Added support for ANONYMOUS SASL mechanism.

--HG--
branch : HEAD

diff --git a/dovecot-example.conf b/dovecot-example.conf
index 7c1c5e1489ca695d1e6a9ea40c3becbe34a15ca1..6c1ddb6d935287f01d9d6505077bbfb57547792a 100644 (file)
--- a/dovecot-example.conf
+++ b/dovecot-example.conf
@@ -345,7 +345,7 @@ login = pop3
 auth = default
 
 # Space separated list of wanted authentication mechanisms:
-#   plain digest-md5
+#   plain digest-md5 anonymous
 auth_mechanisms = plain
 
 # Space separated list of realms for SASL authentication mechanisms that need
@@ -400,6 +400,9 @@ auth_user = root
 # set this value to empty.
 #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
 
+# Username to use for users logging in with ANONYMOUS SASL mechanism
+#auth_anonymous_username = anonymous
+
 # More verbose logging. Useful for figuring out why authentication isn't
 # working.
 #auth_verbose = no

diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am
index 5c8971fecc4998ce8d3a3c596208ca940096d046..323c07347ec768b67b7f9435d010dde5334e53a1 100644 (file)
--- a/src/auth/Makefile.am
+++ b/src/auth/Makefile.am
@@ -28,6 +28,7 @@ dovecot_auth_SOURCES = \
        master-connection.c \
        md5crypt.c \
        mech.c \
+       mech-anonymous.c \
        mech-cyrus-sasl2.c \
        mech-plain.c \
        mech-digest-md5.c \

diff --git a/src/auth/auth-login-interface.h b/src/auth/auth-login-interface.h
index f1bfb69daa2ce5d6e6773a41c86b38b889ce916b..cb8e386b422e69f6124ff2e8e210393b8e7b92f0 100644 (file)
--- a/src/auth/auth-login-interface.h
+++ b/src/auth/auth-login-interface.h
@@ -11,6 +11,7 @@
 enum auth_mech {
        AUTH_MECH_PLAIN         = 0x01,
        AUTH_MECH_DIGEST_MD5    = 0x02,
+       AUTH_MECH_ANONYMOUS     = 0x04,
 
        AUTH_MECH_COUNT
 };

diff --git a/src/auth/auth-mech-desc.h b/src/auth/auth-mech-desc.h
index 0ad445680c175647380e7303a2197017cbbc9f0d..e4a1122e1e519a2925eb48469bb720abcad3cb03 100644 (file)
--- a/src/auth/auth-mech-desc.h
+++ b/src/auth/auth-mech-desc.h
@@ -10,7 +10,8 @@ struct auth_mech_desc {
 
 static struct auth_mech_desc auth_mech_desc[AUTH_MECH_COUNT] = {
        { AUTH_MECH_PLAIN,              "PLAIN",        TRUE, FALSE },
-       { AUTH_MECH_DIGEST_MD5,         "DIGEST-MD5",   FALSE, TRUE }
+       { AUTH_MECH_DIGEST_MD5,         "DIGEST-MD5",   FALSE, TRUE },
+       { AUTH_MECH_ANONYMOUS,          "ANONYMOUS",    FALSE, TRUE }
 };
 
 #endif

diff --git a/src/auth/mech-anonymous.c b/src/auth/mech-anonymous.c
new file mode 100644 (file)
index 0000000..b48e85a
--- /dev/null
+++ b/src/auth/mech-anonymous.c
@@ -0,0 +1,57 @@
+/* Copyright (C) 2002 Timo Sirainen */
+
+#include "common.h"
+#include "mech.h"
+
+static int
+mech_anonymous_auth_continue(struct auth_request *auth_request,
+                            struct auth_login_request_continue *request,
+                            const unsigned char *data,
+                            mech_callback_t *callback)
+{
+       i_assert(anonymous_username != NULL);
+
+       if (verbose) {
+               i_info("mech-anonymous: login by %s",
+                      t_strndup(data, request->data_size));
+       }
+
+       auth_request->callback = callback;
+       auth_request->user = p_strdup(auth_request->pool, anonymous_username);
+       mech_auth_finish(auth_request, NULL, 0, TRUE);
+       return TRUE;
+}
+
+static void
+mech_anonymous_auth_free(struct auth_request *auth_request)
+{
+       pool_unref(auth_request->pool);
+}
+
+static struct auth_request *
+mech_anonymous_auth_new(struct login_connection *conn, unsigned int id,
+                       mech_callback_t *callback)
+{
+        struct auth_request *auth_request;
+       struct auth_login_reply reply;
+       pool_t pool;
+
+       pool = pool_alloconly_create("anonymous_auth_request", 256);
+       auth_request = p_new(pool, struct auth_request, 1);
+       auth_request->pool = pool;
+       auth_request->auth_continue = mech_anonymous_auth_continue;
+        auth_request->auth_free = mech_anonymous_auth_free;
+
+       /* initialize reply */
+       memset(&reply, 0, sizeof(reply));
+       reply.id = id;
+       reply.result = AUTH_LOGIN_RESULT_CONTINUE;
+
+       callback(&reply, NULL, conn);
+       return auth_request;
+}
+
+struct mech_module mech_anonymous = {
+       AUTH_MECH_ANONYMOUS,
+       mech_anonymous_auth_new
+};

diff --git a/src/auth/mech.c b/src/auth/mech.c
index 9b32f61cb3eca2c594d365153d1bd289da8b2a55..145c5e0d7d4bc00a629a236c91ce0b55876ff70a 100644 (file)
--- a/src/auth/mech.c
+++ b/src/auth/mech.c
@@ -18,6 +18,7 @@ struct mech_module_list {
 enum auth_mech auth_mechanisms;
 const char *const *auth_realms;
 const char *default_realm;
+const char *anonymous_username;
 char username_chars[256];
 
 static int set_use_cyrus_sasl;
@@ -201,6 +202,7 @@ int mech_is_valid_username(const char *username)
 
 extern struct mech_module mech_plain;
 extern struct mech_module mech_digest_md5;
+extern struct mech_module mech_anonymous;
 
 void mech_init(void)
 {
@@ -213,6 +215,10 @@ void mech_init(void)
        memset(&failure_reply, 0, sizeof(failure_reply));
        failure_reply.result = AUTH_LOGIN_RESULT_FAILURE;
 
+       anonymous_username = getenv("ANONYMOUS_USERNAME");
+       if (anonymous_username != NULL && *anonymous_username == '\0')
+                anonymous_username = NULL;
+
        /* register wanted mechanisms */
        env = getenv("MECHANISMS");
        if (env == NULL || *env == '\0')
@@ -224,7 +230,13 @@ void mech_init(void)
                        mech_register_module(&mech_plain);
                else if (strcasecmp(*mechanisms, "DIGEST-MD5") == 0)
                        mech_register_module(&mech_digest_md5);
-               else {
+               else if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
+                       if (anonymous_username == NULL) {
+                               i_fatal("ANONYMOUS listed in mechanisms, "
+                                       "but anonymous_username not given");
+                       }
+                       mech_register_module(&mech_anonymous);
+               } else {
                        i_fatal("Unknown authentication mechanism '%s'",
                                *mechanisms);
                }
@@ -258,7 +270,6 @@ void mech_init(void)
        }
 
        set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL;
-
 #ifdef USE_CYRUS_SASL2
        if (set_use_cyrus_sasl)
                mech_cyrus_sasl_init_lib();
@@ -269,4 +280,5 @@ void mech_deinit(void)
 {
        mech_unregister_module(&mech_plain);
        mech_unregister_module(&mech_digest_md5);
+       mech_unregister_module(&mech_anonymous);
 }

diff --git a/src/auth/mech.h b/src/auth/mech.h
index 7e52521ec52c6f974717edfa5e27f1b03f0782b2..2c071b6b10895db4161bbc7b23e59090ccbeb7bc 100644 (file)
--- a/src/auth/mech.h
+++ b/src/auth/mech.h
@@ -38,6 +38,7 @@ struct mech_module {
 extern enum auth_mech auth_mechanisms;
 extern const char *const *auth_realms;
 extern const char *default_realm;
+extern const char *anonymous_username;
 extern char username_chars[256];
 
 void mech_register_module(struct mech_module *module);

diff --git a/src/master/auth-process.c b/src/master/auth-process.c
index 24ed4a5693e54866351e46b9f13abcdf5b0343b9..cf4166308b08ef28d6a89b680eb18855573584a2 100644 (file)
--- a/src/master/auth-process.c
+++ b/src/master/auth-process.c
@@ -317,6 +317,8 @@ static pid_t create_auth_process(struct auth_process_group *group)
        env_put(t_strconcat("USERDB=", group->set->userdb, NULL));
        env_put(t_strconcat("PASSDB=", group->set->passdb, NULL));
        env_put(t_strconcat("USERNAME_CHARS=", group->set->username_chars, NULL));
+       env_put(t_strconcat("ANONYMOUS_USERNAME=",
+                           group->set->anonymous_username, NULL));
 
        if (group->set->use_cyrus_sasl)
                env_put("USE_CYRUS_SASL=1");

diff --git a/src/master/master-settings.c b/src/master/master-settings.c
index 48d711d377eb29ddf6ae4bad886eca6eae273265..386fac3f402b0bf789e9a4c97ee59020172fc61f 100644 (file)
--- a/src/master/master-settings.c
+++ b/src/master/master-settings.c
@@ -112,6 +112,8 @@ static struct setting_def auth_setting_defs[] = {
        DEF(SET_STR, executable),
        DEF(SET_STR, user),
        DEF(SET_STR, chroot),
+       DEF(SET_STR, username_chars),
+       DEF(SET_STR, anonymous_username),
 
        DEF(SET_BOOL, use_cyrus_sasl),
        DEF(SET_BOOL, verbose),
@@ -220,6 +222,7 @@ struct auth_settings default_auth_settings = {
        MEMBER(user) "root",
        MEMBER(chroot) NULL,
        MEMBER(username_chars) "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@",
+       MEMBER(anonymous_username) "anonymous",
 
        MEMBER(use_cyrus_sasl) FALSE,
        MEMBER(verbose) FALSE,

diff --git a/src/master/master-settings.h b/src/master/master-settings.h
index d5b8ee1e0db851387ea7eaa3043ed9b5e8b2bf7c..201a539d037435e57d52effbd9bd4dc4c1c89755 100644 (file)
--- a/src/master/master-settings.h
+++ b/src/master/master-settings.h
@@ -99,6 +99,7 @@ struct auth_settings {
        const char *user;
        const char *chroot;
        const char *username_chars;
+       const char *anonymous_username;
 
        int use_cyrus_sasl, verbose;