static void
lookup_user_callback(enum userdb_result result,
struct auth_request *auth_request)
{
struct auth_worker_client *client = auth_request->context;
string_t *str;
str = t_str_new(128);
str_printfa(str, "%u\t", auth_request->id);
switch (result) {
case USERDB_RESULT_INTERNAL_FAILURE:
str_append(str, "FAIL\t");
break;
case USERDB_RESULT_USER_UNKNOWN:
str_append(str, "NOTFOUND\t");
break;
case USERDB_RESULT_OK:
str_append(str, "OK\t");
str_append_tabescaped(str, auth_request->user);
str_append_c(str, '\t');
auth_fields_append(auth_request->userdb_reply, str, 0, 0);
if (auth_request->userdb_lookup_tempfailed)
str_append(str, "\ttempfail");
break;
}
str_append_c(str, '\n');
auth_worker_send_reply(client, auth_request, str);
auth_request_unref(&auth_request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static void
auth_str_append_extra_fields(struct auth_request *request, string_t *dest)
{
if (!auth_fields_is_empty(request->extra_fields)) {
str_append_c(dest, '\t');
auth_fields_append(request->extra_fields, dest,
AUTH_FIELD_FLAG_HIDDEN, 0);
}
if (request->original_username != NULL &&
null_strcmp(request->original_username, request->user) != 0) {
auth_str_add_keyvalue(dest, "original_user",
request->original_username);
}
if (request->master_user != NULL)
auth_str_add_keyvalue(dest, "auth_user", request->master_user);
if (!request->auth_only &&
auth_fields_exists(request->extra_fields, "proxy")) {
/* we're proxying */
if (!auth_fields_exists(request->extra_fields, "pass") &&
request->mech_password != NULL) {
/* send back the password that was sent by user
(not the password in passdb). */
auth_str_add_keyvalue(dest, "pass",
request->mech_password);
}
if (request->master_user != NULL &&
!auth_fields_exists(request->extra_fields, "master")) {
/* the master username needs to be forwarded */
auth_str_add_keyvalue(dest, "master",
request->master_user);
}
}
}
static void
user_callback(enum userdb_result result,
struct auth_request *auth_request)
{
struct auth_master_connection *conn = auth_request->master;
string_t *str;
const char *value;
if (auth_request->userdb_lookup_tempfailed)
result = USERDB_RESULT_INTERNAL_FAILURE;
if (result == USERDB_RESULT_OK) {
if (user_verify_restricted_uid(auth_request) < 0)
result = USERDB_RESULT_INTERNAL_FAILURE;
}
str = t_str_new(128);
switch (result) {
case USERDB_RESULT_INTERNAL_FAILURE:
str_printfa(str, "FAIL\t%u", auth_request->id);
if (auth_request->userdb_lookup_tempfailed) {
value = auth_fields_find(auth_request->userdb_reply,
"reason");
if (value != NULL)
str_printfa(str, "\treason=%s", value);
}
break;
case USERDB_RESULT_USER_UNKNOWN:
str_printfa(str, "NOTFOUND\t%u", auth_request->id);
break;
case USERDB_RESULT_OK:
str_printfa(str, "USER\t%u\t", auth_request->id);
str_append_tabescaped(str, auth_request->user);
str_append_c(str, '\t');
auth_fields_append(auth_request->userdb_reply, str,
AUTH_FIELD_FLAG_HIDDEN, 0);
break;
}
if (conn->auth->set->debug) {
i_debug("userdb out: %s",
auth_master_reply_hide_passwords(conn, str_c(str)));
}
str_append_c(str, '\n');
o_stream_nsend(conn->output, str_data(str), str_len(str));
auth_request_unref(&auth_request);
auth_master_connection_unref(&conn);
}
static void
reply_append_extra_fields(string_t *str, struct auth_request *request)
{
if (!auth_fields_is_empty(request->extra_fields)) {
str_append_c(str, '\t');
auth_fields_append(request->extra_fields, str, 0, 0);
}
if (request->userdb_reply != NULL &&
auth_fields_is_empty(request->userdb_reply)) {
/* all userdb_* fields had NULL values. we'll still
need to tell this to the master */
str_append(str, "\tuserdb_"AUTH_REQUEST_USER_KEY_IGNORE);
}
}
static void pass_callback_finish(struct auth_request *auth_request,
enum passdb_result result)
{
struct auth_master_connection *conn = auth_request->master;
string_t *str;
str = t_str_new(128);
switch (result) {
case PASSDB_RESULT_OK:
if (auth_request->failed || !auth_request->passdb_success) {
str_printfa(str, "FAIL\t%u", auth_request->id);
break;
}
str_printfa(str, "PASS\t%u\tuser="******"NOTFOUND\t%u", auth_request->id);
break;
case PASSDB_RESULT_NEXT:
case PASSDB_RESULT_PASSWORD_MISMATCH:
case PASSDB_RESULT_INTERNAL_FAILURE:
str_printfa(str, "FAIL\t%u", auth_request->id);
break;
case PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
str_printfa(str, "FAIL\t%u\treason=Configured passdbs don't support credentials lookups",
auth_request->id);
break;
}
if (conn->auth->set->debug)
i_debug("passdb out: %s", str_c(str));
str_append_c(str, '\n');
o_stream_nsend(conn->output, str_data(str), str_len(str));
auth_request_unref(&auth_request);
auth_master_connection_unref(&conn);
}
static void auth_str_append_userdb_extra_fields(struct auth_request *request,
string_t *dest)
{
str_append_c(dest, '\t');
auth_fields_append(request->userdb_reply, dest,
AUTH_FIELD_FLAG_HIDDEN, 0);
if (request->master_user != NULL &&
!auth_fields_exists(request->userdb_reply, "master_user")) {
auth_str_add_keyvalue(dest, "master_user",
request->master_user);
}
if (*request->set->anonymous_username != '\0' &&
strcmp(request->user, request->set->anonymous_username) == 0) {
/* this is an anonymous login, either via ANONYMOUS
SASL mechanism or simply logging in as the anonymous
user via another mechanism */
str_append(dest, "\tanonymous");
}
/* generate auth_token when master service provided session_pid */
if (request->request_auth_token &&
request->session_pid != (pid_t)-1) {
const char *auth_token =
auth_token_get(request->service,
dec2str(request->session_pid),
request->user,
request->session_id);
auth_str_add_keyvalue(dest, "auth_token", auth_token);
}
if (request->master_user != NULL) {
auth_str_add_keyvalue(dest, "auth_user", request->master_user);
} else if (request->original_username != NULL &&
strcmp(request->original_username, request->user) != 0) {
auth_str_add_keyvalue(dest, "auth_user",
request->original_username);
}
}
