auth-settings.c revision 6523f54d1521edf894880f2d45e75cef5dd31c3d
2454dfa32c93c20a8522c6ed42fe057baaac9f9aStephan Bosch/* Copyright (c) 2005-2013 Dovecot authors, see the included COPYING file */
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenstatic bool auth_settings_check(void *_set, pool_t pool, const char **error_r);
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenstatic bool auth_passdb_settings_check(void *_set, pool_t pool, const char **error_r);
57e1fdc2f8f2bf1c6fcd9523f93459404c2359c8Timo Sirainenstatic bool auth_userdb_settings_check(void *_set, pool_t pool, const char **error_r);
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen/* <settings checks> */
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenstatic struct file_listener_settings auth_unix_listeners_array[] = {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen { "auth-login", 0600, "$default_internal_user", "" },
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen { "auth-client", 0600, "$default_internal_user", "" },
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen { "auth-userdb", 0666, "$default_internal_user", "" },
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainenstatic struct file_listener_settings *auth_unix_listeners[] = {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen auth_unix_listeners, sizeof(auth_unix_listeners), { 0, }
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen/* </settings checks> */
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenstruct service_settings auth_service_settings = {
0dffa25d211be541ee3c953b23566a1a990789dfTimo Sirainen .unix_listeners = { { &auth_unix_listeners_buf,
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen/* <settings checks> */
57e1fdc2f8f2bf1c6fcd9523f93459404c2359c8Timo Sirainenstatic struct file_listener_settings auth_worker_unix_listeners_array[] = {
57e1fdc2f8f2bf1c6fcd9523f93459404c2359c8Timo Sirainen { "auth-worker", 0600, "$default_internal_user", "" }
0dffa25d211be541ee3c953b23566a1a990789dfTimo Sirainenstatic struct file_listener_settings *auth_worker_unix_listeners[] = {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenstatic buffer_t auth_worker_unix_listeners_buf = {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen auth_worker_unix_listeners, sizeof(auth_worker_unix_listeners), { 0, }
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen/* </settings checks> */
35ef661bd85c64834e3e34eeeb3c393b81108760Timo Sirainenstruct service_settings auth_worker_service_settings = {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen .unix_listeners = { { &auth_worker_unix_listeners_buf,
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen { type, #name, offsetof(struct auth_passdb_settings, name), NULL }
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenstatic const struct setting_define auth_passdb_setting_defines[] = {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenstatic const struct auth_passdb_settings auth_passdb_default_settings = {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen .skip = "never:authenticated:unauthenticated",
e18e90938ffd9e31c796c405404be0b7dcd5c807Timo Sirainen .result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail",
e18e90938ffd9e31c796c405404be0b7dcd5c807Timo Sirainen .result_failure = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
e18e90938ffd9e31c796c405404be0b7dcd5c807Timo Sirainen .result_internalfail = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
5fa253bd316540ec280ca76b39d62a9e32da228bTimo Sirainenconst struct setting_parser_info auth_passdb_setting_parser_info = {
5fa253bd316540ec280ca76b39d62a9e32da228bTimo Sirainen .struct_size = sizeof(struct auth_passdb_settings),
e18e90938ffd9e31c796c405404be0b7dcd5c807Timo Sirainen { type, #name, offsetof(struct auth_userdb_settings, name), NULL }
44ef49403ac7bddac84a1e322d170ed53cd37c95Timo Sirainenstatic const struct setting_define auth_userdb_setting_defines[] = {
e18e90938ffd9e31c796c405404be0b7dcd5c807Timo Sirainenstatic const struct auth_userdb_settings auth_userdb_default_settings = {
e18e90938ffd9e31c796c405404be0b7dcd5c807Timo Sirainenconst struct setting_parser_info auth_userdb_setting_parser_info = {
e18e90938ffd9e31c796c405404be0b7dcd5c807Timo Sirainen .struct_size = sizeof(struct auth_userdb_settings),
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch/* we're kind of kludging here to avoid "auth_" prefix in the struct fields */
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen { type, "auth_"#name, offsetof(struct auth_settings, name), NULL }
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen { type, #name, offsetof(struct auth_settings, name), NULL }
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch { SET_DEFLIST, name, offsetof(struct auth_settings, field), defines }
b75eba4f65c7630d3691f07d22ff4bdfcac5054dTimo Sirainenstatic const struct setting_define auth_setting_defines[] = {
57e1fdc2f8f2bf1c6fcd9523f93459404c2359c8Timo Sirainen DEFLIST(passdbs, "passdb", &auth_passdb_setting_parser_info),
57e1fdc2f8f2bf1c6fcd9523f93459404c2359c8Timo Sirainen DEFLIST(userdbs, "userdb", &auth_userdb_setting_parser_info),
2bc67190c90d08703ceb421fc8dcf16780020886Aki Tuomistatic const struct auth_settings auth_default_settings = {
31fd39a3a3d544b1a8afb9aef07f180d0d40fda2Timo Sirainen .username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@",
061046c9aa2eec5c6c2f148ec95a4e51db3d8fd2Timo Sirainenconst struct setting_parser_info auth_setting_parser_info = {
2bc67190c90d08703ceb421fc8dcf16780020886Aki Tuomi/* <settings checks> */
2bc67190c90d08703ceb421fc8dcf16780020886Aki Tuomiauth_settings_set_self_ips(struct auth_settings *set, pool_t pool,
2bc67190c90d08703ceb421fc8dcf16780020886Aki Tuomi const char **error_r)
31fd39a3a3d544b1a8afb9aef07f180d0d40fda2Timo Sirainen const char *const *tmp;
57e1fdc2f8f2bf1c6fcd9523f93459404c2359c8Timo Sirainen set->proxy_self_ips = p_new(pool, struct ip_addr, 1);
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainen tmp = t_strsplit_spaces(set->proxy_self, " ");
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainen ret = net_gethostbyname(*tmp, &ips, &ips_count);
57e1fdc2f8f2bf1c6fcd9523f93459404c2359c8Timo Sirainen *error_r = t_strdup_printf("auth_proxy_self_ips: "
1c3dc4c08ced3948f52c3c6c171ed77310b2cbfdTimo Sirainen "gethostbyname(%s) failed: %s",
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen set->proxy_self_ips = array_idx(&ips_array, 0);
61cf001f1944d92eb25f113ba4c08985d6e30d53Timo Sirainenstatic bool auth_settings_check(void *_set, pool_t pool,
61cf001f1944d92eb25f113ba4c08985d6e30d53Timo Sirainen const char **error_r)
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen const char *p;
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen *error_r = "auth_worker_max_count must be above zero";
b215322367dbd94df3e2e4bb643b53460e6adc51Timo Sirainen if (set->cache_size > 0 && set->cache_size < 1024) {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen /* probably a configuration error.
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen older versions used megabyte numbers */
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen *error_r = t_strdup_printf("auth_cache_size value is too small "
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen /* all chars are allowed */
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen for (p = set->username_chars; *p != '\0'; p++)
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen set->username_chars_map[(int)(uint8_t)*p] = 1;
b215322367dbd94df3e2e4bb643b53460e6adc51Timo Sirainen set->username_translation_map[(int)(uint8_t)*p] = p[1];
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen (const char *const *)p_strsplit_spaces(pool, set->realms, " ");
7e8bfb5b0af9606f131fc440e61f3752da335ac9Timo Sirainen if (!auth_settings_set_self_ips(set, pool, error_r))
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenauth_passdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen const char **error_r)
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen if (set->driver == NULL || *set->driver == '\0') {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen if (set->pass && strcmp(set->result_success, "return-ok") != 0) {
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen *error_r = "Obsolete pass=yes setting mixed with non-default result_success";
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenauth_userdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen const char **error_r)
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen if (set->driver == NULL || *set->driver == '\0') {
ba57ea2c696f9e9aae909f073069848876a641f4Timo Sirainen/* </settings checks> */
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainenauth_settings_read(const char *service, pool_t pool,
c8593b070319d0ff83f8d6c4b5ed5abf2d578a06Timo Sirainen struct master_service_settings_output *output_r)
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainen static const struct setting_parser_info *set_roots[] = {
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainen if (master_service_settings_read(master_service, &input,
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainen i_fatal("Error reading configuration: %s", error);
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainen set_parser = settings_parser_dup(master_service->set_parser, pool);
9abc6ac61e70b809f7e1c352c7a3ad1081994d2eTimo Sirainen if (!settings_parser_check(set_parser, pool, &error))