static void auth_request_save_cache(struct auth_request *request,
enum passdb_result result)
{
- struct passdb_module *passdb = request->passdb->passdb;
+ struct auth_passdb *passdb = request->passdb;
const char *encoded_password;
string_t *str;
if (*request->passdb_password != '{') {
/* cached passwords must have a known scheme */
str_append_c(str, '{');
- str_append(str, passdb->default_pass_scheme);
+ str_append(str, passdb->passdb->default_pass_scheme);
str_append_c(str, '}');
}
str_append_tabescaped(str, request->passdb_password);
void auth_request_verify_plain_callback(enum passdb_result result,
struct auth_request *request)
{
- struct passdb_module *passdb = request->passdb->passdb;
+ struct auth_passdb *passdb = request->passdb;
i_assert(request->state == AUTH_REQUEST_STATE_PASSDB);
const char *password,
verify_plain_callback_t *callback)
{
- struct passdb_module *passdb;
+ struct auth_passdb *passdb;
enum passdb_result result;
const char *cache_key;
return;
}
- passdb = request->passdb->passdb;
+ passdb = request->passdb;
if (request->mech_password == NULL)
request->mech_password = p_strdup(request->pool, password);
else
auth_request_set_state(request, AUTH_REQUEST_STATE_PASSDB);
request->credentials_scheme = NULL;
- if (passdb->iface.verify_plain == NULL) {
+ if (passdb->passdb->iface.verify_plain == NULL) {
/* we're deinitializing and just want to get rid of this
request */
auth_request_verify_plain_callback(
PASSDB_RESULT_INTERNAL_FAILURE, request);
- } else if (passdb->blocking) {
+ } else if (passdb->passdb->blocking) {
passdb_blocking_verify_plain(request);
} else {
- passdb_template_export(passdb->default_fields_tmpl, request);
- passdb->iface.verify_plain(request, password,
+ passdb_template_export(passdb->passdb->default_fields_tmpl, request);
+ passdb->passdb->iface.verify_plain(request, password,
auth_request_verify_plain_callback);
}
}
size_t size,
struct auth_request *request)
{
- struct passdb_module *passdb = request->passdb->passdb;
+ struct auth_passdb *passdb = request->passdb;
const char *cache_cred, *cache_scheme;
i_assert(request->state == AUTH_REQUEST_STATE_PASSDB);
const char *scheme,
lookup_credentials_callback_t *callback)
{
- struct passdb_module *passdb;
+ struct auth_passdb *passdb;
const char *cache_key, *cache_cred, *cache_scheme;
enum passdb_result result;
callback(PASSDB_RESULT_USER_UNKNOWN, NULL, 0, request);
return;
}
- passdb = request->passdb->passdb;
+ passdb = request->passdb;
request->credentials_scheme = p_strdup(request->pool, scheme);
request->private_callback.lookup_credentials = callback;
auth_request_set_state(request, AUTH_REQUEST_STATE_PASSDB);
- if (passdb->iface.lookup_credentials == NULL) {
+ if (passdb->passdb->iface.lookup_credentials == NULL) {
/* this passdb doesn't support credentials */
auth_request_log_debug(request, AUTH_SUBSYS_DB,
"passdb doesn't support credential lookups");
auth_request_lookup_credentials_callback(
PASSDB_RESULT_SCHEME_NOT_AVAILABLE,
&uchar_nul, 0, request);
- } else if (passdb->blocking) {
+ } else if (passdb->passdb->blocking) {
passdb_blocking_lookup_credentials(request);
} else {
- passdb_template_export(passdb->default_fields_tmpl, request);
- passdb->iface.lookup_credentials(request,
+ passdb_template_export(passdb->passdb->default_fields_tmpl, request);
+ passdb->passdb->iface.lookup_credentials(request,
auth_request_lookup_credentials_callback);
}
}
const char *scheme, const char *data,
set_credentials_callback_t *callback)
{
- struct passdb_module *passdb = request->passdb->passdb;
+ struct auth_passdb *passdb = request->passdb;
const char *cache_key, *new_credentials;
cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
request->private_callback.set_credentials = callback;
new_credentials = t_strdup_printf("{%s}%s", scheme, data);
- if (passdb->blocking)
+ if (passdb->passdb->blocking)
passdb_blocking_set_credentials(request, new_credentials);
- else if (passdb->iface.set_credentials != NULL) {
- passdb->iface.set_credentials(request, new_credentials,
- callback);
+ else if (passdb->passdb->iface.set_credentials != NULL) {
+ passdb->passdb->iface.set_credentials(request, new_credentials,
+ callback);
} else {
/* this passdb doesn't support credentials update */
callback(FALSE, request);
static void auth_request_userdb_save_cache(struct auth_request *request,
enum userdb_result result)
{
- struct userdb_module *userdb = request->userdb->userdb;
+ struct auth_userdb *userdb = request->userdb;
string_t *str;
const char *cache_value;
void auth_request_userdb_callback(enum userdb_result result,
struct auth_request *request)
{
- struct userdb_module *userdb = request->userdb->userdb;
+ struct auth_userdb *userdb = request->userdb;
struct auth_userdb *next_userdb;
enum auth_db_rule result_rule;
bool userdb_continue = FALSE;
switch (result) {
case USERDB_RESULT_OK:
- result_rule = request->userdb->result_success;
+ result_rule = userdb->result_success;
break;
case USERDB_RESULT_INTERNAL_FAILURE:
auth_request_stats_add_tempfail(request);
- result_rule = request->userdb->result_internalfail;
+ result_rule = userdb->result_internalfail;
break;
case USERDB_RESULT_USER_UNKNOWN:
default:
- result_rule = request->userdb->result_failure;
+ result_rule = userdb->result_failure;
break;
}
break;
}
- next_userdb = request->userdb->next;
+ next_userdb = userdb->next;
while (next_userdb != NULL &&
auth_request_want_skip_userdb(request, next_userdb))
next_userdb = next_userdb->next;
if (result == USERDB_RESULT_OK) {
/* this userdb lookup succeeded, preserve its extra
fields */
- userdb_template_export(userdb->override_fields_tmpl, request);
+ userdb_template_export(userdb->userdb->override_fields_tmpl, request);
auth_fields_snapshot(request->userdb_reply);
} else {
/* this userdb lookup failed, remove any extra fields
}
if (request->userdb_success)
- userdb_template_export(userdb->override_fields_tmpl, request);
+ userdb_template_export(userdb->userdb->override_fields_tmpl, request);
else if (request->userdbs_seen_internal_failure ||
result == USERDB_RESULT_INTERNAL_FAILURE) {
/* one of the userdb lookups failed. the user might have been
void auth_request_lookup_user(struct auth_request *request,
userdb_callback_t *callback)
{
- struct userdb_module *userdb = request->userdb->userdb;
+ struct auth_userdb *userdb = request->userdb;
const char *cache_key;
request->private_callback.userdb = callback;
/* we still want to set default_fields. these override any
existing fields set by previous userdbs (because if that is
unwanted, ":protected" can be used). */
- userdb_template_export(userdb->default_fields_tmpl, request);
+ userdb_template_export(userdb->userdb->default_fields_tmpl, request);
}
/* (for now) auth_cache is shared between passdb and userdb */
}
}
- if (userdb->iface->lookup == NULL) {
+ if (userdb->userdb->iface->lookup == NULL) {
/* we are deinitializing */
auth_request_userdb_callback(USERDB_RESULT_INTERNAL_FAILURE,
request);
- } else if (userdb->blocking)
+ } else if (userdb->userdb->blocking)
userdb_blocking_lookup(request);
else
- userdb->iface->lookup(request, auth_request_userdb_callback);
+ userdb->userdb->iface->lookup(request, auth_request_userdb_callback);
}
static char *
*dest = auth_passdb;
auth_passdb->passdb = passdb_preinit(auth->pool, set);
+ /* make sure any %variables in default_fields exist in cache_key */
+ auth_passdb->cache_key =
+ p_strconcat(auth->pool, auth_passdb->passdb->default_cache_key,
+ set->default_fields, NULL);
}
static void
*dest = auth_userdb;
auth_userdb->userdb = userdb_preinit(auth->pool, set);
+ /* make sure any %variables in default_fields exist in cache_key */
+ auth_userdb->cache_key =
+ p_strconcat(auth->pool, auth_userdb->userdb->default_cache_key,
+ set->default_fields, NULL);
}
static bool auth_passdb_list_have_verify_plain(const struct auth *auth)
return auth;
}
+static void auth_passdb_init(struct auth_passdb *passdb)
+{
+ passdb_init(passdb->passdb);
+
+ i_assert(passdb->passdb->default_pass_scheme != NULL ||
+ passdb->cache_key == NULL);
+}
+
static void auth_init(struct auth *auth)
{
struct auth_passdb *passdb;
struct auth_userdb *userdb;
for (passdb = auth->masterdbs; passdb != NULL; passdb = passdb->next)
- passdb_init(passdb->passdb);
+ auth_passdb_init(passdb);
for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next)
- passdb_init(passdb->passdb);
+ auth_passdb_init(passdb);
for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next)
userdb_init(userdb->userdb);
}
const struct auth_passdb_settings *set;
struct passdb_module *passdb;
+ /* The caching key for this passdb, or NULL if caching isn't wanted. */
+ const char *cache_key;
+
enum auth_passdb_skip skip;
enum auth_db_rule result_success;
enum auth_db_rule result_failure;
const struct auth_userdb_settings *set;
struct userdb_module *userdb;
+ /* The caching key for this userdb, or NULL if caching isn't wanted. */
+ const char *cache_key;
+
enum auth_userdb_skip skip;
enum auth_db_rule result_success;
enum auth_db_rule result_failure;
if (strcmp(args, "blocking=no") == 0)
module->blocking = FALSE;
else if (strncmp(args, "cache_key=", 10) == 0)
- module->cache_key = auth_cache_parse_key(pool, args + 10);
+ module->default_cache_key = auth_cache_parse_key(pool, args + 10);
else if (*args != '\0')
i_fatal("passdb bsdauth: Unknown setting: %s", args);
return module;
module->conn = conn = db_dict_init(args);
module->module.blocking = TRUE;
- module->module.cache_key = auth_cache_parse_key(pool,
+ module->module.default_cache_key = auth_cache_parse_key(pool,
db_dict_parse_cache_key(&conn->set.keys, &conn->set.passdb_fields,
&conn->set.parsed_passdb_objects));
module->module.default_pass_scheme = conn->set.default_pass_scheme;
&conn->pass_attr_map,
conn->set.auth_bind ? "password" : NULL);
module->module.blocking = conn->set.blocking;
- module->module.cache_key =
+ module->module.default_cache_key =
auth_cache_parse_key(pool,
t_strconcat(conn->set.base,
conn->set.pass_attrs,
else if (strcmp(t_args[i], "setcred=yes") == 0)
module->pam_setcred = TRUE;
else if (strncmp(t_args[i], "cache_key=", 10) == 0) {
- module->module.cache_key =
+ module->module.default_cache_key =
auth_cache_parse_key(pool, t_args[i] + 10);
} else if (strcmp(t_args[i], "blocking=yes") == 0) {
/* ignore, for backwards compatibility */
module->username_format = format;
if (!module->pwf->vars)
- module->module.cache_key = format;
+ module->module.default_cache_key = format;
else {
- module->module.cache_key = auth_cache_parse_key(pool,
+ module->module.default_cache_key = auth_cache_parse_key(pool,
t_strconcat(format, module->pwf->path, NULL));
}
else if (*args != '\0')
i_fatal("passdb passwd: Unknown setting: %s", args);
- module->cache_key = PASSWD_CACHE_KEY;
+ module->default_cache_key = PASSWD_CACHE_KEY;
module->default_pass_scheme = PASSWD_PASS_SCHEME;
return module;
}
else if (*args != '\0')
i_fatal("passdb shadow: Unknown setting: %s", args);
- module->cache_key = SHADOW_CACHE_KEY;
+ module->default_cache_key = SHADOW_CACHE_KEY;
module->default_pass_scheme = SHADOW_PASS_SCHEME;
return module;
}
module = p_new(pool, struct sql_passdb_module, 1);
module->conn = conn = db_sql_init(args, FALSE);
- module->module.cache_key =
+ module->module.default_cache_key =
auth_cache_parse_key(pool, conn->set.password_query);
module->module.default_pass_scheme = conn->set.default_pass_scheme;
return &module->module;
tmp = t_strsplit_spaces(args, " ");
for (; *tmp != NULL; tmp++) {
if (strncmp(*tmp, "cache_key=", 10) == 0) {
- module->module.cache_key =
+ module->module.default_cache_key =
auth_cache_parse_key(pool, *tmp + 10);
} else if (strncmp(*tmp, "webmail=", 8) == 0) {
if (net_addr2ip(*tmp + 8, &module->webmail_ip) < 0)
passdb_template_build(pool, set->default_fields);
passdb->override_fields_tmpl =
passdb_template_build(pool, set->override_fields);
- if (passdb->cache_key != NULL &&
- !passdb_template_is_empty(passdb->default_fields_tmpl)) {
- /* make sure any %variables in default_fields exist
- in cache_key */
- passdb->cache_key = p_strconcat(pool, passdb->cache_key,
- set->default_fields, NULL);
- }
array_append(&passdb_modules, &passdb, 1);
return passdb;
if (passdb->iface.init != NULL && passdb->init_refcount == 0)
passdb->iface.init(passdb);
passdb->init_refcount++;
-
- i_assert(passdb->default_pass_scheme != NULL ||
- passdb->cache_key == NULL);
}
void passdb_deinit(struct passdb_module *passdb)
struct passdb_module {
const char *args;
- /* The caching key for this module, or NULL if caching isn't wanted. */
- const char *cache_key;
+ /* The default caching key for this module, or NULL if caching isn't
+ wanted. This is updated by settings in auth_passdb. */
+#define default_cache_key cache_key /* FIXME: remove in v2.3 - for API backwards compatibility */
+ const char *default_cache_key;
/* Default password scheme for this module.
If cache_key is set, must not be NULL. */
const char *default_pass_scheme;
module->conn = conn = db_dict_init(args);
module->module.blocking = TRUE;
- module->module.cache_key = auth_cache_parse_key(pool,
+ module->module.default_cache_key = auth_cache_parse_key(pool,
db_dict_parse_cache_key(&conn->set.keys, &conn->set.userdb_fields,
&conn->set.parsed_userdb_objects));
return &module->module;
&conn->iterate_attr_names,
&conn->iterate_attr_map, NULL);
module->module.blocking = conn->set.blocking;
- module->module.cache_key =
+ module->module.default_cache_key =
auth_cache_parse_key(pool,
t_strconcat(conn->set.base,
conn->set.user_attrs,
i_fatal("userdb nss: Missing service");
userdb_nss_load_module(module, pool);
- module->module.cache_key = USER_CACHE_KEY;
+ module->module.default_cache_key = USER_CACHE_KEY;
return &module->module;
}
module->username_format = format;
if (!module->pwf->vars)
- module->module.cache_key = PASSWD_FILE_CACHE_KEY;
+ module->module.default_cache_key = PASSWD_FILE_CACHE_KEY;
else {
- module->module.cache_key =
+ module->module.default_cache_key =
auth_cache_parse_key(pool,
t_strconcat(PASSWD_FILE_CACHE_KEY,
module->pwf->path,
const char *value;
module = p_new(pool, struct passwd_userdb_module, 1);
- module->module.cache_key = USER_CACHE_KEY;
+ module->module.default_cache_key = USER_CACHE_KEY;
module->tmpl = userdb_template_build(pool, "passwd", args);
module->module.blocking = TRUE;
module = p_new(pool, struct sql_userdb_module, 1);
module->conn = db_sql_init(args, TRUE);
- module->module.cache_key =
+ module->module.default_cache_key =
auth_cache_parse_key(pool, module->conn->set.user_query);
return &module->module;
}
for (tmp = t_strsplit(args, " "); *tmp != NULL; tmp++) {
if (strncmp(*tmp, "cache_key=", 10) == 0)
- module->module.cache_key = p_strdup(pool, *tmp + 10);
+ module->module.default_cache_key =
+ p_strdup(pool, *tmp + 10);
else if (strncmp(*tmp, "quota_template=", 15) == 0) {
p = strchr(*tmp + 15, '=');
if (p == NULL) {
userdb->override_fields_tmpl =
userdb_template_build(pool, set->driver,
set->override_fields);
- if (userdb->cache_key != NULL &&
- !userdb_template_is_empty(userdb->default_fields_tmpl)) {
- /* make sure any %variables in default_fields exist
- in cache_key */
- userdb->cache_key = p_strconcat(pool, userdb->cache_key,
- set->default_fields, NULL);
- }
array_append(&userdb_modules, &userdb, 1);
return userdb;
struct userdb_module {
const char *args;
- /* The caching key for this module, or NULL if caching isn't wanted. */
- const char *cache_key;
+ /* The default caching key for this module, or NULL if caching isn't
+ wanted. This is updated by settings in auth_userdb. */
+#define default_cache_key cache_key /* FIXME: remove in v2.3 - for API backwards compatibility */
+ const char *default_cache_key;
/* If blocking is set to TRUE, use child processes to access
this userdb. */
projects / thirdparty / dovecot / core.git / commitdiff
