mech.c revision 94a78eb438622fa53abef1e1726714dacad4b61c
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen/* Copyright (C) 2002 Timo Sirainen */
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainenconst char *const *auth_realms;
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenstatic struct auth_client_request_reply failure_reply;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainenvoid mech_register_module(struct mech_module *module)
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen i_assert((auth_mechanisms & module->mech) == 0);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainenvoid mech_unregister_module(struct mech_module *module)
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen return; /* not registered */
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen for (pos = &mech_modules; *pos != NULL; pos = &(*pos)->next) {
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenvoid mech_request_new(struct auth_client_connection *conn,
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen /* unsupported mechanism */
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen i_error("BUG: Auth client %u requested unsupported "
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen "auth mechanism %d", conn->pid, request->mech);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen auth_request = mech_cyrus_sasl_new(conn, request, callback);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen for (list = mech_modules; list != NULL; list = list->next) {
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen hash_insert(conn->auth_requests, POINTER_CAST(request->id),
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenvoid mech_request_continue(struct auth_client_connection *conn,
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen const unsigned char *data,
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen auth_request = hash_lookup(conn->auth_requests,
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen /* timeouted */
345648b341f228bd7f0b89f8aa3ecb9c470d817eTimo Sirainen if (!auth_request->auth_continue(auth_request,
bbef8d37812f877525ca57e7ed206094e1efe288Timo Sirainenvoid mech_request_free(struct auth_request *auth_request, unsigned int id)
bbef8d37812f877525ca57e7ed206094e1efe288Timo Sirainen hash_remove(auth_request->conn->auth_requests,
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenvoid mech_init_auth_client_reply(struct auth_client_request_reply *reply)
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainenvoid *mech_auth_success(struct auth_client_request_reply *reply,
cd466fe7b84b0223735a6469c7f7bc225f65996dTimo Sirainen buf = buffer_create_dynamic(pool_datastack_create(), 256, (size_t)-1);
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen buffer_append(buf, auth_request->user, strlen(auth_request->user)+1);
ffa179f76a2b6f4ef97bd560f65fa9e3e35361b4Timo Sirainenvoid mech_auth_finish(struct auth_request *auth_request,
ffa179f76a2b6f4ef97bd560f65fa9e3e35361b4Timo Sirainen const void *data, size_t data_size, int success)
ffa179f76a2b6f4ef97bd560f65fa9e3e35361b4Timo Sirainen reply_data = mech_auth_success(&reply, auth_request,
22535a9e685e29214082878e37a267157044618eTimo Sirainen auth_request->callback(&reply, reply_data, auth_request->conn);
bbef8d37812f877525ca57e7ed206094e1efe288Timo Sirainen mech_request_free(auth_request, auth_request->id);
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainenint mech_is_valid_username(const char *username)
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen const unsigned char *p;
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen for (p = (const unsigned char *)username; *p != '\0'; p++) {
68d76bc6de2d923d03955e49d563d6e4629b86bfTimo Sirainenvoid auth_request_ref(struct auth_request *request)
68d76bc6de2d923d03955e49d563d6e4629b86bfTimo Sirainenint auth_request_unref(struct auth_request *request)
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen const char *const *mechanisms;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen const char *env;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen memset(&failure_reply, 0, sizeof(failure_reply));
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen failure_reply.result = AUTH_CLIENT_RESULT_FAILURE;
b7c2065b3f10f9ae27787a9db5aaefbfc70d4502Timo Sirainen anonymous_username = getenv("ANONYMOUS_USERNAME");
b7c2065b3f10f9ae27787a9db5aaefbfc70d4502Timo Sirainen if (anonymous_username != NULL && *anonymous_username == '\0')
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen /* register wanted mechanisms */
94a78eb438622fa53abef1e1726714dacad4b61cTimo Sirainen else if (strcasecmp(*mechanisms, "CRAM-MD5") == 0)
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen else if (strcasecmp(*mechanisms, "DIGEST-MD5") == 0)
b7c2065b3f10f9ae27787a9db5aaefbfc70d4502Timo Sirainen else if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
b7c2065b3f10f9ae27787a9db5aaefbfc70d4502Timo Sirainen "but anonymous_username not given");
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen i_fatal("Unknown authentication mechanism '%s'",
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen i_fatal("No authentication mechanisms configured");
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen /* get our realm - note that we allocate from data stack so
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen this function should never be called inside I/O loop or anywhere
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen else where t_pop() is called */
20caa6854f0ba83719248a94464a7a24bb7dbd20Timo Sirainen if (default_realm != NULL && *default_realm == '\0')
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen /* all chars are allowed */
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen memset(username_chars, 0xff, sizeof(username_chars));
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen memset(username_chars, 0, sizeof(username_chars));
1c38a95332f1945c9806d7d83175a0d948f51291Timo Sirainen username_chars[((unsigned char)*env) & 0xff] = 0xff;
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL;