dovecot-2.0: auth: Moved mechanism list out of struct auth.
dovecot at dovecot.org
dovecot at dovecot.org
Sat Mar 13 23:33:44 EET 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/2b56c8b1e5ad
changeset: 10902:2b56c8b1e5ad
user: Timo Sirainen <tss at iki.fi>
date: Sat Mar 13 22:23:58 2010 +0200
description:
auth: Moved mechanism list out of struct auth.
It could have been good there, except mechanism list is sent before there's
any knowledge of what type of client is on the other side. Maybe in future
different mechanism list could be given based on the unix socket name.
diffstat:
src/auth/auth-client-connection.c | 4 +-
src/auth/auth.c | 71 ++---------------------------------
src/auth/auth.h | 9 +---
src/auth/main.c | 7 ++-
src/auth/mech.c | 72 ++++++++++++++++++++++++++++++++++++
src/auth/mech.h | 12 ++++++
6 files changed, 98 insertions(+), 77 deletions(-)
diffs (truncated from 310 to 300 lines):
diff -r ac58cc0c71aa -r 2b56c8b1e5ad src/auth/auth-client-connection.c
--- a/src/auth/auth-client-connection.c Sat Mar 13 21:17:17 2010 +0200
+++ b/src/auth/auth-client-connection.c Sat Mar 13 22:23:58 2010 +0200
@@ -13,6 +13,7 @@
#include "randgen.h"
#include "safe-memset.h"
#include "master-service.h"
+#include "mech.h"
#include "auth-stream.h"
#include "auth-request-handler.h"
#include "auth-client-interface.h"
@@ -289,8 +290,7 @@
str_printfa(str, "VERSION\t%u\t%u\n%sSPID\t%s\nCUID\t%u\nCOOKIE\t",
AUTH_CLIENT_PROTOCOL_MAJOR_VERSION,
AUTH_CLIENT_PROTOCOL_MINOR_VERSION,
- str_c(conn->auth->mech_handshake),
- my_pid, conn->connect_uid);
+ str_c(auth->reg->handshake), my_pid, conn->connect_uid);
binary_to_hex_append(str, conn->cookie, sizeof(conn->cookie));
str_append(str, "\nDONE\n");
diff -r ac58cc0c71aa -r 2b56c8b1e5ad src/auth/auth.c
--- a/src/auth/auth.c Sat Mar 13 21:17:17 2010 +0200
+++ b/src/auth/auth.c Sat Mar 13 22:23:58 2010 +0200
@@ -50,7 +50,8 @@
userdb_preinit(auth->pool, set->driver, set->args);
}
-struct auth *auth_preinit(struct auth_settings *set)
+struct auth *
+auth_preinit(struct auth_settings *set, const struct mechanisms_register *reg)
{
struct auth_passdb_settings *const *passdbs;
struct auth_userdb_settings *const *userdbs;
@@ -62,6 +63,7 @@
auth = p_new(pool, struct auth, 1);
auth->pool = pool;
auth->set = set;
+ auth->reg = reg;
if (array_is_created(&set->passdbs))
passdbs = array_get(&set->passdbs, &db_count);
@@ -108,46 +110,6 @@
return auth;
}
-const string_t *auth_mechanisms_get_list(struct auth *auth)
-{
- struct mech_module_list *list;
- string_t *str;
-
- str = t_str_new(128);
- for (list = auth->mech_modules; list != NULL; list = list->next)
- str_append(str, list->module.mech_name);
-
- return str;
-}
-
-static void auth_mech_register(struct auth *auth, const struct mech_module *mech)
-{
- struct mech_module_list *list;
-
- list = p_new(auth->pool, struct mech_module_list, 1);
- list->module = *mech;
-
- str_printfa(auth->mech_handshake, "MECH\t%s", mech->mech_name);
- if ((mech->flags & MECH_SEC_PRIVATE) != 0)
- str_append(auth->mech_handshake, "\tprivate");
- if ((mech->flags & MECH_SEC_ANONYMOUS) != 0)
- str_append(auth->mech_handshake, "\tanonymous");
- if ((mech->flags & MECH_SEC_PLAINTEXT) != 0)
- str_append(auth->mech_handshake, "\tplaintext");
- if ((mech->flags & MECH_SEC_DICTIONARY) != 0)
- str_append(auth->mech_handshake, "\tdictionary");
- if ((mech->flags & MECH_SEC_ACTIVE) != 0)
- str_append(auth->mech_handshake, "\tactive");
- if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0)
- str_append(auth->mech_handshake, "\tforward-secrecy");
- if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0)
- str_append(auth->mech_handshake, "\tmutual-auth");
- str_append_c(auth->mech_handshake, '\n');
-
- list->next = auth->mech_modules;
- auth->mech_modules = list;
-}
-
static bool auth_passdb_list_have_verify_plain(struct auth *auth)
{
struct auth_passdb *passdb;
@@ -210,7 +172,7 @@
{
struct mech_module_list *list;
- for (list = auth->mech_modules; list != NULL; list = list->next) {
+ for (list = auth->reg->modules; list != NULL; list = list->next) {
if (!auth_mech_verify_passdb(auth, list))
break;
}
@@ -230,8 +192,6 @@
{
struct auth_passdb *passdb;
struct auth_userdb *userdb;
- const struct mech_module *mech;
- const char *const *mechanisms;
for (passdb = auth->masterdbs; passdb != NULL; passdb = passdb->next)
passdb_init(passdb->passdb);
@@ -244,29 +204,6 @@
if (!worker)
passdb_cache_init(auth->set);
- auth->mech_handshake = str_new(auth->pool, 512);
-
- /* register wanted mechanisms */
- mechanisms = t_strsplit_spaces(auth->set->mechanisms, " ");
- while (*mechanisms != NULL) {
- if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
- if (*auth->set->anonymous_username == '\0') {
- i_fatal("ANONYMOUS listed in mechanisms, "
- "but anonymous_username not set");
- }
- }
- mech = mech_module_find(*mechanisms);
- if (mech == NULL) {
- i_fatal("Unknown authentication mechanism '%s'",
- *mechanisms);
- }
- auth_mech_register(auth, mech);
-
- mechanisms++;
- }
-
- if (auth->mech_modules == NULL)
- i_fatal("No authentication mechanisms configured");
auth_mech_list_verify_passdb(auth);
}
diff -r ac58cc0c71aa -r 2b56c8b1e5ad src/auth/auth.h
--- a/src/auth/auth.h Sat Mar 13 21:17:17 2010 +0200
+++ b/src/auth/auth.h Sat Mar 13 22:23:58 2010 +0200
@@ -23,17 +23,14 @@
pool_t pool;
const struct auth_settings *set;
- struct mech_module_list *mech_modules;
- buffer_t *mech_handshake;
-
+ const struct mechanisms_register *reg;
struct auth_passdb *masterdbs;
struct auth_passdb *passdbs;
struct auth_userdb *userdbs;
};
-const string_t *auth_mechanisms_get_list(struct auth *auth);
-
-struct auth *auth_preinit(struct auth_settings *set);
+struct auth *
+auth_preinit(struct auth_settings *set, const struct mechanisms_register *reg);
void auth_init(struct auth *auth);
void auth_deinit(struct auth **auth);
diff -r ac58cc0c71aa -r 2b56c8b1e5ad src/auth/main.c
--- a/src/auth/main.c Sat Mar 13 21:17:17 2010 +0200
+++ b/src/auth/main.c Sat Mar 13 22:23:58 2010 +0200
@@ -39,6 +39,7 @@
static struct module *modules = NULL;
static struct auth *auth;
+static struct mechanisms_register *mech_reg;
static ARRAY_DEFINE(listen_fd_types, enum auth_socket_type);
static void main_preinit(void)
@@ -65,7 +66,9 @@
modules = module_dir_load(AUTH_MODULE_DIR, NULL, &mod_set);
module_dir_init(modules);
- auth = auth_preinit(global_auth_settings);
+ mech_init(global_auth_settings);
+ mech_reg = mech_register_init(global_auth_settings);
+ auth = auth_preinit(global_auth_settings, mech_reg);
auth_penalty = auth_penalty_init(AUTH_PENALTY_ANVIL_PATH);
/* Password lookups etc. may require roots, allow it. */
@@ -84,7 +87,6 @@
lib_signals_ignore(SIGUSR2, TRUE);
child_wait_init();
- mech_init(auth->set);
password_schemes_init();
auth_worker_server_init();
auth_init(auth);
@@ -112,6 +114,7 @@
mech_deinit(auth->set);
auth_deinit(&auth);
+ mech_register_deinit(&mech_reg);
auth_penalty_deinit(&auth_penalty);
/* allow modules to unregister their dbs/drivers/etc. before freeing
diff -r ac58cc0c71aa -r 2b56c8b1e5ad src/auth/mech.c
--- a/src/auth/mech.c Sat Mar 13 21:17:17 2010 +0200
+++ b/src/auth/mech.c Sat Mar 13 22:23:58 2010 +0200
@@ -83,6 +83,78 @@
extern const struct mech_module mech_winbind_ntlm;
extern const struct mech_module mech_winbind_spnego;
+static void mech_register_add(struct mechanisms_register *reg,
+ const struct mech_module *mech)
+{
+ struct mech_module_list *list;
+
+ list = p_new(reg->pool, struct mech_module_list, 1);
+ list->module = *mech;
+
+ str_printfa(reg->handshake, "MECH\t%s", mech->mech_name);
+ if ((mech->flags & MECH_SEC_PRIVATE) != 0)
+ str_append(reg->handshake, "\tprivate");
+ if ((mech->flags & MECH_SEC_ANONYMOUS) != 0)
+ str_append(reg->handshake, "\tanonymous");
+ if ((mech->flags & MECH_SEC_PLAINTEXT) != 0)
+ str_append(reg->handshake, "\tplaintext");
+ if ((mech->flags & MECH_SEC_DICTIONARY) != 0)
+ str_append(reg->handshake, "\tdictionary");
+ if ((mech->flags & MECH_SEC_ACTIVE) != 0)
+ str_append(reg->handshake, "\tactive");
+ if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0)
+ str_append(reg->handshake, "\tforward-secrecy");
+ if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0)
+ str_append(reg->handshake, "\tmutual-auth");
+ str_append_c(reg->handshake, '\n');
+
+ list->next = reg->modules;
+ reg->modules = list;
+}
+
+struct mechanisms_register *
+mech_register_init(const struct auth_settings *set)
+{
+ struct mechanisms_register *reg;
+ const struct mech_module *mech;
+ const char *const *mechanisms;
+ pool_t pool;
+
+ pool = pool_alloconly_create("mechanisms register", 1024);
+ reg = p_new(pool, struct mechanisms_register, 1);
+ reg->pool = pool;
+ reg->set = set;
+ reg->handshake = str_new(pool, 512);
+
+ mechanisms = t_strsplit_spaces(set->mechanisms, " ");
+ for (; *mechanisms != NULL; mechanisms++) {
+ if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
+ if (*set->anonymous_username == '\0') {
+ i_fatal("ANONYMOUS listed in mechanisms, "
+ "but anonymous_username not set");
+ }
+ }
+ mech = mech_module_find(*mechanisms);
+ if (mech == NULL) {
+ i_fatal("Unknown authentication mechanism '%s'",
+ *mechanisms);
+ }
+ mech_register_add(reg, mech);
+ }
+
+ if (reg->modules == NULL)
+ i_fatal("No authentication mechanisms configured");
+ return reg;
+}
+
+void mech_register_deinit(struct mechanisms_register **_reg)
+{
+ struct mechanisms_register *reg = *_reg;
+
+ *_reg = NULL;
+ pool_unref(®->pool);
+}
+
void mech_init(const struct auth_settings *set)
{
mech_register_module(&mech_plain);
diff -r ac58cc0c71aa -r 2b56c8b1e5ad src/auth/mech.h
--- a/src/auth/mech.h Sat Mar 13 21:17:17 2010 +0200
+++ b/src/auth/mech.h Sat Mar 13 22:23:58 2010 +0200
@@ -56,6 +56,14 @@
struct mech_module module;
};
+struct mechanisms_register {
+ pool_t pool;
+ const struct auth_settings *set;
+
+ struct mech_module_list *modules;
+ buffer_t *handshake;
+};
+
void mech_register_module(const struct mech_module *module);
void mech_unregister_module(const struct mech_module *module);
const struct mech_module *mech_module_find(const char *name);
@@ -64,6 +72,10 @@
More information about the dovecot-cvs
mailing list