dovecot: Changed userdb callback API. Don't require uid/gid to b...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Jul 3 03:55:58 EEST 2007
details: http://hg.dovecot.org/dovecot/rev/93bd157917ca
changeset: 5872:93bd157917ca
user: Timo Sirainen <tss at iki.fi>
date: Tue Jul 03 03:20:06 2007 +0300
description:
Changed userdb callback API. Don't require uid/gid to be returned by userdb.
diffstat:
18 files changed, 200 insertions(+), 325 deletions(-)
src/auth/auth-master-connection.c | 5 +
src/auth/auth-request-handler.c | 5 +
src/auth/auth-request.c | 118 +++++++++++++++++++++++++++++++++----
src/auth/auth-request.h | 11 +++
src/auth/auth-worker-client.c | 5 +
src/auth/db-ldap.c | 28 --------
src/auth/db-ldap.h | 2
src/auth/passdb-ldap.c | 25 -------
src/auth/userdb-blocking.c | 7 --
src/auth/userdb-ldap.c | 93 ++---------------------------
src/auth/userdb-nss.c | 18 ++---
src/auth/userdb-passwd-file.c | 16 ++---
src/auth/userdb-passwd.c | 18 ++---
src/auth/userdb-prefetch.c | 78 +-----------------------
src/auth/userdb-sql.c | 51 ++-------------
src/auth/userdb-static.c | 13 +---
src/auth/userdb-vpopmail.c | 31 ++++-----
src/auth/userdb.h | 1
diffs (truncated from 1039 to 300 lines):
diff -r 4cf56bf92215 -r 93bd157917ca src/auth/auth-master-connection.c
--- a/src/auth/auth-master-connection.c Tue Jul 03 01:59:06 2007 +0300
+++ b/src/auth/auth-master-connection.c Tue Jul 03 03:20:06 2007 +0300
@@ -78,11 +78,14 @@ master_input_request(struct auth_master_
static void
user_callback(enum userdb_result result,
- struct auth_stream_reply *reply,
struct auth_request *auth_request)
{
struct auth_master_connection *conn = auth_request->context;
+ struct auth_stream_reply *reply = auth_request->userdb_reply;
string_t *str;
+
+ if (auth_request->userdb_lookup_failed)
+ result = USERDB_RESULT_INTERNAL_FAILURE;
str = t_str_new(128);
switch (result) {
diff -r 4cf56bf92215 -r 93bd157917ca src/auth/auth-request-handler.c
--- a/src/auth/auth-request-handler.c Tue Jul 03 01:59:06 2007 +0300
+++ b/src/auth/auth-request-handler.c Tue Jul 03 03:20:06 2007 +0300
@@ -399,15 +399,18 @@ bool auth_request_handler_auth_continue(
}
static void userdb_callback(enum userdb_result result,
- struct auth_stream_reply *reply,
struct auth_request *request)
{
struct auth_request_handler *handler = request->context;
+ struct auth_stream_reply *reply = request->userdb_reply;
string_t *str;
i_assert(request->state == AUTH_REQUEST_STATE_USERDB);
request->state = AUTH_REQUEST_STATE_FINISHED;
+
+ if (request->userdb_lookup_failed)
+ result = USERDB_RESULT_INTERNAL_FAILURE;
str = t_str_new(256);
switch (result) {
diff -r 4cf56bf92215 -r 93bd157917ca src/auth/auth-request.c
--- a/src/auth/auth-request.c Tue Jul 03 01:59:06 2007 +0300
+++ b/src/auth/auth-request.c Tue Jul 03 03:20:06 2007 +0300
@@ -580,7 +580,6 @@ void auth_request_set_credentials(struct
}
static void auth_request_userdb_save_cache(struct auth_request *request,
- struct auth_stream_reply *reply,
enum userdb_result result)
{
struct userdb_module *userdb = request->userdb->userdb;
@@ -590,7 +589,7 @@ static void auth_request_userdb_save_cac
return;
str = result == USERDB_RESULT_USER_UNKNOWN ? "" :
- auth_stream_reply_export(reply);
+ auth_stream_reply_export(request->userdb_reply);
/* last_success has no meaning with userdb */
auth_cache_insert(passdb_cache, request, userdb->cache_key, str, FALSE);
}
@@ -624,7 +623,6 @@ static bool auth_request_lookup_user_cac
}
void auth_request_userdb_callback(enum userdb_result result,
- struct auth_stream_reply *reply,
struct auth_request *request)
{
struct userdb_module *userdb = request->userdb->userdb;
@@ -653,20 +651,23 @@ void auth_request_userdb_callback(enum u
}
if (result != USERDB_RESULT_INTERNAL_FAILURE)
- auth_request_userdb_save_cache(request, reply, result);
+ auth_request_userdb_save_cache(request, result);
else if (passdb_cache != NULL && userdb->cache_key != NULL) {
/* lookup failed. if we're looking here only because the
request was expired in cache, fallback to using cached
expired record. */
const char *cache_key = userdb->cache_key;
+ struct auth_stream_reply *reply;
if (auth_request_lookup_user_cache(request, cache_key, &reply,
- &result, TRUE))
+ &result, TRUE)) {
+ request->userdb_reply = reply;
auth_request_log_info(request, "userdb",
"Fallbacking to expired data from cache");
- }
-
- request->private_callback.userdb(result, reply, request);
+ }
+ }
+
+ request->private_callback.userdb(result, request);
}
void auth_request_lookup_user(struct auth_request *request,
@@ -686,8 +687,8 @@ void auth_request_lookup_user(struct aut
if (auth_request_lookup_user_cache(request, cache_key, &reply,
&result, FALSE)) {
- request->private_callback.userdb(result, reply,
- request);
+ request->userdb_reply = reply;
+ request->private_callback.userdb(result, request);
return;
}
}
@@ -765,7 +766,8 @@ bool auth_request_set_username(struct au
return TRUE;
}
- if (request->auth->master_user_separator != '\0') {
+ if (request->auth->master_user_separator != '\0' &&
+ !request->userdb_lookup) {
/* check if the username contains a master user */
p = strchr(username, request->auth->master_user_separator);
if (p != NULL) {
@@ -977,6 +979,11 @@ void auth_request_set_field(struct auth_
request->passdb_password = NULL;
} else if (strcmp(name, "allow_nets") == 0) {
auth_request_validate_networks(request, value);
+ } else if (strncmp(name, "userdb_", 7) == 0) {
+ /* for prefetch userdb */
+ if (request->userdb_reply == NULL)
+ auth_request_init_userdb_reply(request);
+ auth_request_set_userdb_field(request, name + 7, value);
} else {
if (strcmp(name, "nologin") == 0) {
/* user can't actually login - don't keep this
@@ -1030,6 +1037,95 @@ void auth_request_set_fields(struct auth
auth_request_set_field(request, key, value, default_scheme);
}
t_pop();
+}
+
+void auth_request_init_userdb_reply(struct auth_request *request)
+{
+ request->userdb_reply = auth_stream_reply_init(request);
+ auth_stream_reply_add(request->userdb_reply, NULL, request->user);
+}
+
+void auth_request_set_userdb_field(struct auth_request *request,
+ const char *name, const char *value)
+{
+ const char *str;
+ uid_t uid;
+ gid_t gid;
+
+ if (strcmp(name, "uid") == 0) {
+ uid = userdb_parse_uid(request, value);
+ if (uid == (uid_t)-1) {
+ request->userdb_lookup_failed = TRUE;
+ return;
+ }
+ value = dec2str(uid);
+ } else if (strcmp(name, "gid") == 0) {
+ gid = userdb_parse_gid(request, value);
+ if (gid == (gid_t)-1) {
+ request->userdb_lookup_failed = TRUE;
+ return;
+ }
+ value = dec2str(gid);
+ } else if (strcmp(name, "user") == 0) {
+ /* replace the username if it changed */
+ if (strcmp(value, request->user) == 0)
+ return;
+
+ t_push();
+ str = t_strdup(auth_stream_reply_export(request->userdb_reply));
+
+ /* reset the reply and add the new username */
+ auth_request_set_field(request, "user", value, NULL);
+ auth_stream_reply_reset(request->userdb_reply);
+ auth_stream_reply_add(request->userdb_reply,
+ NULL, request->user);
+
+ /* add the rest */
+ str = strchr(str, '\t');
+ i_assert(str != NULL);
+ auth_stream_reply_import(request->userdb_reply, str + 1);
+ t_pop();
+ }
+
+ auth_stream_reply_add(request->userdb_reply, name, value);
+}
+
+void auth_request_set_userdb_field_values(struct auth_request *request,
+ const char *name,
+ const char *const *values)
+{
+ if (*values == NULL)
+ return;
+
+ if (strcmp(name, "uid") == 0) {
+ /* there can be only one. use the first one. */
+ auth_request_set_userdb_field(request, name, *values);
+ } else if (strcmp(name, "gid") == 0) {
+ /* convert gids to comma separated list */
+ string_t *value;
+ gid_t gid;
+
+ t_push();
+ value = t_str_new(128);
+ for (; *values != NULL; values++) {
+ gid = userdb_parse_gid(request, *values);
+ if (gid == (gid_t)-1) {
+ request->userdb_lookup_failed = TRUE;
+ t_pop();
+ return;
+ }
+
+ if (str_len(value) > 0)
+ str_append_c(value, ',');
+ str_append(value, dec2str(gid));
+ }
+ auth_stream_reply_add(request->userdb_reply, name,
+ str_c(value));
+ t_pop();
+ } else {
+ /* add only one */
+ auth_request_set_userdb_field(request, name, *values);
+ }
}
int auth_request_password_verify(struct auth_request *request,
diff -r 4cf56bf92215 -r 93bd157917ca src/auth/auth-request.h
--- a/src/auth/auth-request.h Tue Jul 03 01:59:06 2007 +0300
+++ b/src/auth/auth-request.h Tue Jul 03 03:20:06 2007 +0300
@@ -45,6 +45,8 @@ struct auth_request {
/* extra_fields that aren't supposed to be sent to the client, but
are supposed to be stored to auth cache. */
struct auth_stream_reply *extra_cache_fields;
+ /* the whole userdb result reply */
+ struct auth_stream_reply *userdb_reply;
const struct mech_module *mech;
struct auth *auth;
@@ -85,6 +87,7 @@ struct auth_request {
unsigned int proxy:1;
unsigned int cert_username:1;
unsigned int userdb_lookup:1;
+ unsigned int userdb_lookup_failed:1;
unsigned int secured:1;
/* ... mechanism specific data ... */
@@ -133,6 +136,13 @@ void auth_request_set_fields(struct auth
const char *const *fields,
const char *default_scheme);
+void auth_request_init_userdb_reply(struct auth_request *request);
+void auth_request_set_userdb_field(struct auth_request *request,
+ const char *name, const char *value);
+void auth_request_set_userdb_field_values(struct auth_request *request,
+ const char *name,
+ const char *const *values);
+
int auth_request_password_verify(struct auth_request *request,
const char *plain_password,
const char *crypted_password,
@@ -164,7 +174,6 @@ void auth_request_set_credentials(struct
const char *scheme, const char *data,
set_credentials_callback_t *callback);
void auth_request_userdb_callback(enum userdb_result result,
- struct auth_stream_reply *reply,
struct auth_request *request);
#endif
diff -r 4cf56bf92215 -r 93bd157917ca src/auth/auth-worker-client.c
--- a/src/auth/auth-worker-client.c Tue Jul 03 01:59:06 2007 +0300
+++ b/src/auth/auth-worker-client.c Tue Jul 03 03:20:06 2007 +0300
@@ -309,11 +309,14 @@ auth_worker_handle_setcred(struct auth_w
static void
lookup_user_callback(enum userdb_result result,
- struct auth_stream_reply *reply,
struct auth_request *auth_request)
{
struct auth_worker_client *client = auth_request->context;
+ struct auth_stream_reply *reply = auth_request->userdb_reply;
string_t *str;
+
+ if (auth_request->userdb_lookup_failed)
+ result = USERDB_RESULT_INTERNAL_FAILURE;
str = t_str_new(128);
str_printfa(str, "%u\t", auth_request->id);
diff -r 4cf56bf92215 -r 93bd157917ca src/auth/db-ldap.c
--- a/src/auth/db-ldap.c Tue Jul 03 01:59:06 2007 +0300
+++ b/src/auth/db-ldap.c Tue Jul 03 03:20:06 2007 +0300
@@ -66,8 +66,6 @@ static struct setting_def setting_defs[]
DEF_STR(pass_attrs),
DEF_STR(pass_filter),
DEF_STR(default_pass_scheme),
- DEF_STR(user_global_uid),
- DEF_STR(user_global_gid),
{ 0, NULL, 0 }
More information about the dovecot-cvs
mailing list