[dovecot-cvs] dovecot/src/auth db-ldap.c,1.14,1.15 db-pgsql.c,1.1,1.2 db-pgsql.h,1.1,1.2 mech-digest-md5.c,1.11,1.12 mech-plain.c,1.11,1.12 mech.c,1.9,1.10 mech.h,1.7,1.8 passdb-pgsql.c,1.1,1.2 userdb-pgsql.c,1.1,1.2
cras at procontrol.fi
cras at procontrol.fi
Wed Apr 2 06:09:43 EEST 2003
- Previous message: [dovecot-cvs] dovecot/src/master auth-process.c,1.40,1.41 master-settings.c,1.15,1.16 master-settings.h,1.9,1.10
- Next message: [dovecot-cvs] dovecot/src/auth md5crypt.c,1.1,1.2 md5crypt.h,1.1,1.2 password-scheme.c,1.2,1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/dovecot/src/auth
In directory danu:/tmp/cvs-serv15194/src/auth
Modified Files:
db-ldap.c db-pgsql.c db-pgsql.h mech-digest-md5.c mech-plain.c
mech.c mech.h passdb-pgsql.c userdb-pgsql.c
Log Message:
Moved auth_username_chars from db-pgsql to generic for all. Some other
auth code cleanups.
Index: db-ldap.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-ldap.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- db-ldap.c 6 Mar 2003 21:45:16 -0000 1.14
+++ db-ldap.c 2 Apr 2003 02:09:41 -0000 1.15
@@ -266,27 +266,31 @@
}
}
+#define IS_LDAP_ESCAPED_CHAR(c) \
+ ((c) == '*' || (c) == '(' || (c) == ')' || (c) == '\\')
+
const char *ldap_escape(const char *str)
{
- string_t *s;
const char *p;
+ string_t *ret;
for (p = str; *p != '\0'; p++) {
- if (strchr("*()\\", *p) != NULL)
+ if (IS_LDAP_ESCAPED_CHAR(*p))
break;
}
if (*p == '\0')
return str;
- s = t_str_new(64);
- str_append_n(s, str, (size_t) (p-str));
+ ret = t_str_new((size_t) (p - str) + 64);
+ str_append_n(ret, str, (size_t) (p - str));
+
for (; *p != '\0'; p++) {
- if (strchr("*()\\", *p) != NULL)
- str_append_c(s, '\\');
- str_append_c(s, *p);
+ if (IS_LDAP_ESCAPED_CHAR(*p))
+ str_append_c(ret, '\\');
+ str_append_c(ret, *p);
}
- return str_c(s);
+ return str_c(ret);
}
static const char *parse_setting(const char *key, const char *value,
Index: db-pgsql.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-pgsql.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- db-pgsql.c 14 Mar 2003 19:28:59 -0000 1.1
+++ db-pgsql.c 2 Apr 2003 02:09:41 -0000 1.2
@@ -19,7 +19,6 @@
DEF(SET_STR, connect),
DEF(SET_STR, password_query),
DEF(SET_STR, user_query),
- DEF(SET_STR, allowed_chars),
DEF(SET_STR, default_pass_scheme)
};
@@ -27,7 +26,6 @@
MEMBER(connect) "dbname=virtual user=virtual",
MEMBER(password_query) "SELECT password FROM users WHERE userid = '%u'",
MEMBER(user_query) "SELECT home, uid, gid FROM users WHERE userid = '%u'",
- MEMBER(allowed_chars) "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-@",
MEMBER(default_pass_scheme) "PLAIN-MD5"
};
@@ -35,19 +33,6 @@
static int pgsql_conn_open(struct pgsql_connection *conn);
static void pgsql_conn_close(struct pgsql_connection *conn);
-
-int db_pgsql_is_valid_username(struct pgsql_connection *conn,
- const char *username)
-{
- const char *p;
-
- for (p = username; *p != '\0'; p++) {
- if (strchr(conn->set.allowed_chars, *p) == NULL)
- return FALSE;
- }
-
- return TRUE;
-}
void db_pgsql_query(struct pgsql_connection *conn, const char *query,
struct pgsql_request *request)
Index: db-pgsql.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/db-pgsql.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- db-pgsql.h 14 Mar 2003 19:28:59 -0000 1.1
+++ db-pgsql.h 2 Apr 2003 02:09:41 -0000 1.2
@@ -37,9 +37,6 @@
void *context;
};
-int db_pgsql_is_valid_username(struct pgsql_connection *conn,
- const char *username);
-
void db_pgsql_query(struct pgsql_connection *conn, const char *query,
struct pgsql_request *request);
Index: mech-digest-md5.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech-digest-md5.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- mech-digest-md5.c 2 Apr 2003 01:00:04 -0000 1.11
+++ mech-digest-md5.c 2 Apr 2003 02:09:41 -0000 1.12
@@ -578,16 +578,22 @@
realm, NULL);
}
- passdb->lookup_credentials(&auth->auth_request,
- PASSDB_CREDENTIALS_DIGEST_MD5,
- credentials_callback);
- return TRUE;
+ if (mech_is_valid_username(auth_request->user)) {
+ passdb->lookup_credentials(&auth->auth_request,
+ PASSDB_CREDENTIALS_DIGEST_MD5,
+ credentials_callback);
+ return TRUE;
+ }
+
+ error = "invalid username";
}
if (error == NULL)
error = "Authentication failed";
- else if (verbose)
- i_info("digest-md5: %s", error);
+ else if (verbose) {
+ i_info("digest-md5(%s): %s",
+ auth->username == NULL ? "" : auth->username, error);
+ }
/* failed */
reply.result = AUTH_LOGIN_RESULT_FAILURE;
Index: mech-plain.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech-plain.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- mech-plain.c 2 Apr 2003 01:00:04 -0000 1.11
+++ mech-plain.c 2 Apr 2003 02:09:41 -0000 1.12
@@ -44,6 +44,8 @@
if (authenid == NULL) {
/* invalid input */
+ if (verbose)
+ i_info("mech-plain: no username given");
mech_auth_finish(auth_request, NULL, 0, FALSE);
} else {
/* split and save user/realm */
@@ -56,7 +58,17 @@
authenid);
}
- passdb->verify_plain(auth_request, pass, verify_callback);
+ if (!mech_is_valid_username(auth_request->user)) {
+ /* invalid username */
+ if (verbose) {
+ i_info("mech-plain(%s): invalid username",
+ auth_request->user);
+ }
+ mech_auth_finish(auth_request, NULL, 0, FALSE);
+ } else {
+ passdb->verify_plain(auth_request, pass,
+ verify_callback);
+ }
/* make sure it's cleared */
safe_memset(pass, 0, strlen(pass));
Index: mech.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- mech.c 2 Apr 2003 01:00:04 -0000 1.9
+++ mech.c 2 Apr 2003 02:09:41 -0000 1.10
@@ -18,6 +18,7 @@
enum auth_mech auth_mechanisms;
const char *const *auth_realms;
const char *default_realm;
+char username_chars[256];
static int set_use_cyrus_sasl;
static struct mech_module_list *mech_modules;
@@ -186,6 +187,18 @@
}
}
+int mech_is_valid_username(const char *username)
+{
+ const unsigned char *p;
+
+ for (p = (const unsigned char *)username; *p != '\0'; p++) {
+ if (username_chars[*p & 0xff] == 0)
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
extern struct mech_module mech_plain;
extern struct mech_module mech_digest_md5;
@@ -233,6 +246,16 @@
default_realm = getenv("DEFAULT_REALM");
if (default_realm != NULL && *default_realm == '\0')
default_realm = NULL;
+
+ env = getenv("USERNAME_CHARS");
+ if (env == NULL || *env == '\0') {
+ /* all chars are allowed */
+ memset(username_chars, 0xff, sizeof(username_chars));
+ } else {
+ memset(username_chars, 0, sizeof(username_chars));
+ for (; *env != '\0'; env++)
+ username_chars[((unsigned char)*env) & 0xff] = 0xff;
+ }
set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL;
Index: mech.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- mech.h 2 Apr 2003 01:00:04 -0000 1.7
+++ mech.h 2 Apr 2003 02:09:41 -0000 1.8
@@ -38,6 +38,7 @@
extern enum auth_mech auth_mechanisms;
extern const char *const *auth_realms;
extern const char *default_realm;
+extern char username_chars[256];
void mech_register_module(struct mech_module *module);
void mech_unregister_module(struct mech_module *module);
@@ -58,6 +59,8 @@
const void *data, size_t data_size);
void mech_auth_finish(struct auth_request *auth_request,
const void *data, size_t data_size, int success);
+
+int mech_is_valid_username(const char *username);
void mech_cyrus_sasl_init_lib(void);
struct auth_request *mech_cyrus_sasl_new(struct login_connection *conn,
Index: passdb-pgsql.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb-pgsql.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- passdb-pgsql.c 14 Mar 2003 19:28:59 -0000 1.1
+++ passdb-pgsql.c 2 Apr 2003 02:09:41 -0000 1.2
@@ -7,6 +7,7 @@
#include "common.h"
#include "str.h"
+#include "strescape.h"
#include "var-expand.h"
#include "password-scheme.h"
#include "db-pgsql.h"
@@ -103,21 +104,14 @@
string_t *str;
str = t_str_new(512);
- var_expand(str, conn->set.password_query, auth_request->user, NULL);
+ var_expand(str, conn->set.password_query,
+ str_escape(auth_request->user), NULL);
query = str_c(str);
pgsql_request->callback = pgsql_handle_request;
pgsql_request->context = auth_request;
- if (db_pgsql_is_valid_username(conn, auth_request->user))
- db_pgsql_query(conn, query, pgsql_request);
- else {
- if (verbose) {
- i_error("pgsql(%s): Invalid username",
- auth_request->user);
- }
- pgsql_handle_request(conn, pgsql_request, NULL);
- }
+ db_pgsql_query(conn, query, pgsql_request);
}
static void
Index: userdb-pgsql.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/userdb-pgsql.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- userdb-pgsql.c 14 Mar 2003 19:28:59 -0000 1.1
+++ userdb-pgsql.c 2 Apr 2003 02:09:41 -0000 1.2
@@ -7,6 +7,7 @@
#include "common.h"
#include "str.h"
+#include "strescape.h"
#include "var-expand.h"
#include "db-pgsql.h"
#include "userdb.h"
@@ -84,7 +85,7 @@
string_t *str;
str = t_str_new(512);
- var_expand(str, conn->set.user_query, user, NULL);
+ var_expand(str, conn->set.user_query, str_escape(user), NULL);
query = str_c(str);
request = i_new(struct userdb_pgsql_request, 1);
@@ -92,13 +93,7 @@
request->request.context = context;
request->userdb_callback = callback;
- if (db_pgsql_is_valid_username(conn, user))
- db_pgsql_query(conn, query, &request->request);
- else {
- if (verbose)
- i_info("pgsql(%s): Invalid username", user);
- pgsql_handle_request(conn, &request->request, NULL);
- }
+ db_pgsql_query(conn, query, &request->request);
}
static void userdb_pgsql_init(const char *args)
- Previous message: [dovecot-cvs] dovecot/src/master auth-process.c,1.40,1.41 master-settings.c,1.15,1.16 master-settings.h,1.9,1.10
- Next message: [dovecot-cvs] dovecot/src/auth md5crypt.c,1.1,1.2 md5crypt.h,1.1,1.2 password-scheme.c,1.2,1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list