dovecot-2.2: auth: Added %{passdb:field} and %{userdb:field} var...
dovecot at dovecot.org
dovecot at dovecot.org
Fri May 29 18:41:50 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/bb1522e10108
changeset: 18765:bb1522e10108
user: Timo Sirainen <tss at iki.fi>
date: Fri May 29 21:39:33 2015 +0300
description:
auth: Added %{passdb:field} and %{userdb:field} variables
The field expands to either the passdb or userdb extra field.
You can also use %{passdb:field:defaultvalue} where if field doesn't exist,
it's expanded to defaultvalue. Note that an empty value means that the field
still exists and it's not expanded to defaultvalue.
diffstat:
src/auth/Makefile.am | 2 +-
src/auth/auth-request-var-expand.c | 83 +++++++++++++++++++++++++++++++++
src/auth/auth-request-var-expand.h | 13 +++++
src/auth/auth-request.c | 7 +-
src/auth/db-checkpassword.c | 4 +-
src/auth/db-passwd-file.c | 10 +--
src/auth/passdb-imap.c | 7 +-
src/auth/passdb-ldap.c | 19 ++----
src/auth/passdb-pam.c | 7 +--
src/auth/passdb-passwd-file.c | 4 +-
src/auth/passdb-sql.c | 26 +++------
src/auth/passdb-static.c | 10 +---
src/auth/passdb-template.c | 4 +-
src/auth/test-auth-request-var-expand.c | 38 +++++++++++++++
src/auth/userdb-dict.c | 6 +-
src/auth/userdb-ldap.c | 16 +----
src/auth/userdb-passwd-file.c | 4 +-
src/auth/userdb-sql.c | 27 +++------
src/auth/userdb-template.c | 4 +-
19 files changed, 188 insertions(+), 103 deletions(-)
diffs (truncated from 760 to 300 lines):
diff -r fa891f697005 -r bb1522e10108 src/auth/Makefile.am
--- a/src/auth/Makefile.am Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/Makefile.am Fri May 29 21:39:33 2015 +0300
@@ -211,7 +211,7 @@
test_auth_cache_DEPENDENCIES = $(pkglibexec_PROGRAMS) $(test_libs)
test_auth_request_var_expand_SOURCES = test-auth-request-var-expand.c
-test_auth_request_var_expand_LDADD = auth-request-var-expand.o $(test_libs)
+test_auth_request_var_expand_LDADD = auth-request-var-expand.o auth-fields.o $(test_libs)
test_auth_request_var_expand_DEPENDENCIES = $(pkglibexec_PROGRAMS) $(test_libs)
test_db_dict_SOURCES = test-db-dict.c
diff -r fa891f697005 -r bb1522e10108 src/auth/auth-request-var-expand.c
--- a/src/auth/auth-request-var-expand.c Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/auth-request-var-expand.c Fri May 29 21:39:33 2015 +0300
@@ -1,9 +1,15 @@
/* Copyright (c) 2002-2015 Dovecot authors, see the included COPYING file */
#include "auth-common.h"
+#include "str.h"
#include "strescape.h"
#include "auth-request.h"
+struct auth_request_var_expand_ctx {
+ struct auth_request *auth_request;
+ auth_request_escape_func_t *escape_func;
+};
+
const struct var_expand_table
auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1] = {
{ 'u', NULL, "user" },
@@ -160,3 +166,80 @@
return auth_request_get_var_expand_table_full(auth_request, escape_func,
&count);
}
+
+static const char *field_get_default(const char *data)
+{
+ const char *p;
+
+ p = strchr(data, ':');
+ if (p == NULL)
+ return "";
+ else {
+ /* default value given */
+ return p+1;
+ }
+}
+
+static const char *
+auth_request_var_expand_func_passdb(const char *data, void *context)
+{
+ struct auth_request_var_expand_ctx *ctx = context;
+ const char *field_name = t_strcut(data, ':');
+ const char *value;
+
+ value = auth_fields_find(ctx->auth_request->extra_fields, field_name);
+ return ctx->escape_func(value != NULL ? value : field_get_default(data),
+ ctx->auth_request);
+}
+
+static const char *
+auth_request_var_expand_func_userdb(const char *data, void *context)
+{
+ struct auth_request_var_expand_ctx *ctx = context;
+ const char *field_name = t_strcut(data, ':');
+ const char *value;
+
+ value = ctx->auth_request->userdb_reply == NULL ? NULL :
+ auth_fields_find(ctx->auth_request->userdb_reply, field_name);
+ return ctx->escape_func(value != NULL ? value : field_get_default(data),
+ ctx->auth_request);
+}
+
+const struct var_expand_func_table auth_request_var_funcs_table[] = {
+ { "passdb", auth_request_var_expand_func_passdb },
+ { "userdb", auth_request_var_expand_func_userdb },
+ { NULL, NULL }
+};
+
+void auth_request_var_expand(string_t *dest, const char *str,
+ struct auth_request *auth_request,
+ auth_request_escape_func_t *escape_func)
+{
+ auth_request_var_expand_with_table(dest, str, auth_request,
+ auth_request_get_var_expand_table(auth_request, escape_func),
+ escape_func);
+}
+
+void auth_request_var_expand_with_table(string_t *dest, const char *str,
+ struct auth_request *auth_request,
+ const struct var_expand_table *table,
+ auth_request_escape_func_t *escape_func)
+{
+ struct auth_request_var_expand_ctx ctx;
+
+ memset(&ctx, 0, sizeof(ctx));
+ ctx.auth_request = auth_request;
+ ctx.escape_func = escape_func;
+ var_expand_with_funcs(dest, str, table,
+ auth_request_var_funcs_table, &ctx);
+}
+
+const char *
+t_auth_request_var_expand(const char *str,
+ struct auth_request *auth_request,
+ auth_request_escape_func_t *escape_func)
+{
+ string_t *dest = t_str_new(128);
+ auth_request_var_expand(dest, str, auth_request, escape_func);
+ return str_c(dest);
+}
diff -r fa891f697005 -r bb1522e10108 src/auth/auth-request-var-expand.h
--- a/src/auth/auth-request-var-expand.h Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/auth-request-var-expand.h Fri May 29 21:39:33 2015 +0300
@@ -20,6 +20,19 @@
auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
auth_request_escape_func_t *escape_func,
unsigned int *count) ATTR_NULL(2);
+
+void auth_request_var_expand(string_t *dest, const char *str,
+ struct auth_request *auth_request,
+ auth_request_escape_func_t *escape_func);
+void auth_request_var_expand_with_table(string_t *dest, const char *str,
+ struct auth_request *auth_request,
+ const struct var_expand_table *table,
+ auth_request_escape_func_t *escape_func);
+const char *
+t_auth_request_var_expand(const char *str,
+ struct auth_request *auth_request,
+ auth_request_escape_func_t *escape_func);
+
const char *auth_request_str_escape(const char *string,
const struct auth_request *request);
diff -r fa891f697005 -r bb1522e10108 src/auth/auth-request.c
--- a/src/auth/auth-request.c Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/auth-request.c Fri May 29 21:39:33 2015 +0300
@@ -1201,7 +1201,6 @@
/* username format given, put it through variable expansion.
we'll have to temporarily replace request->user to get
%u to be the wanted username */
- const struct var_expand_table *table;
char *old_username;
string_t *dest;
@@ -1209,8 +1208,7 @@
request->user = user;
dest = t_str_new(256);
- table = auth_request_get_var_expand_table(request, NULL);
- var_expand(dest, set->username_format, table);
+ auth_request_var_expand(dest, set->username_format, request, NULL);
user = p_strdup(request->pool, str_c(dest));
request->user = old_username;
@@ -1569,8 +1567,7 @@
struct stat st;
path = t_str_new(256);
- var_expand(path, path_template,
- auth_request_get_var_expand_table(request, NULL));
+ auth_request_var_expand(path, path_template, request, NULL);
if (stat(str_c(path), &st) < 0) {
auth_request_log_error(request, AUTH_SUBSYS_DB,
"stat(%s) failed: %m", str_c(path));
diff -r fa891f697005 -r bb1522e10108 src/auth/db-checkpassword.c
--- a/src/auth/db-checkpassword.c Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/db-checkpassword.c Fri May 29 21:39:33 2015 +0300
@@ -15,7 +15,6 @@
#include "safe-memset.h"
#include "strescape.h"
#include "child-wait.h"
-#include "var-expand.h"
#include "db-checkpassword.h"
#include <stdlib.h>
@@ -298,8 +297,7 @@
string_t *str;
str = t_str_new(256);
- var_expand(str, args,
- auth_request_get_var_expand_table(request, NULL));
+ auth_request_var_expand(str, args, request, NULL);
return t_strconcat(str_c(str), " ", checkpassword_reply_path, NULL);
}
diff -r fa891f697005 -r bb1522e10108 src/auth/db-passwd-file.c
--- a/src/auth/db-passwd-file.c Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/db-passwd-file.c Fri May 29 21:39:33 2015 +0300
@@ -13,7 +13,6 @@
#include "hash.h"
#include "str.h"
#include "eacces-error.h"
-#include "var-expand.h"
#include <stdlib.h>
#include <unistd.h>
@@ -431,15 +430,13 @@
{
struct passwd_file *pw;
struct passwd_user *pu;
- const struct var_expand_table *table;
string_t *username, *dest;
if (!db->vars)
pw = db->default_file;
else {
- table = auth_request_get_var_expand_table(request, path_fix);
dest = t_str_new(256);
- var_expand(dest, db->path, table);
+ auth_request_var_expand(dest, db->path, request, path_fix);
pw = hash_table_lookup(db->files, str_c(dest));
if (pw == NULL) {
@@ -454,9 +451,8 @@
}
username = t_str_new(256);
- table = auth_request_get_var_expand_table(request,
- auth_request_str_escape);
- var_expand(username, username_format, table);
+ auth_request_var_expand(username, username_format, request,
+ auth_request_str_escape);
auth_request_log_debug(request, AUTH_SUBSYS_DB,
"lookup: user=%s file=%s",
diff -r fa891f697005 -r bb1522e10108 src/auth/passdb-imap.c
--- a/src/auth/passdb-imap.c Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/passdb-imap.c Fri May 29 21:39:33 2015 +0300
@@ -3,7 +3,6 @@
#include "auth-common.h"
#include "passdb.h"
#include "str.h"
-#include "var-expand.h"
#include "imap-resp-code.h"
#include "imapc-client.h"
@@ -77,7 +76,6 @@
(struct imap_passdb_module *)_module;
struct imap_auth_request *request;
struct imapc_client_settings set;
- const struct var_expand_table *table;
string_t *str;
set = module->set;
@@ -90,12 +88,11 @@
if (module->set_have_vars) {
str = t_str_new(128);
- table = auth_request_get_var_expand_table(auth_request, NULL);
- var_expand(str, set.username, table);
+ auth_request_var_expand(str, set.username, auth_request, NULL);
set.username = t_strdup(str_c(str));
str_truncate(str, 0);
- var_expand(str, set.host, table);
+ auth_request_var_expand(str, set.host, auth_request, NULL);
set.host = t_strdup(str_c(str));
}
auth_request_log_debug(auth_request, AUTH_SUBSYS_DB,
diff -r fa891f697005 -r bb1522e10108 src/auth/passdb-ldap.c
--- a/src/auth/passdb-ldap.c Fri May 29 20:56:13 2015 +0300
+++ b/src/auth/passdb-ldap.c Fri May 29 21:39:33 2015 +0300
@@ -8,7 +8,6 @@
#include "ioloop.h"
#include "array.h"
#include "str.h"
-#include "var-expand.h"
#include "password-scheme.h"
#include "auth-cache.h"
#include "db-ldap.h"
@@ -289,20 +288,19 @@
(struct ldap_passdb_module *)_module;
struct ldap_connection *conn = module->conn;
struct ldap_request_search *srequest = &request->request.search;
- const struct var_expand_table *vars;
const char **attr_names = (const char **)conn->pass_attr_names;
string_t *str;
request->require_password = require_password;
srequest->request.type = LDAP_REQUEST_TYPE_SEARCH;
- vars = auth_request_get_var_expand_table(auth_request, ldap_escape);
str = t_str_new(512);
- var_expand(str, conn->set.base, vars);
+ auth_request_var_expand(str, conn->set.base, auth_request, ldap_escape);
srequest->base = p_strdup(auth_request->pool, str_c(str));
str_truncate(str, 0);
- var_expand(str, conn->set.pass_filter, vars);
+ auth_request_var_expand(str, conn->set.pass_filter,
+ auth_request, ldap_escape);
srequest->filter = p_strdup(auth_request->pool, str_c(str));
srequest->attr_map = &conn->pass_attr_map;
srequest->attributes = conn->pass_attr_names;
@@ -325,18 +323,17 @@
(struct ldap_passdb_module *)_module;
struct ldap_connection *conn = module->conn;
struct ldap_request_search *srequest = &request->request.search;
More information about the dovecot-cvs
mailing list