From: Timo Sirainen Date: Fri, 29 Nov 2024 10:39:32 +0000 (+0200) Subject: auth: Convert userdbs_generate_md5() to read all settings X-Git-Tag: 2.4.1~448 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7955867229431085eaf1b4746b62376b44fe5e94;p=thirdparty%2Fdovecot%2Fcore.git auth: Convert userdbs_generate_md5() to read all settings --- diff --git a/src/auth/auth-worker-connection.c b/src/auth/auth-worker-connection.c index afdd9a5eb9..775413085f 100644 --- a/src/auth/auth-worker-connection.c +++ b/src/auth/auth-worker-connection.c @@ -195,7 +195,7 @@ static void auth_worker_connection_connected(struct connection *conn, string_t *str = t_str_new(128); auth_passdbs_generate_md5(passdb_md5); - userdbs_generate_md5(userdb_md5); + auth_userdbs_generate_md5(userdb_md5); str_append(str, "DBHASH\t"); binary_to_hex_append(str, passdb_md5, sizeof(passdb_md5)); str_append_c(str, '\t'); diff --git a/src/auth/auth-worker-server.c b/src/auth/auth-worker-server.c index c3d5b5126a..8faac69058 100644 --- a/src/auth/auth-worker-server.c +++ b/src/auth/auth-worker-server.c @@ -750,7 +750,7 @@ static bool auth_worker_verify_db_hash(const char *passdb_hash, const char *user unsigned char userdb_md5[MD5_RESULTLEN]; auth_passdbs_generate_md5(passdb_md5); - userdbs_generate_md5(userdb_md5); + auth_userdbs_generate_md5(userdb_md5); binary_to_hex_append(str, passdb_md5, sizeof(passdb_md5)); if (strcmp(str_c(str), passdb_hash) != 0) diff --git a/src/auth/auth.c b/src/auth/auth.c index d55b1cf189..a733e7ba07 100644 --- a/src/auth/auth.c +++ b/src/auth/auth.c @@ -150,6 +150,7 @@ auth_userdb_preinit(struct auth *auth, const struct auth_userdb_settings *_set) { struct auth_userdb *auth_userdb, **dest; const struct auth_userdb_settings *set; + const char *error; /* Lookup userdb-specific auth_settings */ struct event *event = event_create(auth_event); @@ -169,6 +170,11 @@ auth_userdb_preinit(struct auth *auth, const struct auth_userdb_settings *_set) auth_userdb = p_new(auth->pool, struct auth_userdb, 1); auth_userdb->auth_set = settings_get_or_fatal(event, &auth_setting_parser_info); + if (settings_get(event, &auth_userdb_post_setting_parser_info, + SETTINGS_GET_FLAG_NO_CHECK | + SETTINGS_GET_FLAG_NO_EXPAND, + &auth_userdb->unexpanded_post_set, &error) < 0) + i_fatal("%s", error); auth_userdb->name = set->name; auth_userdb->set = set; @@ -197,6 +203,7 @@ static void auth_userdb_deinit(struct auth_userdb *userdb) if (userdb->set != &userdb_dummy_set) settings_free(userdb->set); settings_free(userdb->auth_set); + settings_free(userdb->unexpanded_post_set); userdb_deinit(userdb->userdb); } @@ -434,6 +441,37 @@ void auth_passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]) md5_final(&ctx, md5); } +static void +auth_userdbs_update_md5(struct auth *auth, struct md5_context *ctx) +{ + struct auth_userdb *userdb; + unsigned int hash; + + for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next) { + md5_update(ctx, &userdb->userdb->id, sizeof(userdb->userdb->id)); + hash = settings_hash(&auth_userdb_setting_parser_info, + userdb->set, NULL); + md5_update(ctx, &hash, sizeof(hash)); + hash = settings_hash(&auth_setting_parser_info, + userdb->auth_set, NULL); + md5_update(ctx, &hash, sizeof(hash)); + hash = settings_hash(&auth_userdb_post_setting_parser_info, + userdb->unexpanded_post_set, NULL); + md5_update(ctx, &hash, sizeof(hash)); + } +} + +void auth_userdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]) +{ + struct auth *auth; + struct md5_context ctx; + + md5_init(&ctx); + array_foreach_elem(&auths, auth) + auth_userdbs_update_md5(auth, &ctx); + md5_final(&ctx, md5); +} + struct auth *auth_find_protocol(const char *name) { struct auth *const *a; diff --git a/src/auth/auth.h b/src/auth/auth.h index acffb651c2..d1c1b96c1c 100644 --- a/src/auth/auth.h +++ b/src/auth/auth.h @@ -59,6 +59,7 @@ struct auth_userdb { const char *name; const struct auth_settings *auth_set; const struct auth_userdb_settings *set; + const struct auth_userdb_post_settings *unexpanded_post_set; struct userdb_module *userdb; /* The caching key for this userdb, or NULL if caching isn't wanted. */ @@ -88,6 +89,7 @@ struct auth *auth_find_protocol(const char *name); struct auth *auth_default_protocol(void); void auth_passdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]); +void auth_userdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]); void auths_preinit(struct event *parent_event, const struct auth_settings *set, diff --git a/src/auth/userdb.c b/src/auth/userdb.c index f822cdda1f..dadaeb2002 100644 --- a/src/auth/userdb.c +++ b/src/auth/userdb.c @@ -170,23 +170,6 @@ void userdb_deinit(struct userdb_module *userdb) userdb->iface = &userdb_iface_deinit; } -void userdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]) -{ - struct md5_context ctx; - struct userdb_module *const *userdbs; - unsigned int i, count; - - md5_init(&ctx); - userdbs = array_get(&userdb_modules, &count); - for (i = 0; i < count; i++) { - md5_update(&ctx, &userdbs[i]->id, sizeof(userdbs[i]->id)); - md5_update(&ctx, userdbs[i]->iface->name, - strlen(userdbs[i]->iface->name)); - md5_update(&ctx, userdbs[i]->args, strlen(userdbs[i]->args)); - } - md5_final(&ctx, md5); -} - const char *userdb_result_to_string(enum userdb_result result) { switch (result) { diff --git a/src/auth/userdb.h b/src/auth/userdb.h index 3343595722..961f4d766c 100644 --- a/src/auth/userdb.h +++ b/src/auth/userdb.h @@ -83,8 +83,6 @@ void userdb_deinit(struct userdb_module *userdb); void userdb_register_module(struct userdb_module_interface *iface); void userdb_unregister_module(struct userdb_module_interface *iface); -void userdbs_generate_md5(unsigned char md5[STATIC_ARRAY MD5_RESULTLEN]); - void userdbs_init(void); void userdbs_deinit(void);