userdb-static.c revision 40eb305d9b12cf48400fe3806a8a15ad6d372952
2454dfa32c93c20a8522c6ed42fe057baaac9f9aStephan Bosch/* Copyright (C) 2003 Timo Sirainen */
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi#include "common.h"
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi#include "array.h"
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi#include "str.h"
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi#include "var-expand.h"
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi#include "userdb.h"
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi#include "userdb-static.h"
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi#include <stdlib.h>
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomistruct userdb_static_template {
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi ARRAY_DEFINE(args, const char *);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi};
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomistruct userdb_static_template *
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomiuserdb_static_template_build(pool_t pool, const char *userdb_name,
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi const char *args)
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi{
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi struct userdb_static_template *tmpl;
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi const char *const *tmp, *key, *value;
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi uid_t uid;
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi gid_t gid;
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen t_push();
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen tmpl = p_new(pool, struct userdb_static_template, 1);
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen tmp = t_strsplit_spaces(args, " ");
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen p_array_init(&tmpl->args, pool, strarray_length(tmp));
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen for (; *tmp != NULL; tmp++) {
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen value = strchr(*tmp, '=');
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen if (value == NULL)
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen key = *tmp;
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen else {
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen key = t_strdup_until(*tmp, value);
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen value++;
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen }
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi if (strcasecmp(key, "uid") == 0) {
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi uid = userdb_parse_uid(NULL, value);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi if (uid == (uid_t)-1) {
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi i_fatal("%s userdb: Invalid uid: %s",
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi userdb_name, value);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi }
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi value = dec2str(uid);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi } else if (strcasecmp(key, "gid") == 0) {
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi gid = userdb_parse_gid(NULL, value);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi if (gid == (gid_t)-1) {
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi i_fatal("%s userdb: Invalid gid: %s",
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi userdb_name, value);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi }
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi value = dec2str(gid);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi } else if (*key == '\0') {
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi i_fatal("%s userdb: Empty key (=%s)",
39435f00a35a276d329283179b3e7e0351482939Timo Sirainen userdb_name, value);
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi }
fe4a5467c998dfd79a071416068ca59d5a6a388fTimo Sirainen key = p_strdup(pool, key);
fe4a5467c998dfd79a071416068ca59d5a6a388fTimo Sirainen value = p_strdup(pool, value);
fe4a5467c998dfd79a071416068ca59d5a6a388fTimo Sirainen
fe4a5467c998dfd79a071416068ca59d5a6a388fTimo Sirainen array_append(&tmpl->args, &key, 1);
fe4a5467c998dfd79a071416068ca59d5a6a388fTimo Sirainen array_append(&tmpl->args, &value, 1);
fe4a5467c998dfd79a071416068ca59d5a6a388fTimo Sirainen }
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi t_pop();
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi return tmpl;
08c0bffa1c9ccb1ac67689093f3c99cd38cfd3a4Aki Tuomi}
bool userdb_static_template_isset(struct userdb_static_template *tmpl,
const char *key)
{
const char *const *args;
unsigned int i, count;
args = array_get(&tmpl->args, &count);
i_assert((count % 2) == 0);
for (i = 0; i < count; i += 2) {
if (strcmp(args[i], key) == 0)
return TRUE;
}
return FALSE;
}
bool userdb_static_template_remove(struct userdb_static_template *tmpl,
const char *key, const char **value_r)
{
const char *const *args;
unsigned int i, count;
args = array_get(&tmpl->args, &count);
i_assert((count % 2) == 0);
for (i = 0; i < count; i += 2) {
if (strcmp(args[i], key) == 0) {
*value_r = args[i+1];
array_delete(&tmpl->args, i, 2);
return TRUE;
}
}
return FALSE;
}
void userdb_static_template_export(struct userdb_static_template *tmpl,
struct auth_request *auth_request)
{
const struct var_expand_table *table;
string_t *str;
const char *const *args, *value;
unsigned int i, count;
t_push();
str = t_str_new(256);
table = auth_request_get_var_expand_table(auth_request, NULL);
args = array_get(&tmpl->args, &count);
i_assert((count % 2) == 0);
for (i = 0; i < count; i += 2) {
if (args[i+1] == NULL)
value = NULL;
else {
str_truncate(str, 0);
var_expand(str, args[i+1], table);
value = str_c(str);
}
auth_request_set_userdb_field(auth_request, args[i], value);
}
t_pop();
}
#ifdef USERDB_STATIC
struct static_context {
userdb_callback_t *callback, *old_callback;
void *old_context;
};
struct static_userdb_module {
struct userdb_module module;
struct userdb_static_template *tmpl;
unsigned int allow_all_users:1;
};
static void static_lookup_real(struct auth_request *auth_request,
userdb_callback_t *callback)
{
struct userdb_module *_module = auth_request->userdb->userdb;
struct static_userdb_module *module =
(struct static_userdb_module *)_module;
auth_request_init_userdb_reply(auth_request);
userdb_static_template_export(module->tmpl, auth_request);
callback(USERDB_RESULT_OK, auth_request);
}
static void
static_credentials_callback(enum passdb_result result,
const unsigned char *credentials __attr_unused__,
size_t size __attr_unused__,
struct auth_request *auth_request)
{
struct static_context *ctx = auth_request->context;
auth_request->private_callback.userdb = ctx->old_callback;
auth_request->context = ctx->old_context;
auth_request->state = AUTH_REQUEST_STATE_USERDB;
switch (result) {
case PASSDB_RESULT_OK:
static_lookup_real(auth_request, ctx->callback);
break;
case PASSDB_RESULT_USER_UNKNOWN:
case PASSDB_RESULT_USER_DISABLED:
case PASSDB_RESULT_PASS_EXPIRED:
ctx->callback(USERDB_RESULT_USER_UNKNOWN, auth_request);
break;
case PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
auth_request_log_error(auth_request, "static",
"passdb doesn't support lookups, "
"can't verify user's existence");
/* fall through */
default:
ctx->callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request);
break;
}
i_free(ctx);
}
static void static_lookup(struct auth_request *auth_request,
userdb_callback_t *callback)
{
struct userdb_module *_module = auth_request->userdb->userdb;
struct static_userdb_module *module =
(struct static_userdb_module *)_module;
struct static_context *ctx;
if (!auth_request->successful && !module->allow_all_users) {
/* this is a userdb-only lookup. we need to know if this
users exists or not. use a passdb lookup to do that.
if the passdb doesn't support returning credentials, this
will of course fail.. */
ctx = i_new(struct static_context, 1);
ctx->old_callback = auth_request->private_callback.userdb;
ctx->old_context = auth_request->context;
ctx->callback = callback;
i_assert(auth_request->state == AUTH_REQUEST_STATE_USERDB);
auth_request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
auth_request->context = ctx;
auth_request_lookup_credentials(auth_request, "",
static_credentials_callback);
} else {
static_lookup_real(auth_request, callback);
}
}
static struct userdb_module *
static_preinit(struct auth_userdb *auth_userdb, const char *args)
{
struct static_userdb_module *module;
const char *value;
module = p_new(auth_userdb->auth->pool, struct static_userdb_module, 1);
module->tmpl = userdb_static_template_build(auth_userdb->auth->pool,
"static", args);
if (userdb_static_template_remove(module->tmpl, "allow_all_users",
&value)) {
module->allow_all_users = value == NULL ||
strcasecmp(value, "yes") == 0;
}
return &module->module;
}
struct userdb_module_interface userdb_static = {
"static",
static_preinit,
NULL,
NULL,
static_lookup
};
#endif