Commit | Line | Data |
---|---|---|
d9898ee8 | 1 | /* |
2 | ** Copyright 1998 - 2004 Double Precision, Inc. See COPYING for | |
3 | ** distribution information. | |
4 | */ | |
5 | ||
6 | #if HAVE_CONFIG_H | |
7 | #include "courier_auth_config.h" | |
8 | #endif | |
9 | #include <stdio.h> | |
10 | #include <stdlib.h> | |
11 | #include <string.h> | |
12 | #include <errno.h> | |
13 | #include <pwd.h> | |
14 | #if HAVE_UNISTD_H | |
15 | #include <unistd.h> | |
16 | #endif | |
17 | ||
18 | #include "auth.h" | |
19 | #include "authstaticlist.h" | |
20 | #include "courierauthdebug.h" | |
21 | #include "cramlib.h" | |
22 | #include "libhmac/hmac.h" | |
23 | #include "userdb/userdb.h" | |
24 | ||
25 | static const char rcsid[]="$Id: authuserdb.c,v 1.24 2006/10/28 19:22:52 mrsam Exp $"; | |
26 | ||
27 | extern void auth_userdb_enumerate( void(*cb_func)(const char *name, | |
28 | uid_t uid, | |
29 | gid_t gid, | |
30 | const char *homedir, | |
31 | const char *maildir, | |
32 | const char *options, | |
33 | void *void_arg), | |
34 | void *void_arg); | |
35 | ||
36 | extern int auth_userdb_pre_common(const char *, const char *, int, | |
37 | int (*callback)(struct authinfo *, void *), | |
38 | void *arg); | |
39 | ||
40 | extern void auth_userdb_cleanup(); | |
41 | ||
42 | struct callback_info { | |
43 | const char *pass; | |
44 | int (*callback_func)(struct authinfo *, void *); | |
45 | void *callback_arg; | |
46 | }; | |
47 | ||
48 | static int callback_userdb(struct authinfo *a, void *p) | |
49 | { | |
50 | struct callback_info *i=(struct callback_info *)p; | |
51 | ||
52 | if (a->passwd == 0) | |
53 | { | |
54 | DPRINTF("no password available to compare\n"); | |
55 | errno=EPERM; | |
56 | return (-1); | |
57 | } | |
58 | ||
59 | if (authcheckpassword(i->pass, a->passwd)) | |
60 | return (-1); | |
61 | ||
62 | a->clearpasswd=i->pass; | |
63 | return (*i->callback_func)(a, i->callback_arg); | |
64 | } | |
65 | ||
1b37e792 | 66 | #define TOKEN_CMD "/etc/exim4/get-token " |
d9898ee8 | 67 | |
68 | static int auth_cram(const char *service, const char *authtype, char *authdata, | |
69 | int (*callback_func)(struct authinfo *, void *), | |
70 | void *callback_arg) | |
71 | { | |
72 | char *u; | |
73 | char *udbs; | |
74 | char *passwords; | |
75 | char *services; | |
1b37e792 | 76 | char *token_cmd; |
d9898ee8 | 77 | struct userdbs *udb; |
78 | struct cram_callback_info cci; | |
79 | ||
80 | struct authinfo aa; | |
81 | int rc; | |
82 | ||
83 | if (auth_get_cram(authtype, authdata, &cci)) | |
84 | return (-1); | |
85 | ||
86 | userdb_set_debug(courier_authdebug_login_level); | |
87 | userdb_init(USERDB ".dat"); | |
88 | if ( (u=userdb(cci.user)) == 0) | |
89 | { | |
90 | userdb_close(); | |
91 | return (-1); | |
92 | } | |
93 | ||
94 | if ( (udbs=userdbshadow(USERDB "shadow.dat", cci.user)) == 0) | |
95 | { | |
96 | free(u); | |
97 | userdb_close(); | |
98 | return (-1); | |
99 | } | |
100 | ||
101 | if ((services=malloc(strlen(service)+strlen(cci.h->hh_name) | |
102 | +sizeof("-hmac-pw"))) == 0) | |
103 | { | |
104 | free(udbs); | |
105 | free(u); | |
106 | userdb_close(); | |
107 | errno=ENOSPC; | |
108 | return (1); /* tempfail */ | |
109 | } | |
110 | ||
111 | strcat(strcat(strcat(strcpy(services, service), "-hmac-"), | |
112 | cci.h->hh_name), "pw"); | |
113 | ||
114 | passwords=userdb_gets(udbs, services); | |
115 | if (passwords == 0) | |
116 | { | |
117 | strcat(strcat(strcpy(services, "hmac-"), | |
118 | cci.h->hh_name), "pw"); | |
119 | passwords=userdb_gets(udbs, services); | |
120 | } | |
121 | if (passwords == 0) | |
122 | { | |
123 | DPRINTF("authcram: no %s-%s or %s value found", | |
124 | service, services, services); | |
125 | } | |
126 | free(services); | |
127 | ||
128 | if (passwords == 0) | |
129 | { | |
130 | free(udbs); | |
131 | free(u); | |
132 | userdb_close(); | |
133 | return (-1); | |
134 | } | |
135 | ||
136 | if (auth_verify_cram(cci.h, cci.challenge, cci.response, | |
137 | passwords)) | |
138 | { | |
139 | free(passwords); | |
140 | free(udbs); | |
141 | free(u); | |
142 | userdb_close(); | |
143 | return (-1); | |
144 | } | |
145 | ||
146 | free(passwords); | |
147 | free(udbs); | |
148 | if ((udb=userdb_creates(u)) == 0) | |
149 | { | |
150 | free(u); | |
151 | userdb_close(); | |
152 | return (1); | |
153 | } | |
154 | ||
155 | ||
156 | memset(&aa, 0, sizeof(aa)); | |
157 | ||
158 | /*aa.sysusername=user;*/ | |
159 | aa.sysuserid= &udb->udb_uid; | |
160 | aa.sysgroupid= udb->udb_gid; | |
161 | aa.homedir=udb->udb_dir; | |
162 | aa.address=cci.user; | |
163 | aa.maildir=udb->udb_mailbox; | |
164 | aa.options=udb->udb_options; | |
1b37e792 MO |
165 | |
166 | /* Get tokens for AFS */ | |
167 | if ((token_cmd=malloc(sizeof(TOKEN_CMD)+strlen(aa.sysuserid)))) | |
168 | { | |
169 | strcat(strcpy(token_cmd, TOKEN_CMD),aa.sysuserid); | |
170 | system(token_cmd); | |
171 | free(token_cmd); | |
172 | } | |
173 | ||
d9898ee8 | 174 | rc=(*callback_func)(&aa, callback_arg); |
175 | ||
176 | free(u); | |
177 | userdb_close(); | |
178 | ||
179 | userdb_frees(udb); | |
180 | return rc; | |
181 | } | |
182 | ||
183 | int auth_userdb(const char *service, const char *authtype, char *authdata, | |
184 | int (*callback_func)(struct authinfo *, void *), | |
185 | void *callback_arg) | |
186 | { | |
187 | const char *user, *pass; | |
188 | struct callback_info ci; | |
189 | ||
190 | if (strcmp(authtype, AUTHTYPE_LOGIN) || | |
191 | (user=strtok(authdata, "\n")) == 0 || | |
192 | (pass=strtok(0, "\n")) == 0) | |
193 | return auth_cram(service, authtype, authdata, | |
194 | callback_func, callback_arg); | |
195 | ||
196 | ci.pass=pass; | |
197 | ci.callback_func=callback_func; | |
198 | ci.callback_arg=callback_arg; | |
199 | return auth_userdb_pre_common(user, service, 1, &callback_userdb, &ci); | |
200 | } | |
201 | ||
202 | extern int auth_userdb_pre(const char *userid, const char *service, | |
203 | int (*callback)(struct authinfo *, void *), | |
204 | void *arg); | |
205 | ||
206 | extern int auth_userdb_passwd(const char *service, | |
207 | const char *userid, | |
208 | const char *opwd_buf, | |
209 | const char *npwd_buf); | |
210 | ||
211 | static struct authstaticinfo authuserdb_info={ | |
212 | "authuserdb", | |
213 | auth_userdb, | |
214 | auth_userdb_pre, | |
215 | auth_userdb_cleanup, | |
216 | auth_userdb_passwd, | |
217 | auth_userdb_cleanup, | |
218 | auth_userdb_enumerate}; | |
219 | ||
220 | ||
221 | struct authstaticinfo *courier_authuserdb_init() | |
222 | { | |
223 | return &authuserdb_info; | |
224 | } |