From: Timo Sirainen Date: Thu, 8 May 2003 03:24:57 +0000 (+0300) Subject: Added support for ANONYMOUS SASL mechanism. X-Git-Tag: 1.1.alpha1~4669 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7c2065b3f10f9ae27787a9db5aaefbfc70d4502;p=thirdparty%2Fdovecot%2Fcore.git Added support for ANONYMOUS SASL mechanism. --HG-- branch : HEAD --- diff --git a/dovecot-example.conf b/dovecot-example.conf index 7c1c5e1489..6c1ddb6d93 100644 --- a/dovecot-example.conf +++ b/dovecot-example.conf @@ -345,7 +345,7 @@ login = pop3 auth = default # Space separated list of wanted authentication mechanisms: -# plain digest-md5 +# plain digest-md5 anonymous auth_mechanisms = plain # Space separated list of realms for SASL authentication mechanisms that need @@ -400,6 +400,9 @@ auth_user = root # set this value to empty. #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ +# Username to use for users logging in with ANONYMOUS SASL mechanism +#auth_anonymous_username = anonymous + # More verbose logging. Useful for figuring out why authentication isn't # working. #auth_verbose = no diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am index 5c8971fecc..323c07347e 100644 --- a/src/auth/Makefile.am +++ b/src/auth/Makefile.am @@ -28,6 +28,7 @@ dovecot_auth_SOURCES = \ master-connection.c \ md5crypt.c \ mech.c \ + mech-anonymous.c \ mech-cyrus-sasl2.c \ mech-plain.c \ mech-digest-md5.c \ diff --git a/src/auth/auth-login-interface.h b/src/auth/auth-login-interface.h index f1bfb69daa..cb8e386b42 100644 --- a/src/auth/auth-login-interface.h +++ b/src/auth/auth-login-interface.h @@ -11,6 +11,7 @@ enum auth_mech { AUTH_MECH_PLAIN = 0x01, AUTH_MECH_DIGEST_MD5 = 0x02, + AUTH_MECH_ANONYMOUS = 0x04, AUTH_MECH_COUNT }; diff --git a/src/auth/auth-mech-desc.h b/src/auth/auth-mech-desc.h index 0ad445680c..e4a1122e1e 100644 --- a/src/auth/auth-mech-desc.h +++ b/src/auth/auth-mech-desc.h @@ -10,7 +10,8 @@ struct auth_mech_desc { static struct auth_mech_desc auth_mech_desc[AUTH_MECH_COUNT] = { { AUTH_MECH_PLAIN, "PLAIN", TRUE, FALSE }, - { AUTH_MECH_DIGEST_MD5, "DIGEST-MD5", FALSE, TRUE } + { AUTH_MECH_DIGEST_MD5, "DIGEST-MD5", FALSE, TRUE }, + { AUTH_MECH_ANONYMOUS, "ANONYMOUS", FALSE, TRUE } }; #endif diff --git a/src/auth/mech-anonymous.c b/src/auth/mech-anonymous.c new file mode 100644 index 0000000000..b48e85a93e --- /dev/null +++ b/src/auth/mech-anonymous.c @@ -0,0 +1,57 @@ +/* Copyright (C) 2002 Timo Sirainen */ + +#include "common.h" +#include "mech.h" + +static int +mech_anonymous_auth_continue(struct auth_request *auth_request, + struct auth_login_request_continue *request, + const unsigned char *data, + mech_callback_t *callback) +{ + i_assert(anonymous_username != NULL); + + if (verbose) { + i_info("mech-anonymous: login by %s", + t_strndup(data, request->data_size)); + } + + auth_request->callback = callback; + auth_request->user = p_strdup(auth_request->pool, anonymous_username); + mech_auth_finish(auth_request, NULL, 0, TRUE); + return TRUE; +} + +static void +mech_anonymous_auth_free(struct auth_request *auth_request) +{ + pool_unref(auth_request->pool); +} + +static struct auth_request * +mech_anonymous_auth_new(struct login_connection *conn, unsigned int id, + mech_callback_t *callback) +{ + struct auth_request *auth_request; + struct auth_login_reply reply; + pool_t pool; + + pool = pool_alloconly_create("anonymous_auth_request", 256); + auth_request = p_new(pool, struct auth_request, 1); + auth_request->pool = pool; + auth_request->auth_continue = mech_anonymous_auth_continue; + auth_request->auth_free = mech_anonymous_auth_free; + + /* initialize reply */ + memset(&reply, 0, sizeof(reply)); + reply.id = id; + reply.result = AUTH_LOGIN_RESULT_CONTINUE; + + callback(&reply, NULL, conn); + return auth_request; +} + +struct mech_module mech_anonymous = { + AUTH_MECH_ANONYMOUS, + mech_anonymous_auth_new +}; diff --git a/src/auth/mech.c b/src/auth/mech.c index 9b32f61cb3..145c5e0d7d 100644 --- a/src/auth/mech.c +++ b/src/auth/mech.c @@ -18,6 +18,7 @@ struct mech_module_list { enum auth_mech auth_mechanisms; const char *const *auth_realms; const char *default_realm; +const char *anonymous_username; char username_chars[256]; static int set_use_cyrus_sasl; @@ -201,6 +202,7 @@ int mech_is_valid_username(const char *username) extern struct mech_module mech_plain; extern struct mech_module mech_digest_md5; +extern struct mech_module mech_anonymous; void mech_init(void) { @@ -213,6 +215,10 @@ void mech_init(void) memset(&failure_reply, 0, sizeof(failure_reply)); failure_reply.result = AUTH_LOGIN_RESULT_FAILURE; + anonymous_username = getenv("ANONYMOUS_USERNAME"); + if (anonymous_username != NULL && *anonymous_username == '\0') + anonymous_username = NULL; + /* register wanted mechanisms */ env = getenv("MECHANISMS"); if (env == NULL || *env == '\0') @@ -224,7 +230,13 @@ void mech_init(void) mech_register_module(&mech_plain); else if (strcasecmp(*mechanisms, "DIGEST-MD5") == 0) mech_register_module(&mech_digest_md5); - else { + else if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) { + if (anonymous_username == NULL) { + i_fatal("ANONYMOUS listed in mechanisms, " + "but anonymous_username not given"); + } + mech_register_module(&mech_anonymous); + } else { i_fatal("Unknown authentication mechanism '%s'", *mechanisms); } @@ -258,7 +270,6 @@ void mech_init(void) } set_use_cyrus_sasl = getenv("USE_CYRUS_SASL") != NULL; - #ifdef USE_CYRUS_SASL2 if (set_use_cyrus_sasl) mech_cyrus_sasl_init_lib(); @@ -269,4 +280,5 @@ void mech_deinit(void) { mech_unregister_module(&mech_plain); mech_unregister_module(&mech_digest_md5); + mech_unregister_module(&mech_anonymous); } diff --git a/src/auth/mech.h b/src/auth/mech.h index 7e52521ec5..2c071b6b10 100644 --- a/src/auth/mech.h +++ b/src/auth/mech.h @@ -38,6 +38,7 @@ struct mech_module { extern enum auth_mech auth_mechanisms; extern const char *const *auth_realms; extern const char *default_realm; +extern const char *anonymous_username; extern char username_chars[256]; void mech_register_module(struct mech_module *module); diff --git a/src/master/auth-process.c b/src/master/auth-process.c index 24ed4a5693..cf4166308b 100644 --- a/src/master/auth-process.c +++ b/src/master/auth-process.c @@ -317,6 +317,8 @@ static pid_t create_auth_process(struct auth_process_group *group) env_put(t_strconcat("USERDB=", group->set->userdb, NULL)); env_put(t_strconcat("PASSDB=", group->set->passdb, NULL)); env_put(t_strconcat("USERNAME_CHARS=", group->set->username_chars, NULL)); + env_put(t_strconcat("ANONYMOUS_USERNAME=", + group->set->anonymous_username, NULL)); if (group->set->use_cyrus_sasl) env_put("USE_CYRUS_SASL=1"); diff --git a/src/master/master-settings.c b/src/master/master-settings.c index 48d711d377..386fac3f40 100644 --- a/src/master/master-settings.c +++ b/src/master/master-settings.c @@ -112,6 +112,8 @@ static struct setting_def auth_setting_defs[] = { DEF(SET_STR, executable), DEF(SET_STR, user), DEF(SET_STR, chroot), + DEF(SET_STR, username_chars), + DEF(SET_STR, anonymous_username), DEF(SET_BOOL, use_cyrus_sasl), DEF(SET_BOOL, verbose), @@ -220,6 +222,7 @@ struct auth_settings default_auth_settings = { MEMBER(user) "root", MEMBER(chroot) NULL, MEMBER(username_chars) "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@", + MEMBER(anonymous_username) "anonymous", MEMBER(use_cyrus_sasl) FALSE, MEMBER(verbose) FALSE, diff --git a/src/master/master-settings.h b/src/master/master-settings.h index d5b8ee1e0d..201a539d03 100644 --- a/src/master/master-settings.h +++ b/src/master/master-settings.h @@ -99,6 +99,7 @@ struct auth_settings { const char *user; const char *chroot; const char *username_chars; + const char *anonymous_username; int use_cyrus_sasl, verbose;