From e2333caf3a902289832378f76f73ccba629516a7 Mon Sep 17 00:00:00 2001 From: Markus Valentin Date: Mon, 25 Mar 2024 10:57:10 +0100 Subject: [PATCH] auth: passdb/userdb passwd - Convert to new settings --- src/auth/passdb-passwd.c | 78 ++++++++++++++++++++++++++++++++-------- src/auth/userdb-passwd.c | 48 ++++++++++++------------- 2 files changed, 85 insertions(+), 41 deletions(-) diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c index 81e19093c3..a2f000ad8e 100644 --- a/src/auth/passdb-passwd.c +++ b/src/auth/passdb-passwd.c @@ -1,7 +1,9 @@ /* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */ #include "auth-common.h" +#include "auth-cache.h" #include "passdb.h" +#include "settings.h" #ifdef PASSDB_PASSWD @@ -11,11 +13,46 @@ #define PASSWD_CACHE_KEY "%u" #define PASSWD_PASS_SCHEME "CRYPT" +#undef DEF +#define DEF(type, name) \ + SETTING_DEFINE_STRUCT_##type(#name, name, struct auth_passwd_settings) + +struct auth_passwd_settings { + pool_t pool; +}; + +static const struct setting_define auth_passwd_setting_defines[] = { + { .type = SET_FILTER_NAME, .key = "passdb_passwd", }, + { .type = SET_FILTER_NAME, .key = "userdb_passwd", }, + + SETTING_DEFINE_LIST_END +}; + +static const struct setting_keyvalue auth_passwd_default_settings_keyvalue[] = { + { "passdb_passwd/passdb_use_worker", "yes" }, + { "passdb_passwd/passdb_default_password_scheme", "crypt" }, + { "userdb_passwd/userdb_use_worker", "yes" }, + { NULL, NULL } +}; + +const struct setting_parser_info auth_passwd_info = { + .name = "passwd", + + .defines = auth_passwd_setting_defines, + .default_settings = auth_passwd_default_settings_keyvalue, + + .struct_size = sizeof(struct auth_passwd_settings), + .pool_offset1 = 1 + offsetof(struct auth_passwd_settings, pool), +}; + static enum passdb_result passwd_lookup(struct auth_request *request, struct passwd *pw_r) { e_debug(authdb_event(request), "lookup"); + if (auth_request_set_passdb_fields(request, NULL) < 0) + return PASSDB_RESULT_INTERNAL_FAILURE; + switch (i_getpwnam(request->fields.user, pw_r)) { case -1: e_error(authdb_event(request), @@ -45,6 +82,11 @@ passwd_verify_plain(struct auth_request *request, const char *password, struct passwd pw; enum passdb_result res; + if (auth_request_set_passdb_fields(request, NULL) < 0) { + callback(PASSDB_RESULT_INTERNAL_FAILURE, request); + return; + } + res = passwd_lookup(request, &pw); if (res != PASSDB_RESULT_OK) { callback(res, request); @@ -86,21 +128,26 @@ passwd_lookup_credentials(struct auth_request *request, PASSWD_PASS_SCHEME, callback, request); } -static struct passdb_module * -passwd_preinit(pool_t pool, const char *args) +static int passwd_preinit(pool_t pool, struct event *event, + struct passdb_module **module_r, + const char **error_r ) { - struct passdb_module *module; - - module = p_new(pool, struct passdb_module, 1); - module->blocking = TRUE; - if (strcmp(args, "blocking=no") == 0) - module->blocking = FALSE; - else if (*args != '\0') - i_fatal("passdb passwd: Unknown setting: %s", args); - - module->default_cache_key = PASSWD_CACHE_KEY; - module->default_pass_scheme = PASSWD_PASS_SCHEME; - return module; + const struct auth_passdb_post_settings *post_set; + struct passdb_module *module = p_new(pool, struct passdb_module, 1); + + if (settings_get(event, + &auth_passdb_post_setting_parser_info, + SETTINGS_GET_FLAG_NO_CHECK | + SETTINGS_GET_FLAG_NO_EXPAND, + &post_set, error_r) < 0) + return -1; + module->default_cache_key = auth_cache_parse_key_and_fields(pool, + PASSWD_CACHE_KEY, + &post_set->fields, + "passwd"); + settings_free(post_set); + *module_r = module; + return 0; } static void passwd_deinit(struct passdb_module *module ATTR_UNUSED) @@ -110,8 +157,9 @@ static void passwd_deinit(struct passdb_module *module ATTR_UNUSED) struct passdb_module_interface passdb_passwd = { .name = "passwd", + .fields_supported = TRUE, - .preinit_legacy = passwd_preinit, + .preinit = passwd_preinit, .deinit = passwd_deinit, .verify_plain = passwd_verify_plain, diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c index d6f80f9f21..06f3f70872 100644 --- a/src/auth/userdb-passwd.c +++ b/src/auth/userdb-passwd.c @@ -8,7 +8,6 @@ #include "ioloop.h" #include "ipwd.h" #include "time-util.h" -#include "userdb-template.h" #define USER_CACHE_KEY "%u" #define PASSWD_SLOW_WARN_MSECS (10*1000) @@ -18,7 +17,6 @@ struct passwd_userdb_module { struct userdb_module module; - struct userdb_template *tmpl; unsigned int fast_count, slow_count; bool slow_warned:1; @@ -85,7 +83,6 @@ static void passwd_lookup(struct auth_request *auth_request, (struct passwd_userdb_module *)_module; struct passwd pw; struct timeval start_tv; - const char *error; int ret; e_debug(authdb_event(auth_request), "lookup"); @@ -95,6 +92,7 @@ static void passwd_lookup(struct auth_request *auth_request, if (start_tv.tv_sec != 0) passwd_check_warnings(auth_request, module, &start_tv); + struct auth_fields *pwd_fields = auth_fields_init(auth_request->pool); switch (ret) { case -1: e_error(authdb_event(auth_request), @@ -109,15 +107,19 @@ static void passwd_lookup(struct auth_request *auth_request, auth_request_set_field(auth_request, "user", pw.pw_name, NULL); - auth_request_set_userdb_field(auth_request, "system_groups_user", - pw.pw_name); - auth_request_set_userdb_field(auth_request, "uid", dec2str(pw.pw_uid)); - auth_request_set_userdb_field(auth_request, "gid", dec2str(pw.pw_gid)); - auth_request_set_userdb_field(auth_request, "home", pw.pw_dir); + if (auth_request->userdb->set->fields_import_all) { + auth_request_set_userdb_field(auth_request, "system_groups_user", + pw.pw_name); + auth_request_set_userdb_field(auth_request, "uid", dec2str(pw.pw_uid)); + auth_request_set_userdb_field(auth_request, "home", pw.pw_dir); + auth_request_set_userdb_field(auth_request, "gid", dec2str(pw.pw_gid)); + } + auth_fields_add(pwd_fields, "system_groups_user", pw.pw_name, 0); + auth_fields_add(pwd_fields, "uid", dec2str(pw.pw_uid), 0); + auth_fields_add(pwd_fields, "home", pw.pw_dir, 0); + auth_fields_add(pwd_fields, "gid", dec2str(pw.pw_gid), 0); - if (userdb_template_export(module->tmpl, auth_request, &error) < 0) { - e_error(authdb_event(auth_request), - "Failed to expand template: %s", error); + if (auth_request_set_userdb_fields(auth_request, pwd_fields) < 0) { callback(USERDB_RESULT_INTERNAL_FAILURE, auth_request); return; } @@ -216,29 +218,23 @@ static int passwd_iterate_deinit(struct userdb_iterate_context *_ctx) return ret; } -static struct userdb_module * -passwd_passwd_preinit(pool_t pool, const char *args) +static int passwd_preinit(pool_t pool, struct event *event ATTR_UNUSED, + struct userdb_module **module_r, + const char **error_r ATTR_UNUSED) { - struct passwd_userdb_module *module; - const char *value; + struct passwd_userdb_module *module = + p_new(pool, struct passwd_userdb_module, 1); - module = p_new(pool, struct passwd_userdb_module, 1); module->module.default_cache_key = USER_CACHE_KEY; - module->tmpl = userdb_template_build(pool, "passwd", args); - module->module.blocking = TRUE; - - if (userdb_template_remove(module->tmpl, "blocking", &value)) - module->module.blocking = strcasecmp(value, "yes") == 0; - /* FIXME: backwards compatibility */ - if (!userdb_template_is_empty(module->tmpl)) - i_warning("userdb passwd: Move templates args to override_fields setting"); - return &module->module; + *module_r = &module->module; + return 0; } struct userdb_module_interface userdb_passwd = { .name = "passwd", + .fields_supported = TRUE, - .preinit_legacy = passwd_passwd_preinit, + .preinit = passwd_preinit, .lookup = passwd_lookup, -- 2.47.3