auth-request-handler.c revision 657afb33796f8216c568ad813627da89970760be
/* Copyright (C) 2005 Timo Sirainen */
#include "common.h"
#include "ioloop.h"
#include "buffer.h"
#include "base64.h"
#include "hash.h"
#include "str.h"
#include "str-sanitize.h"
#include "auth-request.h"
#include "auth-request-handler.h"
#include <stdlib.h>
/* Used only for string sanitization. */
#define MAX_MECH_NAME_LEN 64
struct auth_request_handler {
int refcount;
struct hash_table *requests;
unsigned int connect_uid, client_pid;
void *context;
void *master_context;
};
static buffer_t *auth_failures_buf;
static struct timeout *to_auth_failures;
struct auth_request_handler *
unsigned int connect_uid, unsigned int client_pid,
void *master_context)
{
struct auth_request_handler *handler;
return handler;
}
{
struct hash_iterate_context *iter;
return;
/* notify parent that we're done with all requests */
}
{
struct hash_iterate_context *iter;
}
}
struct auth_request *request)
{
}
{
const char **fields;
return NULL;
/* we only wish to remove all fields prefixed with "userdb_" */
return request->extra_fields;
}
}
enum auth_client_result result,
{
const char *fields;
t_push();
switch (result) {
break;
if (reply_size > 0) {
}
}
/* this request doesn't have to wait for master
process to pick it up. delete it */
}
break;
if (request->internal_failure)
}
if (request->delayed_failure) {
/* we came here from flush_failures() */
break;
}
/* remove the request from requests-list */
if (request->no_failure_delay) {
/* passdb specifically requested not to delay the
reply. */
} else {
/* failure. don't announce it immediately to avoid
a) timing attacks, b) flooding */
}
break;
}
/* NOTE: request may be destroyed now */
t_pop();
}
struct auth_request *request,
const char *reason)
{
const char *reply;
}
const char *args)
{
struct mech_module *mech;
struct auth_request *request;
const void *initial_resp_data;
unsigned int id;
int valid_client_cert;
/* <id> <mechanism> [...] */
i_error("BUG: Authentication client %u "
return FALSE;
}
/* unsupported mechanism */
i_error("BUG: Authentication client %u requested unsupported "
return FALSE;
}
/* parse optional parameters */
initial_resp = NULL;
arg = "";
} else {
arg++;
}
initial_resp = arg;
}
i_error("BUG: Authentication client %u "
"didn't specify service in request",
return FALSE;
}
/* we fail without valid certificate */
"Client didn't present valid SSL certificate");
return TRUE;
}
if (initial_resp == NULL) {
initial_resp_len = 0;
} else {
"Invalid base64 data in initial response");
return TRUE;
}
}
/* handler is referenced until auth_callback is called. */
return TRUE;
}
const char *args)
{
struct auth_request *request;
const char *data;
unsigned int id;
i_error("BUG: Authentication client sent broken CONT request");
return FALSE;
}
return TRUE;
}
/* accept input only once after mechanism has sent a CONT reply */
if (!request->accept_input) {
"Unexpected continuation");
return TRUE;
}
"Invalid base64 data in continued response");
return TRUE;
}
/* handler is referenced until auth_callback is called. */
return TRUE;
}
{
const char *p;
if (p == NULL) {
} else {
/* wu-ftpd like <chroot>/./<home> */
}
}
{
"uid=%s gid=%s home=%s mail=%s",
}
else {
}
}
unsigned int id,
unsigned int client_id)
{
struct auth_request *request;
const char *reply;
i_error("Master request %u.%u not found",
return;
}
if (!request->successful) {
i_error("Master requested unfinished authentication request "
} else {
/* the request isn't being referenced anywhere anymore,
so we can do a bit of kludging.. replace the request's
old client_id with master's id. */
/* handler is referenced until userdb_callback is called. */
}
}
void auth_request_handlers_flush_failures(void)
{
struct auth_request **auth_request;
size /= sizeof(*auth_request);
for (i = 0; i < size; i++) {
}
}
{
}
void auth_request_handlers_init(void)
{
}
void auth_request_handlers_deinit(void)
{
}