dovecot-1.2: Cleanups and fixes to auth-master API.
dovecot at dovecot.org
dovecot at dovecot.org
Sat Nov 1 14:49:35 EET 2008
details: http://hg.dovecot.org/dovecot-1.2/rev/9babcdc6f4f7
changeset: 8368:9babcdc6f4f7
user: Timo Sirainen <tss at iki.fi>
date: Sat Nov 01 14:20:36 2008 +0200
description:
Cleanups and fixes to auth-master API.
diffstat:
6 files changed, 352 insertions(+), 241 deletions(-)
src/deliver/Makefile.am | 1
src/deliver/auth-client.c | 71 +++---
src/deliver/auth-client.h | 5
src/deliver/deliver.c | 24 +-
src/lib-auth/auth-master.c | 481 +++++++++++++++++++++++++++-----------------
src/lib-auth/auth-master.h | 11 -
diffs (truncated from 804 to 300 lines):
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/Makefile.am
--- a/src/deliver/Makefile.am Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/Makefile.am Sat Nov 01 14:20:36 2008 +0200
@@ -4,6 +4,7 @@ pkglibexec_PROGRAMS = deliver
AM_CPPFLAGS = \
-I$(top_srcdir)/src/lib \
+ -I$(top_srcdir)/src/lib-auth \
-I$(top_srcdir)/src/lib-dict \
-I$(top_srcdir)/src/lib-mail \
-I$(top_srcdir)/src/lib-index \
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/auth-client.c
--- a/src/deliver/auth-client.c Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/auth-client.c Sat Nov 01 14:20:36 2008 +0200
@@ -9,15 +9,13 @@
#include "env-util.h"
#include "restrict-access.h"
#include "auth-client.h"
-#include "../lib-auth/auth-master.h"
+#include "auth-master.h"
#include <stdlib.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
#include <sysexits.h>
-
-static int return_value;
static bool parse_uid(const char *str, uid_t *uid_r)
{
@@ -57,44 +55,51 @@ static bool parse_gid(const char *str, g
return TRUE;
}
-static void set_env(struct auth_user_reply *reply, const char *user, uid_t euid)
+static int set_env(struct auth_user_reply *reply,
+ const char *user, uid_t euid)
{
const char *extra_groups;
unsigned int len;
if (reply->uid == 0) {
i_error("userdb(%s) returned 0 as uid", user);
- return;
+ return -1;
} else if (reply->uid == (uid_t)-1) {
if (getenv("MAIL_UID") != NULL) {
- if (!parse_uid(getenv("MAIL_UID"), &reply->uid) || reply->uid == 0) {
+ if (!parse_uid(getenv("MAIL_UID"), &reply->uid) ||
+ reply->uid == 0) {
i_error("mail_uid setting is invalid");
- return;
+ return -1;
}
} else {
i_error("User %s is missing UID (set mail_uid)", user);
- return;
+ return -1;
}
}
if (reply->gid == 0) {
i_error("userdb(%s) returned 0 as gid", user);
- return;
+ return -1;
} else if (reply->gid == (gid_t)-1) {
if (getenv("MAIL_GID") != NULL) {
- if (!parse_gid(getenv("MAIL_GID"), &reply->gid) || reply->gid == 0) {
+ if (!parse_gid(getenv("MAIL_GID"), &reply->gid) ||
+ reply->gid == 0) {
i_error("mail_gid setting is invalid");
- return;
+ return -1;
}
} else {
i_error("User %s is missing GID (set mail_gid)", user);
- return;
+ return -1;
}
}
- if (euid != reply->uid)
- env_put(t_strconcat("RESTRICT_SETUID=", dec2str(reply->uid), NULL));
- if (euid == 0 || getegid() != reply->gid)
- env_put(t_strconcat("RESTRICT_SETGID=", dec2str(reply->gid), NULL));
+ if (euid != reply->uid) {
+ env_put(t_strconcat("RESTRICT_SETUID=",
+ dec2str(reply->uid), NULL));
+ }
+ if (euid == 0 || getegid() != reply->gid) {
+ env_put(t_strconcat("RESTRICT_SETGID=",
+ dec2str(reply->gid), NULL));
+ }
if (reply->chroot == NULL)
reply->chroot = getenv("MAIL_CHROOT");
@@ -116,40 +121,32 @@ static void set_env(struct auth_user_rep
env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=",
extra_groups, NULL));
}
-
- return_value = EX_OK;
+ return 0;
}
int auth_client_lookup_and_restrict(const char *auth_socket,
- const char *user, uid_t euid,
- pool_t pool,
- ARRAY_TYPE(string) **extra_fields_r)
+ const char *user, uid_t euid, pool_t pool,
+ ARRAY_TYPE(const_string) *extra_fields_r)
{
struct auth_connection *conn;
- struct auth_user_reply *reply;
+ struct auth_user_reply reply;
bool debug = getenv("DEBUG") != NULL;
+ int ret = EX_TEMPFAIL;
conn = auth_master_init(auth_socket, debug);
- reply = i_new(struct auth_user_reply, 1);
-
- return_value = EX_TEMPFAIL;
-
- switch (auth_master_user_lookup(conn, user, "deliver", pool, reply)) {
- case -1:
- break;
+ switch (auth_master_user_lookup(conn, user, "deliver", pool, &reply)) {
case 0:
- return_value = EX_NOUSER;
+ ret = EX_NOUSER;
break;
case 1:
- set_env(reply, user, euid);
- if (return_value == EX_OK)
+ if (set_env(&reply, user, euid) == 0) {
restrict_access_by_env(TRUE);
+ ret = EX_OK;
+ }
break;
}
-
- *extra_fields_r = reply->extra_fields;
- i_free(reply);
+
+ *extra_fields_r = reply.extra_fields;
auth_master_deinit(conn);
-
- return return_value;
+ return ret;
}
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/auth-client.h
--- a/src/deliver/auth-client.h Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/auth-client.h Sat Nov 01 14:20:36 2008 +0200
@@ -2,8 +2,7 @@
#define AUTH_CLIENT_H
int auth_client_lookup_and_restrict(const char *auth_socket,
- const char *user, uid_t euid,
- pool_t pool,
- ARRAY_TYPE(string) **extra_fields_r);
+ const char *user, uid_t euid, pool_t pool,
+ ARRAY_TYPE(const_string) *extra_fields_r);
#endif
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/deliver/deliver.c
--- a/src/deliver/deliver.c Sat Nov 01 14:15:00 2008 +0200
+++ b/src/deliver/deliver.c Sat Nov 01 14:20:36 2008 +0200
@@ -75,7 +75,7 @@ static void sig_die(int signo, void *con
which is too common at least while testing :) */
if (signo != SIGINT)
i_warning("Killed with signal %d", signo);
- io_loop_stop(ioloop);
+ io_loop_stop(current_ioloop);
}
static const char *deliver_get_address(struct mail *mail, const char *header)
@@ -774,13 +774,13 @@ static void expand_envs(const char *user
}
}
-static void putenv_extra_fields(ARRAY_TYPE(string) *extra_fields)
-{
- char **fields;
+static void putenv_extra_fields(const ARRAY_TYPE(const_string) *extra_fields)
+{
+ const char *const *fields;
const char *key, *p;
unsigned int i, count;
- fields = array_get_modifiable(extra_fields, &count);
+ fields = array_get(extra_fields, &count);
for (i = 0; i < count; i++) {
p = strchr(fields[i], '=');
if (p == NULL)
@@ -798,7 +798,7 @@ int main(int argc, char *argv[])
const char *mailbox = "INBOX";
const char *auth_socket;
const char *home, *destaddr, *user, *value, *errstr, *path;
- ARRAY_TYPE(string) *extra_fields;
+ ARRAY_TYPE(const_string) extra_fields = ARRAY_INIT;
struct mail_user *mail_user, *raw_mail_user;
struct mail_namespace *raw_ns;
struct mail_storage *storage;
@@ -814,7 +814,7 @@ int main(int argc, char *argv[])
bool user_auth = FALSE;
time_t mtime;
int i, ret;
- pool_t userdb_pool;
+ pool_t userdb_pool = NULL;
i_set_failure_exit_callback(failure_exit_callback);
@@ -945,8 +945,6 @@ int main(int argc, char *argv[])
TRUE, version);
}
- userdb_pool = pool_alloconly_create("userdb lookup replys", 512);
-
if (user_auth) {
auth_socket = getenv("AUTH_SOCKET_PATH");
if (auth_socket == NULL) {
@@ -957,6 +955,7 @@ int main(int argc, char *argv[])
NULL);
}
+ userdb_pool = pool_alloconly_create("userdb lookup replys", 512);
ret = auth_client_lookup_and_restrict(auth_socket,
user, process_euid,
userdb_pool,
@@ -968,9 +967,10 @@ int main(int argc, char *argv[])
destaddr = user;
expand_envs(user);
- putenv_extra_fields(extra_fields);
-
- pool_unref(&userdb_pool);
+ if (userdb_pool != NULL) {
+ putenv_extra_fields(&extra_fields);
+ pool_unref(&userdb_pool);
+ }
/* Fix namespaces with empty locations */
for (i = 1;; i++) {
diff -r 0d49326397b4 -r 9babcdc6f4f7 src/lib-auth/auth-master.c
--- a/src/lib-auth/auth-master.c Sat Nov 01 14:15:00 2008 +0200
+++ b/src/lib-auth/auth-master.c Sat Nov 01 14:20:36 2008 +0200
@@ -1,53 +1,221 @@
/* Copyright (c) 2005-2008 Dovecot authors, see the included COPYING file */
#include "lib.h"
+#include "lib-signals.h"
#include "array.h"
#include "ioloop.h"
#include "network.h"
#include "istream.h"
#include "ostream.h"
-#include "env-util.h"
-#include "restrict-access.h"
#include "auth-master.h"
#include <stdlib.h>
#include <unistd.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sysexits.h>
-
-#define AUTH_REQUEST_TIMEOUT 60
+
+#define AUTH_PROTOCOL_MAJOR 1
+#define AUTH_PROTOCOL_MINOR 0
+
+#define AUTH_REQUEST_TIMEOUT_SECS 30
+#define AUTH_MASTER_IDLE_SECS 60
+
#define MAX_INBUF_SIZE 8192
-#define MAX_OUTBUF_SIZE 512
+#define MAX_OUTBUF_SIZE 1024
struct auth_connection {
+ char *auth_socket_path;
+
int fd;
- struct timeout *to;
+ struct ioloop *ioloop;
struct io *io;
struct istream *input;
struct ostream *output;
-
- struct ioloop *ioloop;
- const char *auth_socket;
+ struct timeout *to;
+
+ unsigned int request_counter;
+ pool_t pool;
const char *user;
- pool_t pool;
struct auth_user_reply *user_reply;
int return_value;
+ unsigned int debug:1;
More information about the dovecot-cvs
mailing list