1
/* Copyright (C) 2005 Timo Sirainen */
10
#include "passdb-cache.h"
12
#include "auth-request-handler.h"
17
struct auth *auth_preinit(void)
20
struct auth_passdb *auth_passdb;
21
const char *driver, *args;
25
pool = pool_alloconly_create("auth", 2048);
26
auth = p_new(pool, struct auth, 1);
29
auth->verbose = getenv("VERBOSE") != NULL;
30
auth->verbose_debug = getenv("VERBOSE_DEBUG") != NULL;
34
driver = getenv(t_strdup_printf("PASSDB_%u_DRIVER", i));
38
args = getenv(t_strdup_printf("PASSDB_%u_ARGS", i));
39
auth_passdb = passdb_preinit(auth, driver, args);
41
if (getenv(t_strdup_printf("PASSDB_%u_DENY", i)) != NULL)
42
auth_passdb->deny = TRUE;
49
driver = getenv(t_strdup_printf("USERDB_%u_DRIVER", i));
53
args = getenv(t_strdup_printf("USERDB_%u_ARGS", i));
54
userdb_preinit(auth, driver, args);
59
if (auth->passdbs == NULL)
60
i_fatal("No password databases set");
61
if (auth->userdbs == NULL)
62
i_fatal("No user databases set");
66
const string_t *auth_mechanisms_get_list(struct auth *auth)
68
struct mech_module_list *list;
72
for (list = auth->mech_modules; list != NULL; list = list->next)
73
str_append(str, list->module.mech_name);
78
static void auth_mech_register(struct auth *auth, struct mech_module *mech)
80
struct mech_module_list *list;
82
list = p_new(auth->pool, struct mech_module_list, 1);
85
str_printfa(auth->mech_handshake, "MECH\t%s", mech->mech_name);
86
if ((mech->flags & MECH_SEC_PRIVATE) != 0)
87
str_append(auth->mech_handshake, "\tprivate");
88
if ((mech->flags & MECH_SEC_ANONYMOUS) != 0)
89
str_append(auth->mech_handshake, "\tanonymous");
90
if ((mech->flags & MECH_SEC_PLAINTEXT) != 0)
91
str_append(auth->mech_handshake, "\tplaintext");
92
if ((mech->flags & MECH_SEC_DICTIONARY) != 0)
93
str_append(auth->mech_handshake, "\tdictionary");
94
if ((mech->flags & MECH_SEC_ACTIVE) != 0)
95
str_append(auth->mech_handshake, "\tactive");
96
if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0)
97
str_append(auth->mech_handshake, "\tforward-secrecy");
98
if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0)
99
str_append(auth->mech_handshake, "\tmutual-auth");
100
str_append_c(auth->mech_handshake, '\n');
102
list->next = auth->mech_modules;
103
auth->mech_modules = list;
106
static int auth_passdb_list_have_plain(struct auth *auth)
108
struct auth_passdb *passdb;
110
for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) {
111
if (passdb->passdb->iface->verify_plain != NULL)
117
static int auth_passdb_list_have_credentials(struct auth *auth)
119
struct auth_passdb *passdb;
121
for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next) {
122
if (passdb->passdb->iface->lookup_credentials != NULL)
128
static void auth_mech_list_verify_passdb(struct auth *auth)
130
struct mech_module_list *list;
132
for (list = auth->mech_modules; list != NULL; list = list->next) {
133
if (list->module.passdb_need_plain &&
134
!auth_passdb_list_have_plain(auth))
136
if (list->module.passdb_need_credentials &&
137
!auth_passdb_list_have_credentials(auth))
142
i_fatal("%s mechanism can't be supported with given passdbs",
143
list->module.mech_name);
147
void auth_init(struct auth *auth)
149
struct auth_passdb *passdb;
150
struct auth_userdb *userdb;
151
struct mech_module *mech;
152
const char *const *mechanisms;
155
for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next)
157
for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next)
161
auth->mech_handshake = str_new(auth->pool, 512);
163
auth->anonymous_username = getenv("ANONYMOUS_USERNAME");
164
if (auth->anonymous_username != NULL &&
165
*auth->anonymous_username == '\0')
166
auth->anonymous_username = NULL;
168
/* register wanted mechanisms */
169
env = getenv("MECHANISMS");
171
i_fatal("MECHANISMS environment is unset");
173
mechanisms = t_strsplit_spaces(env, " ");
174
while (*mechanisms != NULL) {
175
if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
176
if (auth->anonymous_username == NULL) {
177
i_fatal("ANONYMOUS listed in mechanisms, "
178
"but anonymous_username not given");
181
mech = mech_module_find(*mechanisms);
183
i_fatal("Unknown authentication mechanism '%s'",
186
auth_mech_register(auth, mech);
191
if (auth->mech_modules == NULL)
192
i_fatal("No authentication mechanisms configured");
193
auth_mech_list_verify_passdb(auth);
195
/* get our realm - note that we allocate from data stack so
196
this function should never be called inside I/O loop or anywhere
197
else where t_pop() is called */
198
env = getenv("REALMS");
201
auth->auth_realms = t_strsplit_spaces(env, " ");
203
auth->default_realm = getenv("DEFAULT_REALM");
204
if (auth->default_realm != NULL && *auth->default_realm == '\0')
205
auth->default_realm = NULL;
207
env = getenv("USERNAME_CHARS");
208
if (env == NULL || *env == '\0') {
209
/* all chars are allowed */
210
memset(auth->username_chars, 1, sizeof(auth->username_chars));
212
for (; *env != '\0'; env++)
213
auth->username_chars[(int)(uint8_t)*env] = 1;
216
env = getenv("USERNAME_TRANSLATION");
218
for (; *env != '\0' && env[1] != '\0'; env += 2)
219
auth->username_translation[(int)(uint8_t)*env] = env[1];
222
auth->ssl_require_client_cert =
223
getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
224
auth->ssl_username_from_cert =
225
getenv("SSL_USERNAME_FROM_CERT") != NULL;
228
void auth_deinit(struct auth *auth)
230
struct auth_passdb *passdb;
231
struct auth_userdb *userdb;
233
passdb_cache_deinit();
234
for (passdb = auth->passdbs; passdb != NULL; passdb = passdb->next)
235
passdb_deinit(passdb);
236
for (userdb = auth->userdbs; userdb != NULL; userdb = userdb->next)
237
userdb_deinit(userdb);
239
pool_unref(auth->pool);