static void
lookup_user_callback(enum userdb_result result,
struct auth_request *auth_request)
{
struct auth_worker_client *client = auth_request->context;
struct auth_stream_reply *reply = auth_request->userdb_reply;
string_t *str;
str = t_str_new(128);
str_printfa(str, "%u\t", auth_request->id);
switch (result) {
case USERDB_RESULT_INTERNAL_FAILURE:
str_append(str, "FAIL\t");
break;
case USERDB_RESULT_USER_UNKNOWN:
str_append(str, "NOTFOUND\t");
break;
case USERDB_RESULT_OK:
str_append(str, "OK\t");
str_append(str, auth_stream_reply_export(reply));
if (auth_request->userdb_lookup_failed)
str_append(str, "\ttempfail");
break;
}
str_append_c(str, '\n');
auth_worker_send_reply(client, str);
auth_request_unref(&auth_request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static void
lookup_credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
struct auth_request *request)
{
struct auth_worker_client *client = request->context;
struct auth_stream_reply *reply;
string_t *str;
if (request->passdb_failure && result == PASSDB_RESULT_OK)
result = PASSDB_RESULT_PASSWORD_MISMATCH;
reply = auth_stream_reply_init(pool_datastack_create());
auth_stream_reply_add(reply, NULL, dec2str(request->id));
if (result != PASSDB_RESULT_OK) {
auth_stream_reply_add(reply, "FAIL", NULL);
auth_stream_reply_add(reply, NULL,
t_strdup_printf("%d", result));
} else {
auth_stream_reply_add(reply, "OK", NULL);
auth_stream_reply_add(reply, NULL, request->user);
str = t_str_new(64);
str_printfa(str, "{%s.b64}", request->credentials_scheme);
base64_encode(credentials, size, str);
auth_stream_reply_add(reply, NULL, str_c(str));
if (request->extra_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_fields);
auth_stream_reply_import(reply, fields);
}
if (request->extra_cache_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_cache_fields);
auth_stream_reply_import(reply, fields);
}
}
str = auth_stream_reply_get_str(reply);
str_append_c(str, '\n');
auth_worker_send_reply(client, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
static void verify_plain_callback(enum passdb_result result,
struct auth_request *request)
{
struct auth_worker_client *client = request->context;
struct auth_stream_reply *reply;
string_t *str;
if (request->passdb_failure && result == PASSDB_RESULT_OK)
result = PASSDB_RESULT_PASSWORD_MISMATCH;
reply = auth_stream_reply_init(pool_datastack_create());
auth_stream_reply_add(reply, NULL, dec2str(request->id));
if (result == PASSDB_RESULT_OK)
auth_stream_reply_add(reply, "OK", NULL);
else {
auth_stream_reply_add(reply, "FAIL", NULL);
auth_stream_reply_add(reply, NULL,
t_strdup_printf("%d", result));
}
if (result != PASSDB_RESULT_INTERNAL_FAILURE) {
auth_stream_reply_add(reply, NULL, request->user);
auth_stream_reply_add(reply, NULL,
request->passdb_password == NULL ? "" :
request->passdb_password);
if (request->extra_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_fields);
auth_stream_reply_import(reply, fields);
}
if (request->extra_cache_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_cache_fields);
auth_stream_reply_import(reply, fields);
}
}
str = auth_stream_reply_get_str(reply);
str_append_c(str, '\n');
auth_worker_send_reply(client, str);
auth_request_unref(&request);
auth_worker_client_check_throttle(client);
auth_worker_client_unref(&client);
}
void checkpassword_setup_env(struct auth_request *request)
{
/* Besides passing the standard username and password in a
pipe, also pass some other possibly interesting information
via environment. Use UCSPI names for local/remote IPs. */
env_put("PROTO=TCP"); /* UCSPI */
env_put(t_strconcat("SERVICE=", request->service, NULL));
if (request->local_ip.family != 0) {
env_put(t_strconcat("TCPLOCALIP=",
net_ip2addr(&request->local_ip), NULL));
/* FIXME: for backwards compatibility only,
remove some day */
env_put(t_strconcat("LOCAL_IP=",
net_ip2addr(&request->local_ip), NULL));
}
if (request->remote_ip.family != 0) {
env_put(t_strconcat("TCPREMOTEIP=",
net_ip2addr(&request->remote_ip), NULL));
/* FIXME: for backwards compatibility only,
remove some day */
env_put(t_strconcat("REMOTE_IP=",
net_ip2addr(&request->remote_ip), NULL));
}
if (request->local_port != 0) {
env_put(t_strdup_printf("TCPLOCALPORT=%u",
request->local_port));
}
if (request->remote_port != 0) {
env_put(t_strdup_printf("TCPREMOTEPORT=%u",
request->remote_port));
}
if (request->master_user != NULL) {
env_put(t_strconcat("MASTER_USER=",
request->master_user, NULL));
}
if (request->extra_fields != NULL) {
const char *fields =
auth_stream_reply_export(request->extra_fields);
/* extra fields could come from master db */
env_put_extra_fields(fields);
}
}
