static void ldap_lookup_pass(struct auth_request *auth_request, struct passdb_ldap_request *request) { struct passdb_module *_module = auth_request->passdb->passdb; struct ldap_passdb_module *module = (struct ldap_passdb_module *)_module; struct ldap_connection *conn = module->conn; struct ldap_request_search *srequest = &request->request.search; const struct var_expand_table *vars; const char **attr_names = (const char **)conn->pass_attr_names; string_t *str; srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; vars = auth_request_get_var_expand_table(auth_request, ldap_escape); str = t_str_new(512); var_expand(str, conn->set.base, vars); srequest->base = p_strdup(auth_request->pool, str_c(str)); str_truncate(str, 0); var_expand(str, conn->set.pass_filter, vars); srequest->filter = p_strdup(auth_request->pool, str_c(str)); srequest->attr_map = &conn->pass_attr_map; srequest->attributes = conn->pass_attr_names; auth_request_log_debug(auth_request, "ldap", "pass search: " "base=%s scope=%s filter=%s fields=%s", srequest->base, conn->set.scope, srequest->filter, attr_names == NULL ? "(all)" : t_strarray_join(attr_names, ",")); srequest->request.callback = ldap_lookup_pass_callback; db_ldap_request(conn, &srequest->request); }
static void ldap_bind_lookup_dn(struct auth_request *auth_request, struct passdb_ldap_request *request) { struct passdb_module *_module = auth_request->passdb->passdb; struct ldap_passdb_module *module = (struct ldap_passdb_module *)_module; struct ldap_connection *conn = module->conn; struct ldap_request_search *srequest = &request->request.search; const struct var_expand_table *vars; string_t *str; srequest->request.type = LDAP_REQUEST_TYPE_SEARCH; vars = auth_request_get_var_expand_table(auth_request, ldap_escape); str = t_str_new(512); var_expand(str, conn->set.base, vars); srequest->base = p_strdup(auth_request->pool, str_c(str)); str_truncate(str, 0); var_expand(str, conn->set.pass_filter, vars); srequest->filter = p_strdup(auth_request->pool, str_c(str)); /* we don't need the attributes to perform authentication, but they may contain some extra parameters. if a password is returned, it's just ignored. */ srequest->attr_map = &conn->pass_attr_map; srequest->attributes = conn->pass_attr_names; auth_request_log_debug(auth_request, "ldap", "bind search: base=%s filter=%s", srequest->base, srequest->filter); srequest->request.callback = ldap_bind_lookup_dn_callback; db_ldap_request(conn, &srequest->request); }
static struct userdb_iterate_context * userdb_sql_iterate_init(struct auth_request *auth_request, userdb_iter_callback_t *callback, void *context) { struct userdb_module *_module = auth_request->userdb->userdb; struct sql_userdb_module *module = (struct sql_userdb_module *)_module; struct sql_userdb_iterate_context *ctx; string_t *query; query = t_str_new(512); var_expand(query, module->conn->set.iterate_query, auth_request_get_var_expand_table(auth_request, userdb_sql_escape)); ctx = i_new(struct sql_userdb_iterate_context, 1); ctx->ctx.auth_request = auth_request; ctx->ctx.callback = callback; ctx->ctx.context = context; auth_request_ref(auth_request); sql_query(module->conn->db, str_c(query), sql_iter_query_callback, ctx); auth_request_log_debug(auth_request, AUTH_SUBSYS_DB, "%s", str_c(query)); return &ctx->ctx; }
static enum passdb_result static_save_fields(struct auth_request *request, const char **password_r) { struct static_passdb_module *module = (struct static_passdb_module *)request->passdb->passdb; const struct var_expand_table *table; string_t *str = t_str_new(128); auth_request_log_debug(request, AUTH_SUBSYS_DB, "lookup"); passdb_template_export(module->tmpl, request); if (module->static_password_tmpl != NULL) { table = auth_request_get_var_expand_table(request, NULL); var_expand(str, module->static_password_tmpl, table); *password_r = str_c(str); } else if (auth_fields_exists(request->extra_fields, "nopassword")) { *password_r = ""; } else { auth_request_log_info(request, AUTH_SUBSYS_DB, "No password returned (and no nopassword)"); *password_r = NULL; return PASSDB_RESULT_PASSWORD_MISMATCH; } return PASSDB_RESULT_OK; }
void passdb_template_export(struct passdb_template *tmpl, struct auth_request *auth_request) { const struct var_expand_table *table; string_t *str; const char *const *args, *value; unsigned int i, count; str = t_str_new(256); table = auth_request_get_var_expand_table(auth_request, NULL); args = array_get(&tmpl->args, &count); i_assert((count % 2) == 0); for (i = 0; i < count; i += 2) { if (args[i+1] == NULL) value = ""; else { str_truncate(str, 0); var_expand(str, args[i+1], table); value = str_c(str); } auth_request_set_field(auth_request, args[i], value, STATIC_PASS_SCHEME); } }
static void passwd_file_lookup(struct auth_request *auth_request, userdb_callback_t *callback) { struct userdb_module *_module = auth_request->userdb->userdb; struct passwd_file_userdb_module *module = (struct passwd_file_userdb_module *)_module; struct passwd_user *pu; const struct var_expand_table *table; string_t *str; const char *key, *value; char **p; pu = db_passwd_file_lookup(module->pwf, auth_request, module->username_format); if (pu == NULL || pu->uid == 0) { callback(USERDB_RESULT_USER_UNKNOWN, auth_request); return; } if (pu->uid != (uid_t)-1) { auth_request_set_userdb_field(auth_request, "uid", dec2str(pu->uid)); } if (pu->gid != (gid_t)-1) { auth_request_set_userdb_field(auth_request, "gid", dec2str(pu->gid)); } if (pu->home != NULL) auth_request_set_userdb_field(auth_request, "home", pu->home); if (pu->extra_fields != NULL) { str = t_str_new(512); table = auth_request_get_var_expand_table(auth_request, NULL); for (p = pu->extra_fields; *p != NULL; p++) { if (strncmp(*p, "userdb_", 7) != 0) continue; key = *p + 7; value = strchr(key, '='); if (value != NULL) { key = t_strdup_until(key, value); str_truncate(str, 0); auth_request_var_expand_with_table(str, value + 1, auth_request, table, NULL); value = str_c(str); } else { value = ""; } auth_request_set_userdb_field(auth_request, key, value); } } callback(USERDB_RESULT_OK, auth_request); }
const char * checkpassword_get_cmd(struct auth_request *request, const char *args, const char *checkpassword_reply_path) { string_t *str; str = t_str_new(256); var_expand(str, args, auth_request_get_var_expand_table(request, NULL)); return t_strconcat(str_c(str), " ", checkpassword_reply_path, NULL); }
static void passdb_dict_lookup_pass(struct passdb_dict_request *dict_request) { struct auth_request *auth_request = dict_request->auth_request; struct passdb_module *_module = auth_request->passdb->passdb; struct dict_passdb_module *module = (struct dict_passdb_module *)_module; string_t *key; const char *password = NULL, *scheme = NULL; enum passdb_result passdb_result; int ret; key = t_str_new(512); str_append(key, DICT_PATH_SHARED); var_expand(key, module->conn->set.password_key, auth_request_get_var_expand_table(auth_request, NULL)); if (*module->conn->set.password_key == '\0') { auth_request_log_error(auth_request, "dict", "password_key not specified"); passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; } else { passdb_result = passdb_dict_lookup_key(auth_request, module, str_c(key)); } if (passdb_result == PASSDB_RESULT_OK) { /* passdb_password may change on the way, so we'll need to strdup. */ password = t_strdup(auth_request->passdb_password); scheme = password_get_scheme(&password); /* auth_request_set_field() sets scheme */ i_assert(password == NULL || scheme != NULL); } if (auth_request->credentials_scheme != NULL) { passdb_handle_credentials(passdb_result, password, scheme, dict_request->callback.lookup_credentials, auth_request); } else { if (password != NULL) { ret = auth_request_password_verify(auth_request, auth_request->mech_password, password, scheme, "dict"); passdb_result = ret > 0 ? PASSDB_RESULT_OK : PASSDB_RESULT_PASSWORD_MISMATCH; } dict_request->callback.verify_plain(passdb_result, auth_request); } }
static void passdb_imap_verify_plain(struct auth_request *auth_request, const char *password, verify_plain_callback_t *callback) { struct passdb_module *_module = auth_request->passdb->passdb; struct imap_passdb_module *module = (struct imap_passdb_module *)_module; struct imap_auth_request *request; struct imapc_client_settings set; const struct var_expand_table *table; string_t *str; set = module->set; set.debug = auth_request->set->debug; set.dns_client_socket_path = t_strconcat(auth_request->set->base_dir, "/", DNS_CLIENT_SOCKET_NAME, NULL); set.password = password; set.max_idle_time = IMAPC_DEFAULT_MAX_IDLE_TIME; if (module->set_have_vars) { str = t_str_new(128); table = auth_request_get_var_expand_table(auth_request, NULL); var_expand(str, set.username, table); set.username = t_strdup(str_c(str)); str_truncate(str, 0); var_expand(str, set.host, table); set.host = t_strdup(str_c(str)); } auth_request_log_debug(auth_request, AUTH_SUBSYS_DB, "lookup host=%s port=%d", set.host, set.port); request = p_new(auth_request->pool, struct imap_auth_request, 1); request->client = imapc_client_init(&set); request->auth_request = auth_request; request->verify_callback = callback; auth_request_ref(auth_request); imapc_client_login(request->client, passdb_imap_login_callback, request); }
static void ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request, struct passdb_ldap_request *request) { struct passdb_module *_module = auth_request->passdb->passdb; struct ldap_passdb_module *module = (struct ldap_passdb_module *)_module; struct ldap_connection *conn = module->conn; struct ldap_request_bind *brequest = &request->request.bind; const struct var_expand_table *vars; string_t *dn; brequest->request.type = LDAP_REQUEST_TYPE_BIND; vars = auth_request_get_var_expand_table(auth_request, ldap_escape); dn = t_str_new(512); var_expand(dn, conn->set.auth_bind_userdn, vars); brequest->dn = p_strdup(auth_request->pool, str_c(dn)); ldap_auth_bind(conn, brequest); }
static void passwd_file_save_results(struct auth_request *request, const struct passwd_user *pu, const char **crypted_pass_r, const char **scheme_r) { const struct var_expand_table *table; const char *key, *value; string_t *str; char **p; *crypted_pass_r = pu->password != NULL ? pu->password : ""; *scheme_r = password_get_scheme(crypted_pass_r); if (*scheme_r == NULL) *scheme_r = request->passdb->passdb->default_pass_scheme; /* save the password so cache can use it */ auth_request_set_field(request, "password", *crypted_pass_r, *scheme_r); if (pu->extra_fields != NULL) { str = t_str_new(512); table = auth_request_get_var_expand_table(request, NULL); for (p = pu->extra_fields; *p != NULL; p++) { value = strchr(*p, '='); if (value != NULL) { key = t_strdup_until(*p, value); str_truncate(str, 0); auth_request_var_expand_with_table(str, value + 1, request, table, NULL); value = str_c(str); } else { key = *p; value = ""; } auth_request_set_field(request, key, value, NULL); } } }
static void userdb_sql_lookup(struct auth_request *auth_request, userdb_callback_t *callback) { struct userdb_module *_module = auth_request->userdb->userdb; struct sql_userdb_module *module = (struct sql_userdb_module *)_module; struct userdb_sql_request *sql_request; string_t *query; query = t_str_new(512); var_expand(query, module->conn->set.user_query, auth_request_get_var_expand_table(auth_request, userdb_sql_escape)); auth_request_ref(auth_request); sql_request = i_new(struct userdb_sql_request, 1); sql_request->callback = callback; sql_request->auth_request = auth_request; auth_request_log_debug(auth_request, AUTH_SUBSYS_DB, "%s", str_c(query)); sql_query(module->conn->db, str_c(query), sql_query_callback, sql_request); }