src/auth/auth-settings.c

	auth-settings.c revision f01eb1f51d618633c0189be9ab60a774f47fb7df
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* Copyright (c) 2005-2012 Dovecot authors, see the included COPYING file */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "lib.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "array.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "settings-parser.h"
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen#include "master-service-private.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "master-service-settings.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#include "service-settings.h"
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen#include "auth-settings.h"
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen#include <stddef.h>
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen
e4fb5bfcdff32d337d054cce36e00e1cdfaae9f8Timo Sirainenstatic bool auth_settings_check(void *_set, pool_t pool, const char **error_r);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic bool auth_passdb_settings_check(void *_set, pool_t pool, const char **error_r);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic bool auth_userdb_settings_check(void *_set, pool_t pool, const char **error_r);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* <settings checks> */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic struct file_listener_settings auth_unix_listeners_array[] = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    { "login/login", 0666, "", "" },
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    { "token-login/tokenlogin", 0666, "", "" },
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    { "auth-login", 0600, "$default_internal_user", "" },
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    { "auth-client", 0600, "", "" },
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    { "auth-userdb", 0666, "$default_internal_user", "" },
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    { "auth-master", 0600, "", "" }
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen};
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainenstatic struct file_listener_settings *auth_unix_listeners[] = {
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen    &auth_unix_listeners_array[0],
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen    &auth_unix_listeners_array[1],
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    &auth_unix_listeners_array[2],
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    &auth_unix_listeners_array[3],
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    &auth_unix_listeners_array[4],
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    &auth_unix_listeners_array[5]
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic buffer_t auth_unix_listeners_buf = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    auth_unix_listeners, sizeof(auth_unix_listeners), { 0, }
b7b81543899e306c71e6152516d8698416162bcbTimo Sirainen};
fd3d711f219fd6813492acbe051e04327f0ca0f0Timo Sirainen/* </settings checks> */
fd3d711f219fd6813492acbe051e04327f0ca0f0Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct service_settings auth_service_settings = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .name = "auth",
fd3d711f219fd6813492acbe051e04327f0ca0f0Timo Sirainen    .protocol = "",
fd3d711f219fd6813492acbe051e04327f0ca0f0Timo Sirainen    .type = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .executable = "auth",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .user = "$default_internal_user",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .group = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .privileged_group = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .extra_groups = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .chroot = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .drop_priv_before_exec = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .process_min_avail = 0,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .process_limit = 1,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .client_limit = 0,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .service_count = 0,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .idle_kill = 0,
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen    .vsz_limit = (uoff_t)-1,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .unix_listeners = { { &auth_unix_listeners_buf,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen                  sizeof(auth_unix_listeners[0]) } },
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .fifo_listeners = ARRAY_INIT,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .inet_listeners = ARRAY_INIT,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .process_limit_1 = TRUE
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen};
024815ea2ffdda9ea79919f18e865663977f73eaTimo Sirainen
024815ea2ffdda9ea79919f18e865663977f73eaTimo Sirainen/* <settings checks> */
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainenstatic struct file_listener_settings auth_worker_unix_listeners_array[] = {
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen    { "auth-worker", 0600, "$default_internal_user", "" }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic struct file_listener_settings *auth_worker_unix_listeners[] = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    &auth_worker_unix_listeners_array[0]
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainenstatic buffer_t auth_worker_unix_listeners_buf = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    auth_worker_unix_listeners, sizeof(auth_worker_unix_listeners), { 0, }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* </settings checks> */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstruct service_settings auth_worker_service_settings = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .name = "auth-worker",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .protocol = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .type = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .executable = "auth -w",
d482b35af87f5fd872bad007da0475813a401a49Timo Sirainen    .user = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .group = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .privileged_group = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .extra_groups = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .chroot = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .drop_priv_before_exec = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .process_min_avail = 0,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .process_limit = 0,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .client_limit = 1,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .service_count = 1,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .idle_kill = 0,
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen    .vsz_limit = (uoff_t)-1,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .unix_listeners = { { &auth_worker_unix_listeners_buf,
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen                  sizeof(auth_worker_unix_listeners[0]) } },
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen    .fifo_listeners = ARRAY_INIT,
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen    .inet_listeners = ARRAY_INIT
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#undef DEF
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define DEF(type, name) \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    { type, #name, offsetof(struct auth_passdb_settings, name), NULL }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainenstatic const struct setting_define auth_passdb_setting_defines[] = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, driver),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, args),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, default_fields),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, override_fields),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_ENUM, skip),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_ENUM, result_success),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_ENUM, result_failure),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_ENUM, result_internalfail),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_BOOL, deny),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_BOOL, pass),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_BOOL, master),
659fe5d24825b160cae512538088020d97a60239Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    SETTING_DEFINE_LIST_END
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic const struct auth_passdb_settings auth_passdb_default_settings = {
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen    .driver = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .args = "",
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen    .default_fields = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .override_fields = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .skip = "never:authenticated:unauthenticated",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .result_success = "return-ok:return:return-fail:continue:continue-ok:continue-fail",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .result_failure = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .result_internalfail = "continue:return:return-ok:return-fail:continue-ok:continue-fail",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .deny = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .pass = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .master = FALSE
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenconst struct setting_parser_info auth_passdb_setting_parser_info = {
20a802016205bbcafc90f164f769ea801f88d014Timo Sirainen    .defines = auth_passdb_setting_defines,
20a802016205bbcafc90f164f769ea801f88d014Timo Sirainen    .defaults = &auth_passdb_default_settings,
20a802016205bbcafc90f164f769ea801f88d014Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .type_offset = (size_t)-1,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .struct_size = sizeof(struct auth_passdb_settings),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
e4b09b008ab544eb8994beecbfffefa21d855e43Timo Sirainen    .parent_offset = (size_t)-1,
e4b09b008ab544eb8994beecbfffefa21d855e43Timo Sirainen    .parent = &auth_setting_parser_info,
e4b09b008ab544eb8994beecbfffefa21d855e43Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .check_func = auth_passdb_settings_check
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#undef DEF
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define DEF(type, name) \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    { type, #name, offsetof(struct auth_userdb_settings, name), NULL }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic const struct setting_define auth_userdb_setting_defines[] = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, driver),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, args),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, default_fields),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, override_fields),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    SETTING_DEFINE_LIST_END
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic const struct auth_userdb_settings auth_userdb_default_settings = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .driver = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .args = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .default_fields = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .override_fields = ""
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenconst struct setting_parser_info auth_userdb_setting_parser_info = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .defines = auth_userdb_setting_defines,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .defaults = &auth_userdb_default_settings,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .type_offset = (size_t)-1,
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen    .struct_size = sizeof(struct auth_userdb_settings),
09c3a491f4f6ccebe290c7709bdc0d79a187610bTimo Sirainen
09c3a491f4f6ccebe290c7709bdc0d79a187610bTimo Sirainen    .parent_offset = (size_t)-1,
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen    .parent = &auth_setting_parser_info,
09c3a491f4f6ccebe290c7709bdc0d79a187610bTimo Sirainen
24fc71a693331ffe77e2b6d81c70aca6fa055e47Timo Sirainen    .check_func = auth_userdb_settings_check
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* we're kind of kludging here to avoid "auth_" prefix in the struct fields */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#undef DEF
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#undef DEF_NOPREFIX
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#undef DEFLIST
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define DEF(type, name) \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    { type, "auth_"#name, offsetof(struct auth_settings, name), NULL }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen#define DEF_NOPREFIX(type, name) \
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    { type, #name, offsetof(struct auth_settings, name), NULL }
b92813e2f96d4b28f989528ed5dd6115da7d9bdbTimo Sirainen#define DEFLIST(field, name, defines) \
b92813e2f96d4b28f989528ed5dd6115da7d9bdbTimo Sirainen    { SET_DEFLIST, name, offsetof(struct auth_settings, field), defines }
b92813e2f96d4b28f989528ed5dd6115da7d9bdbTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic const struct setting_define auth_setting_defines[] = {
d9de52132072d80b8c268094b879c0ef5a108db3Timo Sirainen    DEF(SET_STR, mechanisms),
d9de52132072d80b8c268094b879c0ef5a108db3Timo Sirainen    DEF(SET_STR, realms),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, default_realm),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_SIZE, cache_size),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_TIME, cache_ttl),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_TIME, cache_negative_ttl),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, username_chars),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, username_translation),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, username_format),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, master_user_separator),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, anonymous_username),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, krb5_keytab),
88553367d677170a4b703b9d52aac9eabf91c656Timo Sirainen    DEF(SET_STR, gssapi_hostname),
88553367d677170a4b703b9d52aac9eabf91c656Timo Sirainen    DEF(SET_STR, winbind_helper_path),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_STR, proxy_self),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF(SET_TIME, failure_delay),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    DEF(SET_BOOL, verbose),
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    DEF(SET_BOOL, debug),
d9de52132072d80b8c268094b879c0ef5a108db3Timo Sirainen    DEF(SET_BOOL, debug_passwords),
d9de52132072d80b8c268094b879c0ef5a108db3Timo Sirainen    DEF(SET_ENUM, verbose_passwords),
d9de52132072d80b8c268094b879c0ef5a108db3Timo Sirainen    DEF(SET_BOOL, ssl_require_client_cert),
d9de52132072d80b8c268094b879c0ef5a108db3Timo Sirainen    DEF(SET_BOOL, ssl_username_from_cert),
d9de52132072d80b8c268094b879c0ef5a108db3Timo Sirainen    DEF(SET_BOOL, use_winbind),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
685393de106e55b61f754d420e378d05bd462ebbTimo Sirainen    DEF(SET_UINT, worker_max_count),
87712707722ef7d73acb065546e61afa4455cd9eTimo Sirainen
b35f7104715edee0cfac6d46ab0b342033867eb7Timo Sirainen    DEFLIST(passdbs, "passdb", &auth_passdb_setting_parser_info),
b35f7104715edee0cfac6d46ab0b342033867eb7Timo Sirainen    DEFLIST(userdbs, "userdb", &auth_userdb_setting_parser_info),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF_NOPREFIX(SET_STR, base_dir),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF_NOPREFIX(SET_BOOL, verbose_proctitle),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF_NOPREFIX(SET_UINT, first_valid_uid),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    DEF_NOPREFIX(SET_UINT, last_valid_uid),
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    SETTING_DEFINE_LIST_END
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic const struct auth_settings auth_default_settings = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .mechanisms = "plain",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .realms = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .default_realm = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .cache_size = 0,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .cache_ttl = 60*60,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .cache_negative_ttl = 60*60,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .username_translation = "",
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    .username_format = "%Lu",
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    .master_user_separator = "",
b5ea11802f2bafbec06282a7b3b6704dc5fae584Timo Sirainen    .anonymous_username = "anonymous",
b5ea11802f2bafbec06282a7b3b6704dc5fae584Timo Sirainen    .krb5_keytab = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .gssapi_hostname = "",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .winbind_helper_path = "/usr/bin/ntlm_auth",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .proxy_self = "",
b5ea11802f2bafbec06282a7b3b6704dc5fae584Timo Sirainen    .failure_delay = 2,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .verbose = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .debug = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .debug_passwords = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .verbose_passwords = "no:plain:sha1",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .ssl_require_client_cert = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .ssl_username_from_cert = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .use_winbind = FALSE,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .worker_max_count = 30,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .passdbs = ARRAY_INIT,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .userdbs = ARRAY_INIT,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .base_dir = PKG_RUNDIR,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .verbose_proctitle = FALSE,
09c3a491f4f6ccebe290c7709bdc0d79a187610bTimo Sirainen    .first_valid_uid = 500,
09c3a491f4f6ccebe290c7709bdc0d79a187610bTimo Sirainen    .last_valid_uid = 0,
09c3a491f4f6ccebe290c7709bdc0d79a187610bTimo Sirainen};
09c3a491f4f6ccebe290c7709bdc0d79a187610bTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenconst struct setting_parser_info auth_setting_parser_info = {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .module_name = "auth",
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .defines = auth_setting_defines,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .defaults = &auth_default_settings,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .type_offset = (size_t)-1,
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen    .struct_size = sizeof(struct auth_settings),
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen    .parent_offset = (size_t)-1,
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    .check_func = auth_settings_check
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen};
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen/* <settings checks> */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic bool
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenauth_settings_set_self_ips(struct auth_settings *set, pool_t pool,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen               const char **error_r)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen{
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    const char *const *tmp;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    ARRAY(struct ip_addr) ips_array;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    struct ip_addr *ips;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    unsigned int ips_count;
d8b77aef97e89f1ccc5cbdaef77be9052279e35fTimo Sirainen    int ret;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    if (*set->proxy_self == '\0') {
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        set->proxy_self_ips = p_new(pool, struct ip_addr, 1);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        return TRUE;
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    }
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    p_array_init(&ips_array, pool, 4);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    tmp = t_strsplit_spaces(set->proxy_self, " ");
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    for (; *tmp != NULL; tmp++) {
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        ret = net_gethostbyname(*tmp, &ips, &ips_count);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        if (ret != 0) {
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen            *error_r = t_strdup_printf("auth_proxy_self_ips: "
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen                "gethostbyname(%s) failed: %s",
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen                *tmp, net_gethosterror(ret));
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        }
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        array_append(&ips_array, ips, ips_count);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    }
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    array_append_zero(&ips_array);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    set->proxy_self_ips = array_idx(&ips_array, 0);
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    return TRUE;
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen}
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainenstatic bool auth_settings_check(void *_set, pool_t pool,
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen                const char **error_r)
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen{
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    struct auth_settings *set = _set;
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    const char *p;
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    if (set->debug_passwords)
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        set->debug = TRUE;
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen    if (set->debug)
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen        set->verbose = TRUE;
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    if (set->worker_max_count == 0) {
        *error_r = "auth_worker_max_count must be above zero";
        return FALSE;
    }

    if (set->cache_size > 0 && set->cache_size < 1024) {
        /* probably a configuration error.
           older versions used megabyte numbers */
        *error_r = t_strdup_printf("auth_cache_size value is too small "
                       "(%"PRIuUOFF_T" bytes)",
                       set->cache_size);
        return FALSE;
    }

    if (*set->username_chars == '\0') {
        /* all chars are allowed */
        memset(set->username_chars_map, 1,
               sizeof(set->username_chars_map));
    } else {
        for (p = set->username_chars; *p != '\0'; p++)
            set->username_chars_map[(int)(uint8_t)*p] = 1;
    }

    if (*set->username_translation != '\0') {
        p = set->username_translation;
        for (; *p != '\0' && p[1] != '\0'; p += 2)
            set->username_translation_map[(int)(uint8_t)*p] = p[1];
    }
    set->realms_arr =
        (const char *const *)p_strsplit_spaces(pool, set->realms, " ");

    if (!auth_settings_set_self_ips(set, pool, error_r))
        return FALSE;
    return TRUE;
}

static bool
auth_passdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
               const char **error_r)
{
    struct auth_passdb_settings *set = _set;

    if (set->driver == NULL || *set->driver == '\0') {
        *error_r = "passdb is missing driver";
        return FALSE;
    }
    if (set->pass && strcmp(set->result_success, "return-ok") != 0) {
        *error_r = "Obsolete pass=yes setting mixed with non-default result_success";
        return FALSE;
    }
    return TRUE;
}

static bool
auth_userdb_settings_check(void *_set, pool_t pool ATTR_UNUSED,
               const char **error_r)
{
    struct auth_userdb_settings *set = _set;

    if (set->driver == NULL || *set->driver == '\0') {
        *error_r = "userdb is missing driver";
        return FALSE;
    }
    return TRUE;
}
/* </settings checks> */

struct auth_settings *global_auth_settings;

struct auth_settings *
auth_settings_read(const char *service, pool_t pool,
           struct master_service_settings_output *output_r)
{
    static const struct setting_parser_info *set_roots[] = {
        &auth_setting_parser_info,
        NULL
    };
    struct master_service_settings_input input;
    struct setting_parser_context *set_parser;
    const char *error;
    void **sets;

    memset(&input, 0, sizeof(input));
    input.roots = set_roots;
    input.module = "auth";
    input.service = service;
    if (master_service_settings_read(master_service, &input,
                     output_r, &error) < 0)
        i_fatal("Error reading configuration: %s", error);

    pool_ref(pool);
    set_parser = settings_parser_dup(master_service->set_parser, pool);
    if (!settings_parser_check(set_parser, pool, &error))
        i_unreached();

    sets = master_service_settings_parser_get_others(master_service,
                             set_parser);
    settings_parser_deinit(&set_parser);
    return sets[0];
}