dovecot-2.0-sslstream: auth: Don't use section names for passdb/...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Feb 13 02:57:40 EET 2010
details: http://hg.dovecot.org/dovecot-2.0-sslstream/rev/a2ed5c020cfa
changeset: 10579:a2ed5c020cfa
user: Timo Sirainen <tss at iki.fi>
date: Mon Jan 25 00:59:34 2010 +0200
description:
auth: Don't use section names for passdb/userdb driver names.
When using section names, it wasn't possible to use the same driver more
than once without an error.
diffstat:
2 files changed, 108 insertions(+), 86 deletions(-)
doc/example-config/conf.d/auth.conf | 154 ++++++++++++++++-------------------
src/auth/auth-settings.c | 40 ++++++++-
diffs (293 lines):
diff -r 3117e9f35e45 -r a2ed5c020cfa doc/example-config/conf.d/auth.conf
--- a/doc/example-config/conf.d/auth.conf Mon Jan 25 00:38:22 2010 +0200
+++ b/doc/example-config/conf.d/auth.conf Mon Jan 25 00:59:34 2010 +0200
@@ -112,19 +112,21 @@ auth_mechanisms = plain
# The deny passdb should always be specified before others, so it gets
# checked first. Here's an example:
-#passdb passwd-file {
+#passdb {
+ #driver = passwd-file
# File contains a list of usernames, one per line
#args = /etc/dovecot.deny
#deny = yes
#}
-# PAM authentication. Preferred nowadays by most systems.
-# Note that PAM can only be used to verify if user's password is correct,
-# so it can't be used as userdb. If you don't want to use a separate user
-# database (passwd usually), you can use static userdb.
-# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
-# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
-passdb pam {
+passdb {
+ # PAM authentication. Preferred nowadays by most systems.
+ # Note that PAM can only be used to verify if user's password is correct,
+ # so it can't be used as userdb. If you don't want to use a separate user
+ # database (passwd usually), you can use static userdb.
+ # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
+ # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
+ driver = pam
# [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
# [cache_key=<key>] [<service name>]
#
@@ -157,61 +159,53 @@ passdb pam {
# args = session=yes %Ls
# args = cache_key=%u dovecot
#args = dovecot
-}
-
-# System users (NSS, /etc/passwd, or similiar)
-# In many systems nowadays this uses Name Service Switch, which is
-# configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
-#passdb passwd {
+
+ # System users (NSS, /etc/passwd, or similiar)
+ # In many systems nowadays this uses Name Service Switch, which is
+ # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
+ #driver = passwd
# [blocking=yes] - See userdb passwd for explanation
#args =
-#}
-
-# Shadow passwords for system users (NSS, /etc/shadow or similiar).
-# Deprecated by PAM nowadays.
-# <doc/wiki/PasswordDatabase.Shadow.txt>
-#passdb shadow {
+
+ # Shadow passwords for system users (NSS, /etc/shadow or similiar).
+ # Deprecated by PAM nowadays.
+ # <doc/wiki/PasswordDatabase.Shadow.txt>
+ #driver = shadow
# [blocking=yes] - See userdb passwd for explanation
#args =
-#}
-
-# PAM-like authentication for OpenBSD.
-# <doc/wiki/PasswordDatabase.BSDAuth.txt>
-#passdb bsdauth {
+
+ # PAM-like authentication for OpenBSD.
+ # <doc/wiki/PasswordDatabase.BSDAuth.txt>
+ #driver = bsdauth
# [cache_key=<key>] - See cache_key in PAM for explanation.
#args =
-#}
-
-# passwd-like file with specified location
-# <doc/wiki/AuthDatabase.PasswdFile.txt>
-#passdb passwd-file {
+
+ # passwd-like file with specified location
+ # <doc/wiki/AuthDatabase.PasswdFile.txt>
+ #driver = passwd-file
# [scheme=<default password scheme>] [username_format=<format>]
# <Path for passwd-file>
#args =
-#}
-
-# checkpassword executable authentication
-# NOTE: You will probably want to use "userdb prefetch" with this.
-# <doc/wiki/AuthDatabase.CheckPassword.txt>
-#passdb checkpassword {
+
+ # checkpassword executable authentication
+ # NOTE: You will probably want to use "userdb prefetch" with this.
+ # <doc/wiki/AuthDatabase.CheckPassword.txt>
+ #driver = checkpassword
# Path for checkpassword binary
#args =
-#}
-
-# SQL database <doc/wiki/AuthDatabase.SQL.txt>
-#passdb sql {
+
+ # SQL database <doc/wiki/AuthDatabase.SQL.txt>
+ #driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
#args =
-#}
-
-# LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
-#passdb ldap {
+
+ # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
+ #driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
#args =
-#}
-
-# vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt>
-#passdb vpopmail {
+
+ # vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt>
+ #driver = vpopmail
# [cache_key=<key>] - See cache_key in PAM for explanation.
# [quota_template=<template>] - %q expands to Maildir++ quota
# (eg. quota_template=quota_rule=*:backend=%q)
@@ -234,37 +228,36 @@ passdb pam {
# This can be made to work with SQL and LDAP databases, see their example
# configuration files for more information how to do it.
# <doc/wiki/UserDatabase.Prefetch.txt>
-#userdb prefetch {
-#}
-
-# System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
-# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
-# <doc/wiki/AuthDatabase.Passwd.txt>
-userdb passwd {
+#userdb {
+ #driver = prefetch
+#}
+
+userdb {
+ # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this
+ # uses Name Service Switch, which is configured in /etc/nsswitch.conf.
+ # <doc/wiki/AuthDatabase.Passwd.txt>
+ driver = passwd
# [blocking=yes] - By default the lookups are done in the main dovecot-auth
# process. This setting causes the lookups to be done in auth worker
# proceses. Useful with remote NSS lookups that may block.
# NOTE: Be sure to use this setting with nss_ldap or users might get
# logged in as each others!
#args =
-}
-
-# passwd-like file with specified location
-# <doc/wiki/AuthDatabase.PasswdFile.txt>
-#userdb passwd-file {
+
+ # passwd-like file with specified location
+ # <doc/wiki/AuthDatabase.PasswdFile.txt>
+ #driver = passwd-file
# [username_format=<format>] <Path for passwd-file>
#args =
-#}
-
-# checkpassword executable user database lookup
-# <doc/wiki/AuthDatabase.CheckPassword.txt>
-#userdb checkpassword {
+
+ # checkpassword executable user database lookup
+ # <doc/wiki/AuthDatabase.CheckPassword.txt>
+ #driver = checkpassword
# Path for checkpassword binary
#args =
-#}
-
-# static settings generated from template <doc/wiki/UserDatabase.Static.txt>
-#userdb static {
+
+ # static settings generated from template <doc/wiki/UserDatabase.Static.txt>
+ #driver = static
# Template for the fields. Can return anything a userdb could normally
# return. For example:
#
@@ -278,20 +271,17 @@ userdb passwd {
# the args in which case the passdb lookup is skipped.
#
#args =
-#}
-
-# SQL database <doc/wiki/AuthDatabase.SQL.txt>
-#userdb sql {
+
+ # SQL database <doc/wiki/AuthDatabase.SQL.txt>
+ #driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
#args =
-#}
-
-# LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
-#userdb ldap {
+
+ # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
+ #driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
#args =
-#}
-
-# vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>
-#userdb vpopmail {
-#}
+
+ # vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>
+ #driver = vpopmail
+#}
diff -r 3117e9f35e45 -r a2ed5c020cfa src/auth/auth-settings.c
--- a/src/auth/auth-settings.c Mon Jan 25 00:38:22 2010 +0200
+++ b/src/auth/auth-settings.c Mon Jan 25 00:59:34 2010 +0200
@@ -13,6 +13,8 @@ extern const struct setting_parser_info
extern const struct setting_parser_info auth_root_setting_parser_info;
static bool auth_settings_check(void *_set, pool_t pool, const char **error_r);
+static bool auth_passdb_settings_check(void *_set, pool_t pool, const char **error_r);
+static bool auth_userdb_settings_check(void *_set, pool_t pool, const char **error_r);
/* <settings checks> */
static struct file_listener_settings auth_unix_listeners_array[] = {
@@ -109,11 +111,13 @@ const struct setting_parser_info auth_pa
const struct setting_parser_info auth_passdb_setting_parser_info = {
.defines = auth_passdb_setting_defines,
- .type_offset = offsetof(struct auth_passdb_settings, driver),
+ .type_offset = (size_t)-1,
.struct_size = sizeof(struct auth_passdb_settings),
.parent_offset = (size_t)-1,
- .parent = &auth_setting_parser_info
+ .parent = &auth_setting_parser_info,
+
+ .check_func = auth_passdb_settings_check
};
#undef DEF
@@ -130,11 +134,13 @@ const struct setting_parser_info auth_us
const struct setting_parser_info auth_userdb_setting_parser_info = {
.defines = auth_userdb_setting_defines,
- .type_offset = offsetof(struct auth_userdb_settings, driver),
+ .type_offset = (size_t)-1,
.struct_size = sizeof(struct auth_userdb_settings),
.parent_offset = (size_t)-1,
- .parent = &auth_setting_parser_info
+ .parent = &auth_setting_parser_info,
+
+ .check_func = auth_userdb_settings_check
};
/* we're kind of kludging here to avoid "auth_" prefix in the struct fields */
@@ -232,6 +238,32 @@ static bool auth_settings_check(void *_s
set->verbose = TRUE;
return TRUE;
}
+
+static bool
+auth_passdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
+ const char **error_r)
+{
+ struct auth_passdb_settings *set = _set;
+
+ if (set->driver == NULL || *set->driver == '\0') {
+ *error_r = "passdb is missing driver";
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static bool
+auth_userdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
+ const char **error_r)
+{
+ struct auth_userdb_settings *set = _set;
+
+ if (set->driver == NULL || *set->driver == '\0') {
+ *error_r = "passdb is missing driver";
+ return FALSE;
+ }
+ return TRUE;
+}
/* </settings checks> */
struct auth_settings *
More information about the dovecot-cvs
mailing list