From 827aa180209553258c19ceaa59732f08264bb5e7 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Fri, 22 Nov 2024 12:23:53 +0200 Subject: [PATCH] auth: Change auth_policy_request_attributes setting to strlist type --- src/auth/auth-policy.c | 32 +++++++++++++++----------------- src/auth/auth-settings.c | 37 +++++++++++++++++++++++++++++++++++-- src/auth/auth-settings.h | 7 ++++++- 3 files changed, 56 insertions(+), 20 deletions(-) diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c index 0499d1ddd1..02dabcc089 100644 --- a/src/auth/auth-policy.c +++ b/src/auth/auth-policy.c @@ -156,26 +156,23 @@ void auth_policy_init(void) const struct policy_template_keyvalue *kvptr; string_t *template = t_str_new(64); struct json_ostream *json_output; - const char **ptr; - const char *key = NULL; - const char **list = t_strsplit_spaces( - global_auth_settings->policy_request_attributes, "= "); - t_array_init(&attribute_pairs, 8); - for (ptr = list; *ptr != NULL; ptr++) { - struct policy_template_keyvalue pair; + const struct auth_policy_request_settings *set; + if (settings_get(auth_event, &auth_policy_request_setting_parser_info, + SETTINGS_GET_FLAG_NO_EXPAND, &set, &error) < 0) + i_fatal("%s", error); - if (key == NULL) { - key = *ptr; - } else { - pair.key = key; - pair.value = *ptr; - key = NULL; - array_push_back(&attribute_pairs, &pair); - } + t_array_init(&attribute_pairs, 8); + unsigned int i, count; + const char *const *list = + array_get(&set->policy_request_attributes, &count); + i_assert(count % 2 == 0); + for (i = 0; i < count; i += 2) { + struct policy_template_keyvalue *pair = + array_append_space(&attribute_pairs); + pair->key = list[i]; + pair->value = list[i + 1]; } - if (key != NULL) - i_fatal("auth_policy_request_attributes contains invalid value"); /* then we sort it */ array_sort(&attribute_pairs, auth_policy_attribute_comparator); @@ -206,6 +203,7 @@ void auth_policy_init(void) "auth-policy: Currently in log-only mode. Ignoring " "tarpit and disconnect instructions from policy server"); } + settings_free(set); } void auth_policy_deinit(void) diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c index 6b22da36d1..d0ea898b48 100644 --- a/src/auth/auth-settings.c +++ b/src/auth/auth-settings.c @@ -317,7 +317,6 @@ static const struct setting_define auth_setting_defines[] = { DEF(STR, policy_server_api_header), DEF(STR, policy_hash_mech), DEF(STR, policy_hash_nonce), - DEF(STR_NOVARS, policy_request_attributes), DEF(BOOL, policy_reject_on_fail), DEF(BOOL, policy_check_before_auth), DEF(BOOL, policy_check_after_auth), @@ -378,7 +377,6 @@ static const struct auth_settings auth_default_settings = { .policy_server_api_header = "", .policy_hash_mech = "sha256", .policy_hash_nonce = "", - .policy_request_attributes = "login=%{requested_username} pwhash=%{hashed_password} remote=%{remote_ip} device_id=%{client_id} protocol=%{protocol} session_id=%{session} fail_type=%{fail_type}", .policy_reject_on_fail = FALSE, .policy_check_before_auth = TRUE, .policy_check_after_auth = TRUE, @@ -427,6 +425,41 @@ const struct setting_parser_info auth_setting_parser_info = { .ext_check_func = auth_settings_ext_check, }; +#undef DEF +#define DEF(type, name) \ + SETTING_DEFINE_STRUCT_##type("auth_"#name, name, struct auth_policy_request_settings) + +static const struct setting_define auth_policy_request_setting_defines[] = { + DEF(STRLIST, policy_request_attributes), + + SETTING_DEFINE_LIST_END +}; + +static const struct auth_policy_request_settings auth_policy_request_default_settings = { + .policy_request_attributes = ARRAY_INIT, +}; +static const struct setting_keyvalue auth_policy_request_default_settings_keyvalue[] = { + { "auth_policy_request_attributes/login", "%{requested_username}" }, + { "auth_policy_request_attributes/pwhash", "%{hashed_password}" }, + { "auth_policy_request_attributes/remote", "%{remote_ip}" }, + { "auth_policy_request_attributes/device_id", "%{client_id}" }, + { "auth_policy_request_attributes/protocol", "%{protocol}" }, + { "auth_policy_request_attributes/session_id", "%{session}" }, + { "auth_policy_request_attributes/fail_type", "%{fail_type}" }, + { NULL, NULL } +}; + +const struct setting_parser_info auth_policy_request_setting_parser_info = { + .name = "auth_policy_request", + + .defines = auth_policy_request_setting_defines, + .defaults = &auth_policy_request_default_settings, + .default_settings = auth_policy_request_default_settings_keyvalue, + + .struct_size = sizeof(struct auth_policy_request_settings), + .pool_offset1 = 1 + offsetof(struct auth_policy_request_settings, pool), +}; + /* */ static bool auth_settings_set_self_ips(struct auth_settings *set, pool_t pool, diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h index 1aac6d6881..3cc521a721 100644 --- a/src/auth/auth-settings.h +++ b/src/auth/auth-settings.h @@ -76,7 +76,6 @@ struct auth_settings { const char *policy_server_api_header; const char *policy_hash_mech; const char *policy_hash_nonce; - const char *policy_request_attributes; bool policy_reject_on_fail; bool policy_check_before_auth; bool policy_check_after_auth; @@ -111,6 +110,11 @@ struct auth_settings { const struct ip_addr *proxy_self_ips; }; +struct auth_policy_request_settings { + pool_t pool; + ARRAY_TYPE(const_string) policy_request_attributes; +}; + struct auth_static_settings { pool_t pool; const char *passdb_static_password; @@ -118,6 +122,7 @@ struct auth_static_settings { }; extern const struct setting_parser_info auth_setting_parser_info; +extern const struct setting_parser_info auth_policy_request_setting_parser_info; extern const struct setting_parser_info auth_passdb_setting_parser_info; extern const struct setting_parser_info auth_static_setting_parser_info; extern const struct setting_parser_info auth_passdb_pre_setting_parser_info; -- 2.47.3