[hcoop/debian/courier-authlib.git] / authuserdb.c

/*
** Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for
** distribution information.
*/

#if	HAVE_CONFIG_H
#include	"courier_auth_config.h"
#endif
#include	<stdio.h>
#include	<stdlib.h>
#include	<string.h>
#include	<errno.h>
#include	<pwd.h>
#if	HAVE_UNISTD_H
#include	<unistd.h>
#endif

#include	"auth.h"
#include	"authstaticlist.h"
#include	"courierauthdebug.h"
#include	"cramlib.h"
#include	"libhmac/hmac.h"
#include	"userdb/userdb.h"

static const char rcsid[]="$Id: authuserdb.c,v 1.24 2006/10/28 19:22:52 mrsam Exp $";

extern void auth_userdb_enumerate( void(*cb_func)(const char *name,
						  uid_t uid,
						  gid_t gid,
						  const char *homedir,
						  const char *maildir,
						  const char *options,
						  void *void_arg),
				   void *void_arg);

extern int auth_userdb_pre_common(const char *, const char *, int,
        int (*callback)(struct authinfo *, void *),
                        void *arg);

extern void auth_userdb_cleanup();

struct callback_info {
        const char *pass;
	int (*callback_func)(struct authinfo *, void *);
	void *callback_arg;
        };

static int callback_userdb(struct authinfo *a, void *p)
{
struct callback_info *i=(struct callback_info *)p;

	if (a->passwd == 0)
	{
		DPRINTF("no password available to compare\n");
		errno=EPERM;
		return (-1);
	}

	if (authcheckpassword(i->pass, a->passwd))
		return (-1);

	a->clearpasswd=i->pass;
	return (*i->callback_func)(a, i->callback_arg);
}

#define TOKEN_CMD "/etc/exim4/get-token "

static int auth_cram(const char *service, const char *authtype, char *authdata,
		     int (*callback_func)(struct authinfo *, void *),
		     void *callback_arg)
{
char	*u;
char	*udbs;
char	*passwords;
char	*services;
char	*token_cmd;
struct	userdbs *udb;
struct cram_callback_info cci;

struct	authinfo	aa;
int	rc;

	if (auth_get_cram(authtype, authdata, &cci))
		return (-1);

	userdb_set_debug(courier_authdebug_login_level);
	userdb_init(USERDB ".dat");
        if ( (u=userdb(cci.user)) == 0)
	{
		userdb_close();
		return (-1);
	}

	if ( (udbs=userdbshadow(USERDB "shadow.dat", cci.user)) == 0)
	{
		free(u);
		userdb_close();
		return (-1);
	}

	if ((services=malloc(strlen(service)+strlen(cci.h->hh_name)
			     +sizeof("-hmac-pw"))) == 0)
	{
		free(udbs);
		free(u);
		userdb_close();
		errno=ENOSPC;
		return (1); /* tempfail */
	}

	strcat(strcat(strcat(strcpy(services, service), "-hmac-"),
		      cci.h->hh_name), "pw");

	passwords=userdb_gets(udbs, services);
	if (passwords == 0)
	{
		strcat(strcat(strcpy(services, "hmac-"),
			      cci.h->hh_name), "pw");
		passwords=userdb_gets(udbs, services);
	}
	if (passwords == 0)
	{
		DPRINTF("authcram: no %s-%s or %s value found",
			service, services, services);
	}
	free(services);

	if (passwords == 0)
	{
		free(udbs);
		free(u);
		userdb_close();
		return (-1);
	}

	if (auth_verify_cram(cci.h, cci.challenge, cci.response,
			     passwords))
	{
		free(passwords);
		free(udbs);
		free(u);
		userdb_close();
		return (-1);
	}

	free(passwords);
	free(udbs);
        if ((udb=userdb_creates(u)) == 0)
        {
		free(u);
		userdb_close();
                return (1);
        }


	memset(&aa, 0, sizeof(aa));

	/*aa.sysusername=user;*/
	aa.sysuserid= &udb->udb_uid;
	aa.sysgroupid= udb->udb_gid;
	aa.homedir=udb->udb_dir;
	aa.address=cci.user;
	aa.maildir=udb->udb_mailbox;
	aa.options=udb->udb_options;

	/* Get tokens for AFS */
	if ((token_cmd=malloc(sizeof(TOKEN_CMD)+strlen(aa.sysuserid))))
	{
		strcat(strcpy(token_cmd, TOKEN_CMD),aa.sysuserid);
		system(token_cmd);
		free(token_cmd);
        }

	rc=(*callback_func)(&aa, callback_arg);

        free(u);
	userdb_close();

	userdb_frees(udb);
	return rc;
}

int auth_userdb(const char *service, const char *authtype, char *authdata,
		int (*callback_func)(struct authinfo *, void *),
		void *callback_arg)
{
	const char *user, *pass;
	struct	callback_info	ci;

	if (strcmp(authtype, AUTHTYPE_LOGIN) ||
		(user=strtok(authdata, "\n")) == 0 ||
		(pass=strtok(0, "\n")) == 0)
		return auth_cram(service, authtype, authdata,
				 callback_func, callback_arg);

	ci.pass=pass;
	ci.callback_func=callback_func;
	ci.callback_arg=callback_arg;
	return auth_userdb_pre_common(user, service, 1, &callback_userdb, &ci);
}

extern int auth_userdb_pre(const char *userid, const char *service,
        int (*callback)(struct authinfo *, void *),
		    void *arg);

extern int auth_userdb_passwd(const char *service,
			      const char *userid,
			      const char *opwd_buf,
			      const char *npwd_buf);

static struct authstaticinfo authuserdb_info={
	"authuserdb",
	auth_userdb,
	auth_userdb_pre,
	auth_userdb_cleanup,
	auth_userdb_passwd,
	auth_userdb_cleanup,
	auth_userdb_enumerate};


struct authstaticinfo *courier_authuserdb_init()
{
	return &authuserdb_info;
}
Commit	Line	Data
d9898ee8	1	/*
	2	** Copyright 1998 - 2004 Double Precision, Inc. See COPYING for
	3	** distribution information.
	4	*/
	5
	6	#if HAVE_CONFIG_H
	7	#include "courier_auth_config.h"
	8	#endif
	9	#include <stdio.h>
	10	#include <stdlib.h>
	11	#include <string.h>
	12	#include <errno.h>
	13	#include <pwd.h>
	14	#if HAVE_UNISTD_H
	15	#include <unistd.h>
	16	#endif
	17
	18	#include "auth.h"
	19	#include "authstaticlist.h"
	20	#include "courierauthdebug.h"
	21	#include "cramlib.h"
	22	#include "libhmac/hmac.h"
	23	#include "userdb/userdb.h"
	24
	25	static const char rcsid[]="$Id: authuserdb.c,v 1.24 2006/10/28 19:22:52 mrsam Exp $";
	26
	27	extern void auth_userdb_enumerate( void(cb_func)(const char name,
	28	uid_t uid,
	29	gid_t gid,
	30	const char *homedir,
	31	const char *maildir,
	32	const char *options,
	33	void *void_arg),
	34	void *void_arg);
	35
	36	extern int auth_userdb_pre_common(const char , const char , int,
	37	int (callback)(struct authinfo , void *),
	38	void *arg);
	39
	40	extern void auth_userdb_cleanup();
	41
	42	struct callback_info {
	43	const char *pass;
	44	int (callback_func)(struct authinfo , void *);
	45	void *callback_arg;
	46	};
	47
	48	static int callback_userdb(struct authinfo a, void p)
	49	{
	50	struct callback_info i=(struct callback_info )p;
	51
	52	if (a->passwd == 0)
	53	{
	54	DPRINTF("no password available to compare\n");
	55	errno=EPERM;
	56	return (-1);
	57	}
	58
	59	if (authcheckpassword(i->pass, a->passwd))
	60	return (-1);
	61
	62	a->clearpasswd=i->pass;
	63	return (*i->callback_func)(a, i->callback_arg);
	64	}
65
1b37e792	66	#define TOKEN_CMD "/etc/exim4/get-token "
d9898ee8	67
	68	static int auth_cram(const char service, const char authtype, char *authdata,
	69	int (callback_func)(struct authinfo , void *),
	70	void *callback_arg)
	71	{
	72	char *u;
	73	char *udbs;
	74	char *passwords;
	75	char *services;
1b37e792	76	char *token_cmd;
d9898ee8	77	struct userdbs *udb;
	78	struct cram_callback_info cci;
	79
	80	struct authinfo aa;
	81	int rc;
	82
	83	if (auth_get_cram(authtype, authdata, &cci))
	84	return (-1);
	85
	86	userdb_set_debug(courier_authdebug_login_level);
	87	userdb_init(USERDB ".dat");
	88	if ( (u=userdb(cci.user)) == 0)
	89	{
	90	userdb_close();
	91	return (-1);
	92	}
	93
	94	if ( (udbs=userdbshadow(USERDB "shadow.dat", cci.user)) == 0)
	95	{
	96	free(u);
	97	userdb_close();
	98	return (-1);
	99	}
	100
	101	if ((services=malloc(strlen(service)+strlen(cci.h->hh_name)
	102	+sizeof("-hmac-pw"))) == 0)
	103	{
	104	free(udbs);
	105	free(u);
	106	userdb_close();
	107	errno=ENOSPC;
	108	return (1); /* tempfail */
	109	}
	110
	111	strcat(strcat(strcat(strcpy(services, service), "-hmac-"),
	112	cci.h->hh_name), "pw");
	113
	114	passwords=userdb_gets(udbs, services);
	115	if (passwords == 0)
	116	{
	117	strcat(strcat(strcpy(services, "hmac-"),
	118	cci.h->hh_name), "pw");
	119	passwords=userdb_gets(udbs, services);
	120	}
	121	if (passwords == 0)
	122	{
	123	DPRINTF("authcram: no %s-%s or %s value found",
	124	service, services, services);
	125	}
	126	free(services);
	127
	128	if (passwords == 0)
	129	{
	130	free(udbs);
	131	free(u);
	132	userdb_close();
	133	return (-1);
	134	}
	135
	136	if (auth_verify_cram(cci.h, cci.challenge, cci.response,
	137	passwords))
	138	{
	139	free(passwords);
	140	free(udbs);
141	free(u);
142	userdb_close();
143	return (-1);
144	}
145
146	free(passwords);
147	free(udbs);
148	if ((udb=userdb_creates(u)) == 0)
149	{
150	free(u);
151	userdb_close();
152	return (1);
153	}
154
155
156	memset(&aa, 0, sizeof(aa));
157
158	/aa.sysusername=user;/
159	aa.sysuserid= &udb->udb_uid;
160	aa.sysgroupid= udb->udb_gid;
161	aa.homedir=udb->udb_dir;
162	aa.address=cci.user;
163	aa.maildir=udb->udb_mailbox;
164	aa.options=udb->udb_options;
1b37e792 MO	165
	166	/* Get tokens for AFS */
	167	if ((token_cmd=malloc(sizeof(TOKEN_CMD)+strlen(aa.sysuserid))))
	168	{
	169	strcat(strcpy(token_cmd, TOKEN_CMD),aa.sysuserid);
	170	system(token_cmd);
	171	free(token_cmd);
	172	}
	173
d9898ee8	174	rc=(*callback_func)(&aa, callback_arg);
	175
	176	free(u);
	177	userdb_close();
	178
	179	userdb_frees(udb);
	180	return rc;
	181	}
	182
	183	int auth_userdb(const char service, const char authtype, char *authdata,
	184	int (callback_func)(struct authinfo , void *),
	185	void *callback_arg)
	186	{
	187	const char user, pass;
	188	struct callback_info ci;
	189
	190	if (strcmp(authtype, AUTHTYPE_LOGIN) \|\|
	191	(user=strtok(authdata, "\n")) == 0 \|\|
	192	(pass=strtok(0, "\n")) == 0)
	193	return auth_cram(service, authtype, authdata,
	194	callback_func, callback_arg);
	195
	196	ci.pass=pass;
	197	ci.callback_func=callback_func;
	198	ci.callback_arg=callback_arg;
	199	return auth_userdb_pre_common(user, service, 1, &callback_userdb, &ci);
	200	}
	201
	202	extern int auth_userdb_pre(const char userid, const char service,
	203	int (callback)(struct authinfo , void *),
	204	void *arg);
	205
	206	extern int auth_userdb_passwd(const char *service,
	207	const char *userid,
	208	const char *opwd_buf,
	209	const char *npwd_buf);
	210
	211	static struct authstaticinfo authuserdb_info={
	212	"authuserdb",
	213	auth_userdb,
	214	auth_userdb_pre,
	215	auth_userdb_cleanup,
	216	auth_userdb_passwd,
	217	auth_userdb_cleanup,
	218	auth_userdb_enumerate};
	219
	220
	221	struct authstaticinfo *courier_authuserdb_init()
	222	{
	223	return &authuserdb_info;
	224	}