passdb-sql.c revision 7bafda1813454621e03615e83d55bccfa7cc56bd
76b43e4417bab52e913da39b5f5bc2a130d3f149Timo Sirainen/* Copyright (c) 2004-2009 Dovecot authors, see the included COPYING file */
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen lookup_credentials_callback_t *lookup_credentials;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenstatic void sql_query_save_results(struct sql_result *result,
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen struct auth_request *auth_request = sql_request->auth_request;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen struct passdb_module *_module = auth_request->passdb->passdb;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen struct sql_passdb_module *module = (struct sql_passdb_module *)_module;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen unsigned int i, fields_count;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen fields_count = sql_result_get_fields_count(result);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen for (i = 0; i < fields_count; i++) {
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen value = sql_result_get_field_value(result, i);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen auth_request_set_field(auth_request, name, value,
2521482f3f897c83f7d5a2f9e17fe99fa4ba2cbeTimo Sirainenstatic void sql_query_callback(struct sql_result *result,
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen struct auth_request *auth_request = sql_request->auth_request;
2521482f3f897c83f7d5a2f9e17fe99fa4ba2cbeTimo Sirainen passdb_result = PASSDB_RESULT_INTERNAL_FAILURE;
73e19ec2d5069ea125dcd1ede5d8a70f701fd9a8Timo Sirainen "Password query failed: %s",
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen } else if (ret == 0) {
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen auth_request_log_info(auth_request, "sql", "unknown user");
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen /* Note that we really want to check if the password field is
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen found. Just checking if password is set isn't enough,
2521482f3f897c83f7d5a2f9e17fe99fa4ba2cbeTimo Sirainen because with proxies we might want to return NULL as
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen if (sql_result_find_field(result, "password") < 0) {
ccfc6441cadb577084daeb1f0aa3dd7bdfa2a220Timo Sirainen "Password query must return a field named "
137ea7ca34005345aa2304a940149b7f3774d727Timo Sirainen "'password'");
2521482f3f897c83f7d5a2f9e17fe99fa4ba2cbeTimo Sirainen "Password query returned multiple matches");
2521482f3f897c83f7d5a2f9e17fe99fa4ba2cbeTimo Sirainen } else if (auth_request->passdb_password == NULL &&
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen "Empty password returned without nopassword");
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
49e513d090753ccbf95560b2f3a21f081a5b6c51Timo Sirainen /* passdb_password may change on the way,
73e19ec2d5069ea125dcd1ede5d8a70f701fd9a8Timo Sirainen so we'll need to strdup. */
12aad74464367f7e8be11eafe1af985bf7b1adecTimo Sirainen password = t_strdup(auth_request->passdb_password);
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen /* auth_request_set_field() sets scheme */
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen if (auth_request->credentials_scheme != NULL) {
965ed6ea3fc8f7637bd0d159d2fdb283a191ce34Timo Sirainen passdb_handle_credentials(passdb_result, password, scheme,
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen /* verify plain */
e9503210d3521a6833ed62dc332fc42ffb0e7a13Timo Sirainen sql_request->callback.verify_plain(passdb_result, auth_request);
d5abbb932a0a598f002da39a8b3326643b1b5efcTimo Sirainen ret = auth_request_password_verify(auth_request,
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen sql_request->callback.verify_plain(ret > 0 ? PASSDB_RESULT_OK :
dd93aba1901a457346990f49c54a738947dc7128Timo Sirainenstatic const char *
b42f37ae6f65ed986315b6885568d32115e589b1Timo Sirainenpassdb_sql_escape(const char *str, const struct auth_request *auth_request)
b42f37ae6f65ed986315b6885568d32115e589b1Timo Sirainen struct passdb_module *_module = auth_request->passdb->passdb;
b42f37ae6f65ed986315b6885568d32115e589b1Timo Sirainen struct sql_passdb_module *module = (struct sql_passdb_module *)_module;
b42f37ae6f65ed986315b6885568d32115e589b1Timo Sirainen return sql_escape_string(module->conn->db, str);
08aea01ef9a9d20703e0fcf8618e6195c0037a44Timo Sirainenstatic void sql_lookup_pass(struct passdb_sql_request *sql_request)
b42f37ae6f65ed986315b6885568d32115e589b1Timo Sirainen struct sql_passdb_module *module = (struct sql_passdb_module *)_module;
eff552f5fdc275c940c4c709eeeddb833bc51b40Timo Sirainen var_expand(query, module->conn->set.password_query,
eff552f5fdc275c940c4c709eeeddb833bc51b40Timo Sirainen auth_request_get_var_expand_table(sql_request->auth_request,
25757faf029c369a8318349dafe952e2358df1d8Timo Sirainen auth_request_log_debug(sql_request->auth_request, "sql",
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenstatic void sql_verify_plain(struct auth_request *request,
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen sql_request = p_new(request->pool, struct passdb_sql_request, 1);
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen sql_request->callback.verify_plain = callback;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenstatic void sql_lookup_credentials(struct auth_request *request,
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainen sql_request = p_new(request->pool, struct passdb_sql_request, 1);
51ead2f4c04ee85615d23c453924633b9ed8a4c2Timo Sirainen sql_request->callback.lookup_credentials = callback;
43a66a0b16299bd4f7615acd85e98bd3832c54d5Timo Sirainenstatic void sql_set_credentials_callback(const char *error,
error);
const char *new_credentials,
static struct passdb_module *