dovecot-2.0: auth: Initial support for per-protocol auth settings.

dovecot at dovecot.org dovecot at dovecot.org
Sat Mar 13 23:33:44 EET 2010


details:   http://hg.dovecot.org/dovecot-2.0/rev/6e639833c3fc
changeset: 10903:6e639833c3fc
user:      Timo Sirainen <tss at iki.fi>
date:      Sat Mar 13 22:54:41 2010 +0200
description:
auth: Initial support for per-protocol auth settings.
Currently the list of services is hard-coded. This should be changed so that
config lookup returns the service names.

diffstat:

 src/auth/auth-client-connection.c |   3 +-
 src/auth/auth-master-connection.c |   4 +-
 src/auth/auth-request-handler.c   |  10 ++--
 src/auth/auth-request-handler.h   |   3 +-
 src/auth/auth-request.c           |  56 +++++++++++++++------------
 src/auth/auth-request.h           |   9 +++-
 src/auth/auth-settings.c          |  15 +++++--
 src/auth/auth-settings.h          |   2 +-
 src/auth/auth-worker-client.c     |   5 +-
 src/auth/auth.c                   |  66 ++++++++++++++++++++++++++++++++-
 src/auth/auth.h                   |  13 ++++++-
 src/auth/db-ldap.c                |   4 +-
 src/auth/main.c                   |  18 +++++----
 src/auth/mech-anonymous.c         |   6 +-
 src/auth/mech-digest-md5.c        |   6 +-
 src/auth/mech-gssapi.c            |   4 +-
 src/auth/mech-rpa.c               |   8 ++--
 src/auth/mech-winbind.c           |   7 ++-
 src/auth/passdb-cache.c           |   2 +-
 src/auth/passdb-ldap.c            |   2 +-
 src/auth/passdb-pam.c             |   2 +-
 src/auth/passdb.c                 |  47 ++++++++++++++++++++---
 src/auth/passdb.h                 |   6 +-
 src/auth/userdb-ldap.c            |   2 +-
 src/auth/userdb-prefetch.c        |   4 +-
 src/auth/userdb.c                 |  44 +++++++++++++++++++--
 src/auth/userdb.h                 |   6 +-
 27 files changed, 258 insertions(+), 96 deletions(-)

diffs (truncated from 1068 to 300 lines):

diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-client-connection.c
--- a/src/auth/auth-client-connection.c	Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-client-connection.c	Sat Mar 13 22:54:41 2010 +0200
@@ -174,8 +174,7 @@
 				conn->auth->set->debug_passwords ? line :
 				auth_line_hide_pass(line));
 		}
-		return auth_request_handler_auth_begin(conn->auth,
-						       conn->request_handler,
+		return auth_request_handler_auth_begin(conn->request_handler,
 						       line + 5);
 	}
 	if (strncmp(line, "CONT\t", 5) == 0) {
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-master-connection.c
--- a/src/auth/auth-master-connection.c	Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-master-connection.c	Sat Mar 13 22:54:41 2010 +0200
@@ -122,7 +122,7 @@
 		return -1;
 	}
 
-	auth_request = auth_request_new_dummy(conn->auth);
+	auth_request = auth_request_new_dummy();
 	auth_request->id = (unsigned int)strtoul(list[0], NULL, 10);
 	auth_request->context = conn;
 	auth_master_connection_ref(conn);
@@ -151,6 +151,8 @@
 		auth_request_unref(&auth_request);
 		return -1;
 	}
+
+	auth_request_init(auth_request);
 	*request_r = auth_request;
 	return 1;
 }
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c	Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request-handler.c	Sat Mar 13 22:54:41 2010 +0200
@@ -302,8 +302,7 @@
 	}
 }
 
-bool auth_request_handler_auth_begin(struct auth *auth,
-				     struct auth_request_handler *handler,
+bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
 				     const char *args)
 {
 	const struct mech_module *mech;
@@ -332,7 +331,7 @@
 		return FALSE;
 	}
 
-	request = auth_request_new(auth, mech, auth_callback, handler);
+	request = auth_request_new(mech, auth_callback, handler);
 	request->handler = handler;
 	request->connect_uid = handler->connect_uid;
 	request->client_pid = handler->client_pid;
@@ -375,12 +374,13 @@
 		auth_request_unref(&request);
 		return FALSE;
 	}
+	auth_request_init(request);
 
 	request->to_abort = timeout_add(AUTH_REQUEST_TIMEOUT * 1000,
 					auth_request_timeout, request);
 	hash_table_insert(handler->requests, POINTER_CAST(id), request);
 
-	if (request->auth->set->ssl_require_client_cert &&
+	if (request->set->ssl_require_client_cert &&
 	    !request->valid_client_cert) {
 		/* we fail without valid certificate */
                 auth_request_handler_auth_fail(handler, request,
@@ -579,7 +579,7 @@
 
 		/* FIXME: assumess that failure_delay is always the same. */
 		diff = ioloop_time - auth_request->last_access;
-		if (diff < (time_t)auth_request->auth->set->failure_delay &&
+		if (diff < (time_t)auth_request->set->failure_delay &&
 		    !flush_all)
 			break;
 
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request-handler.h
--- a/src/auth/auth-request-handler.h	Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request-handler.h	Sat Mar 13 22:54:41 2010 +0200
@@ -29,8 +29,7 @@
 			      unsigned int connect_uid,
 			      unsigned int client_pid);
 
-bool auth_request_handler_auth_begin(struct auth *auth,
-				     struct auth_request_handler *handler,
+bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
 				     const char *args);
 bool auth_request_handler_auth_continue(struct auth_request_handler *handler,
 					const char *args);
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request.c
--- a/src/auth/auth-request.c	Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request.c	Sat Mar 13 22:54:41 2010 +0200
@@ -30,20 +30,18 @@
 			   const char *subsystem);
 
 struct auth_request *
-auth_request_new(struct auth *auth, const struct mech_module *mech,
+auth_request_new(const struct mech_module *mech,
 		 mech_callback_t *callback, void *context)
 {
 	struct auth_request *request;
 
 	request = mech->auth_new();
 	request->state = AUTH_REQUEST_STATE_NEW;
-	request->passdb = auth->passdbs;
-	request->userdb = auth->userdbs;
 
 	request->refcount = 1;
 	request->last_access = ioloop_time;
 
-	request->auth = auth;
+	request->set = global_auth_settings;
 	request->mech = mech;
 	request->mech_name = mech == NULL ? NULL : mech->mech_name;
 	request->callback = callback;
@@ -51,7 +49,7 @@
 	return request;
 }
 
-struct auth_request *auth_request_new_dummy(struct auth *auth)
+struct auth_request *auth_request_new_dummy(void)
 {
 	struct auth_request *auth_request;
 	pool_t pool;
@@ -62,18 +60,26 @@
 
 	auth_request->refcount = 1;
 	auth_request->last_access = ioloop_time;
-
-	if (auth == NULL) {
-		auth = p_new(pool, struct auth, 1);
-		auth->set = global_auth_settings;
-	}
-	auth_request->auth = auth;
-	auth_request->passdb = auth->passdbs;
-	auth_request->userdb = auth->userdbs;
+	auth_request->set = global_auth_settings;
 
 	return auth_request;
 }
 
+void auth_request_init(struct auth_request *request)
+{
+	struct auth *auth;
+
+	auth = auth_request_get_auth(request);
+	request->set = auth->set;
+	request->passdb = auth->passdbs;
+	request->userdb = auth->userdbs;
+}
+
+struct auth *auth_request_get_auth(struct auth_request *request)
+{
+	return auth_find_service(request->service);
+}
+
 void auth_request_success(struct auth_request *request,
 			  const void *data, size_t data_size)
 {
@@ -181,7 +187,7 @@
 	else if (strcmp(key, "original_username") == 0)
 		request->original_username = p_strdup(request->pool, value);
 	else if (strcmp(key, "cert_username") == 0) {
-		if (request->auth->set->ssl_username_from_cert) {
+		if (request->set->ssl_username_from_cert) {
 			/* get username from SSL certificate. it overrides
 			   the username given by the auth mechanism. */
 			request->user = p_strdup(request->pool, value);
@@ -347,7 +353,7 @@
 
 	/* the authentication continues with passdb lookup for the
 	   requested_login_user. */
-	request->passdb = request->auth->passdbs;
+	request->passdb = auth_request_get_auth(request)->passdbs;
 	return FALSE;
 }
 
@@ -543,7 +549,7 @@
 			request->credentials_scheme,
                 	request->private_callback.lookup_credentials);
 	} else {
-		if (request->auth->set->debug_passwords &&
+		if (request->set->debug_passwords &&
 		    result == PASSDB_RESULT_OK) {
 			auth_request_log_debug(request, "password",
 				"Credentials: %s",
@@ -724,10 +730,10 @@
 		   request->client_pid != 0) {
 		/* this was an actual login attempt, the user should
 		   have been found. */
-		if (request->auth->userdbs->next == NULL) {
+		if (auth_request_get_auth(request)->userdbs->next == NULL) {
 			auth_request_log_error(request, "userdb",
 				"user not found from userdb %s",
-				request->auth->userdbs->userdb->iface->name);
+				request->userdb->userdb->iface->name);
 		} else {
 			auth_request_log_error(request, "userdb",
 				"user not found from any userdbs");
@@ -787,7 +793,7 @@
 auth_request_fix_username(struct auth_request *request, const char *username,
                           const char **error_r)
 {
-	const struct auth_settings *set = request->auth->set;
+	const struct auth_settings *set = request->set;
 	unsigned char *p;
 	char *user;
 
@@ -835,7 +841,7 @@
 bool auth_request_set_username(struct auth_request *request,
 			       const char *username, const char **error_r)
 {
-	const struct auth_settings *set = request->auth->set;
+	const struct auth_settings *set = request->set;
 	const char *p, *login_username = NULL;
 
 	if (*set->master_user_separator != '\0' && !request->userdb_lookup) {
@@ -905,7 +911,7 @@
 	}
 
         /* lookup request->user from masterdb first */
-        request->passdb = request->auth->masterdbs;
+        request->passdb = auth_request_get_auth(request)->masterdbs;
 
         request->requested_login_user =
                 auth_request_fix_username(request, username, error_r);
@@ -1326,7 +1332,7 @@
 					const char *subsystem)
 {
 	string_t *str;
-	const char *log_type = request->auth->set->verbose_passwords;
+	const char *log_type = request->set->verbose_passwords;
 
 	if (strcmp(log_type, "no") == 0) {
 		auth_request_log_info(request, subsystem, "Password mismatch");
@@ -1401,7 +1407,7 @@
 	i_assert(ret >= 0);
 	if (ret == 0) {
 		auth_request_log_password_mismatch(request, subsystem);
-		if (request->auth->set->debug_passwords) T_BEGIN {
+		if (request->set->debug_passwords) T_BEGIN {
 			log_password_failure(request, plain_password,
 					     crypted_password, scheme,
 					     request->original_username,
@@ -1532,7 +1538,7 @@
 {
 	va_list va;
 
-	if (!auth_request->auth->set->debug)
+	if (!auth_request->set->debug)
 		return;
 
 	va_start(va, format);
@@ -1548,7 +1554,7 @@
 {
 	va_list va;
 
-	if (!auth_request->auth->set->verbose)
+	if (!auth_request->set->verbose)
 		return;
 
 	va_start(va, format);
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-request.h
--- a/src/auth/auth-request.h	Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-request.h	Sat Mar 13 22:54:41 2010 +0200
@@ -56,7 +56,7 @@
 
 	const struct mech_module *mech;
 	struct auth_request_handler *handler;
-	struct auth *auth;
+	const struct auth_settings *set;
         struct auth_passdb *passdb;
         struct auth_userdb *userdb;
 
@@ -111,9 +111,12 @@
 };
 
 struct auth_request *
-auth_request_new(struct auth *auth, const struct mech_module *mech,
+auth_request_new(const struct mech_module *mech,
 		 mech_callback_t *callback, void *context);
-struct auth_request *auth_request_new_dummy(struct auth *auth);
+struct auth_request *auth_request_new_dummy(void);
+void auth_request_init(struct auth_request *request);
+struct auth *auth_request_get_auth(struct auth_request *request);
+
 void auth_request_ref(struct auth_request *request);
 void auth_request_unref(struct auth_request **request);
 
diff -r 2b56c8b1e5ad -r 6e639833c3fc src/auth/auth-settings.c
--- a/src/auth/auth-settings.c	Sat Mar 13 22:23:58 2010 +0200
+++ b/src/auth/auth-settings.c	Sat Mar 13 22:54:41 2010 +0200
@@ -3,6 +3,7 @@
 #include "lib.h"
 #include "array.h"
 #include "settings-parser.h"


More information about the dovecot-cvs mailing list