dovecot-2.0: auth: Initial support for per-protocol auth settings.
dovecot at dovecot.org
dovecot at dovecot.org
Sat Mar 13 23:33:44 EET 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/6e639833c3fc
changeset: 10903:6e639833c3fc
user: Timo Sirainen <tss at iki.fi>
date: Sat Mar 13 22:54:41 2010 +0200
description:
auth: Initial support for per-protocol auth settings.
Currently the list of services is hard-coded. This should be changed so that
config lookup returns the service names.
diffstat:
src/auth/auth-client-connection.c | 3 +-
src/auth/auth-master-connection.c | 4 +-
src/auth/auth-request-handler.c | 10 ++--
src/auth/auth-request-handler.h | 3 +-
src/auth/auth-request.c | 56 +++++++++++++++------------
src/auth/auth-request.h | 9 +++-
src/auth/auth-settings.c | 15 +++++--
src/auth/auth-settings.h | 2 +-
src/auth/auth-worker-client.c | 5 +-
src/auth/auth.c | 66 ++++++++++++++++++++++++++++++++-
src/auth/auth.h | 13 ++++++-
src/auth/db-ldap.c | 4 +-
src/auth/main.c | 18 +++++----
src/auth/mech-anonymous.c | 6 +-
src/auth/mech-digest-md5.c | 6 +-
src/auth/mech-gssapi.c | 4 +-
src/auth/mech-rpa.c | 8 ++--
src/auth/mech-winbind.c | 7 ++-
src/auth/passdb-cache.c | 2 +-
src/auth/passdb-ldap.c | 2 +-
src/auth/passdb-pam.c | 2 +-
src/auth/passdb.c | 47 ++++++++++++++++++++---
src/auth/passdb.h | 6 +-
src/auth/userdb-ldap.c | 2 +-
src/auth/userdb-prefetch.c | 4 +-
src/auth/userdb.c | 44 +++++++++++++++++++--
src/auth/userdb.h | 6 +-
27 files changed, 258 insertions(+), 96 deletions(-)
diffs (truncated from 1068 to 300 lines):
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-client-connection.c
--- a/src/auth/auth-client-connection.c Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-client-connection.c Sat Mar 13 22:54:41 2010 +0200
@@ -174,8 +174,7 @@
conn->auth->set->debug_passwords ? line :
auth_line_hide_pass(line));
}
- return auth_request_handler_auth_begin(conn->auth,
- conn->request_handler,
+ return auth_request_handler_auth_begin(conn->request_handler,
line + 5);
}
if (strncmp(line, "CONT\t", 5) == 0) {
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-master-connection.c
--- a/src/auth/auth-master-connection.c Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-master-connection.c Sat Mar 13 22:54:41 2010 +0200
@@ -122,7 +122,7 @@
return -1;
}
- auth_request = auth_request_new_dummy(conn->auth);
+ auth_request = auth_request_new_dummy();
auth_request->id = (unsigned int)strtoul(list[0], NULL, 10);
auth_request->context = conn;
auth_master_connection_ref(conn);
@@ -151,6 +151,8 @@
auth_request_unref(&auth_request);
return -1;
}
+
+ auth_request_init(auth_request);
*request_r = auth_request;
return 1;
}
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request-handler.c Sat Mar 13 22:54:41 2010 +0200
@@ -302,8 +302,7 @@
}
}
-bool auth_request_handler_auth_begin(struct auth *auth,
- struct auth_request_handler *handler,
+bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
const char *args)
{
const struct mech_module *mech;
@@ -332,7 +331,7 @@
return FALSE;
}
- request = auth_request_new(auth, mech, auth_callback, handler);
+ request = auth_request_new(mech, auth_callback, handler);
request->handler = handler;
request->connect_uid = handler->connect_uid;
request->client_pid = handler->client_pid;
@@ -375,12 +374,13 @@
auth_request_unref(&request);
return FALSE;
}
+ auth_request_init(request);
request->to_abort = timeout_add(AUTH_REQUEST_TIMEOUT * 1000,
auth_request_timeout, request);
hash_table_insert(handler->requests, POINTER_CAST(id), request);
- if (request->auth->set->ssl_require_client_cert &&
+ if (request->set->ssl_require_client_cert &&
!request->valid_client_cert) {
/* we fail without valid certificate */
auth_request_handler_auth_fail(handler, request,
@@ -579,7 +579,7 @@
/* FIXME: assumess that failure_delay is always the same. */
diff = ioloop_time - auth_request->last_access;
- if (diff < (time_t)auth_request->auth->set->failure_delay &&
+ if (diff < (time_t)auth_request->set->failure_delay &&
!flush_all)
break;
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request-handler.h
--- a/src/auth/auth-request-handler.h Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request-handler.h Sat Mar 13 22:54:41 2010 +0200
@@ -29,8 +29,7 @@
unsigned int connect_uid,
unsigned int client_pid);
-bool auth_request_handler_auth_begin(struct auth *auth,
- struct auth_request_handler *handler,
+bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
const char *args);
bool auth_request_handler_auth_continue(struct auth_request_handler *handler,
const char *args);
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request.c
--- a/src/auth/auth-request.c Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request.c Sat Mar 13 22:54:41 2010 +0200
@@ -30,20 +30,18 @@
const char *subsystem);
struct auth_request *
-auth_request_new(struct auth *auth, const struct mech_module *mech,
+auth_request_new(const struct mech_module *mech,
mech_callback_t *callback, void *context)
{
struct auth_request *request;
request = mech->auth_new();
request->state = AUTH_REQUEST_STATE_NEW;
- request->passdb = auth->passdbs;
- request->userdb = auth->userdbs;
request->refcount = 1;
request->last_access = ioloop_time;
- request->auth = auth;
+ request->set = global_auth_settings;
request->mech = mech;
request->mech_name = mech == NULL ? NULL : mech->mech_name;
request->callback = callback;
@@ -51,7 +49,7 @@
return request;
}
-struct auth_request *auth_request_new_dummy(struct auth *auth)
+struct auth_request *auth_request_new_dummy(void)
{
struct auth_request *auth_request;
pool_t pool;
@@ -62,18 +60,26 @@
auth_request->refcount = 1;
auth_request->last_access = ioloop_time;
-
- if (auth == NULL) {
- auth = p_new(pool, struct auth, 1);
- auth->set = global_auth_settings;
- }
- auth_request->auth = auth;
- auth_request->passdb = auth->passdbs;
- auth_request->userdb = auth->userdbs;
+ auth_request->set = global_auth_settings;
return auth_request;
}
+void auth_request_init(struct auth_request *request)
+{
+ struct auth *auth;
+
+ auth = auth_request_get_auth(request);
+ request->set = auth->set;
+ request->passdb = auth->passdbs;
+ request->userdb = auth->userdbs;
+}
+
+struct auth *auth_request_get_auth(struct auth_request *request)
+{
+ return auth_find_service(request->service);
+}
+
void auth_request_success(struct auth_request *request,
const void *data, size_t data_size)
{
@@ -181,7 +187,7 @@
else if (strcmp(key, "original_username") == 0)
request->original_username = p_strdup(request->pool, value);
else if (strcmp(key, "cert_username") == 0) {
- if (request->auth->set->ssl_username_from_cert) {
+ if (request->set->ssl_username_from_cert) {
/* get username from SSL certificate. it overrides
the username given by the auth mechanism. */
request->user = p_strdup(request->pool, value);
@@ -347,7 +353,7 @@
/* the authentication continues with passdb lookup for the
requested_login_user. */
- request->passdb = request->auth->passdbs;
+ request->passdb = auth_request_get_auth(request)->passdbs;
return FALSE;
}
@@ -543,7 +549,7 @@
request->credentials_scheme,
request->private_callback.lookup_credentials);
} else {
- if (request->auth->set->debug_passwords &&
+ if (request->set->debug_passwords &&
result == PASSDB_RESULT_OK) {
auth_request_log_debug(request, "password",
"Credentials: %s",
@@ -724,10 +730,10 @@
request->client_pid != 0) {
/* this was an actual login attempt, the user should
have been found. */
- if (request->auth->userdbs->next == NULL) {
+ if (auth_request_get_auth(request)->userdbs->next == NULL) {
auth_request_log_error(request, "userdb",
"user not found from userdb %s",
- request->auth->userdbs->userdb->iface->name);
+ request->userdb->userdb->iface->name);
} else {
auth_request_log_error(request, "userdb",
"user not found from any userdbs");
@@ -787,7 +793,7 @@
auth_request_fix_username(struct auth_request *request, const char *username,
const char **error_r)
{
- const struct auth_settings *set = request->auth->set;
+ const struct auth_settings *set = request->set;
unsigned char *p;
char *user;
@@ -835,7 +841,7 @@
bool auth_request_set_username(struct auth_request *request,
const char *username, const char **error_r)
{
- const struct auth_settings *set = request->auth->set;
+ const struct auth_settings *set = request->set;
const char *p, *login_username = NULL;
if (*set->master_user_separator != '\0' && !request->userdb_lookup) {
@@ -905,7 +911,7 @@
}
/* lookup request->user from masterdb first */
- request->passdb = request->auth->masterdbs;
+ request->passdb = auth_request_get_auth(request)->masterdbs;
request->requested_login_user =
auth_request_fix_username(request, username, error_r);
@@ -1326,7 +1332,7 @@
const char *subsystem)
{
string_t *str;
- const char *log_type = request->auth->set->verbose_passwords;
+ const char *log_type = request->set->verbose_passwords;
if (strcmp(log_type, "no") == 0) {
auth_request_log_info(request, subsystem, "Password mismatch");
@@ -1401,7 +1407,7 @@
i_assert(ret >= 0);
if (ret == 0) {
auth_request_log_password_mismatch(request, subsystem);
- if (request->auth->set->debug_passwords) T_BEGIN {
+ if (request->set->debug_passwords) T_BEGIN {
log_password_failure(request, plain_password,
crypted_password, scheme,
request->original_username,
@@ -1532,7 +1538,7 @@
{
va_list va;
- if (!auth_request->auth->set->debug)
+ if (!auth_request->set->debug)
return;
va_start(va, format);
@@ -1548,7 +1554,7 @@
{
va_list va;
- if (!auth_request->auth->set->verbose)
+ if (!auth_request->set->verbose)
return;
va_start(va, format);
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request.h
--- a/src/auth/auth-request.h Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request.h Sat Mar 13 22:54:41 2010 +0200
@@ -56,7 +56,7 @@
const struct mech_module *mech;
struct auth_request_handler *handler;
- struct auth *auth;
+ const struct auth_settings *set;
struct auth_passdb *passdb;
struct auth_userdb *userdb;
@@ -111,9 +111,12 @@
};
struct auth_request *
-auth_request_new(struct auth *auth, const struct mech_module *mech,
+auth_request_new(const struct mech_module *mech,
mech_callback_t *callback, void *context);
-struct auth_request *auth_request_new_dummy(struct auth *auth);
+struct auth_request *auth_request_new_dummy(void);
+void auth_request_init(struct auth_request *request);
+struct auth *auth_request_get_auth(struct auth_request *request);
+
void auth_request_ref(struct auth_request *request);
void auth_request_unref(struct auth_request **request);
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-settings.c
--- a/src/auth/auth-settings.c Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-settings.c Sat Mar 13 22:54:41 2010 +0200
@@ -3,6 +3,7 @@
#include "lib.h"
#include "array.h"
#include "settings-parser.h"
More information about the dovecot-cvs
mailing list