_init(struct auth *auth)
 {
-	if (userdb->init != NULL)
-		userdb->init(userdb_args);
+	if (auth->userdb->init != NULL)
+		auth->userdb->init(auth->userdb_args);
 }
 
-void userdb_deinit(void)
+void userdb_deinit(struct auth *auth)
 {
-	if (userdb != NULL && userdb->deinit != NULL)
-		userdb->deinit();
+	if (auth->userdb->deinit != NULL)
+		auth->userdb->deinit();
 #ifdef HAVE_MODULES
-	if (userdb_module != NULL)
-                auth_module_close(userdb_module);
+	if (auth->userdb_module != NULL)
+                auth_module_close(auth->userdb_module);
 #endif
-	i_free(userdb_args);
+	i_free(auth->userdb_args);
 }

Index: userdb.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- userdb.h	7 Jan 2005 18:51:10 -0000	1.16
+++ userdb.h	7 Jan 2005 19:55:50 -0000	1.17
@@ -26,8 +26,6 @@
 		       userdb_callback_t *callback, void *context);
 };
 
-extern struct userdb_module *userdb;
-
 extern struct userdb_module userdb_passdb;
 extern struct userdb_module userdb_static;
 extern struct userdb_module userdb_passwd;
@@ -39,8 +37,8 @@
 uid_t userdb_parse_uid(struct auth_request *request, const char *str);
 gid_t userdb_parse_gid(struct auth_request *request, const char *str);
 
-void userdb_preinit(void);
-void userdb_init(void);
-void userdb_deinit(void);
+void userdb_preinit(struct auth *auth, const char *data);
+void userdb_init(struct auth *auth);
+void userdb_deinit(struct auth *auth);
 
 #endif

More information about the dovecot-cvs mailing list