static void userdb_sql_iterate_next(struct userdb_iterate_context *_ctx)
{
struct sql_userdb_iterate_context *ctx =
(struct sql_userdb_iterate_context *)_ctx;
struct userdb_module *_module = _ctx->auth_request->userdb->userdb;
struct sql_userdb_module *module = (struct sql_userdb_module *)_module;
const char *user;
int ret;
if (ctx->result == NULL) {
/* query not finished yet */
ctx->call_iter = TRUE;
return;
}
ret = sql_result_next_row(ctx->result);
if (ret >= 0)
db_sql_success(module->conn);
if (ret > 0) {
if (userdb_sql_iterate_get_user(ctx, &user) < 0)
i_error("sql: Iterate query didn't return 'user' field");
else if (user == NULL)
i_error("sql: Iterate query returned NULL user");
else {
_ctx->callback(user, _ctx->context);
return;
}
_ctx->failed = TRUE;
} else if (ret < 0) {
if (!module->conn->default_iterate_query) {
i_error("sql: Iterate query failed: %s",
sql_result_get_error(ctx->result));
} else {
i_error("sql: Iterate query failed: %s "
"(using built-in default iterate_query: %s)",
sql_result_get_error(ctx->result),
module->conn->set.iterate_query);
}
_ctx->failed = TRUE;
}
_ctx->callback(NULL, _ctx->context);
}
static void sql_query_callback(struct sql_result *sql_result,
struct userdb_sql_request *sql_request)
{
struct auth_request *auth_request = sql_request->auth_request;
struct userdb_module *_module = auth_request->userdb->userdb;
struct sql_userdb_module *module =
(struct sql_userdb_module *)_module;
enum userdb_result result = USERDB_RESULT_INTERNAL_FAILURE;
int ret;
ret = sql_result_next_row(sql_result);
if (ret >= 0)
db_sql_success(module->conn);
if (ret < 0) {
if (!module->conn->default_user_query) {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"User query failed: %s",
sql_result_get_error(sql_result));
} else {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"User query failed: %s "
"(using built-in default user_query: %s)",
sql_result_get_error(sql_result),
module->conn->set.user_query);
}
} else if (ret == 0) {
result = USERDB_RESULT_USER_UNKNOWN;
auth_request_log_unknown_user(auth_request, AUTH_SUBSYS_DB);
} else {
sql_query_get_result(sql_result, auth_request);
result = USERDB_RESULT_OK;
}
sql_request->callback(result, auth_request);
auth_request_unref(&auth_request);
i_free(sql_request);
}
transaction_send_query(struct mysql_transaction_context *ctx, const char *query,
unsigned int *affected_rows_r)
{
struct sql_result *_result;
int ret = 0;
if (ctx->failed)
return -1;
_result = sql_query_s(ctx->ctx.db, query);
if (sql_result_next_row(_result) < 0) {
ctx->error = sql_result_get_error(_result);
ctx->failed = TRUE;
ret = -1;
} else if (affected_rows_r != NULL) {
struct mysql_result *result = (struct mysql_result *)_result;
i_assert(result->affected_rows != (my_ulonglong)-1);
*affected_rows_r = result->affected_rows;
}
sql_result_unref(_result);
return ret;
}
static void sql_query_callback(struct sql_result *result,
struct passdb_sql_request *sql_request)
{
struct auth_request *auth_request = sql_request->auth_request;
struct passdb_module *_module = auth_request->passdb->passdb;
struct sql_passdb_module *module = (struct sql_passdb_module *)_module;
enum passdb_result passdb_result;
const char *password, *scheme;
int ret;
passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
password = NULL;
ret = sql_result_next_row(result);
if (ret >= 0)
db_sql_success(module->conn);
if (ret < 0) {
if (!module->conn->default_password_query) {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"Password query failed: %s",
sql_result_get_error(result));
} else {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"Password query failed: %s "
"(using built-in default password_query: %s)",
sql_result_get_error(result),
module->conn->set.password_query);
}
} else if (ret == 0) {
auth_request_log_unknown_user(auth_request, AUTH_SUBSYS_DB);
passdb_result = PASSDB_RESULT_USER_UNKNOWN;
} else {
sql_query_save_results(result, sql_request);
/* Note that we really want to check if the password field is
found. Just checking if password is set isn't enough,
because with proxies we might want to return NULL as
password. */
if (sql_result_find_field(result, "password") < 0 &&
sql_result_find_field(result, "password_noscheme") < 0) {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"Password query must return a field named "
"'password'");
} else if (sql_result_next_row(result) > 0) {
auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
"Password query returned multiple matches");
} else if (auth_request->passdb_password == NULL &&
!auth_fields_exists(auth_request->extra_fields, "nopassword") &&
!auth_fields_exists(auth_request->extra_fields, "noauthenticate")) {
auth_request_log_info(auth_request, AUTH_SUBSYS_DB,
"Empty password returned without nopassword");
passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
} else {
/* passdb_password may change on the way,
so we'll need to strdup. */
password = t_strdup(auth_request->passdb_password);
passdb_result = PASSDB_RESULT_OK;
}
}
scheme = password_get_scheme(&password);
/* auth_request_set_field() sets scheme */
i_assert(password == NULL || scheme != NULL);
if (auth_request->credentials_scheme != NULL) {
passdb_handle_credentials(passdb_result, password, scheme,
sql_request->callback.lookup_credentials,
auth_request);
auth_request_unref(&auth_request);
return;
}
/* verify plain */
if (password == NULL) {
sql_request->callback.verify_plain(passdb_result, auth_request);
auth_request_unref(&auth_request);
return;
}
ret = auth_request_password_verify(auth_request,
auth_request->mech_password,
password, scheme, AUTH_SUBSYS_DB);
sql_request->callback.verify_plain(ret > 0 ? PASSDB_RESULT_OK :
PASSDB_RESULT_PASSWORD_MISMATCH,
auth_request);
auth_request_unref(&auth_request);
}
