dovecot: Added pass/userdb_register_module() functions and used ...

Mon Aug 6 23:43:33 EEST 2007

details:   http://hg.dovecot.org/dovecot/rev/7c81e6d848f6
changeset: 6187:7c81e6d848f6
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Aug 06 23:16:43 2007 +0300
description:
Added pass/userdb_register_module() functions and used them to register the
build-in functions instead of having a predefined array.

diffstat:

5 files changed, 385 insertions(+), 291 deletions(-)
src/auth/main.c   |    4 
src/auth/passdb.c |  353 +++++++++++++++++++++++++++++------------------------
src/auth/passdb.h |    6 
src/auth/userdb.c |  307 +++++++++++++++++++++++++---------------------
src/auth/userdb.h |    6 

diffs (truncated from 788 to 300 lines):

diff -r 9a3a7ad297cf -r 7c81e6d848f6 src/auth/main.c

--- a/src/auth/main.c	Mon Aug 06 22:48:48 2007 +0300
+++ b/src/auth/main.c	Mon Aug 06 23:16:43 2007 +0300
@@ -192,6 +192,8 @@ static void drop_privileges(void)
 
 	/* Initialize databases so their configuration files can be readable
 	   only by root. Also load all modules here. */
+	passdbs_init();
+	userdbs_init();
 	auth = auth_preinit();
         password_schemes_init();
 
@@ -284,6 +286,8 @@ static void main_deinit(void)
         auth_worker_server_deinit();
 	auth_master_listeners_deinit();
 	auth_deinit(&auth);
+	userdbs_deinit();
+	passdbs_deinit();
 	mech_deinit();
 
         password_schemes_deinit();
diff -r 9a3a7ad297cf -r 7c81e6d848f6 src/auth/passdb.c
--- a/src/auth/passdb.c	Mon Aug 06 22:48:48 2007 +0300
+++ b/src/auth/passdb.c	Mon Aug 06 23:16:43 2007 +0300
@@ -1,12 +1,188 @@
 /* Copyright (C) 2002-2003 Timo Sirainen */
 
 #include "common.h"
+#include "array.h"
 #include "auth-module.h"
 #include "password-scheme.h"
 #include "auth-worker-server.h"
 #include "passdb.h"
 
 #include <stdlib.h>
+
+static ARRAY_DEFINE(passdb_interfaces, struct passdb_module_interface *);
+
+static struct passdb_module_interface *passdb_interface_find(const char *name)
+{
+	struct passdb_module_interface *const *ifaces;
+	unsigned int i, count;
+
+	ifaces = array_get(&passdb_interfaces, &count);
+	for (i = 0; i < count; i++) {
+		if (strcmp(ifaces[i]->name, name) == 0)
+			return ifaces[i];
+	}
+	return NULL;
+}
+
+void passdb_register_module(struct passdb_module_interface *iface)
+{
+	if (passdb_interface_find(iface->name) != NULL) {
+		i_panic("passdb_register_module(%s): Already registered",
+			iface->name);
+	}
+	array_append(&passdb_interfaces, &iface, 1);
+}
+
+void passdb_unregister_module(struct passdb_module_interface *iface)
+{
+	struct passdb_module_interface *const *ifaces;
+	unsigned int i, count;
+
+	ifaces = array_get(&passdb_interfaces, &count);
+	for (i = 0; i < count; i++) {
+		if (ifaces[i] == iface) {
+			array_delete(&passdb_interfaces, i, 1);
+			return;
+		}
+	}
+	i_panic("passdb_unregister_module(%s): Not registered", iface->name);
+}
+
+bool passdb_get_credentials(struct auth_request *auth_request,
+			    const char *input, const char *input_scheme,
+			    const unsigned char **credentials_r, size_t *size_r)
+{
+	const char *wanted_scheme = auth_request->credentials_scheme;
+	const char *plaintext;
+	int ret;
+
+	ret = password_decode(input, input_scheme, credentials_r, size_r);
+	if (ret <= 0) {
+		if (ret < 0) {
+			auth_request_log_error(auth_request, "password",
+				"Invalid password format for scheme %s",
+				input_scheme);
+		} else {
+			auth_request_log_error(auth_request, "password",
+				"Unknown scheme %s", input_scheme);
+		}
+		return FALSE;
+	}
+
+	if (*wanted_scheme == '\0') {
+		/* anything goes. change the credentials_scheme to what we
+		   actually got, so blocking passdbs work. */
+		auth_request->credentials_scheme =
+			p_strdup(auth_request->pool, input_scheme);
+		return TRUE;
+	}
+
+	if (!password_scheme_is_alias(input_scheme, wanted_scheme)) {
+		if (!password_scheme_is_alias(input_scheme, "PLAIN")) {
+			auth_request_log_info(auth_request, "password",
+				"Requested %s scheme, but we have only %s",
+				wanted_scheme, input_scheme);
+			return FALSE;
+		}
+
+		/* we can generate anything out of plaintext passwords */
+		plaintext = t_strndup(*credentials_r, *size_r);
+		if (!password_generate(plaintext, auth_request->user,
+				       wanted_scheme, credentials_r, size_r)) {
+			auth_request_log_error(auth_request, "password",
+				"Requested unknown scheme %s", wanted_scheme);
+			return FALSE;
+		}
+	}
+
+	return TRUE;
+}
+
+void passdb_handle_credentials(enum passdb_result result,
+			       const char *password, const char *scheme,
+			       lookup_credentials_callback_t *callback,
+                               struct auth_request *auth_request)
+{
+	const unsigned char *credentials;
+	size_t size = 0;
+
+	if (result != PASSDB_RESULT_OK) {
+		callback(result, NULL, 0, auth_request);
+		return;
+	}
+
+	if (password == NULL ||
+	    !passdb_get_credentials(auth_request, password, scheme,
+				    &credentials, &size))
+		result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
+
+	callback(result, credentials, size, auth_request);
+}
+
+struct auth_passdb *passdb_preinit(struct auth *auth, const char *driver,
+				   const char *args, unsigned int id)
+{
+	struct passdb_module_interface *iface;
+        struct auth_passdb *auth_passdb;
+
+	if (args == NULL) args = "";
+
+	auth_passdb = p_new(auth->pool, struct auth_passdb, 1);
+	auth_passdb->auth = auth;
+        auth_passdb->args = p_strdup(auth->pool, args);
+        auth_passdb->id = id;
+
+	iface = passdb_interface_find(driver);
+#ifdef HAVE_MODULES
+	if (iface == NULL)
+		auth_passdb->module = auth_module_open(driver);
+	if (auth_passdb->module != NULL) {
+		iface = auth_module_sym(auth_passdb->module,
+					t_strconcat("passdb_", driver, NULL));
+	}
+#endif
+
+	if (iface == NULL) {
+		i_fatal("Unknown passdb driver '%s' "
+			"(typo, or Dovecot was built without support for it? "
+			"Check with dovecot --build-options)",
+			driver);
+	}
+
+	if (iface->preinit == NULL) {
+		auth_passdb->passdb =
+			p_new(auth->pool, struct passdb_module, 1);
+	} else {
+		auth_passdb->passdb =
+			iface->preinit(auth_passdb, auth_passdb->args);
+	}
+	auth_passdb->passdb->iface = *iface;
+	return auth_passdb;
+}
+
+void passdb_init(struct auth_passdb *passdb)
+{
+	if (passdb->passdb->iface.init != NULL)
+		passdb->passdb->iface.init(passdb->passdb, passdb->args);
+
+	i_assert(passdb->passdb->default_pass_scheme != NULL ||
+		 passdb->passdb->cache_key == NULL);
+
+	if (passdb->passdb->blocking && !worker) {
+		/* blocking passdb - we need an auth server */
+		auth_worker_server_init();
+	}
+}
+
+void passdb_deinit(struct auth_passdb *passdb)
+{
+	if (passdb->passdb->iface.deinit != NULL)
+		passdb->passdb->iface.deinit(passdb->passdb);
+#ifdef HAVE_MODULES
+	if (passdb->module != NULL)
+                auth_module_close(&passdb->module);
+#endif
+}
 
 extern struct passdb_module_interface passdb_passwd;
 extern struct passdb_module_interface passdb_bsdauth;
@@ -19,179 +195,42 @@ extern struct passdb_module_interface pa
 extern struct passdb_module_interface passdb_sql;
 extern struct passdb_module_interface passdb_sia;
 
-struct passdb_module_interface *passdb_interfaces[] = {
+void passdbs_init(void)
+{
+	i_array_init(&passdb_interfaces, 16);
 #ifdef PASSDB_PASSWD
-	&passdb_passwd,
+	passdb_register_module(&passdb_passwd);
 #endif
 #ifdef PASSDB_BSDAUTH
-	&passdb_bsdauth,
+	passdb_register_module(&passdb_bsdauth);
 #endif
 #ifdef PASSDB_PASSWD_FILE
-	&passdb_passwd_file,
+	passdb_register_module(&passdb_passwd_file);
 #endif
 #ifdef PASSDB_PAM
-	&passdb_pam,
+	passdb_register_module(&passdb_pam);
 #endif
 #ifdef PASSDB_CHECKPASSWORD
-	&passdb_checkpassword,
+	passdb_register_module(&passdb_checkpassword);
 #endif
 #ifdef PASSDB_SHADOW
-	&passdb_shadow,
+	passdb_register_module(&passdb_shadow);
 #endif
 #ifdef PASSDB_VPOPMAIL
-	&passdb_vpopmail,
+	passdb_register_module(&passdb_vpopmail);
 #endif
 #ifdef PASSDB_LDAP
-	&passdb_ldap,
+	passdb_register_module(&passdb_ldap);
 #endif
 #ifdef PASSDB_SQL
-	&passdb_sql,
+	passdb_register_module(&passdb_sql);
 #endif
 #ifdef PASSDB_SIA
-	&passdb_sia,
-#endif
-	NULL
-};
-
-bool passdb_get_credentials(struct auth_request *auth_request,
-			    const char *input, const char *input_scheme,
-			    const unsigned char **credentials_r, size_t *size_r)
-{
-	const char *wanted_scheme = auth_request->credentials_scheme;
-	const char *plaintext;
-	int ret;
-
-	ret = password_decode(input, input_scheme, credentials_r, size_r);
-	if (ret <= 0) {
-		if (ret < 0) {
-			auth_request_log_error(auth_request, "password",
-				"Invalid password format for scheme %s",
-				input_scheme);
-		} else {
-			auth_request_log_error(auth_request, "password",
-				"Unknown scheme %s", input_scheme);
-		}
-		return FALSE;
-	}
-
-	if (*wanted_scheme == '\0') {
-		/* anything goes. change the credentials_scheme to what we
-		   actually got, so blocking passdbs work. */
-		auth_request->credentials_scheme =
-			p_strdup(auth_request->pool, input_scheme);
-		return TRUE;
-	}
-
-	if (!password_scheme_is_alias(input_scheme, wanted_scheme)) {
-		if (!password_scheme_is_alias(input_scheme, "PLAIN")) {
-			auth_request_log_info(auth_request, "password",
-				"Requested %s scheme, but we have only %s",
-				wanted_scheme, input_scheme);
-			return FALSE;
-		}
-
