src/auth/auth-settings.c

	auth-settings.c revision 062ea54b7775d0c92ed67b9b1f4d93fa8ec80c84
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen/* Copyright (c) 2005-2011 Dovecot authors, see the included COPYING file */
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#include "lib.h"
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen#include "array.h"
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen#include "settings-parser.h"
0536ccb51d41e3078c3a9fa33e509fb4b2420f95Timo Sirainen#include "master-service-private.h"
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen#include "master-service-settings.h"
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#include "service-settings.h"
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#include "auth-settings.h"
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#include <stddef.h>
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstatic bool auth_settings_check(void *_set, pool_t pool, const char **error_r);
797de45dcf6e24642ab347d5033beb92034b779dTimo Sirainenstatic bool auth_passdb_settings_check(void *_set, pool_t pool, const char **error_r);
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstatic bool auth_userdb_settings_check(void *_set, pool_t pool, const char **error_r);
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen/* <settings checks> */
4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainenstatic struct file_listener_settings auth_unix_listeners_array[] = {
4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainen    { "login/login", 0666, "", "" },
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    { "auth-login", 0600, "$default_internal_user", "" },
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    { "auth-client", 0600, "", "" },
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen    { "auth-userdb", 0666, "", "" },
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    { "auth-master", 0600, "", "" }
797de45dcf6e24642ab347d5033beb92034b779dTimo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstatic struct file_listener_settings *auth_unix_listeners[] = {
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    &auth_unix_listeners_array[0],
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    &auth_unix_listeners_array[1],
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen    &auth_unix_listeners_array[2],
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen    &auth_unix_listeners_array[3],
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    &auth_unix_listeners_array[4]
dac0b2e5e0f38c6d95ef1a842d891480db580236Timo Sirainen};
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainenstatic buffer_t auth_unix_listeners_buf = {
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    auth_unix_listeners, sizeof(auth_unix_listeners), { 0, }
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen};
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen/* </settings checks> */
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainenstruct service_settings auth_service_settings = {
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    .name = "auth",
717a444a466280a84a468220f647fdcb9f3b546fTimo Sirainen    .protocol = "",
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    .type = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .executable = "auth",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .user = "$default_internal_user",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .group = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .privileged_group = "",
797de45dcf6e24642ab347d5033beb92034b779dTimo Sirainen    .extra_groups = "",
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainen    .chroot = "",
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainen
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainen    .drop_priv_before_exec = FALSE,
4b8459c6c24b79d4ed5974ab6e3289a3f2b701c0Timo Sirainen
720692523ece4a549f7c589508d5693ee310f6b3Timo Sirainen    .process_min_avail = 0,
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    .process_limit = 1,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .client_limit = 4096,
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    .service_count = 0,
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    .idle_kill = 0,
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    .vsz_limit = (uoff_t)-1,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    .unix_listeners = { { &auth_unix_listeners_buf,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen                  sizeof(auth_unix_listeners[0]) } },
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .fifo_listeners = ARRAY_INIT,
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    .inet_listeners = ARRAY_INIT,
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    .process_limit_1 = TRUE
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen/* <settings checks> */
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstatic struct file_listener_settings auth_worker_unix_listeners_array[] = {
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    { "auth-worker", 0600, "$default_internal_user", "" }
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainenstatic struct file_listener_settings *auth_worker_unix_listeners[] = {
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    &auth_worker_unix_listeners_array[0]
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstatic buffer_t auth_worker_unix_listeners_buf = {
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    auth_worker_unix_listeners, sizeof(auth_worker_unix_listeners), { 0, }
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
49b6e2d72cfaa5c244c798ddbae5b61489b0f728Timo Sirainen/* </settings checks> */
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
49b6e2d72cfaa5c244c798ddbae5b61489b0f728Timo Sirainenstruct service_settings auth_worker_service_settings = {
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .name = "auth-worker",
49b6e2d72cfaa5c244c798ddbae5b61489b0f728Timo Sirainen    .protocol = "",
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    .type = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .executable = "auth -w",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .user = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .group = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .privileged_group = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .extra_groups = "",
193f5296d2a6b847970c222d8a261b89aae46331Timo Sirainen    .chroot = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
193f5296d2a6b847970c222d8a261b89aae46331Timo Sirainen    .drop_priv_before_exec = FALSE,
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .process_min_avail = 0,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .process_limit = 0,
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen    .client_limit = 1,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .service_count = 1,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .idle_kill = 0,
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    .vsz_limit = (uoff_t)-1,
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .unix_listeners = { { &auth_worker_unix_listeners_buf,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen                  sizeof(auth_worker_unix_listeners[0]) } },
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .fifo_listeners = ARRAY_INIT,
965e13eea8dc7f1da3769ab0c4667e36d0f33192Timo Sirainen    .inet_listeners = ARRAY_INIT
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen};
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#undef DEF
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#define DEF(type, name) \
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    { type, #name, offsetof(struct auth_passdb_settings, name), NULL }
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
debb28d107fa06d26fd194fdac523cfb32809199Timo Sirainenstatic const struct setting_define auth_passdb_setting_defines[] = {
7420207c4eae66bd7edc2bdebaee7d2cb0b6c341Timo Sirainen    DEF(SET_STR, driver),
4d4cd9cde9e01d4ad9354e6e30ac2f90d13042b2Timo Sirainen    DEF(SET_STR, args),
4d4cd9cde9e01d4ad9354e6e30ac2f90d13042b2Timo Sirainen    DEF(SET_BOOL, deny),
4d4cd9cde9e01d4ad9354e6e30ac2f90d13042b2Timo Sirainen    DEF(SET_BOOL, pass),
debb28d107fa06d26fd194fdac523cfb32809199Timo Sirainen    DEF(SET_BOOL, master),
debb28d107fa06d26fd194fdac523cfb32809199Timo Sirainen
debb28d107fa06d26fd194fdac523cfb32809199Timo Sirainen    SETTING_DEFINE_LIST_END
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainenstatic const struct auth_passdb_settings auth_passdb_default_settings = {
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .driver = "",
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .args = "",
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .deny = FALSE,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .pass = FALSE,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .master = FALSE
31a574fda352ef4f71dbff9c30e15e4744e132c0Timo Sirainen};
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenconst struct setting_parser_info auth_passdb_setting_parser_info = {
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .defines = auth_passdb_setting_defines,
193f5296d2a6b847970c222d8a261b89aae46331Timo Sirainen    .defaults = &auth_passdb_default_settings,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
193f5296d2a6b847970c222d8a261b89aae46331Timo Sirainen    .type_offset = (size_t)-1,
08f24237ccc177f5b3a09b24d8a725fa47e1ee32Timo Sirainen    .struct_size = sizeof(struct auth_passdb_settings),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .parent_offset = (size_t)-1,
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen    .parent = &auth_setting_parser_info,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen    .check_func = auth_passdb_settings_check
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
745f2c7424d88e368eff0a3a7650b352a9d1f0ddTimo Sirainen#undef DEF
745f2c7424d88e368eff0a3a7650b352a9d1f0ddTimo Sirainen#define DEF(type, name) \
745f2c7424d88e368eff0a3a7650b352a9d1f0ddTimo Sirainen    { type, #name, offsetof(struct auth_userdb_settings, name), NULL }
745f2c7424d88e368eff0a3a7650b352a9d1f0ddTimo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstatic const struct setting_define auth_userdb_setting_defines[] = {
745f2c7424d88e368eff0a3a7650b352a9d1f0ddTimo Sirainen    DEF(SET_STR, driver),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_STR, args),
745f2c7424d88e368eff0a3a7650b352a9d1f0ddTimo Sirainen
f2767c736d72e6aa9a2aae5d0a9b89abae9e29e9Timo Sirainen    SETTING_DEFINE_LIST_END
f2767c736d72e6aa9a2aae5d0a9b89abae9e29e9Timo Sirainen};
debb28d107fa06d26fd194fdac523cfb32809199Timo Sirainen
f2767c736d72e6aa9a2aae5d0a9b89abae9e29e9Timo Sirainenstatic const struct auth_userdb_settings auth_userdb_default_settings = {
f2767c736d72e6aa9a2aae5d0a9b89abae9e29e9Timo Sirainen    .driver = "",
f2767c736d72e6aa9a2aae5d0a9b89abae9e29e9Timo Sirainen    .args = ""
f2767c736d72e6aa9a2aae5d0a9b89abae9e29e9Timo Sirainen};
745f2c7424d88e368eff0a3a7650b352a9d1f0ddTimo Sirainen
f05b9dd37f830576ca7d32ec7071bf87906df3d2Timo Sirainenconst struct setting_parser_info auth_userdb_setting_parser_info = {
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .defines = auth_userdb_setting_defines,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .defaults = &auth_userdb_default_settings,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .type_offset = (size_t)-1,
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen    .struct_size = sizeof(struct auth_userdb_settings),
35565557e05721a761132cec2ba1d93acacb6c14Timo Sirainen
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    .parent_offset = (size_t)-1,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .parent = &auth_setting_parser_info,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
f922ecaf766c60c10f642f3ac2d5f7748ff642b0Timo Sirainen    .check_func = auth_userdb_settings_check
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen};
797de45dcf6e24642ab347d5033beb92034b779dTimo Sirainen
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen/* we're kind of kludging here to avoid "auth_" prefix in the struct fields */
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen#undef DEF
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#undef DEF_NOPREFIX
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen#undef DEFLIST
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#define DEF(type, name) \
b9a13c136b7c5803a8271878fcbbf5328f6e7f2aTimo Sirainen    { type, "auth_"#name, offsetof(struct auth_settings, name), NULL }
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen#define DEF_NOPREFIX(type, name) \
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen    { type, #name, offsetof(struct auth_settings, name), NULL }
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen#define DEFLIST(field, name, defines) \
80cfaba9e253545cbcd08f84939b27cdbb4a50d0Aki Tuomi    { SET_DEFLIST, name, offsetof(struct auth_settings, field), defines }
80cfaba9e253545cbcd08f84939b27cdbb4a50d0Aki Tuomi
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainenstatic const struct setting_define auth_setting_defines[] = {
6795f542ed816a3c977085d4f74df1d62a37b690Timo Sirainen    DEF(SET_STR, mechanisms),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_STR, realms),
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen    DEF(SET_STR, default_realm),
b116c06e4d3609f07f1d9582a932ad3ea9ce7e15Stephan Bosch    DEF(SET_SIZE, cache_size),
eff0f02f2c8320c1bd4df72a281a92051d78b2b1Timo Sirainen    DEF(SET_TIME, cache_ttl),
eff0f02f2c8320c1bd4df72a281a92051d78b2b1Timo Sirainen    DEF(SET_TIME, cache_negative_ttl),
eff0f02f2c8320c1bd4df72a281a92051d78b2b1Timo Sirainen    DEF(SET_STR, username_chars),
eff0f02f2c8320c1bd4df72a281a92051d78b2b1Timo Sirainen    DEF(SET_STR, username_translation),
eff0f02f2c8320c1bd4df72a281a92051d78b2b1Timo Sirainen    DEF(SET_STR, username_format),
eff0f02f2c8320c1bd4df72a281a92051d78b2b1Timo Sirainen    DEF(SET_STR, master_user_separator),
c8920d5f3df9663668ccd6412218eb28008f4e9aTimo Sirainen    DEF(SET_STR, anonymous_username),
c8920d5f3df9663668ccd6412218eb28008f4e9aTimo Sirainen    DEF(SET_STR, krb5_keytab),
f0a386b29f2c9163e8fff6a8e26077b59708c980Timo Sirainen    DEF(SET_STR, gssapi_hostname),
637f9883a385abb03fd1211e79cc68df696cc387Timo Sirainen    DEF(SET_STR, winbind_helper_path),
eff0f02f2c8320c1bd4df72a281a92051d78b2b1Timo Sirainen    DEF(SET_TIME, failure_delay),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_UINT, first_valid_uid),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_UINT, last_valid_uid),
20a3870db4f78717574ee94bca1512994391b2abTimo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_BOOL, verbose),
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen    DEF(SET_BOOL, debug),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_BOOL, debug_passwords),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_ENUM, verbose_passwords),
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen    DEF(SET_BOOL, ssl_require_client_cert),
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen    DEF(SET_BOOL, ssl_username_from_cert),
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen    DEF(SET_BOOL, use_winbind),
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF(SET_UINT, worker_max_count),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen    DEFLIST(passdbs, "passdb", &auth_passdb_setting_parser_info),
dba5754de32284b3149ddd5c9bb1701b05707752Timo Sirainen    DEFLIST(userdbs, "userdb", &auth_userdb_setting_parser_info),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    DEF_NOPREFIX(SET_BOOL, verbose_proctitle),
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    SETTING_DEFINE_LIST_END
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen};
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainenstatic const struct auth_settings auth_default_settings = {
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    .mechanisms = "plain",
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    .realms = "",
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    .default_realm = "",
dcc76bb1e1bb287e3e71e6a39a7ca207fab0eaa8Timo Sirainen    .cache_size = 0,
8d59f06c9422fa49b538e23ffb06eddb23c6add2Timo Sirainen    .cache_ttl = 60*60,
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .cache_negative_ttl = 60*60,
b9a13c136b7c5803a8271878fcbbf5328f6e7f2aTimo Sirainen    .username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@",
b9a13c136b7c5803a8271878fcbbf5328f6e7f2aTimo Sirainen    .username_translation = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .username_format = "%Lu",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .master_user_separator = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .anonymous_username = "anonymous",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .krb5_keytab = "",
c014f12e8268bf37ca2997e632ad7c22b8d04a84Timo Sirainen    .gssapi_hostname = "",
    .winbind_helper_path = "/usr/bin/ntlm_auth",
    .failure_delay = 2,
    .first_valid_uid = 500,
    .last_valid_uid = 0,

    .verbose = FALSE,
    .debug = FALSE,
    .debug_passwords = FALSE,
    .verbose_passwords = "no:plain:sha1",
    .ssl_require_client_cert = FALSE,
    .ssl_username_from_cert = FALSE,
    .use_winbind = FALSE,

    .worker_max_count = 30,

    .passdbs = ARRAY_INIT,
    .userdbs = ARRAY_INIT,

    .verbose_proctitle = FALSE
};

const struct setting_parser_info auth_setting_parser_info = {
    .module_name = "auth",
    .defines = auth_setting_defines,
    .defaults = &auth_default_settings,

    .type_offset = (size_t)-1,
    .struct_size = sizeof(struct auth_settings),

    .parent_offset = (size_t)-1,

    .check_func = auth_settings_check
};

/* <settings checks> */
static bool auth_settings_check(void *_set, pool_t pool,
                const char **error_r)
{
    struct auth_settings *set = _set;
    const char *p;

    if (set->debug_passwords)
        set->debug = TRUE;
    if (set->debug)
        set->verbose = TRUE;

    if (set->cache_size > 0 && set->cache_size < 1024) {
        /* probably a configuration error.
           older versions used megabyte numbers */
        *error_r = t_strdup_printf("auth_cache_size value is too small "
                       "(%"PRIuUOFF_T" bytes)",
                       set->cache_size);
        return FALSE;
    }

    if (*set->username_chars == '\0') {
        /* all chars are allowed */
        memset(set->username_chars_map, 1,
               sizeof(set->username_chars_map));
    } else {
        for (p = set->username_chars; *p != '\0'; p++)
            set->username_chars_map[(int)(uint8_t)*p] = 1;
    }

    if (*set->username_translation != '\0') {
        p = set->username_translation;
        for (; *p != '\0' && p[1] != '\0'; p += 2)
            set->username_translation_map[(int)(uint8_t)*p] = p[1];
    }
    set->realms_arr =
        (const char *const *)p_strsplit_spaces(pool, set->realms, " ");
    return TRUE;
}

static bool
auth_passdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
               const char **error_r)
{
    struct auth_passdb_settings *set = _set;

    if (set->driver == NULL || *set->driver == '\0') {
        *error_r = "passdb is missing driver";
        return FALSE;
    }
    return TRUE;
}

static bool
auth_userdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
               const char **error_r)
{
    struct auth_userdb_settings *set = _set;

    if (set->driver == NULL || *set->driver == '\0') {
        *error_r = "userdb is missing driver";
        return FALSE;
    }
    return TRUE;
}
/* </settings checks> */

struct auth_settings *global_auth_settings;

struct auth_settings *
auth_settings_read(const char *service, pool_t pool,
           struct master_service_settings_output *output_r)
{
    static const struct setting_parser_info *set_roots[] = {
        &auth_setting_parser_info,
        NULL
    };
    struct master_service_settings_input input;
    struct setting_parser_context *set_parser;
    const char *error;

    memset(&input, 0, sizeof(input));
    input.roots = set_roots;
    input.module = "auth";
    input.service = service;
    if (master_service_settings_read(master_service, &input,
                     output_r, &error) < 0)
        i_fatal("Error reading configuration: %s", error);

    set_parser = settings_parser_dup(master_service->set_parser, pool);
    if (!settings_parser_check(set_parser, pool, &error))
        i_unreached();

    return settings_parser_get_list(set_parser)[1];
}