dovecot-2.1: checkpassword: Implemented support for credentials ...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Mar 10 14:18:10 EET 2012
details: http://hg.dovecot.org/dovecot-2.1/rev/f7c42aa64381
changeset: 14279:f7c42aa64381
user: Timo Sirainen <tss at iki.fi>
date: Sat Mar 10 14:17:37 2012 +0200
description:
checkpassword: Implemented support for credentials lookup.
diffstat:
src/auth/db-checkpassword.c | 5 ++
src/auth/passdb-checkpassword.c | 79 ++++++++++++++++++++++++++++++++++++++--
2 files changed, 79 insertions(+), 5 deletions(-)
diffs (134 lines):
diff -r e5ed29ef593e -r f7c42aa64381 src/auth/db-checkpassword.c
--- a/src/auth/db-checkpassword.c Sat Mar 10 14:11:32 2012 +0200
+++ b/src/auth/db-checkpassword.c Sat Mar 10 14:17:37 2012 +0200
@@ -394,6 +394,11 @@
special checkpassword program which knows how to
handle this. */
env_put("AUTHORIZED=1");
+ if (request->credentials_scheme != NULL) {
+ /* passdb credentials lookup */
+ env_put(t_strdup_printf("SCHEME=%s",
+ request->credentials_scheme));
+ }
}
checkpassword_setup_env(request);
cmd = checkpassword_get_cmd(request, db->checkpassword_path,
diff -r e5ed29ef593e -r f7c42aa64381 src/auth/passdb-checkpassword.c
--- a/src/auth/passdb-checkpassword.c Sat Mar 10 14:11:32 2012 +0200
+++ b/src/auth/passdb-checkpassword.c Sat Mar 10 14:17:37 2012 +0200
@@ -5,6 +5,7 @@
#ifdef PASSDB_CHECKPASSWORD
+#include "password-scheme.h"
#include "db-checkpassword.h"
struct checkpassword_passdb_module {
@@ -19,19 +20,39 @@
void *context)
{
verify_plain_callback_t *callback = context;
+ const char *scheme, *crypted_pass = NULL;
+ unsigned int i;
switch (status) {
case DB_CHECKPASSWORD_STATUS_INTERNAL_FAILURE:
callback(PASSDB_RESULT_INTERNAL_FAILURE, request);
- break;
+ return;
case DB_CHECKPASSWORD_STATUS_FAILURE:
callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
- break;
+ return;
case DB_CHECKPASSWORD_STATUS_OK:
- auth_request_set_fields(request, extra_fields, NULL);
- callback(PASSDB_RESULT_OK, request);
break;
}
+ for (i = 0; extra_fields[i] != NULL; i++) {
+ if (strncmp(extra_fields[i], "password=", 9) == 0)
+ crypted_pass = extra_fields[i]+9;
+ else if (extra_fields[i][0] != '\0') {
+ auth_request_set_field_keyvalue(request,
+ extra_fields[i], NULL);
+ }
+ }
+ if (crypted_pass != NULL) {
+ /* for cache */
+ scheme = password_get_scheme(&crypted_pass);
+ if (scheme != NULL) {
+ auth_request_set_field(request, "password",
+ crypted_pass, scheme);
+ } else {
+ auth_request_log_error(request, "checkpassword",
+ "password field returned without {scheme} prefix");
+ }
+ }
+ callback(PASSDB_RESULT_OK, request);
}
static void
@@ -46,6 +67,54 @@
auth_checkpassword_callback, callback);
}
+static void
+credentials_checkpassword_callback(struct auth_request *request,
+ enum db_checkpassword_status status,
+ const char *const *extra_fields,
+ void *context)
+{
+ lookup_credentials_callback_t *callback = context;
+ const char *scheme, *crypted_pass = NULL;
+ unsigned int i;
+
+ switch (status) {
+ case DB_CHECKPASSWORD_STATUS_INTERNAL_FAILURE:
+ callback(PASSDB_RESULT_INTERNAL_FAILURE, NULL, 0, request);
+ return;
+ case DB_CHECKPASSWORD_STATUS_FAILURE:
+ callback(PASSDB_RESULT_USER_UNKNOWN, NULL, 0, request);
+ return;
+ case DB_CHECKPASSWORD_STATUS_OK:
+ break;
+ }
+ for (i = 0; extra_fields[i] != NULL; i++) {
+ if (strncmp(extra_fields[i], "password=", 9) == 0)
+ crypted_pass = extra_fields[i]+9;
+ else if (extra_fields[i][0] != '\0') {
+ auth_request_set_field_keyvalue(request,
+ extra_fields[i], NULL);
+ }
+ }
+ scheme = password_get_scheme(&crypted_pass);
+ if (scheme == NULL)
+ scheme = request->credentials_scheme;
+
+ passdb_handle_credentials(PASSDB_RESULT_OK, crypted_pass, scheme,
+ callback, request);
+}
+
+static void
+checkpassword_lookup_credentials(struct auth_request *request,
+ lookup_credentials_callback_t *callback)
+{
+ struct passdb_module *_module = request->passdb->passdb;
+ struct checkpassword_passdb_module *module =
+ (struct checkpassword_passdb_module *)_module;
+
+ db_checkpassword_call(module->db, request, NULL,
+ credentials_checkpassword_callback, callback);
+}
+
static struct passdb_module *
checkpassword_preinit(pool_t pool, const char *args)
{
@@ -76,7 +145,7 @@
checkpassword_deinit,
checkpassword_verify_plain,
- NULL,
+ checkpassword_lookup_credentials,
NULL
};
#else
More information about the dovecot-cvs
mailing list