dovecot-2.0: lib-auth: Changed API to connect to only a single s...

Thu Oct 8 00:55:17 EEST 2009

details:   http://hg.dovecot.org/dovecot-2.0/rev/097588a7903c
changeset: 9984:097588a7903c
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Oct 07 17:46:14 2009 -0400
description:
lib-auth: Changed API to connect to only a single specified auth socket.
Login processes now always connect to socket called "auth".

diffstat:

18 files changed, 622 insertions(+), 965 deletions(-)
doc/example-config/conf.d/master.conf |    3 
src/lib-auth/Makefile.am              |    9 
src/lib-auth/auth-client-private.h    |   20 +
src/lib-auth/auth-client-request.c    |  173 +++++++++
src/lib-auth/auth-client-request.h    |   12 
src/lib-auth/auth-client.c            |  185 ++--------
src/lib-auth/auth-client.h            |   54 +--
src/lib-auth/auth-server-connection.c |  571 +++++++++++++++++----------------
src/lib-auth/auth-server-connection.h |   43 --
src/lib-auth/auth-server-request.c    |  419 ------------------------
src/lib-auth/auth-server-request.h    |   13 
src/login-common/client-common.h      |    2 
src/login-common/main.c               |    4 
src/login-common/sasl-server.c        |   30 -
src/pop3-login/client-authenticate.c  |   12 
src/pop3-login/client.c               |   12 
src/pop3-login/client.h               |    2 
src/util/authtest.c                   |   23 -

diffs (truncated from 2030 to 300 lines):

diff -r 9716b5a4b14a -r 097588a7903c doc/example-config/conf.d/master.conf

--- a/doc/example-config/conf.d/master.conf	Wed Oct 07 17:44:38 2009 -0400
+++ b/doc/example-config/conf.d/master.conf	Wed Oct 07 17:46:14 2009 -0400
@@ -36,8 +36,7 @@ service auth {
 
   # default
   unix_listener {
-    # The path must match the auth section name
-    path = login/default
+    path = login/auth
     mode = 0666
   }
 
diff -r 9716b5a4b14a -r 097588a7903c src/lib-auth/Makefile.am
--- a/src/lib-auth/Makefile.am	Wed Oct 07 17:44:38 2009 -0400
+++ b/src/lib-auth/Makefile.am	Wed Oct 07 17:46:14 2009 -0400
@@ -5,16 +5,17 @@ AM_CPPFLAGS = \
 
 libauth_la_SOURCES = \
 	auth-client.c \
+	auth-client-request.c \
 	auth-master.c \
-	auth-server-connection.c \
-	auth-server-request.c
+	auth-server-connection.c
 
 headers = \
 	auth-client.h \
 	auth-client-interface.h \
+	auth-client-private.h \
+	auth-client-request.h \
 	auth-master.h \
-	auth-server-connection.h \
-	auth-server-request.h
+	auth-server-connection.h
 
 if INSTALL_HEADERS
   pkginc_libdir=$(pkgincludedir)
diff -r 9716b5a4b14a -r 097588a7903c src/lib-auth/auth-client-private.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib-auth/auth-client-private.h	Wed Oct 07 17:46:14 2009 -0400
@@ -0,0 +1,20 @@
+#ifndef AUTH_CLIENT_PRIVATE_H
+#define AUTH_CLIENT_PRIVATE_H
+
+#include "auth-client.h"
+
+struct auth_client {
+	char *auth_socket_path;
+	unsigned int client_pid;
+
+	struct auth_server_connection *conn;
+
+	auth_connect_notify_callback_t *connect_notify_callback;
+	void *connect_notify_context;
+
+	unsigned int request_id_counter;
+
+	unsigned int debug:1;
+};
+
+#endif
diff -r 9716b5a4b14a -r 097588a7903c src/lib-auth/auth-client-request.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib-auth/auth-client-request.c	Wed Oct 07 17:46:14 2009 -0400
@@ -0,0 +1,173 @@
+/* Copyright (c) 2003-2009 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "str.h"
+#include "strescape.h"
+#include "ostream.h"
+#include "auth-client-private.h"
+#include "auth-server-connection.h"
+#include "auth-client-request.h"
+
+#include <stdlib.h>
+
+struct auth_client_request {
+	pool_t pool;
+
+	struct auth_server_connection *conn;
+	unsigned int id;
+
+	struct auth_request_info request_info;
+
+	auth_request_callback_t *callback;
+	void *context;
+};
+
+static void auth_server_send_new_request(struct auth_server_connection *conn,
+					 struct auth_client_request *request)
+{
+	struct auth_request_info *info = &request->request_info;
+	string_t *str;
+
+	str = t_str_new(512);
+	str_printfa(str, "AUTH\t%u\t", request->id);
+	str_tabescape_write(str, info->mech);
+	str_append(str, "\tservice=");
+	str_tabescape_write(str, info->service);
+
+	if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0)
+		str_append(str, "\tsecured");
+	if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0)
+		str_append(str, "\tvalid-client-cert");
+
+	if (info->cert_username != NULL) {
+		str_append(str, "\tcert_username=");
+		str_tabescape_write(str, info->cert_username);
+	}
+	if (info->local_ip.family != 0)
+		str_printfa(str, "\tlip=%s", net_ip2addr(&info->local_ip));
+	if (info->remote_ip.family != 0)
+		str_printfa(str, "\trip=%s", net_ip2addr(&info->remote_ip));
+	if (info->local_port != 0)
+		str_printfa(str, "\tlport=%u", info->local_port);
+	if (info->remote_port != 0)
+		str_printfa(str, "\trport=%u", info->remote_port);
+	if (info->initial_resp_base64 != NULL) {
+		str_append(str, "\tresp=");
+		str_tabescape_write(str, info->initial_resp_base64);
+	}
+	str_append_c(str, '\n');
+
+	if (o_stream_send(conn->output, str_data(str), str_len(str)) < 0)
+		i_error("Error sending request to auth server: %m");
+}
+
+struct auth_client_request *
+auth_client_request_new(struct auth_client *client,
+			const struct auth_request_info *request_info,
+			auth_request_callback_t *callback, void *context)
+{
+	struct auth_client_request *request;
+	pool_t pool;
+
+	pool = pool_alloconly_create("auth client request", 512);
+	request = p_new(pool, struct auth_client_request, 1);
+	request->pool = pool;
+	request->conn = client->conn;
+
+	request->request_info = *request_info;
+	request->request_info.mech = p_strdup(pool, request_info->mech);
+	request->request_info.service = p_strdup(pool, request_info->service);
+	request->request_info.cert_username =
+		p_strdup(pool, request_info->cert_username);
+	request->request_info.initial_resp_base64 =
+		p_strdup(pool, request_info->initial_resp_base64);
+	
+	request->callback = callback;
+	request->context = context;
+
+	request->id =
+		auth_server_connection_add_request(request->conn, request);
+	T_BEGIN {
+		auth_server_send_new_request(request->conn, request);
+	} T_END;
+	return request;
+}
+
+void auth_client_request_continue(struct auth_client_request *request,
+                                  const char *data_base64)
+{
+	struct const_iovec iov[3];
+	const char *prefix;
+
+	prefix = t_strdup_printf("CONT\t%u\t", request->id);
+
+	iov[0].iov_base = prefix;
+	iov[0].iov_len = strlen(prefix);
+	iov[1].iov_base = data_base64;
+	iov[1].iov_len = strlen(data_base64);
+	iov[2].iov_base = "\n";
+	iov[2].iov_len = 1;
+
+	if (o_stream_sendv(request->conn->output, iov, 3) < 0)
+		i_error("Error sending continue request to auth server: %m");
+}
+
+void auth_client_request_abort(struct auth_client_request **_request)
+{
+	struct auth_client_request *request = *_request;
+
+	*_request = NULL;
+
+	request->callback(request, AUTH_REQUEST_STATUS_FAIL, NULL, NULL,
+			  request->context);
+	request->callback = NULL;
+}
+
+unsigned int auth_client_request_get_id(struct auth_client_request *request)
+{
+	return request->id;
+}
+
+unsigned int
+auth_client_request_get_server_pid(struct auth_client_request *request)
+{
+	return request->conn->server_pid;
+}
+
+bool auth_client_request_is_aborted(struct auth_client_request *request)
+{
+	return request->callback == NULL;
+}
+
+void auth_client_request_server_input(struct auth_client_request *request,
+				      enum auth_request_status status,
+				      const char *const *args)
+{
+	const char *const *tmp, *base64_data = NULL;
+
+	if (request->callback == NULL) {
+		/* aborted already */
+		return;
+	}
+
+	switch (status) {
+	case AUTH_REQUEST_STATUS_OK:
+		for (tmp = args; *tmp != NULL; tmp++) {
+			if (strncmp(*tmp, "resp=", 5) == 0) {
+				base64_data = *tmp + 5;
+				break;
+			}
+		}
+		break;
+	case AUTH_REQUEST_STATUS_CONTINUE:
+		base64_data = args[0];
+		args = NULL;
+		break;
+	case AUTH_REQUEST_STATUS_FAIL:
+		break;
+	}
+
+	request->callback(request, status, base64_data, args, request->context);
+	if (status != AUTH_REQUEST_STATUS_CONTINUE)
+		pool_unref(&request->pool);
+}
diff -r 9716b5a4b14a -r 097588a7903c src/lib-auth/auth-client-request.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib-auth/auth-client-request.h	Wed Oct 07 17:46:14 2009 -0400
@@ -0,0 +1,12 @@
+#ifndef AUTH_CLIENT_REQUEST_H
+#define AUTH_CLIENT_REQUEST_H
+
+struct auth_server_connection;
+
+bool auth_client_request_is_aborted(struct auth_client_request *request);
+
+void auth_client_request_server_input(struct auth_client_request *request,
+				      enum auth_request_status status,
+				      const char *const *args);
+
+#endif
diff -r 9716b5a4b14a -r 097588a7903c src/lib-auth/auth-client.c
--- a/src/lib-auth/auth-client.c	Wed Oct 07 17:44:38 2009 -0400
+++ b/src/lib-auth/auth-client.c	Wed Oct 07 17:46:14 2009 -0400
@@ -1,118 +1,39 @@
-/* Copyright (c) 2003-2009 Dovecot authors, see the included COPYING file */
+/* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */
 
 #include "lib.h"
-#include "buffer.h"
-#include "ioloop.h"
-#include "hash.h"
-#include "auth-client.h"
+#include "array.h"
+#include "auth-client-private.h"
 #include "auth-server-connection.h"
 
-#include <dirent.h>
-#include <sys/stat.h>
-
-#define AUTH_CLIENT_SOCKET_MAX_WAIT_TIME 10
-
-struct auth_client *auth_client_new(unsigned int client_pid)
+struct auth_client *
+auth_client_init(const char *auth_socket_path, unsigned int client_pid,
+		 bool debug)
 {
 	struct auth_client *client;
 
 	client = i_new(struct auth_client, 1);
-	client->pid = client_pid;
-	client->available_auth_mechs = buffer_create_dynamic(default_pool, 128);
-
-	auth_client_connect_missing_servers(client);
+	client->client_pid = client_pid;
+	client->auth_socket_path = i_strdup(auth_socket_path);
+	client->debug = debug;
+	client->conn = auth_server_connection_init(client);
+	(void)auth_server_connection_connect(client->conn);
 	return client;
 }
 
-void auth_client_free(struct auth_client **_client)
+void auth_client_deinit(struct auth_client **_client)
 {
 	struct auth_client *client = *_client;
