bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch/* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen#define PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL 100
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen#define PASSDB_SLOW_MASTER_WARN_MIN_PERCENTAGE 5
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen struct passwd_userdb_iterate_context *next_waiting;
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainenstatic struct passwd_userdb_iterate_context *cur_userdb_iter = NULL;
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainenstatic struct timeout *cur_userdb_iter_to = NULL;
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainenpasswd_check_warnings(struct auth_request *auth_request,
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen msecs = timeval_diff_msecs(&end_tv, start_tv);
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen i_warning("passwd: Lookup for %s took %u secs",
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen if (percentage < PASSDB_SLOW_MASTER_WARN_MIN_PERCENTAGE) {
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen /* start from beginning */
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen i_warning("passwd: %u%% of last %u lookups took over "
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen "%u milliseconds, "
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen "you may want to set blocking=yes for userdb",
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen percentage, PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL,
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainenstatic void passwd_lookup(struct auth_request *auth_request,
40eb305d9b12cf48400fe3806a8a15ad6d372952Timo Sirainen struct userdb_module *_module = auth_request->userdb->userdb;
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen auth_request_log_debug(auth_request, AUTH_SUBSYS_DB, "lookup");
b71b9e5cd06b1dc13aad122a0729d6eeda5393e7Timo Sirainen passwd_check_warnings(auth_request, module, &start_tv);
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
70afae43cc78ea6ecca83f6c587072c442a15ec1Timo Sirainen "getpwnam() failed: %m");
70afae43cc78ea6ecca83f6c587072c442a15ec1Timo Sirainen callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request);
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen auth_request_log_unknown_user(auth_request, AUTH_SUBSYS_DB);
6fabfb7bbfd88d0c1de66981e52850f26067623bTimo Sirainen callback(USERDB_RESULT_USER_UNKNOWN, auth_request);
70afae43cc78ea6ecca83f6c587072c442a15ec1Timo Sirainen auth_request_set_field(auth_request, "user", pw.pw_name, NULL);
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen auth_request_set_userdb_field(auth_request, "system_groups_user",
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen auth_request_set_userdb_field(auth_request, "uid", dec2str(pw.pw_uid));
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen auth_request_set_userdb_field(auth_request, "gid", dec2str(pw.pw_gid));
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen auth_request_set_userdb_field(auth_request, "home", pw.pw_dir);
0f5dc4da3982053036be65190e44bf28a67b1ca2Timo Sirainen if (userdb_template_export(module->tmpl, auth_request, &error) < 0) {
0f5dc4da3982053036be65190e44bf28a67b1ca2Timo Sirainen auth_request_log_error(auth_request, AUTH_SUBSYS_DB,
0f5dc4da3982053036be65190e44bf28a67b1ca2Timo Sirainen callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request);
e9371f899a3d4207a0ffd3923ea5ec7250cf5e75Timo Sirainenpasswd_iterate_init(struct auth_request *auth_request,
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen userdb_iter_callback_t *callback, void *context)
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen ctx = i_new(struct passwd_userdb_iterate_context, 1);
0caa211038e56abfdf1b8b4937a50708f997f850Timo Sirainenpasswd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
0caa211038e56abfdf1b8b4937a50708f997f850Timo Sirainen /* skip entries not in valid UID range.
0caa211038e56abfdf1b8b4937a50708f997f850Timo Sirainen they're users for daemons and such. */
0caa211038e56abfdf1b8b4937a50708f997f850Timo Sirainen if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
ca5b3ec5331545b46ec1f1c4ecfa1302ddb10653Timo Sirainen if (pw->pw_gid > (gid_t)set->last_valid_gid && set->last_valid_gid != 0)
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainenstatic void passwd_iterate_next(struct userdb_iterate_context *_ctx)
e9371f899a3d4207a0ffd3923ea5ec7250cf5e75Timo Sirainen const struct auth_settings *set = _ctx->auth_request->set;
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen if (cur_userdb_iter != NULL && cur_userdb_iter != ctx) {
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen /* we can't support concurrent userdb iteration.
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen wait until the previous one is done */
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainen ctx->next_waiting = cur_userdb_iter->next_waiting;
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainenpasswd_iterate_next_timeout(void *context ATTR_UNUSED)
43d3ea2780b5f8557ede7b4c039e8f56cb8d357dTimo Sirainenstatic int passwd_iterate_deinit(struct userdb_iterate_context *_ctx)
f0cd1d0022590d0a0d84f57e362774c2e96e2ea8Timo Sirainen cur_userdb_iter_to = timeout_add(0, passwd_iterate_next_timeout,
849969f639a00eab26791db3cb1b66430420c0cdTimo Sirainenpasswd_passwd_preinit(pool_t pool, const char *args)
849969f639a00eab26791db3cb1b66430420c0cdTimo Sirainen module = p_new(pool, struct passwd_userdb_module, 1);
74674a53a72dab535c61f455b2246ef2797844eaTimo Sirainen module->module.default_cache_key = USER_CACHE_KEY;
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen module->tmpl = userdb_template_build(pool, "passwd", args);
fd7a5919cfd68a347d6eb1b3e6e8627e1b656c75Timo Sirainen if (userdb_template_remove(module->tmpl, "blocking", &value))
fd7a5919cfd68a347d6eb1b3e6e8627e1b656c75Timo Sirainen module->module.blocking = strcasecmp(value, "yes") == 0;
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen /* FIXME: backwards compatibility */
04052d7cacaa866a3f00afb4e104fa46c04c1dd7Timo Sirainen i_warning("userdb passwd: Move templates args to override_fields setting");
b42f37ae6f65ed986315b6885568d32115e589b1Timo Sirainenstruct userdb_module_interface userdb_passwd = {