Cross Reference: /dovecot/src/auth/auth-request-handler.c
auth-request-handler.c revision ba00293b85c7fb4e7a2d100991c716e17b9daaae
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
657afb33796f8216c568ad813627da89970760beTimo Sirainen/* Copyright (C) 2005 Timo Sirainen */
657afb33796f8216c568ad813627da89970760beTimo Sirainen
657afb33796f8216c568ad813627da89970760beTimo Sirainen#include "common.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "ioloop.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "buffer.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "base64.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "hash.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "str.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "str-sanitize.h"
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include "auth-request.h"
ecb1b2d6236942bf82f822e8d0167f0e160b206dTimo Sirainen#include "auth-master-connection.h"
657afb33796f8216c568ad813627da89970760beTimo Sirainen#include "auth-request-handler.h"
657afb33796f8216c568ad813627da89970760beTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen#include <stdlib.h>
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenstruct auth_request_handler {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen int refcount;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen pool_t pool;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct hash_table *requests;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth *auth;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen unsigned int connect_uid, client_pid;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_callback_t *callback;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen void *context;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_callback_t *master_callback;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen};
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenstatic buffer_t *auth_failures_buf;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenstatic struct timeout *to_auth_failures;
657afb33796f8216c568ad813627da89970760beTimo Sirainen
59151b71059df1190acd75d8717ed04a7920c862Timo Sirainen#undef auth_request_handler_create
657afb33796f8216c568ad813627da89970760beTimo Sirainenstruct auth_request_handler *
9b62bbaf33d4516b5dffb36c3ea32ce217e7fbb1Timo Sirainenauth_request_handler_create(struct auth *auth,
657afb33796f8216c568ad813627da89970760beTimo Sirainen auth_request_callback_t *callback, void *context,
ad49932dae8ba31e07544b66bbc4f4de707a751cTimo Sirainen auth_request_callback_t *master_callback)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request_handler *handler;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen pool_t pool;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen pool = pool_alloconly_create("auth request handler", 4096);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler = p_new(pool, struct auth_request_handler, 1);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->refcount = 1;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->pool = pool;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->requests = hash_create(default_pool, pool, 0, NULL, NULL);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->auth = auth;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback = callback;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->context = context;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->master_callback = master_callback;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return handler;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen}
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainenvoid auth_request_handler_unref(struct auth_request_handler **_handler)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen{
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen struct auth_request_handler *handler = *_handler;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct hash_iterate_context *iter;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen void *key, *value;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen *_handler = NULL;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen i_assert(handler->refcount > 0);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (--handler->refcount > 0)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen iter = hash_iterate_init(handler->requests);
b1e6ea3323b4d753909f79226a8a98d854f819faTimo Sirainen while (hash_iterate(iter, &key, &value)) {
b1e6ea3323b4d753909f79226a8a98d854f819faTimo Sirainen struct auth_request *auth_request = value;
b1e6ea3323b4d753909f79226a8a98d854f819faTimo Sirainen
b1e6ea3323b4d753909f79226a8a98d854f819faTimo Sirainen auth_request_unref(&auth_request);
b1e6ea3323b4d753909f79226a8a98d854f819faTimo Sirainen }
ba00293b85c7fb4e7a2d100991c716e17b9daaaeTimo Sirainen hash_iterate_deinit(&iter);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* notify parent that we're done with all requests */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback(NULL, handler->context);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
ba00293b85c7fb4e7a2d100991c716e17b9daaaeTimo Sirainen hash_destroy(&handler->requests);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen pool_unref(handler->pool);
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
70905e51a5148bd5613cb04720807177474a2496Timo Sirainenvoid auth_request_handler_set(struct auth_request_handler *handler,
70905e51a5148bd5613cb04720807177474a2496Timo Sirainen unsigned int connect_uid,
70905e51a5148bd5613cb04720807177474a2496Timo Sirainen unsigned int client_pid)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->connect_uid = connect_uid;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->client_pid = client_pid;
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenstatic void auth_request_handler_remove(struct auth_request_handler *handler,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request *request)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen hash_remove(handler->requests, POINTER_CAST(request->id));
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen auth_request_unref(&request);
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
70905e51a5148bd5613cb04720807177474a2496Timo Sirainenvoid auth_request_handler_check_timeouts(struct auth_request_handler *handler)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct hash_iterate_context *iter;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen void *key, *value;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen iter = hash_iterate_init(handler->requests);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen while (hash_iterate(iter, &key, &value)) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request *request = value;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
fda2c460c58f50bf035680187be606542a8c1dacTimo Sirainen if (request->last_access + AUTH_REQUEST_TIMEOUT < ioloop_time)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_remove(handler, request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
ba00293b85c7fb4e7a2d100991c716e17b9daaaeTimo Sirainen hash_iterate_deinit(&iter);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen}
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenstatic const char *get_client_extra_fields(struct auth_request *request)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen{
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen string_t *str;
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen const char **fields, *extra_fields;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen unsigned int src, dest;
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen bool seen_pass = FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
bbf81c8fc6f21382707673dc6bd7b87ffc27981bTimo Sirainen if (auth_stream_is_empty(request->extra_fields))
bbf81c8fc6f21382707673dc6bd7b87ffc27981bTimo Sirainen return NULL;
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen
bbf81c8fc6f21382707673dc6bd7b87ffc27981bTimo Sirainen extra_fields = auth_stream_reply_export(request->extra_fields);
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen
bbf81c8fc6f21382707673dc6bd7b87ffc27981bTimo Sirainen if (!request->proxy) {
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen /* we only wish to remove all fields prefixed with "userdb_" */
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen if (strstr(extra_fields, "userdb_") == NULL)
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen return extra_fields;
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen str = t_str_new(128);
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen fields = t_strsplit(extra_fields, "\t");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen for (src = dest = 0; fields[src] != NULL; src++) {
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen if (strncmp(fields[src], "userdb_", 7) != 0) {
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen if (str_len(str) > 0)
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen str_append_c(str, '\t');
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen if (!seen_pass && strncmp(fields[src], "pass=", 5) == 0)
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen seen_pass = TRUE;
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen str_append(str, fields[src]);
1e0bdb2d0fa7bbd0a0a254754680f6c6d0195333Timo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen if (request->proxy && !seen_pass && request->mech_password != NULL) {
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen /* we're proxying - send back the password that was
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen sent by user (not the password in passdb). */
52d3cbc21e8fe482b9b8c832f3921824a7aa6ebeTimo Sirainen str_printfa(str, "\tpass=%s", request->mech_password);
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen }
662a9000b1788f1cdf765e6b1c89df9a42cc3e32Timo Sirainen
8e176dbc6e220c4658afdcc17b097dab83b0d014Timo Sirainen return str_len(str) == 0 ? NULL : str_c(str);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen}
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenstatic void auth_callback(struct auth_request *request,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen enum auth_client_result result,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen const void *reply, size_t reply_size)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request_handler *handler = request->context;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen string_t *str;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen const char *fields;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen t_push();
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str = t_str_new(128 + MAX_BASE64_ENCODED_SIZE(reply_size));
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen switch (result) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen case AUTH_CLIENT_RESULT_CONTINUE:
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(str, "CONT\t%u\t", request->id);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen base64_encode(reply, reply_size, str);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->accept_input = TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback(str_c(str), handler->context);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen break;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen case AUTH_CLIENT_RESULT_SUCCESS:
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(str, "OK\t%u\tuser=%s", request->id, request->user);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (reply_size > 0) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_append(str, "\tresp=");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen base64_encode(reply, reply_size, str);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen fields = get_client_extra_fields(request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (fields != NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_append_c(str, '\t');
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_append(str, fields);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request->no_login || handler->master_callback == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* this request doesn't have to wait for master
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen process to pick it up. delete it */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_remove(handler, request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback(str_c(str), handler->context);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen break;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen case AUTH_CLIENT_RESULT_FAILURE:
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(str, "FAIL\t%u", request->id);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request->user != NULL)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(str, "\tuser=%s", request->user);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request->internal_failure)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_append(str, "\ttemp");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen fields = get_client_extra_fields(request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (fields != NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_append_c(str, '\t');
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_append(str, fields);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request->delayed_failure) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* we came here from flush_failures() */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback(str_c(str), handler->context);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen break;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* remove the request from requests-list */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_ref(request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_remove(handler, request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request->no_failure_delay) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* passdb specifically requested not to delay the
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen reply. */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback(str_c(str), handler->context);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen auth_request_unref(&request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen } else {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* failure. don't announce it immediately to avoid
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen a) timing attacks, b) flooding */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->delayed_failure = TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->refcount++;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen buffer_append(auth_failures_buf,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen &request, sizeof(request));
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen break;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* NOTE: request may be destroyed now */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen auth_request_handler_unref(&handler);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen t_pop();
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen}
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenstatic void auth_request_handler_auth_fail(struct auth_request_handler *handler,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request *request,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen const char *reason)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen string_t *reply = t_str_new(64);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_log_info(request, request->mech->mech_name, "%s", reason);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(reply, "FAIL\t%u\treason=%s", request->id, reason);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback(str_c(reply), handler->context);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_remove(handler, request);
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool auth_request_handler_auth_begin(struct auth_request_handler *handler,
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen const char *args)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
7242e1ce7803b83bc82e239ef111b47c1c72dd4bAndrey Panin const struct mech_module *mech;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request *request;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen const char *const *list, *name, *arg, *initial_resp;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen const void *initial_resp_data;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen size_t initial_resp_len;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen unsigned int id;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen buffer_t *buf;
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen bool valid_client_cert;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* <id> <mechanism> [...] */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen list = t_strsplit(args, "\t");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (list[0] == NULL || list[1] == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen i_error("BUG: Authentication client %u "
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "sent broken AUTH request", handler->client_pid);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen id = (unsigned int)strtoul(list[0], NULL, 10);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen mech = mech_module_find(list[1]);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (mech == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* unsupported mechanism */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen i_error("BUG: Authentication client %u requested unsupported "
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "authentication mechanism %s", handler->client_pid,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_sanitize(list[1], MAX_MECH_NAME_LEN));
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request = auth_request_new(handler->auth, mech, auth_callback, handler);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->connect_uid = handler->connect_uid;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->client_pid = handler->client_pid;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->id = id;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* parse optional parameters */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen initial_resp = NULL;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen valid_client_cert = FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen for (list += 2; *list != NULL; list++) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen arg = strchr(*list, '=');
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (arg == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen name = *list;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen arg = "";
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen } else {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen name = t_strdup_until(*list, arg);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen arg++;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
70c181da837ed85fc5b0426c010b65609bda5329Timo Sirainen if (auth_request_import(request, name, arg))
70c181da837ed85fc5b0426c010b65609bda5329Timo Sirainen ;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen else if (strcmp(name, "valid-client-cert") == 0)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen valid_client_cert = TRUE;
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen else if (strcmp(name, "resp") == 0) {
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen initial_resp = arg;
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen /* this must be the last parameter */
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen list++;
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen break;
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen }
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen }
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen if (*list != NULL) {
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen i_error("BUG: Authentication client %u "
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen "sent AUTH parameters after 'resp'",
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen handler->client_pid);
382c7aec3e3449ed8271c2a202b67cefaa31dc8eTimo Sirainen return FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request->service == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen i_error("BUG: Authentication client %u "
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "didn't specify service in request",
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->client_pid);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen hash_insert(handler->requests, POINTER_CAST(id), request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request->auth->ssl_require_client_cert && !valid_client_cert) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* we fail without valid certificate */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_auth_fail(handler, request,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "Client didn't present valid SSL certificate");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (initial_resp == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen initial_resp_data = NULL;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen initial_resp_len = 0;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen } else {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen size_t len = strlen(initial_resp);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen buf = buffer_create_dynamic(pool_datastack_create(),
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen MAX_BASE64_DECODED_SIZE(len));
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (base64_decode(initial_resp, len, NULL, buf) < 0) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_auth_fail(handler, request,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "Invalid base64 data in initial response");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen initial_resp_data = buf->data;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen initial_resp_len = buf->used;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* handler is referenced until auth_callback is called. */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->refcount++;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_initial(request, initial_resp_data, initial_resp_len);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return TRUE;
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainenbool auth_request_handler_auth_continue(struct auth_request_handler *handler,
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen const char *args)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request *request;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen const char *data;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen size_t data_len;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen buffer_t *buf;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen unsigned int id;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen data = strchr(args, '\t');
ccb77e2f63626ec46e5745ef4f38baa8e8e504fcTimo Sirainen if (data == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen i_error("BUG: Authentication client sent broken CONT request");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
ccb77e2f63626ec46e5745ef4f38baa8e8e504fcTimo Sirainen data++;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen id = (unsigned int)strtoul(args, NULL, 10);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request = hash_lookup(handler->requests, POINTER_CAST(id));
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen string_t *reply = t_str_new(64);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(reply, "FAIL\t%u\treason=Timeouted", id);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->callback(str_c(reply), handler->context);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* accept input only once after mechanism has sent a CONT reply */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (!request->accept_input) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_auth_fail(handler, request,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "Unexpected continuation");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->accept_input = FALSE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen data_len = strlen(data);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen buf = buffer_create_dynamic(pool_datastack_create(),
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen MAX_BASE64_DECODED_SIZE(data_len));
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (base64_decode(data, data_len, NULL, buf) < 0) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_auth_fail(handler, request,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "Invalid base64 data in continued response");
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* handler is referenced until auth_callback is called. */
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->refcount++;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_continue(request, buf->data, buf->used);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return TRUE;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen}
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainenstatic void userdb_callback(enum userdb_result result,
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen struct auth_request *request)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request_handler *handler = request->context;
6fabfb7bbfd88d0c1de66981e52850f26067623bTimo Sirainen struct auth_stream_reply *reply = request->userdb_reply;
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen string_t *str;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen i_assert(request->state == AUTH_REQUEST_STATE_USERDB);
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen request->state = AUTH_REQUEST_STATE_FINISHED;
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen
6fabfb7bbfd88d0c1de66981e52850f26067623bTimo Sirainen if (request->userdb_lookup_failed)
6fabfb7bbfd88d0c1de66981e52850f26067623bTimo Sirainen result = USERDB_RESULT_INTERNAL_FAILURE;
6fabfb7bbfd88d0c1de66981e52850f26067623bTimo Sirainen
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen str = t_str_new(256);
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen switch (result) {
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen case USERDB_RESULT_INTERNAL_FAILURE:
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen str_printfa(str, "FAIL\t%u", request->id);
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen break;
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen case USERDB_RESULT_USER_UNKNOWN:
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen str_printfa(str, "NOTFOUND\t%u", request->id);
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen break;
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen case USERDB_RESULT_OK:
7e078be0d6f12ca56860641d36e3c517e3046895Timo Sirainen if (request->master_user != NULL) {
7e078be0d6f12ca56860641d36e3c517e3046895Timo Sirainen auth_stream_reply_add(reply, "master_user",
7e078be0d6f12ca56860641d36e3c517e3046895Timo Sirainen request->master_user);
7e078be0d6f12ca56860641d36e3c517e3046895Timo Sirainen }
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen str_printfa(str, "USER\t%u\t", request->id);
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen str_append(str, auth_stream_reply_export(reply));
0f39a57760d93cddbce3ca43096d78e0fe2f42fdTimo Sirainen break;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen handler->master_callback(str_c(str), request->master);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
ecb1b2d6236942bf82f822e8d0167f0e160b206dTimo Sirainen auth_master_connection_unref(&request->master);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen auth_request_unref(&request);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen auth_request_handler_unref(&handler);
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
657afb33796f8216c568ad813627da89970760beTimo Sirainenvoid auth_request_handler_master_request(struct auth_request_handler *handler,
ad49932dae8ba31e07544b66bbc4f4de707a751cTimo Sirainen struct auth_master_connection *master,
657afb33796f8216c568ad813627da89970760beTimo Sirainen unsigned int id,
657afb33796f8216c568ad813627da89970760beTimo Sirainen unsigned int client_id)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request *request;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen string_t *reply;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen reply = t_str_new(64);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request = hash_lookup(handler->requests, POINTER_CAST(client_id));
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen if (request == NULL) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen i_error("Master request %u.%u not found",
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->client_pid, client_id);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(reply, "NOTFOUND\t%u", id);
ad49932dae8ba31e07544b66bbc4f4de707a751cTimo Sirainen handler->master_callback(str_c(reply), master);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen return;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_ref(request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_remove(handler, request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen if (request->state != AUTH_REQUEST_STATE_FINISHED ||
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen !request->successful) {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen i_error("Master requested unfinished authentication request "
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen "%u.%u", handler->client_pid, client_id);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen str_printfa(reply, "NOTFOUND\t%u", id);
ad49932dae8ba31e07544b66bbc4f4de707a751cTimo Sirainen handler->master_callback(str_c(reply), master);
0a8ec3c561c26c492a50511692650ea302cc8c14Timo Sirainen auth_request_unref(&request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen } else {
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen /* the request isn't being referenced anywhere anymore,
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen so we can do a bit of kludging.. replace the request's
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen old client_id with master's id. */
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen request->state = AUTH_REQUEST_STATE_USERDB;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->id = id;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen request->context = handler;
ad49932dae8ba31e07544b66bbc4f4de707a751cTimo Sirainen request->master = master;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
ecb1b2d6236942bf82f822e8d0167f0e160b206dTimo Sirainen /* master and handler are referenced until userdb_callback i
ecb1b2d6236942bf82f822e8d0167f0e160b206dTimo Sirainen s called. */
ecb1b2d6236942bf82f822e8d0167f0e160b206dTimo Sirainen auth_master_connection_ref(master);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen handler->refcount++;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_lookup_user(request, userdb_callback);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenvoid auth_request_handler_flush_failures(void)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen struct auth_request **auth_request;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen size_t i, size;
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen auth_request = buffer_get_modifiable_data(auth_failures_buf, &size);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen size /= sizeof(*auth_request);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen for (i = 0; i < size; i++) {
615c4aba4cc0b17eefba3263b85972adaba04586Timo Sirainen i_assert(auth_request[i]->state == AUTH_REQUEST_STATE_FINISHED);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request[i]->callback(auth_request[i],
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen AUTH_CLIENT_RESULT_FAILURE, NULL, 0);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen auth_request_unref(&auth_request[i]);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen }
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen buffer_set_used_size(auth_failures_buf, 0);
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainenstatic void auth_failure_timeout(void *context ATTR_UNUSED)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_request_handler_flush_failures();
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenvoid auth_request_handler_init(void)
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen{
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen auth_failures_buf = buffer_create_dynamic(default_pool, 1024);
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainen to_auth_failures = timeout_add(2000, auth_failure_timeout, NULL);
657afb33796f8216c568ad813627da89970760beTimo Sirainen}
657afb33796f8216c568ad813627da89970760beTimo Sirainen
66d2db642fe24d555d113ba463e446b038d476efTimo Sirainenvoid auth_request_handler_deinit(void)
657afb33796f8216c568ad813627da89970760beTimo Sirainen{
ecb1b2d6236942bf82f822e8d0167f0e160b206dTimo Sirainen auth_request_handler_flush_failures();
0f66f12eb4cdbf47670975044c88d8f388bf92dfTimo Sirainen buffer_free(&auth_failures_buf);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen timeout_remove(&to_auth_failures);
657afb33796f8216c568ad813627da89970760beTimo Sirainen}