static bool
auth_worker_handle_user(struct auth_worker_client *client,
unsigned int id, const char *const *args)
{
/* lookup user */
struct auth_request *auth_request;
unsigned int userdb_id;
/* <userdb id> [<args>] */
if (str_to_uint(args[0], &userdb_id) < 0) {
i_error("BUG: Auth worker server sent us invalid USER");
return FALSE;
}
auth_request = worker_auth_request_new(client, id, args + 1);
if (auth_request->user == NULL || auth_request->service == NULL) {
i_error("BUG: USER had missing parameters");
auth_request_unref(&auth_request);
return FALSE;
}
auth_request->userdb =
auth_userdb_find_by_id(auth_request->userdb, userdb_id);
if (auth_request->userdb == NULL) {
i_error("BUG: USER had invalid userdb ID");
auth_request_unref(&auth_request);
return FALSE;
}
auth_request_init_userdb_reply(auth_request);
auth_request->userdb->userdb->iface->
lookup(auth_request, lookup_user_callback);
return TRUE;
}
static bool
auth_worker_handle_setcred(struct auth_worker_client *client,
unsigned int id, const char *const *args)
{
struct auth_request *auth_request;
unsigned int passdb_id;
const char *creds;
/* <passdb id> <credentials> [<args>] */
if (str_to_uint(args[0], &passdb_id) < 0 || args[1] == NULL) {
i_error("BUG: Auth worker server sent us invalid SETCRED");
return FALSE;
}
creds = args[1];
auth_request = worker_auth_request_new(client, id, args + 2);
if (auth_request->user == NULL || auth_request->service == NULL) {
i_error("BUG: SETCRED had missing parameters");
auth_request_unref(&auth_request);
return FALSE;
}
while (auth_request->passdb->passdb->id != passdb_id) {
auth_request->passdb = auth_request->passdb->next;
if (auth_request->passdb == NULL) {
i_error("BUG: SETCRED had invalid passdb ID");
auth_request_unref(&auth_request);
return FALSE;
}
}
auth_request->passdb->passdb->iface.
set_credentials(auth_request, creds, set_credentials_callback);
return TRUE;
}
static bool
auth_worker_handle_passv(struct auth_worker_client *client,
unsigned int id, const char *const *args)
{
/* verify plaintext password */
struct auth_request *auth_request;
struct auth_passdb *passdb;
const char *password;
unsigned int passdb_id;
/* <passdb id> <password> [<args>] */
if (str_to_uint(args[0], &passdb_id) < 0 || args[1] == NULL) {
i_error("BUG: Auth worker server sent us invalid PASSV");
return FALSE;
}
password = args[1];
auth_request = worker_auth_request_new(client, id, args + 2);
auth_request->mech_password =
p_strdup(auth_request->pool, password);
if (auth_request->user == NULL || auth_request->service == NULL) {
i_error("BUG: PASSV had missing parameters");
auth_request_unref(&auth_request);
return FALSE;
}
passdb = auth_request->passdb;
while (passdb != NULL && passdb->passdb->id != passdb_id)
passdb = passdb->next;
if (passdb == NULL) {
/* could be a masterdb */
passdb = auth_request_get_auth(auth_request)->masterdbs;
while (passdb != NULL && passdb->passdb->id != passdb_id)
passdb = passdb->next;
if (passdb == NULL) {
i_error("BUG: PASSV had invalid passdb ID");
auth_request_unref(&auth_request);
return FALSE;
}
}
auth_request->passdb = passdb;
passdb->passdb->iface.
verify_plain(auth_request, password, verify_plain_callback);
return TRUE;
}
static void
lookup_credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
struct auth_request *request)
{
struct auth_worker_client *client = request->context;
string_t *str;
if (request->failed && result == PASSDB_RESULT_OK)
result = PASSDB_RESULT_PASSWORD_MISMATCH;
str = t_str_new(128);
str_printfa(str, "%u\t", request->id);
if (result != PASSDB_RESULT_OK)
str_printfa(str, "FAIL\t%d", result);
else {
str_append(str, "OK\t");
str_append_tabescaped(str, request->user);
str_append_c(str, '\t');
if (request->credentials_scheme[0] != '\0') {
str_printfa(str, "{%s.b64}", request->credentials_scheme);
base64_encode(credentials, size, str);
} else {
i_assert(size == 0);
}
reply_append_extra_fields(str, request);
}
str_append_c(str, '\n');
auth_worker_send_reply(client, request, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static void verify_plain_callback(enum passdb_result result,
struct auth_request *request)
{
struct auth_worker_client *client = request->context;
string_t *str;
if (request->failed && result == PASSDB_RESULT_OK)
result = PASSDB_RESULT_PASSWORD_MISMATCH;
str = t_str_new(128);
str_printfa(str, "%u\t", request->id);
if (result == PASSDB_RESULT_OK)
str_append(str, "OK");
else
str_printfa(str, "FAIL\t%d", result);
if (result != PASSDB_RESULT_INTERNAL_FAILURE) {
str_append_c(str, '\t');
str_append_tabescaped(str, request->user);
str_append_c(str, '\t');
if (request->passdb_password != NULL)
str_append_tabescaped(str, request->passdb_password);
reply_append_extra_fields(str, request);
}
str_append_c(str, '\n');
auth_worker_send_reply(client, request, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static void checkpassword_request_finish(struct chkpw_auth_request *request,
enum userdb_result result)
{
struct userdb_module *_module = request->request->userdb->userdb;
struct checkpassword_userdb_module *module =
(struct checkpassword_userdb_module *)_module;
userdb_callback_t *callback =
(userdb_callback_t *)request->callback;
hash_table_remove(module->clients, POINTER_CAST(request->pid));
if (result == USERDB_RESULT_OK) {
if (strchr(str_c(request->input_buf), '\n') != NULL) {
auth_request_log_error(request->request,
"userdb-checkpassword",
"LF characters in checkpassword reply");
result = USERDB_RESULT_INTERNAL_FAILURE;
} else {
auth_request_init_userdb_reply(request->request);
auth_request_set_fields(request->request,
t_strsplit(str_c(request->input_buf), "\t"),
NULL);
}
}
callback(result, request->request);
auth_request_unref(&request->request);
checkpassword_request_free(request);
}
static void
lookup_user_callback(enum userdb_result result,
struct auth_request *auth_request)
{
struct auth_worker_client *client = auth_request->context;
string_t *str;
str = t_str_new(128);
str_printfa(str, "%u\t", auth_request->id);
switch (result) {
case USERDB_RESULT_INTERNAL_FAILURE:
str_append(str, "FAIL\t");
break;
case USERDB_RESULT_USER_UNKNOWN:
str_append(str, "NOTFOUND\t");
break;
case USERDB_RESULT_OK:
str_append(str, "OK\t");
str_append_tabescaped(str, auth_request->user);
str_append_c(str, '\t');
auth_fields_append(auth_request->userdb_reply, str, 0, 0);
if (auth_request->userdb_lookup_tempfailed)
str_append(str, "\ttempfail");
break;
}
str_append_c(str, '\n');
auth_worker_send_reply(client, auth_request, str);
auth_request_unref(&auth_request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
void auth_request_handler_flush_failures(bool flush_all)
{
struct auth_request **auth_requests, *auth_request;
unsigned int i, count;
time_t diff;
count = aqueue_count(auth_failures);
if (count == 0) {
if (to_auth_failures != NULL)
timeout_remove(&to_auth_failures);
return;
}
auth_requests = array_idx_modifiable(&auth_failures_arr, 0);
for (i = 0; i < count; i++) {
auth_request = auth_requests[aqueue_idx(auth_failures, 0)];
/* FIXME: assumess that failure_delay is always the same. */
diff = ioloop_time - auth_request->last_access;
if (diff < (time_t)auth_request->set->failure_delay &&
!flush_all)
break;
aqueue_delete_tail(auth_failures);
i_assert(auth_request->state == AUTH_REQUEST_STATE_FINISHED);
auth_request_handler_reply(auth_request,
AUTH_CLIENT_RESULT_FAILURE,
&uchar_nul, 0);
auth_request_unref(&auth_request);
}
}
void auth_request_handler_abort_requests(struct auth_request_handler *handler)
{
struct hash_iterate_context *iter;
void *key;
struct auth_request *auth_request;
iter = hash_table_iterate_init(handler->requests);
while (hash_table_iterate(iter, handler->requests, &key, &auth_request)) {
switch (auth_request->state) {
case AUTH_REQUEST_STATE_NEW:
case AUTH_REQUEST_STATE_MECH_CONTINUE:
case AUTH_REQUEST_STATE_FINISHED:
auth_request_unref(&auth_request);
hash_table_remove(handler->requests, key);
break;
case AUTH_REQUEST_STATE_PASSDB:
case AUTH_REQUEST_STATE_USERDB:
/* can't abort a pending passdb/userdb lookup */
break;
case AUTH_REQUEST_STATE_MAX:
i_unreached();
}
}
hash_table_iterate_deinit(&iter);
}
static void
passdb_imap_login_callback(const struct imapc_command_reply *reply,
void *context)
{
struct imap_auth_request *request = context;
struct imapc_client *client = request->client;
enum passdb_result result = PASSDB_RESULT_INTERNAL_FAILURE;
switch (reply->state) {
case IMAPC_COMMAND_STATE_OK:
result = PASSDB_RESULT_OK;
break;
case IMAPC_COMMAND_STATE_NO:
result = passdb_imap_get_failure_result(reply);
auth_request_log_info(request->auth_request, AUTH_SUBSYS_DB,
"%s", reply->text_full);
break;
case IMAPC_COMMAND_STATE_BAD:
case IMAPC_COMMAND_STATE_DISCONNECTED:
auth_request_log_error(request->auth_request, AUTH_SUBSYS_DB,
"%s", reply->text_full);
break;
}
request->verify_callback(result, request->auth_request);
imapc_client_deinit(&client);
auth_request_unref(&request->auth_request);
}
static void
ldap_bind_lookup_dn_fail(struct auth_request *auth_request,
struct passdb_ldap_request *request,
LDAPMessage *res)
{
enum passdb_result passdb_result;
if (res == NULL)
passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
else if (request->entries == 0) {
passdb_result = PASSDB_RESULT_USER_UNKNOWN;
auth_request_log_info(auth_request, "ldap",
"unknown user");
} else {
i_assert(request->entries > 1);
auth_request_log_error(auth_request, "ldap",
"pass_filter matched multiple objects, aborting");
passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
}
if (auth_request->credentials_scheme != NULL) {
request->callback.lookup_credentials(passdb_result, NULL, 0,
auth_request);
} else {
request->callback.verify_plain(passdb_result, auth_request);
}
auth_request_unref(&auth_request);
}
static bool
auth_worker_handle_passl(struct auth_worker_client *client,
unsigned int id, const char *const *args)
{
/* lookup credentials */
struct auth_request *auth_request;
const char *scheme;
unsigned int passdb_id;
/* <passdb id> <scheme> [<args>] */
if (str_to_uint(args[0], &passdb_id) < 0 || args[1] == NULL) {
i_error("BUG: Auth worker server sent us invalid PASSL");
return FALSE;
}
scheme = args[1];
auth_request = worker_auth_request_new(client, id, args + 2);
auth_request->credentials_scheme = p_strdup(auth_request->pool, scheme);
if (auth_request->user == NULL || auth_request->service == NULL) {
i_error("BUG: PASSL had missing parameters");
auth_request_unref(&auth_request);
return FALSE;
}
while (auth_request->passdb->passdb->id != passdb_id) {
auth_request->passdb = auth_request->passdb->next;
if (auth_request->passdb == NULL) {
i_error("BUG: PASSL had invalid passdb ID");
auth_request_unref(&auth_request);
return FALSE;
}
}
if (auth_request->passdb->passdb->iface.lookup_credentials == NULL) {
i_error("BUG: PASSL lookup not supported by given passdb");
auth_request_unref(&auth_request);
return FALSE;
}
auth_request->prefer_plain_credentials = TRUE;
auth_request->passdb->passdb->iface.
lookup_credentials(auth_request, lookup_credentials_callback);
return TRUE;
}
static int userdb_ldap_iterate_deinit(struct userdb_iterate_context *_ctx)
{
struct ldap_userdb_iterate_context *ctx =
(struct ldap_userdb_iterate_context *)_ctx;
int ret = _ctx->failed ? -1 : 0;
db_ldap_enable_input(ctx->conn, TRUE);
auth_request_unref(&ctx->request.request.request.auth_request);
i_free(ctx);
return ret;
}
static bool
set_credentials_callback(const char *reply, void *context)
{
struct auth_request *request = context;
bool success;
success = strcmp(reply, "OK") == 0 || strncmp(reply, "OK\t", 3) == 0;
request->private_callback.set_credentials(success, request);
auth_request_unref(&request);
return TRUE;
}
static bool
verify_plain_callback(const char *reply, void *context)
{
struct auth_request *request = context;
enum passdb_result result;
result = auth_worker_reply_parse(request, reply);
auth_request_verify_plain_callback(result, request);
auth_request_unref(&request);
return TRUE;
}
static int
master_input_auth_request(struct auth_master_connection *conn, const char *args,
const char *cmd, struct auth_request **request_r,
const char **error_r)
{
struct auth_request *auth_request;
const char *const *list, *name, *arg, *username;
unsigned int id;
/* <id> <userid> [<parameters>] */
list = t_strsplit_tab(args);
if (list[0] == NULL || list[1] == NULL ||
str_to_uint(list[0], &id) < 0) {
i_error("BUG: Master sent broken %s", cmd);
return -1;
}
auth_request = auth_request_new_dummy();
auth_request->id = id;
auth_request->master = conn;
auth_master_connection_ref(conn);
username = list[1];
for (list += 2; *list != NULL; list++) {
arg = strchr(*list, '=');
if (arg == NULL) {
name = *list;
arg = "";
} else {
name = t_strdup_until(*list, arg);
arg++;
}
(void)auth_request_import_info(auth_request, name, arg);
}
if (auth_request->service == NULL) {
i_error("BUG: Master sent %s request without service", cmd);
auth_request_unref(&auth_request);
auth_master_connection_unref(&conn);
return -1;
}
auth_request_init(auth_request);
if (!auth_request_set_username(auth_request, username, error_r)) {
*request_r = auth_request;
return 0;
}
*request_r = auth_request;
return 1;
}
static void
user_callback(enum userdb_result result,
struct auth_request *auth_request)
{
struct auth_master_connection *conn = auth_request->master;
string_t *str;
const char *value;
if (auth_request->userdb_lookup_tempfailed)
result = USERDB_RESULT_INTERNAL_FAILURE;
if (result == USERDB_RESULT_OK) {
if (user_verify_restricted_uid(auth_request) < 0)
result = USERDB_RESULT_INTERNAL_FAILURE;
}
str = t_str_new(128);
switch (result) {
case USERDB_RESULT_INTERNAL_FAILURE:
str_printfa(str, "FAIL\t%u", auth_request->id);
if (auth_request->userdb_lookup_tempfailed) {
value = auth_fields_find(auth_request->userdb_reply,
"reason");
if (value != NULL)
str_printfa(str, "\treason=%s", value);
}
break;
case USERDB_RESULT_USER_UNKNOWN:
str_printfa(str, "NOTFOUND\t%u", auth_request->id);
break;
case USERDB_RESULT_OK:
str_printfa(str, "USER\t%u\t", auth_request->id);
str_append_tabescaped(str, auth_request->user);
str_append_c(str, '\t');
auth_fields_append(auth_request->userdb_reply, str,
AUTH_FIELD_FLAG_HIDDEN, 0);
break;
}
if (conn->auth->set->debug) {
i_debug("userdb out: %s",
auth_master_reply_hide_passwords(conn, str_c(str)));
}
str_append_c(str, '\n');
o_stream_nsend(conn->output, str_data(str), str_len(str));
auth_request_unref(&auth_request);
auth_master_connection_unref(&conn);
}
static void
set_credentials_callback(bool success, struct auth_request *request)
{
struct auth_worker_client *client = request->context;
string_t *str;
str = t_str_new(64);
str_printfa(str, "%u\t%s\n", request->id, success ? "OK" : "FAIL");
auth_worker_send_reply(client, request, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static void
lookup_credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
struct auth_request *request)
{
struct auth_worker_client *client = request->context;
struct auth_stream_reply *reply;
string_t *str;
if (request->passdb_failure && result == PASSDB_RESULT_OK)
result = PASSDB_RESULT_PASSWORD_MISMATCH;
reply = auth_stream_reply_init(pool_datastack_create());
auth_stream_reply_add(reply, NULL, dec2str(request->id));
if (result != PASSDB_RESULT_OK) {
auth_stream_reply_add(reply, "FAIL", NULL);
auth_stream_reply_add(reply, NULL,
t_strdup_printf("%d", result));
} else {
auth_stream_reply_add(reply, "OK", NULL);
auth_stream_reply_add(reply, NULL, request->user);
str = t_str_new(64);
str_printfa(str, "{%s.b64}", request->credentials_scheme);
base64_encode(credentials, size, str);
auth_stream_reply_add(reply, NULL, str_c(str));
if (request->extra_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_fields);
auth_stream_reply_import(reply, fields);
}
if (request->extra_cache_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_cache_fields);
auth_stream_reply_import(reply, fields);
}
}
str = auth_stream_reply_get_str(reply);
str_append_c(str, '\n');
auth_worker_send_reply(client, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static int userdb_sql_iterate_deinit(struct userdb_iterate_context *_ctx)
{
struct sql_userdb_iterate_context *ctx =
(struct sql_userdb_iterate_context *)_ctx;
int ret = _ctx->failed ? -1 : 0;
auth_request_unref(&_ctx->auth_request);
if (ctx->result == NULL) {
/* sql query hasn't finished yet */
ctx->freed = TRUE;
} else {
if (ctx->result != NULL)
sql_result_unref(ctx->result);
i_free(ctx);
}
return ret;
}
static void pass_callback_finish(struct auth_request *auth_request,
enum passdb_result result)
{
struct auth_master_connection *conn = auth_request->master;
string_t *str;
str = t_str_new(128);
switch (result) {
case PASSDB_RESULT_OK:
if (auth_request->failed || !auth_request->passdb_success) {
str_printfa(str, "FAIL\t%u", auth_request->id);
break;
}
str_printfa(str, "PASS\t%u\tuser="******"NOTFOUND\t%u", auth_request->id);
break;
case PASSDB_RESULT_NEXT:
case PASSDB_RESULT_PASSWORD_MISMATCH:
case PASSDB_RESULT_INTERNAL_FAILURE:
str_printfa(str, "FAIL\t%u", auth_request->id);
break;
case PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
str_printfa(str, "FAIL\t%u\treason=Configured passdbs don't support credentials lookups",
auth_request->id);
break;
}
if (conn->auth->set->debug)
i_debug("passdb out: %s", str_c(str));
str_append_c(str, '\n');
o_stream_nsend(conn->output, str_data(str), str_len(str));
auth_request_unref(&auth_request);
auth_master_connection_unref(&conn);
}
static void ldap_bind_lookup_dn_callback(struct ldap_connection *conn,
struct ldap_request *ldap_request,
LDAPMessage *res)
{
struct passdb_ldap_request *passdb_ldap_request =
(struct passdb_ldap_request *)ldap_request;
struct auth_request *auth_request = ldap_request->auth_request;
struct passdb_ldap_request *brequest;
char *dn;
if (res != NULL && ldap_msgtype(res) == LDAP_RES_SEARCH_ENTRY) {
if (passdb_ldap_request->entries++ > 0) {
/* too many replies */
return;
}
/* first entry */
ldap_query_save_result(conn, auth_request,
&passdb_ldap_request->request.search, res);
/* save dn */
dn = ldap_get_dn(conn->ld, res);
passdb_ldap_request->dn = p_strdup(auth_request->pool, dn);
ldap_memfree(dn);
} else if (res == NULL || passdb_ldap_request->entries != 1) {
/* failure */
ldap_bind_lookup_dn_fail(auth_request, passdb_ldap_request, res);
} else if (auth_request->skip_password_check) {
/* we've already verified that the password matched -
we just wanted to get any extra fields */
passdb_ldap_request->callback.
verify_plain(PASSDB_RESULT_OK, auth_request);
auth_request_unref(&auth_request);
} else {
/* create a new bind request */
brequest = p_new(auth_request->pool,
struct passdb_ldap_request, 1);
brequest->dn = passdb_ldap_request->dn;
brequest->callback = passdb_ldap_request->callback;
brequest->request.bind.dn = brequest->dn;
brequest->request.bind.request.type = LDAP_REQUEST_TYPE_BIND;
brequest->request.bind.request.auth_request = auth_request;
ldap_auth_bind(conn, &brequest->request.bind);
}
}
static void auth_request_handler_remove(struct auth_request_handler *handler,
struct auth_request *request)
{
i_assert(request->handler == handler);
if (request->removed_from_handler) {
/* already removed it */
return;
}
request->removed_from_handler = TRUE;
/* if db lookup is stuck, this call doesn't actually free the auth
request, so make sure we don't get back here. */
timeout_remove(&request->to_abort);
hash_table_remove(handler->requests, POINTER_CAST(request->id));
auth_request_unref(&request);
}
static int userdb_dict_iterate_deinit(struct userdb_iterate_context *_ctx)
{
struct dict_userdb_iterate_context *ctx =
(struct dict_userdb_iterate_context *)_ctx;
const char *error;
int ret = _ctx->failed ? -1 : 0;
if (ctx->iter != NULL) {
if (dict_iterate_deinit(&ctx->iter, &error) < 0) {
i_error("dict_iterate(%s) failed: %s",
ctx->key_prefix, error);
ret = -1;
}
}
auth_request_unref(&ctx->ctx.auth_request);
i_free(ctx);
return ret;
}
static void verify_plain_callback(enum passdb_result result,
struct auth_request *request)
{
struct auth_worker_client *client = request->context;
struct auth_stream_reply *reply;
string_t *str;
if (request->passdb_failure && result == PASSDB_RESULT_OK)
result = PASSDB_RESULT_PASSWORD_MISMATCH;
reply = auth_stream_reply_init(pool_datastack_create());
auth_stream_reply_add(reply, NULL, dec2str(request->id));
if (result == PASSDB_RESULT_OK)
auth_stream_reply_add(reply, "OK", NULL);
else {
auth_stream_reply_add(reply, "FAIL", NULL);
auth_stream_reply_add(reply, NULL,
t_strdup_printf("%d", result));
}
if (result != PASSDB_RESULT_INTERNAL_FAILURE) {
auth_stream_reply_add(reply, NULL, request->user);
auth_stream_reply_add(reply, NULL,
request->passdb_password == NULL ? "" :
request->passdb_password);
if (request->extra_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_fields);
auth_stream_reply_import(reply, fields);
}
if (request->extra_cache_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_cache_fields);
auth_stream_reply_import(reply, fields);
}
}
str = auth_stream_reply_get_str(reply);
str_append_c(str, '\n');
auth_worker_send_reply(client, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static bool iter_callback(const char *reply, void *context)
{
struct blocking_userdb_iterate_context *ctx = context;
if (str_begins(reply, "*\t")) {
if (ctx->destroyed)
return TRUE;
ctx->next = FALSE;
ctx->ctx.callback(reply + 2, ctx->ctx.context);
return ctx->next || ctx->destroyed;
}
if (strcmp(reply, "OK") != 0)
ctx->ctx.failed = TRUE;
if (!ctx->destroyed)
ctx->ctx.callback(NULL, ctx->ctx.context);
auth_request_unref(&ctx->ctx.auth_request);
return TRUE;
}
static void
ldap_lookup_pass_callback(struct ldap_connection *conn,
struct ldap_request *request, LDAPMessage *res)
{
struct passdb_ldap_request *ldap_request =
(struct passdb_ldap_request *)request;
struct auth_request *auth_request = request->auth_request;
if (res == NULL || ldap_msgtype(res) == LDAP_RES_SEARCH_RESULT) {
ldap_lookup_finish(auth_request, ldap_request, res);
auth_request_unref(&auth_request);
return;
}
if (ldap_request->entries++ == 0) {
/* first entry */
ldap_query_save_result(conn, res, auth_request);
}
}
static void
ldap_auth_bind_callback(struct ldap_connection *conn,
struct ldap_request *ldap_request, LDAPMessage *res)
{
struct passdb_ldap_request *passdb_ldap_request =
(struct passdb_ldap_request *)ldap_request;
struct auth_request *auth_request = ldap_request->auth_request;
enum passdb_result passdb_result;
const char *str;
int ret;
passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
if (res != NULL) {
ret = ldap_result2error(conn->ld, res, 0);
if (ret == LDAP_SUCCESS)
passdb_result = PASSDB_RESULT_OK;
else if (ret == LDAP_INVALID_CREDENTIALS) {
str = "invalid credentials";
if (auth_request->set->debug_passwords) {
str = t_strconcat(str, " (given password: "******")", NULL);
}
auth_request_log_info(auth_request, AUTH_SUBSYS_DB,
"%s", str);
passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
} else if (ret == LDAP_NO_SUCH_OBJECT) {
passdb_result = PASSDB_RESULT_USER_UNKNOWN;
auth_request_log_unknown_user(auth_request,
AUTH_SUBSYS_DB);
} else {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"ldap_bind() failed: %s",
ldap_err2string(ret));
}
}
passdb_ldap_request->callback.
verify_plain(passdb_result, auth_request);
auth_request_unref(&auth_request);
}
static void
user_callback(enum userdb_result result, struct auth_request *auth_request)
{
struct auth_postfix_connection *conn = auth_request->context;
string_t *str;
const char *value;
if (auth_request->userdb_lookup_tempfailed)
result = USERDB_RESULT_INTERNAL_FAILURE;
str = t_str_new(128);
switch (result) {
case USERDB_RESULT_INTERNAL_FAILURE:
if (auth_request->userdb_lookup_tempfailed)
value = auth_fields_find(auth_request->userdb_reply, "reason");
else
value = NULL;
str_printfa(str, "400 %s",
value != NULL ? value: "Internal failure");
break;
case USERDB_RESULT_USER_UNKNOWN:
str_append(str, "500 User not found");
break;
case USERDB_RESULT_OK:
str_append(str, "200 1");
break;
}
if (conn->auth->set->debug)
i_debug("postfix out: %s", str_c(str));
str_append_c(str, '\n');
o_stream_nsend(conn->output, str_data(str), str_len(str));
i_assert(conn->io == NULL);
if (!conn->destroyed)
conn->io = io_add(conn->fd, IO_READ, postfix_input, conn);
auth_request_unref(&auth_request);
auth_postfix_connection_unref(&conn);
}
static void userdb_ldap_lookup_callback(struct ldap_connection *conn,
struct ldap_request *request,
LDAPMessage *res)
{
struct userdb_ldap_request *urequest =
(struct userdb_ldap_request *) request;
struct auth_request *auth_request =
urequest->request.request.auth_request;
if (res == NULL || ldap_msgtype(res) == LDAP_RES_SEARCH_RESULT) {
userdb_ldap_lookup_finish(auth_request, urequest, res);
auth_request_unref(&auth_request);
return;
}
if (urequest->entries++ == 0) {
/* first entry */
ldap_query_get_result(conn, auth_request,
&urequest->request, res);
}
}
