userdb-passwd.c revision fd7a5919cfd68a347d6eb1b3e6e8627e1b656c75
45312f52ff3a3d4c137447be4c7556500c2f8bf2Timo Sirainen/* Copyright (c) 2002-2012 Dovecot authors, see the included COPYING file */
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen#define PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL 100
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen#define PASSDB_SLOW_MASTER_WARN_MIN_PERCENTAGE 5
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen struct passwd_userdb_iterate_context *next_waiting;
f7539a17ea306191b53b8f5e752e228937df9ec3Timo Sirainenstatic struct passwd_userdb_iterate_context *cur_userdb_iter = NULL;
f7539a17ea306191b53b8f5e752e228937df9ec3Timo Sirainenstatic struct timeout *cur_userdb_iter_to = NULL;
f7539a17ea306191b53b8f5e752e228937df9ec3Timo Sirainenpasswd_check_warnings(struct auth_request *auth_request,
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen msecs = timeval_diff_msecs(&end_tv, start_tv);
2615df45a8027948a474abe5e817b34b0499c171Timo Sirainen i_warning("passwd: Lookup for %s took %u secs",
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen if (percentage < PASSDB_SLOW_MASTER_WARN_MIN_PERCENTAGE) {
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen /* start from beginning */
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen i_warning("passwd: %u%% of last %u lookups took over "
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen "%u milliseconds, "
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen "you may want to set blocking=yes for userdb",
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen percentage, PASSDB_SLOW_MASTER_WARN_COUNT_INTERVAL,
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainenstatic void passwd_lookup(struct auth_request *auth_request,
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen struct userdb_module *_module = auth_request->userdb->userdb;
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen auth_request_log_debug(auth_request, "passwd", "lookup");
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen passwd_check_warnings(auth_request, module, &start_tv);
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen auth_request_log_error(auth_request, "passwd",
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen "getpwnam() failed: %m");
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request);
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen auth_request_log_info(auth_request, "passwd", "unknown user");
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen callback(USERDB_RESULT_USER_UNKNOWN, auth_request);
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen auth_request_set_field(auth_request, "user", pw.pw_name, NULL);
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen auth_request_set_userdb_field(auth_request, "system_groups_user",
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen auth_request_set_userdb_field(auth_request, "uid", dec2str(pw.pw_uid));
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen auth_request_set_userdb_field(auth_request, "gid", dec2str(pw.pw_gid));
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen auth_request_set_userdb_field(auth_request, "home", pw.pw_dir);
b42697a5749b85659a24316d97f1c208d469e4e8Timo Sirainen userdb_template_export(module->tmpl, auth_request);
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainenpasswd_iterate_init(struct auth_request *auth_request,
1d2b188f0eedc3cab6e27ceac5425a037f38042eTimo Sirainen userdb_iter_callback_t *callback, void *context)
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen ctx = i_new(struct passwd_userdb_iterate_context, 1);
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainenpasswd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen /* skip entries not in valid UID range.
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen they're users for daemons and such. */
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen /* skip entries that don't have a valid shell.
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen they're again probably not real users. */
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen if (strcmp(pw->pw_shell, "/bin/false") == 0 ||
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen strcmp(pw->pw_shell, "/usr/sbin/nologin") == 0)
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainenstatic void passwd_iterate_next(struct userdb_iterate_context *_ctx)
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen const struct auth_settings *set = _ctx->auth_request->set;
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen if (cur_userdb_iter != NULL && cur_userdb_iter != ctx) {
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen /* we can't support concurrent userdb iteration.
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen wait until the previous one is done */
17ad2164c747cedbf81dae1893063e71a3df0356Timo Sirainen ctx->next_waiting = cur_userdb_iter->next_waiting;
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainenstatic void passwd_iterate_next_timeout(void *context ATTR_UNUSED)
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainenstatic int passwd_iterate_deinit(struct userdb_iterate_context *_ctx)
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen timeout_add(0, passwd_iterate_next_timeout, NULL);
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainenpasswd_passwd_preinit(pool_t pool, const char *args)
71c4ac143fefd57aeec6298489c4559b6f13c67bTimo Sirainen module = p_new(pool, struct passwd_userdb_module, 1);
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen module->tmpl = userdb_template_build(pool, "passwd", args);
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen if (userdb_template_remove(module->tmpl, "blocking", &value))
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen module->module.blocking = strcasecmp(value, "yes") == 0;
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen /* FIXME: backwards compatibility */
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainen i_warning("userdb passwd: Move templates args to override_fields setting");
c6a57378d3c54988f525f81e19c0c5d132a0770dTimo Sirainenstruct userdb_module_interface userdb_passwd = {