From: Timo Sirainen Date: Fri, 29 Nov 2024 10:37:46 +0000 (+0200) Subject: auth: Convert passdbs_generate_md5() to read all settings X-Git-Tag: 2.4.0~174 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f39b69445463e69d66ffc0678e21e5354a295cf6;p=thirdparty%2Fdovecot%2Fcore.git auth: Convert passdbs_generate_md5() to read all settings --- diff --git a/src/auth/auth-worker-connection.c b/src/auth/auth-worker-connection.c index 0f1b3a9c44..afdd9a5eb9 100644 --- a/src/auth/auth-worker-connection.c +++ b/src/auth/auth-worker-connection.c @@ -194,7 +194,7 @@ static void auth_worker_connection_connected(struct connection *conn, string_t *str = t_str_new(128); - passdbs_generate_md5(passdb_md5); + auth_passdbs_generate_md5(passdb_md5); userdbs_generate_md5(userdb_md5); str_append(str, "DBHASH\t"); binary_to_hex_append(str, passdb_md5, sizeof(passdb_md5)); diff --git a/src/auth/auth-worker-server.c b/src/auth/auth-worker-server.c index 60263b329b..c3d5b5126a 100644 --- a/src/auth/auth-worker-server.c +++ b/src/auth/auth-worker-server.c @@ -749,7 +749,7 @@ static bool auth_worker_verify_db_hash(const char *passdb_hash, const char *user unsigned char passdb_md5[MD5_RESULTLEN]; unsigned char userdb_md5[MD5_RESULTLEN]; - passdbs_generate_md5(passdb_md5); + auth_passdbs_generate_md5(passdb_md5); userdbs_generate_md5(userdb_md5); binary_to_hex_append(str, passdb_md5, sizeof(passdb_md5)); diff --git a/src/auth/auth.c b/src/auth/auth.c index e3ae4db347..d55b1cf189 100644 --- a/src/auth/auth.c +++ b/src/auth/auth.c @@ -79,6 +79,7 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *_set, { struct auth_passdb *auth_passdb, **dest; const struct auth_passdb_settings *set; + const char *error; /* Lookup passdb-specific auth_settings */ struct event *event = event_create(auth_event); @@ -92,6 +93,11 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *_set, auth_passdb = p_new(auth->pool, struct auth_passdb, 1); auth_passdb->auth_set = settings_get_or_fatal(event, &auth_setting_parser_info); + if (settings_get(event, &auth_passdb_post_setting_parser_info, + SETTINGS_GET_FLAG_NO_CHECK | + SETTINGS_GET_FLAG_NO_EXPAND, + &auth_passdb->unexpanded_post_set, &error) < 0) + i_fatal("%s", error); auth_passdb->name = set->name; auth_passdb->set = set; @@ -135,6 +141,7 @@ static void auth_passdb_deinit(struct auth_passdb *passdb) { settings_free(passdb->set); settings_free(passdb->auth_set); + settings_free(passdb->unexpanded_post_set); passdb_deinit(passdb->passdb); } @@ -396,6 +403,37 @@ static void auth_deinit(struct auth *auth) dns_client_deinit(&auth->dns_client); } +static void +auth_passdbs_update_md5(struct auth *auth, struct md5_context *ctx) +{ + struct auth_passdb *passdb; + unsigned int hash; + + for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) { + md5_update(ctx, &passdb->passdb->id, sizeof(passdb->passdb->id)); + hash = settings_hash(&auth_passdb_setting_parser_info, + passdb->set, NULL); + md5_update(ctx, &hash, sizeof(hash)); + hash = settings_hash(&auth_setting_parser_info, + passdb->auth_set, NULL); + md5_update(ctx, &hash, sizeof(hash)); + hash = settings_hash(&auth_passdb_post_setting_parser_info, + passdb->unexpanded_post_set, NULL); + md5_update(ctx, &hash, sizeof(hash)); + } +} + +void auth_passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]) +{ + struct auth *auth; + struct md5_context ctx; + + md5_init(&ctx); + array_foreach_elem(&auths, auth) + auth_passdbs_update_md5(auth, &ctx); + md5_final(&ctx, md5); +} + struct auth *auth_find_protocol(const char *name) { struct auth *const *a; diff --git a/src/auth/auth.h b/src/auth/auth.h index e6ebcd3799..acffb651c2 100644 --- a/src/auth/auth.h +++ b/src/auth/auth.h @@ -1,6 +1,7 @@ #ifndef AUTH_H #define AUTH_H +#include "md5.h" #include "auth-settings.h" #define PASSWORD_HIDDEN_STR "" @@ -35,6 +36,7 @@ struct auth_passdb { const char *name; const struct auth_settings *auth_set; const struct auth_passdb_settings *set; + const struct auth_passdb_post_settings *unexpanded_post_set; struct passdb_module *passdb; /* The caching key for this passdb, or NULL if caching isn't wanted. */ @@ -85,6 +87,8 @@ struct auth { struct auth *auth_find_protocol(const char *name); struct auth *auth_default_protocol(void); +void auth_passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]); + void auths_preinit(struct event *parent_event, const struct auth_settings *set, const struct mechanisms_register *reg, diff --git a/src/auth/passdb.c b/src/auth/passdb.c index 187b659cc0..5d9602ed99 100644 --- a/src/auth/passdb.c +++ b/src/auth/passdb.c @@ -238,23 +238,6 @@ void passdb_deinit(struct passdb_module *passdb) passdb->iface = passdb_iface_deinit; } -void passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]) -{ - struct md5_context ctx; - struct passdb_module *const *passdbs; - unsigned int i, count; - - md5_init(&ctx); - passdbs = array_get(&passdb_modules, &count); - for (i = 0; i < count; i++) { - md5_update(&ctx, &passdbs[i]->id, sizeof(passdbs[i]->id)); - md5_update(&ctx, passdbs[i]->iface.name, - strlen(passdbs[i]->iface.name)); - md5_update(&ctx, passdbs[i]->args, strlen(passdbs[i]->args)); - } - md5_final(&ctx, md5); -} - const char * passdb_result_to_string(enum passdb_result result) { diff --git a/src/auth/passdb.h b/src/auth/passdb.h index dd853036ed..0404303a65 100644 --- a/src/auth/passdb.h +++ b/src/auth/passdb.h @@ -1,8 +1,6 @@ #ifndef PASSDB_H #define PASSDB_H -#include "md5.h" - #define IS_VALID_PASSWD(pass) \ ((pass)[0] != '\0' && (pass)[0] != '*' && (pass)[0] != '!') @@ -109,8 +107,6 @@ void passdb_deinit(struct passdb_module *passdb); void passdb_register_module(struct passdb_module_interface *iface); void passdb_unregister_module(struct passdb_module_interface *iface); -void passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]); - void passdbs_init(void); void passdbs_deinit(void);