auth: Change auth_policy_request_attributes setting to strlist type

diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
index 0499d1ddd1d8585bd0ce92adef01cad3eed770ec..02dabcc089f97ad8f623d8f9d494606bd7fc6a73 100644 (file)
--- a/src/auth/auth-policy.c
+++ b/src/auth/auth-policy.c
@@ -156,26 +156,23 @@ void auth_policy_init(void)
        const struct policy_template_keyvalue *kvptr;
        string_t *template = t_str_new(64);
        struct json_ostream *json_output;
-       const char **ptr;
-       const char *key = NULL;
-       const char **list = t_strsplit_spaces(
-               global_auth_settings->policy_request_attributes, "= ");
 
-       t_array_init(&attribute_pairs, 8);
-       for (ptr = list; *ptr != NULL; ptr++) {
-               struct policy_template_keyvalue pair;
+       const struct auth_policy_request_settings *set;
+       if (settings_get(auth_event, &auth_policy_request_setting_parser_info,
+                        SETTINGS_GET_FLAG_NO_EXPAND, &set, &error) < 0)
+               i_fatal("%s", error);
 
-               if (key == NULL) {
-                       key = *ptr;
-               } else {
-                       pair.key = key;
-                       pair.value = *ptr;
-                       key = NULL;
-                       array_push_back(&attribute_pairs, &pair);
-               }
+       t_array_init(&attribute_pairs, 8);
+       unsigned int i, count;
+       const char *const *list =
+               array_get(&set->policy_request_attributes, &count);
+       i_assert(count % 2 == 0);
+       for (i = 0; i < count; i += 2) {
+               struct policy_template_keyvalue *pair =
+                       array_append_space(&attribute_pairs);
+               pair->key = list[i];
+               pair->value = list[i + 1];
        }
-       if (key != NULL)
-               i_fatal("auth_policy_request_attributes contains invalid value");
 
        /* then we sort it */
        array_sort(&attribute_pairs, auth_policy_attribute_comparator);
@@ -206,6 +203,7 @@ void auth_policy_init(void)
                          "auth-policy: Currently in log-only mode. Ignoring "
                          "tarpit and disconnect instructions from policy server");
        }
+       settings_free(set);
 }
 
 void auth_policy_deinit(void)

diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
index 6b22da36d14a690fb4a602b50f33e4e6472e6371..d0ea898b48dddb061de3001ef48de08e6ef5be4c 100644 (file)
--- a/src/auth/auth-settings.c
+++ b/src/auth/auth-settings.c
@@ -317,7 +317,6 @@ static const struct setting_define auth_setting_defines[] = {
        DEF(STR, policy_server_api_header),
        DEF(STR, policy_hash_mech),
        DEF(STR, policy_hash_nonce),
-       DEF(STR_NOVARS, policy_request_attributes),
        DEF(BOOL, policy_reject_on_fail),
        DEF(BOOL, policy_check_before_auth),
        DEF(BOOL, policy_check_after_auth),
@@ -378,7 +377,6 @@ static const struct auth_settings auth_default_settings = {
        .policy_server_api_header = "",
        .policy_hash_mech = "sha256",
        .policy_hash_nonce = "",
-       .policy_request_attributes = "login=%{requested_username} pwhash=%{hashed_password} remote=%{remote_ip} device_id=%{client_id} protocol=%{protocol} session_id=%{session} fail_type=%{fail_type}",
        .policy_reject_on_fail = FALSE,
        .policy_check_before_auth = TRUE,
        .policy_check_after_auth = TRUE,
@@ -427,6 +425,41 @@ const struct setting_parser_info auth_setting_parser_info = {
        .ext_check_func = auth_settings_ext_check,
 };
 
+#undef DEF
+#define DEF(type, name) \
+       SETTING_DEFINE_STRUCT_##type("auth_"#name, name, struct auth_policy_request_settings)
+
+static const struct setting_define auth_policy_request_setting_defines[] = {
+       DEF(STRLIST, policy_request_attributes),
+
+       SETTING_DEFINE_LIST_END
+};
+
+static const struct auth_policy_request_settings auth_policy_request_default_settings = {
+       .policy_request_attributes = ARRAY_INIT,
+};
+static const struct setting_keyvalue auth_policy_request_default_settings_keyvalue[] = {
+       { "auth_policy_request_attributes/login", "%{requested_username}" },
+       { "auth_policy_request_attributes/pwhash", "%{hashed_password}" },
+       { "auth_policy_request_attributes/remote", "%{remote_ip}" },
+       { "auth_policy_request_attributes/device_id", "%{client_id}" },
+       { "auth_policy_request_attributes/protocol", "%{protocol}" },
+       { "auth_policy_request_attributes/session_id", "%{session}" },
+       { "auth_policy_request_attributes/fail_type", "%{fail_type}" },
+       { NULL, NULL }
+};
+
+const struct setting_parser_info auth_policy_request_setting_parser_info = {
+       .name = "auth_policy_request",
+
+       .defines = auth_policy_request_setting_defines,
+       .defaults = &auth_policy_request_default_settings,
+       .default_settings = auth_policy_request_default_settings_keyvalue,
+
+       .struct_size = sizeof(struct auth_policy_request_settings),
+       .pool_offset1 = 1 + offsetof(struct auth_policy_request_settings, pool),
+};
+
 /* <settings checks> */
 static bool
 auth_settings_set_self_ips(struct auth_settings *set, pool_t pool,

diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
index 1aac6d68818a8bd1320b8ba2f2f728b7f5abd6c7..3cc521a7211d590d930d1a2b761210c259872250 100644 (file)
--- a/src/auth/auth-settings.h
+++ b/src/auth/auth-settings.h
@@ -76,7 +76,6 @@ struct auth_settings {
        const char *policy_server_api_header;
        const char *policy_hash_mech;
        const char *policy_hash_nonce;
-       const char *policy_request_attributes;
        bool policy_reject_on_fail;
        bool policy_check_before_auth;
        bool policy_check_after_auth;
@@ -111,6 +110,11 @@ struct auth_settings {
        const struct ip_addr *proxy_self_ips;
 };
 
+struct auth_policy_request_settings {
+       pool_t pool;
+       ARRAY_TYPE(const_string) policy_request_attributes;
+};
+
 struct auth_static_settings {
        pool_t pool;
        const char *passdb_static_password;
@@ -118,6 +122,7 @@ struct auth_static_settings {
 };
 
 extern const struct setting_parser_info auth_setting_parser_info;
+extern const struct setting_parser_info auth_policy_request_setting_parser_info;
 extern const struct setting_parser_info auth_passdb_setting_parser_info;
 extern const struct setting_parser_info auth_static_setting_parser_info;
 extern const struct setting_parser_info auth_passdb_pre_setting_parser_info;