bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/* Copyright (c) 2005-2018 Dovecot authors, see the included COPYING file */
d477acb83e14a776ece4ca94dcd1869e75d0c6eeTimo Sirainenstatic bool auth_settings_check(void *_set, pool_t pool, const char **error_r);
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainenstatic bool auth_passdb_settings_check(void *_set, pool_t pool, const char **error_r);
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainenstatic bool auth_userdb_settings_check(void *_set, pool_t pool, const char **error_r);
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen/* <settings checks> */
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainenstatic struct file_listener_settings auth_unix_listeners_array[] = {
bbadd5331f534017cf62d5183003b3d9fdad079eTimo Sirainen { "auth-login", 0600, "$default_internal_user", "" },
6523f54d1521edf894880f2d45e75cef5dd31c3dTimo Sirainen { "auth-client", 0600, "$default_internal_user", "" },
72f5f2c5c6905b5d3f389b424313e2c450dfad96Timo Sirainen { "auth-userdb", 0666, "$default_internal_user", "" },
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainenstatic struct file_listener_settings *auth_unix_listeners[] = {
da7f1a07f583df8905684a7b78469960afd7c78dPhil Carmody auth_unix_listeners, sizeof(auth_unix_listeners), { NULL, }
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen/* </settings checks> */
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainenstruct service_settings auth_service_settings = {
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .unix_listeners = { { &auth_unix_listeners_buf,
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen/* <settings checks> */
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainenstatic struct file_listener_settings auth_worker_unix_listeners_array[] = {
635df5b4cbcd7b24c825e01d9dd66d3a4274c4c7Timo Sirainen { "auth-worker", 0600, "$default_internal_user", "" }
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainenstatic struct file_listener_settings *auth_worker_unix_listeners[] = {
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainenstatic buffer_t auth_worker_unix_listeners_buf = {
da7f1a07f583df8905684a7b78469960afd7c78dPhil Carmody auth_worker_unix_listeners, sizeof(auth_worker_unix_listeners), { NULL, }
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainen/* </settings checks> */
9f0f2de10e4ea0c99052bf4b2bef8179f2536228Timo Sirainenstruct service_settings auth_worker_service_settings = {
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .unix_listeners = { { &auth_worker_unix_listeners_buf,
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { type, #name, offsetof(struct auth_passdb_settings, name), NULL }
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainenstatic const struct setting_define auth_passdb_setting_defines[] = {
1b823b2b7790a1e1b7974fcf11a4c48a28e70f37Timo Sirainenstatic const struct auth_passdb_settings auth_passdb_default_settings = {
559f278a4c54d9fa7e0f2e96ebceda30562f9009Timo Sirainen .skip = "never:authenticated:unauthenticated",
559f278a4c54d9fa7e0f2e96ebceda30562f9009Timo Sirainen .result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail",
559f278a4c54d9fa7e0f2e96ebceda30562f9009Timo Sirainen .result_failure = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
559f278a4c54d9fa7e0f2e96ebceda30562f9009Timo Sirainen .result_internalfail = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainenconst struct setting_parser_info auth_passdb_setting_parser_info = {
544a727de8ab0e6c55cab18a7ee475fffdf5eff3Timo Sirainen .type_offset = offsetof(struct auth_passdb_settings, name),
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .struct_size = sizeof(struct auth_passdb_settings),
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { type, #name, offsetof(struct auth_userdb_settings, name), NULL }
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainenstatic const struct setting_define auth_userdb_setting_defines[] = {
1b823b2b7790a1e1b7974fcf11a4c48a28e70f37Timo Sirainenstatic const struct auth_userdb_settings auth_userdb_default_settings = {
74fb6b5a156c5a61bb6ec827089bb142a10547ddTimo Sirainen /* NOTE: when adding fields, update also auth.c:userdb_dummy_set */
cd75c360f244c96b9ee10e01ee3a66fad13183c8Timo Sirainen .result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail",
cd75c360f244c96b9ee10e01ee3a66fad13183c8Timo Sirainen .result_failure = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
b484ab4b55b0d5341f2f4dd98a655a75f0bf1275Timo Sirainen .result_internalfail = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainenconst struct setting_parser_info auth_userdb_setting_parser_info = {
544a727de8ab0e6c55cab18a7ee475fffdf5eff3Timo Sirainen .type_offset = offsetof(struct auth_userdb_settings, name),
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .struct_size = sizeof(struct auth_userdb_settings),
57d2429fae575e96ca276355af675deb66b76d00Timo Sirainen/* we're kind of kludging here to avoid "auth_" prefix in the struct fields */
57d2429fae575e96ca276355af675deb66b76d00Timo Sirainen { type, "auth_"#name, offsetof(struct auth_settings, name), NULL }
401b0787fff2dc986a5321ddb32acb1947ff66b0Timo Sirainen { type, #name, offsetof(struct auth_settings, name), NULL }
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen { SET_DEFLIST, name, offsetof(struct auth_settings, field), defines }
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainenstatic const struct setting_define auth_setting_defines[] = {
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen DEFLIST(passdbs, "passdb", &auth_passdb_setting_parser_info),
a64adf62fa33f2463a86f990217b0c9078531a40Timo Sirainen DEFLIST(userdbs, "userdb", &auth_userdb_setting_parser_info),
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainenstatic const struct auth_settings auth_default_settings = {
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen .username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@",
31cc2948968dd56af45be1571e2e425f58e7e159Aki Tuomi .policy_request_attributes = "login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s",
7744586e3e0fd60158abfbb03a233d3bd8d6c48bTimo Sirainenconst struct setting_parser_info auth_setting_parser_info = {
d477acb83e14a776ece4ca94dcd1869e75d0c6eeTimo Sirainen/* <settings checks> */
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainenauth_settings_set_self_ips(struct auth_settings *set, pool_t pool,
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen const char **error_r)
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen set->proxy_self_ips = p_new(pool, struct ip_addr, 1);
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen tmp = t_strsplit_spaces(set->proxy_self, " ");
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen ret = net_gethostbyname(*tmp, &ips, &ips_count);
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen *error_r = t_strdup_printf("auth_proxy_self_ips: "
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen "gethostbyname(%s) failed: %s",
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen set->proxy_self_ips = array_idx(&ips_array, 0);
3190f12fb96daf61f7c880390472e18184cbb2d8Timo Sirainenauth_verify_verbose_password(struct auth_settings *set,
4addfd26372c6ae32ec93252696d86fd32081327Timo Sirainen const char **error_r)
4addfd26372c6ae32ec93252696d86fd32081327Timo Sirainen const char *p, *value = set->verbose_passwords;
4addfd26372c6ae32ec93252696d86fd32081327Timo Sirainen *error_r = t_strdup_printf("auth_verbose_passwords: "
3190f12fb96daf61f7c880390472e18184cbb2d8Timo Sirainen /* just use it as alias for "plain" */
a5bcc9f96bf56121a0704433c12137a43cd093beTimo Sirainen *error_r = "auth_verbose_passwords: Invalid value";
7289c5600711b45f30fe289ab5b0293b51d87041Timo Sirainenstatic bool auth_settings_check(void *_set, pool_t pool,
4fc74bba3548987b7e8597491cd9fafc1f701be6Timo Sirainen const char **error_r)
7289c5600711b45f30fe289ab5b0293b51d87041Timo Sirainen const char *p;
f93c833d644ecff0b0f80bee4f1cdde3e697b5c8Timo Sirainen *error_r = "auth_worker_max_count must be above zero";
6bd263caf006edc75205f446fa0283c6f364941bTimo Sirainen if (set->cache_size > 0 && set->cache_size < 1024) {
4fc74bba3548987b7e8597491cd9fafc1f701be6Timo Sirainen /* probably a configuration error.
4fc74bba3548987b7e8597491cd9fafc1f701be6Timo Sirainen older versions used megabyte numbers */
4fc74bba3548987b7e8597491cd9fafc1f701be6Timo Sirainen *error_r = t_strdup_printf("auth_cache_size value is too small "
4addfd26372c6ae32ec93252696d86fd32081327Timo Sirainen if (!auth_verify_verbose_password(set, error_r))
7289c5600711b45f30fe289ab5b0293b51d87041Timo Sirainen /* all chars are allowed */
0f62889d833767acf9c2ad010c3269806b4cfae3Timo Sirainen for (p = set->username_chars; *p != '\0'; p++)
7289c5600711b45f30fe289ab5b0293b51d87041Timo Sirainen set->username_chars_map[(int)(uint8_t)*p] = 1;
7289c5600711b45f30fe289ab5b0293b51d87041Timo Sirainen set->username_translation_map[(int)(uint8_t)*p] = p[1];
7289c5600711b45f30fe289ab5b0293b51d87041Timo Sirainen (const char *const *)p_strsplit_spaces(pool, set->realms, " ");
203bb272804e4394ae07103cdc8ce67041ba21a1Aki Tuomi *error_r = "auth_policy_hash_nonce must be set when policy server is used";
203bb272804e4394ae07103cdc8ce67041ba21a1Aki Tuomi const struct hash_method *digest = hash_method_lookup(set->policy_hash_mech);
203bb272804e4394ae07103cdc8ce67041ba21a1Aki Tuomi if (set->policy_hash_truncate > 0 && set->policy_hash_truncate >= digest->digest_size*8) {
203bb272804e4394ae07103cdc8ce67041ba21a1Aki Tuomi *error_r = t_strdup_printf("policy_hash_truncate is not smaller than digest size (%u >= %u)",
738cfeb96c4b9cd92aa3c791d77734c2745cdd1aTimo Sirainen if (!auth_settings_set_self_ips(set, pool, error_r))
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainenauth_passdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainen const char **error_r)
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainen if (set->driver == NULL || *set->driver == '\0') {
559f278a4c54d9fa7e0f2e96ebceda30562f9009Timo Sirainen if (set->pass && strcmp(set->result_success, "return-ok") != 0) {
559f278a4c54d9fa7e0f2e96ebceda30562f9009Timo Sirainen *error_r = "Obsolete pass=yes setting mixed with non-default result_success";
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainenauth_userdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainen const char **error_r)
9dd1c256910f1fb42823116a641e7edb3ad11970Timo Sirainen if (set->driver == NULL || *set->driver == '\0') {
d477acb83e14a776ece4ca94dcd1869e75d0c6eeTimo Sirainen/* </settings checks> */
5d60e31c7b701b606067a20bc88dcc8a6de7bbd6Timo Sirainenauth_settings_read(const char *service, pool_t pool,
5d60e31c7b701b606067a20bc88dcc8a6de7bbd6Timo Sirainen struct master_service_settings_output *output_r)
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen static const struct setting_parser_info *set_roots[] = {
9ed2951bd0bb1878a27437d7c00611b2baadd614Timo Sirainen if (master_service_settings_read(master_service, &input,
d176f84ce5ca2073f4dfbafb457b9c74f6bf0d76Timo Sirainen i_fatal("Error reading configuration: %s", error);
5d60e31c7b701b606067a20bc88dcc8a6de7bbd6Timo Sirainen set_parser = settings_parser_dup(master_service->set_parser, pool);
5d60e31c7b701b606067a20bc88dcc8a6de7bbd6Timo Sirainen if (!settings_parser_check(set_parser, pool, &error))