d9898ee8 |
1 | /* |
2 | ** Copyright 2000-2005 Double Precision, Inc. See COPYING for |
3 | ** distribution information. |
4 | */ |
5 | |
6 | #include <stdio.h> |
7 | #include <stdlib.h> |
8 | #include <string.h> |
9 | #include <unistd.h> |
10 | #include <ctype.h> |
11 | #include <sys/types.h> |
12 | #include <sys/stat.h> |
13 | #include <mysql.h> |
14 | #include <time.h> |
15 | |
16 | #include "authmysql.h" |
17 | #include "authmysqlrc.h" |
18 | #include "auth.h" |
19 | #include "courierauthdebug.h" |
20 | |
21 | #define err courier_auth_err |
22 | |
23 | /* siefca@pld.org.pl */ |
24 | #define MAX_SUBSTITUTION_LEN 32 |
25 | #define SV_BEGIN_MARK "$(" |
26 | #define SV_END_MARK ")" |
27 | #define SV_BEGIN_LEN ((sizeof(SV_BEGIN_MARK))-1) |
28 | #define SV_END_LEN ((sizeof(SV_END_MARK))-1) |
29 | |
64ff59ba |
30 | static const char rcsid[]="$Id: authmysqllib.c,v 1.45 2007/10/07 02:50:45 mrsam Exp $"; |
d9898ee8 |
31 | |
32 | /* siefca@pld.org.pl */ |
33 | struct var_data { |
34 | const char *name; |
35 | const char *value; |
36 | const size_t size; |
37 | size_t value_length; |
38 | } ; |
39 | |
40 | /* siefca@pld.org.pl */ |
41 | typedef int (*parsefunc)(const char *, size_t, void *); |
42 | |
43 | static const char *read_env(const char *env) |
44 | { |
45 | static char *mysqlauth=0; |
46 | static size_t mysqlauth_size=0; |
47 | size_t i; |
48 | char *p=0; |
49 | int l=strlen(env); |
50 | |
51 | if (!mysqlauth) |
52 | { |
53 | FILE *f=fopen(AUTHMYSQLRC, "r"); |
54 | struct stat buf; |
55 | |
56 | if (!f) return (0); |
57 | if (fstat(fileno(f), &buf) || |
58 | (mysqlauth=malloc(buf.st_size+2)) == 0) |
59 | { |
60 | fclose(f); |
61 | return (0); |
62 | } |
63 | if (fread(mysqlauth, buf.st_size, 1, f) != 1) |
64 | { |
65 | free(mysqlauth); |
66 | mysqlauth=0; |
67 | fclose(f); |
68 | return (0); |
69 | } |
70 | mysqlauth[mysqlauth_size=buf.st_size]=0; |
71 | |
72 | for (i=0; i<mysqlauth_size; i++) |
73 | if (mysqlauth[i] == '\n') |
74 | { /* siefca@pld.org.pl */ |
75 | if (!i || mysqlauth[i-1] != '\\') |
76 | { |
77 | mysqlauth[i]='\0'; |
78 | } |
79 | else |
80 | { |
81 | mysqlauth[i]=mysqlauth[i-1]= ' '; |
82 | } |
83 | } |
84 | fclose(f); |
85 | } |
86 | |
87 | for (i=0; i<mysqlauth_size; ) |
88 | { |
89 | p=mysqlauth+i; |
90 | if (memcmp(p, env, l) == 0 && |
91 | isspace((int)(unsigned char)p[l])) |
92 | { |
93 | p += l; |
94 | while (*p && *p != '\n' && |
95 | isspace((int)(unsigned char)*p)) |
96 | ++p; |
97 | break; |
98 | } |
99 | |
100 | while (i < mysqlauth_size) |
101 | if (mysqlauth[i++] == 0) break; |
102 | } |
103 | |
104 | if (i < mysqlauth_size) |
105 | return (p); |
106 | return (0); |
107 | } |
108 | |
109 | static MYSQL mysql_buf; |
110 | |
111 | static MYSQL *mysql=0; |
112 | |
113 | static int do_connect() |
114 | { |
115 | const char *server; |
116 | const char *userid; |
117 | const char *password; |
118 | const char *database; |
119 | const char *server_socket=0; |
120 | unsigned int server_port=0; |
121 | unsigned int server_opt=0; |
122 | const char *p; |
123 | |
124 | const char *sslkey; |
125 | const char *sslcert; |
126 | const char *sslcacert; |
127 | const char *sslcapath; |
128 | const char *sslcipher; |
129 | unsigned int use_ssl=0; |
130 | |
131 | /* |
132 | ** Periodically detect dead connections. |
133 | */ |
134 | if (mysql) |
135 | { |
136 | static time_t last_time=0; |
137 | time_t t_check; |
138 | |
139 | time(&t_check); |
140 | |
141 | if (t_check < last_time) |
142 | last_time=t_check; /* System clock changed */ |
143 | |
144 | if (t_check < last_time + 60) |
145 | return (0); |
146 | |
147 | last_time=t_check; |
148 | |
149 | if (mysql_ping(mysql) == 0) return (0); |
150 | |
151 | DPRINTF("authmysqllib: mysql_ping failed, connection lost"); |
152 | mysql_close(mysql); |
153 | mysql=0; |
154 | } |
155 | |
156 | server=read_env("MYSQL_SERVER"); |
157 | userid=read_env("MYSQL_USERNAME"); |
158 | password=read_env("MYSQL_PASSWORD"); |
159 | database=read_env("MYSQL_DATABASE"); |
160 | |
161 | #if MYSQL_VERSION_ID >= 32200 |
162 | sslkey=read_env("MYSQL_SSL_KEY"); |
163 | sslcert=read_env("MYSQL_SSL_CERT"); |
164 | sslcacert=read_env("MYSQL_SSL_CACERT"); |
165 | sslcapath=read_env("MYSQL_SSL_CAPATH"); |
166 | sslcipher=read_env("MYSQL_SSL_CIPHER"); |
167 | |
168 | if ((sslcert != NULL) && ((sslcacert != NULL) || (sslcapath != NULL))) |
169 | { |
170 | use_ssl=1; |
171 | } |
172 | #endif |
173 | |
174 | server_socket=(char *) read_env("MYSQL_SOCKET"); |
175 | |
176 | if ((p=read_env("MYSQL_PORT")) != 0) |
177 | { |
178 | server_port=(unsigned int) atoi(p); |
179 | } |
180 | |
181 | if ((p=read_env("MYSQL_OPT")) != 0) |
182 | { |
183 | server_opt=(unsigned int) atol(p); |
184 | } |
185 | |
186 | if (!server && !server_socket) |
187 | { |
188 | err("authmysql: MYSQL_SERVER nor MYSQL_SOCKET set in" |
189 | AUTHMYSQLRC "."); |
190 | return (-1); |
191 | } |
192 | |
193 | if (!userid) |
194 | { |
195 | err("authmysql: MYSQL_USERNAME not set in " |
196 | AUTHMYSQLRC "."); |
197 | return (-1); |
198 | } |
199 | |
200 | if (!database) |
201 | { |
202 | err("authmysql: MYSQL_DATABASE not set in " |
203 | AUTHMYSQLRC "."); |
204 | return (-1); |
205 | } |
206 | |
207 | #if MYSQL_VERSION_ID >= 32200 |
208 | mysql_init(&mysql_buf); |
209 | if (use_ssl) |
210 | { |
211 | mysql_ssl_set(&mysql_buf, sslkey, sslcert, sslcacert, |
212 | sslcapath, sslcipher); |
213 | } |
214 | mysql=mysql_real_connect(&mysql_buf, server, userid, password, |
215 | NULL, |
216 | server_port, |
217 | server_socket, |
218 | server_opt); |
219 | #else |
220 | mysql=mysql_connect(&mysql_buf, server, userid, password); |
221 | #endif |
222 | if (!mysql) |
223 | { |
224 | err("failed to connect to mysql server (server=%s, userid=%s): %s", |
225 | server ? server : "<null>", |
226 | userid ? userid : "<null>", |
227 | mysql_error(&mysql_buf)); |
228 | return (-1); |
229 | } |
230 | |
231 | if (mysql_select_db(mysql, database)) |
232 | { |
233 | err("authmysql: mysql_select_db(%s) error: %s", |
234 | database, mysql_error(mysql)); |
235 | mysql_close(mysql); |
236 | mysql=0; |
237 | return (-1); |
238 | } |
239 | return (0); |
240 | } |
241 | |
242 | void auth_mysql_cleanup() |
243 | { |
244 | if (mysql) |
245 | { |
246 | mysql_close(mysql); |
247 | mysql=0; |
248 | } |
249 | } |
250 | |
251 | static struct authmysqluserinfo ui={0, 0, 0, 0, 0, 0, 0, 0}; |
252 | |
253 | static void initui() |
254 | { |
255 | |
256 | if (ui.username) |
257 | free(ui.username); |
258 | if (ui.cryptpw) |
259 | free(ui.cryptpw); |
260 | if (ui.clearpw) |
261 | free(ui.clearpw); |
262 | if (ui.home) |
263 | free(ui.home); |
264 | if (ui.maildir) |
265 | free(ui.maildir); |
266 | if (ui.quota) |
267 | free(ui.quota); |
268 | if (ui.fullname) |
269 | free(ui.fullname); |
270 | if (ui.options) |
271 | free(ui.options); |
272 | memset(&ui, 0, sizeof(ui)); |
273 | } |
274 | |
275 | static void append_username(char *p, const char *username, |
276 | const char *defdomain) |
277 | { |
278 | for (strcpy(p, username); *p; p++) |
279 | if (*p == '\'' || *p == '"' || *p == '\\' || |
280 | (int)(unsigned char)*p < ' ') |
281 | *p=' '; /* No funny business */ |
282 | if (strchr(username, '@') == 0 && defdomain && *defdomain) |
283 | strcat(strcpy(p, "@"), defdomain); |
284 | } |
285 | |
286 | /* siefca@pld.org.pl */ |
287 | static struct var_data *get_variable (const char *begin, size_t len, |
288 | struct var_data *vdt) |
289 | { |
290 | struct var_data *vdp; |
291 | |
292 | if (!begin || !vdt) /* should never happend */ |
293 | { |
294 | err("authmysql: critical error while " |
295 | "parsing substitution variable"); |
296 | return NULL; |
297 | } |
298 | if (len < 1) |
299 | { |
300 | err("authmysql: unknown empty substitution " |
301 | "variable - aborting"); |
302 | return NULL; |
303 | } |
304 | if (len > MAX_SUBSTITUTION_LEN) |
305 | { |
306 | err("authmysql: variable name too long " |
307 | "while parsing substitution. " |
308 | "name begins with " |
309 | SV_BEGIN_MARK |
310 | "%.*s...", MAX_SUBSTITUTION_LEN, begin); |
311 | return NULL; |
312 | } |
313 | |
314 | for (vdp=vdt; vdp->name; vdp++) |
315 | if (vdp->size == len+1 && |
316 | !strncmp(begin, vdp->name, len)) |
317 | { |
318 | if (!vdp->value) |
319 | vdp->value = ""; |
320 | if (!vdp->value_length) /* length cache */ |
321 | vdp->value_length = strlen (vdp->value); |
322 | return vdp; |
323 | } |
324 | |
325 | err("authmysql: unknown substitution variable " |
326 | SV_BEGIN_MARK |
327 | "%.*s" |
328 | SV_END_MARK |
329 | , (int)len, begin); |
330 | |
331 | return NULL; |
332 | } |
333 | |
334 | /* siefca@pld.org.pl */ |
335 | static int ParsePlugin_counter (const char *p, size_t length, void *vp) |
336 | { |
337 | if (!p || !vp || length < 0) |
338 | { |
339 | err("authmysql: bad arguments while counting " |
340 | "query string"); |
341 | return -1; |
342 | } |
343 | |
344 | *((size_t *)vp) += length; |
345 | |
346 | return 0; |
347 | } |
348 | |
349 | /* siefca@pld.org.pl */ |
350 | static int ParsePlugin_builder (const char *p, size_t length, void *vp) |
351 | { |
352 | char **strptr = (char **) vp; |
353 | |
354 | if (!p || !vp || length < 0) |
355 | { |
356 | err("authmysql: bad arguments while building " |
357 | "query string"); |
358 | return -1; |
359 | } |
360 | |
361 | if (!length) return 0; |
362 | memcpy ((void *) *strptr, (void *) p, length); |
363 | *strptr += length; |
364 | |
365 | return 0; |
366 | } |
367 | |
368 | /* siefca@pld.org.pl */ |
369 | static int parse_core (const char *source, struct var_data *vdt, |
370 | parsefunc outfn, void *result) |
371 | { |
372 | size_t v_size = 0, |
373 | t_size = 0; |
374 | const char *p, *q, *e, |
375 | *v_begin, *v_end, |
376 | *t_begin, *t_end; |
377 | struct var_data *v_ptr; |
378 | |
379 | if (!source) |
380 | source = ""; |
381 | if (!result) |
382 | { |
383 | err("authmysql: no memory allocated for result " |
384 | "while parser core was invoked"); |
385 | return -1; |
386 | } |
387 | if (!vdt) |
388 | { |
389 | err("authmysql: no substitution table found " |
390 | "while parser core was invoked"); |
391 | return -1; |
392 | } |
393 | |
394 | q = source; |
395 | while ( (p=strstr(q, SV_BEGIN_MARK)) ) |
396 | { |
397 | e = strstr (p, SV_END_MARK); |
398 | if (!e) |
399 | { |
400 | err("authmysql: syntax error in " |
401 | "substitution " |
402 | "- no closing symbol found! " |
403 | "bad variable begins with:" |
404 | "%.*s...", MAX_SUBSTITUTION_LEN, p); |
405 | return -1; |
406 | } |
407 | |
408 | /* |
409 | ** |
410 | ** __________sometext$(variable_name)_________ |
411 | ** | | | | |
412 | ** t_begin' t_end' `v_begin `v_end |
413 | ** |
414 | */ |
415 | |
416 | v_begin = p+SV_BEGIN_LEN; /* variable field ptr */ |
417 | v_end = e-SV_END_LEN; /* variable field last character */ |
418 | v_size = v_end-v_begin+1;/* variable field length */ |
419 | |
420 | t_begin = q; /* text field ptr */ |
421 | t_end = p-1; /* text field last character */ |
422 | t_size = t_end-t_begin+1;/* text field length */ |
423 | |
424 | /* work on text */ |
425 | if ( (outfn (t_begin, t_size, result)) == -1 ) |
426 | return -1; |
427 | |
428 | /* work on variable */ |
429 | v_ptr = get_variable (v_begin, v_size, vdt); |
430 | if (!v_ptr) return -1; |
431 | |
432 | if ( (outfn (v_ptr->value, v_ptr->value_length, result)) == -1 ) |
433 | return -1; |
434 | |
435 | q = e + 1; |
436 | } |
437 | |
438 | /* work on last part of text if any */ |
439 | if (*q != '\0') |
440 | if ( (outfn (q, strlen(q), result)) == -1 ) |
441 | return -1; |
442 | |
443 | return 0; |
444 | } |
445 | |
446 | /* siefca@pld.org.pl */ |
447 | static char *parse_string (const char *source, struct var_data *vdt) |
448 | { |
449 | struct var_data *vdp = NULL; |
450 | char *output_buf = NULL, |
451 | *pass_buf = NULL; |
452 | size_t buf_size = 2; |
453 | |
454 | if (source == NULL || *source == '\0' || |
455 | vdt == NULL || vdt[0].name == NULL) |
456 | { |
457 | err("authmysql: source clause is empty " |
458 | "- this is critical error"); |
459 | return NULL; |
460 | } |
461 | |
462 | /* zero var_data length cache - important! */ |
463 | for (vdp=vdt; vdp->name; vdp++) |
464 | vdp->value_length = 0; |
465 | |
466 | |
467 | /* phase 1 - count and validate string */ |
468 | if ( (parse_core (source, vdt, &ParsePlugin_counter, &buf_size)) != 0) |
469 | return NULL; |
470 | |
471 | /* phase 2 - allocate memory */ |
472 | output_buf = malloc (buf_size); |
473 | if (!output_buf) |
474 | { |
475 | perror ("malloc"); |
476 | return NULL; |
477 | } |
478 | pass_buf = output_buf; |
479 | |
480 | /* phase 3 - build the output string */ |
481 | if ( (parse_core (source, vdt, &ParsePlugin_builder, &pass_buf)) != 0) |
482 | { |
483 | free (output_buf); |
484 | return NULL; |
485 | } |
486 | *pass_buf = '\0'; |
487 | |
488 | return output_buf; |
489 | } |
490 | |
491 | /* siefca@pld.org.pl */ |
492 | static const char *get_localpart (const char *username) |
493 | { |
494 | size_t lbuf = 0; |
495 | const char *l_end, *p; |
496 | char *q; |
497 | static char localpart_buf[130]; |
498 | |
499 | if (!username || *username == '\0') return NULL; |
500 | |
501 | p = strchr(username,'@'); |
502 | if (p) |
503 | { |
504 | if ((p-username) > 128) |
505 | return NULL; |
506 | l_end = p; |
507 | } |
508 | else |
509 | { |
510 | if ((lbuf = strlen(username)) > 128) |
511 | return NULL; |
512 | l_end = username + lbuf; |
513 | } |
514 | |
515 | p=username; |
516 | q=localpart_buf; |
517 | |
518 | while (*p && p != l_end) |
519 | if (*p == '\"' || *p == '\\' || |
520 | *p == '\'' || (int)(unsigned char)*p < ' ') |
521 | p++; |
522 | else |
523 | *q++ = *p++; |
524 | |
525 | *q = '\0'; |
526 | return localpart_buf; |
527 | } |
528 | |
529 | /* siefca@pld.org.pl */ |
530 | static const char *get_domain (const char *username, const char *defdomain) |
531 | { |
532 | static char domain_buf[260]; |
533 | const char *p; |
534 | char *q; |
535 | |
536 | if (!username || *username == '\0') return NULL; |
537 | p = strchr(username,'@'); |
538 | |
539 | if (!p || *(p+1) == '\0') |
540 | { |
541 | if (defdomain && *defdomain) |
542 | return defdomain; |
543 | else |
544 | return NULL; |
545 | } |
546 | |
547 | p++; |
548 | if ((strlen(p)) > 256) |
549 | return NULL; |
550 | |
551 | q = domain_buf; |
552 | while (*p) |
553 | if (*p == '\"' || *p == '\\' || |
554 | *p == '\'' || (int)(unsigned char)*p < ' ') |
555 | p++; |
556 | else |
557 | *q++ = *p++; |
558 | |
559 | *q = '\0'; |
560 | return domain_buf; |
561 | } |
562 | |
563 | /* siefca@pld.org.pl */ |
564 | |
565 | static const char *validateMyPassword (const char *password) |
566 | { |
567 | static char pass_buf[2][540]; /* Use two buffers, see parse_chpass_clause */ |
568 | static int next_pass=0; |
569 | const char *p; |
570 | char *q, *endq; |
571 | |
572 | if (!password || *password == '\0' || (strlen(password)) > 256) |
573 | return NULL; |
574 | |
575 | next_pass= 1-next_pass; |
576 | |
577 | p = password; |
578 | q = pass_buf[next_pass]; |
579 | endq = q + sizeof pass_buf[next_pass]; |
580 | |
581 | while (*p && q < endq) |
582 | { |
583 | if (*p == '\"' || *p == '\\' || *p == '\'') |
584 | *q++ = '\\'; |
585 | *q++ = *p++; |
586 | } |
587 | |
588 | if (q >= endq) |
589 | return NULL; |
590 | |
591 | *q = '\0'; |
592 | return pass_buf[next_pass]; |
593 | } |
594 | |
595 | /* siefca@pld.org.pl */ |
596 | static char *parse_select_clause (const char *clause, const char *username, |
597 | const char *defdomain, |
598 | const char *service) |
599 | { |
600 | static struct var_data vd[]={ |
601 | {"local_part", NULL, sizeof("local_part"), 0}, |
602 | {"domain", NULL, sizeof("domain"), 0}, |
603 | {"service", NULL, sizeof("service"), 0}, |
604 | {NULL, NULL, 0, 0}}; |
605 | |
606 | if (clause == NULL || *clause == '\0' || |
607 | !username || *username == '\0') |
608 | return NULL; |
609 | |
610 | vd[0].value = get_localpart (username); |
611 | vd[1].value = get_domain (username, defdomain); |
612 | if (!vd[0].value || !vd[1].value) |
613 | return NULL; |
614 | vd[2].value = service; |
615 | |
616 | return (parse_string (clause, vd)); |
617 | } |
618 | |
619 | /* siefca@pld.org.pl */ |
620 | static char *parse_chpass_clause (const char *clause, const char *username, |
621 | const char *defdomain, const char *newpass, |
622 | const char *newpass_crypt) |
623 | { |
624 | static struct var_data vd[]={ |
625 | {"local_part", NULL, sizeof("local_part"), 0}, |
626 | {"domain", NULL, sizeof("domain"), 0}, |
627 | {"newpass", NULL, sizeof("newpass"), 0}, |
628 | {"newpass_crypt", NULL, sizeof("newpass_crypt"), 0}, |
629 | {NULL, NULL, 0, 0}}; |
630 | |
631 | if (clause == NULL || *clause == '\0' || |
632 | !username || *username == '\0' || |
633 | !newpass || *newpass == '\0' || |
634 | !newpass_crypt || *newpass_crypt == '\0') return NULL; |
635 | |
636 | vd[0].value = get_localpart (username); |
637 | vd[1].value = get_domain (username, defdomain); |
638 | vd[2].value = validateMyPassword (newpass); |
639 | vd[3].value = validateMyPassword (newpass_crypt); |
640 | |
641 | if (!vd[0].value || !vd[1].value || |
642 | !vd[2].value || !vd[3].value) return NULL; |
643 | |
644 | return (parse_string (clause, vd)); |
645 | } |
646 | |
647 | struct authmysqluserinfo *auth_mysql_getuserinfo(const char *username, |
648 | const char *service) |
649 | { |
650 | const char *defdomain =NULL; |
651 | char *querybuf, *p; |
652 | MYSQL_ROW row; |
653 | MYSQL_RES *result; |
654 | int num_fields; |
655 | char *endp; |
656 | |
657 | const char *select_clause; /* siefca@pld.org.pl */ |
658 | |
659 | static const char query[]= |
660 | "SELECT %s, %s, %s, %s, %s, %s, %s, %s, %s, %s FROM %s WHERE %s = \""; |
661 | |
662 | if (do_connect()) return (0); |
663 | |
664 | initui(); |
665 | |
666 | select_clause=read_env("MYSQL_SELECT_CLAUSE"); |
667 | defdomain=read_env("DEFAULT_DOMAIN"); |
668 | if (!defdomain) defdomain=""; |
669 | |
670 | if (!select_clause) /* siefca@pld.org.pl */ |
671 | { |
672 | const char *user_table, |
673 | *crypt_field, |
674 | *clear_field, |
675 | *name_field, |
676 | *uid_field, |
677 | *gid_field, |
678 | *login_field, |
679 | *home_field, |
680 | *maildir_field, |
681 | *quota_field, |
682 | *options_field, |
683 | *where_clause; |
684 | |
685 | user_table=read_env("MYSQL_USER_TABLE"); |
686 | |
687 | if (!user_table) |
688 | { |
689 | err("authmysql: MYSQL_USER_TABLE not set in " |
690 | AUTHMYSQLRC "."); |
691 | return (0); |
692 | } |
693 | |
694 | crypt_field=read_env("MYSQL_CRYPT_PWFIELD"); |
695 | clear_field=read_env("MYSQL_CLEAR_PWFIELD"); |
696 | name_field=read_env("MYSQL_NAME_FIELD"); |
697 | |
698 | if (!crypt_field && !clear_field) |
699 | { |
700 | err("authmysql: MYSQL_CRYPT_PWFIELD and " |
701 | "MYSQL_CLEAR_PWFIELD not set in " AUTHMYSQLRC "."); |
702 | return (0); |
703 | } |
704 | if (!crypt_field) crypt_field="\"\""; |
705 | if (!clear_field) clear_field="\"\""; |
706 | if (!name_field) name_field="\"\""; |
707 | |
708 | uid_field = read_env("MYSQL_UID_FIELD"); |
709 | if (!uid_field) uid_field = "uid"; |
710 | |
711 | gid_field = read_env("MYSQL_GID_FIELD"); |
712 | if (!gid_field) gid_field = "gid"; |
713 | |
714 | login_field = read_env("MYSQL_LOGIN_FIELD"); |
715 | if (!login_field) login_field = "id"; |
716 | |
717 | home_field = read_env("MYSQL_HOME_FIELD"); |
718 | if (!home_field) home_field = "home"; |
719 | |
720 | maildir_field=read_env(service && strcmp(service, "courier")==0 |
721 | ? "MYSQL_DEFAULTDELIVERY" |
722 | : "MYSQL_MAILDIR_FIELD"); |
723 | if (!maildir_field) maildir_field="\"\""; |
724 | |
725 | quota_field=read_env("MYSQL_QUOTA_FIELD"); |
726 | if (!quota_field) quota_field="\"\""; |
727 | |
728 | options_field=read_env("MYSQL_AUXOPTIONS_FIELD"); |
729 | if (!options_field) options_field="\"\""; |
730 | |
731 | where_clause=read_env("MYSQL_WHERE_CLAUSE"); |
732 | if (!where_clause) where_clause = ""; |
733 | |
734 | querybuf=malloc(sizeof(query) + 100 |
735 | + 2 * strlen(login_field) |
736 | + strlen(crypt_field) |
737 | + strlen(clear_field) |
738 | + strlen(uid_field) + strlen(gid_field) |
739 | + strlen(home_field) |
740 | + strlen(maildir_field) |
741 | + strlen(quota_field) |
742 | + strlen(name_field) |
743 | + strlen(options_field) |
744 | + strlen(user_table) |
745 | + strlen(username) |
746 | + strlen(defdomain) |
747 | + strlen(where_clause)); |
748 | |
749 | if (!querybuf) |
750 | { |
751 | perror("malloc"); |
752 | return (0); |
753 | } |
754 | |
755 | sprintf(querybuf, query, login_field, crypt_field, clear_field, |
756 | uid_field, gid_field, home_field, maildir_field, quota_field, |
757 | name_field, options_field, user_table, login_field); |
758 | |
759 | p=querybuf+strlen(querybuf); |
760 | |
761 | append_username(p, username, defdomain); |
762 | strcat(p, "\""); |
763 | |
764 | if (strcmp(where_clause, "")) { |
765 | strcat(p, " AND ("); |
766 | strcat(p, where_clause); |
767 | strcat(p, ")"); |
768 | } |
769 | } |
770 | else |
771 | { |
772 | /* siefca@pld.org.pl */ |
773 | querybuf=parse_select_clause (select_clause, username, |
774 | defdomain, service); |
775 | if (!querybuf) |
776 | { |
777 | DPRINTF("parse_select_clause failed (DEFAULT_DOMAIN not set?)"); |
778 | return 0; |
779 | } |
780 | } |
781 | |
64ff59ba |
782 | /* Anton Dobkin <anton@viansib.ru>, VIAN, Ltd. */ |
783 | #if MYSQL_VERSION_ID >= 41000 |
784 | const char *character_set=read_env("MYSQL_CHARACTER_SET"); |
785 | |
786 | if(character_set){ |
787 | |
788 | char *character_set_buf; |
789 | |
790 | character_set_buf=malloc(strlen(character_set)+11); |
791 | |
792 | if (!character_set_buf) |
793 | { |
794 | perror("malloc"); |
795 | return (0); |
796 | } |
797 | |
798 | strcpy(character_set_buf, "SET NAMES "); |
799 | strcat(character_set_buf, character_set); |
800 | |
801 | DPRINTF("Install of a character set for MySQL. SQL query: SET NAMES %s", character_set); |
802 | |
803 | if(mysql_query (mysql, character_set_buf)) |
804 | { |
805 | err("Install of a character set for MySQL is failed: %s MYSQL_CHARACTER_SET: may be invalid character set", mysql_error(mysql)); |
806 | auth_mysql_cleanup(); |
807 | |
808 | if (do_connect()) |
809 | { |
810 | free(character_set_buf); |
811 | return (0); |
812 | } |
813 | } |
814 | |
815 | free(character_set_buf); |
816 | } |
817 | #endif |
818 | |
d9898ee8 |
819 | DPRINTF("SQL query: %s", querybuf); |
820 | if (mysql_query (mysql, querybuf)) |
821 | { |
822 | /* <o.blasnik@nextra.de> */ |
823 | |
824 | DPRINTF("mysql_query failed, reconnecting: %s", mysql_error(mysql)); |
825 | auth_mysql_cleanup(); |
826 | |
827 | if (do_connect()) |
828 | { |
829 | free(querybuf); |
830 | return (0); |
831 | } |
832 | |
833 | if (mysql_query (mysql, querybuf)) |
834 | { |
835 | DPRINTF("mysql_query failed second time, giving up: %s", mysql_error(mysql)); |
836 | free(querybuf); |
837 | auth_mysql_cleanup(); |
838 | /* Server went down, that's OK, |
839 | ** try again next time. |
840 | */ |
841 | return (0); |
842 | } |
843 | } |
844 | free(querybuf); |
845 | |
846 | result = mysql_store_result (mysql); |
847 | if (result) |
848 | { |
849 | if (mysql_num_rows(result)) |
850 | { |
851 | row = mysql_fetch_row (result); |
852 | num_fields = mysql_num_fields (result); |
853 | |
854 | if (num_fields < 6) |
855 | { |
856 | DPRINTF("incomplete row, only %d fields returned", |
857 | num_fields); |
858 | mysql_free_result(result); |
859 | return(0); |
860 | } |
861 | |
862 | if (row[0] && row[0][0]) |
863 | ui.username=strdup(row[0]); |
864 | if (row[1] && row[1][0]) |
865 | ui.cryptpw=strdup(row[1]); |
866 | if (row[2] && row[2][0]) |
867 | ui.clearpw=strdup(row[2]); |
868 | /* perhaps authmysql needs a glob_uid/glob_gid feature |
869 | like authldap? */ |
870 | if (!row[3] || !row[3][0] || |
871 | (ui.uid=strtol(row[3], &endp, 10), endp[0] != '\0')) |
872 | { |
873 | DPRINTF("invalid value for uid: '%s'", |
874 | row[3] ? row[3] : "<null>"); |
875 | mysql_free_result(result); |
876 | return 0; |
877 | } |
878 | if (!row[4] || !row[4][0] || |
879 | (ui.gid=strtol(row[4], &endp, 10), endp[0] != '\0')) |
880 | { |
881 | DPRINTF("invalid value for gid: '%s'", |
882 | row[4] ? row[4] : "<null>"); |
883 | mysql_free_result(result); |
884 | return 0; |
885 | } |
886 | if (row[5] && row[5][0]) |
887 | ui.home=strdup(row[5]); |
888 | else |
889 | { |
890 | DPRINTF("required value for 'home' (column 6) is missing"); |
891 | mysql_free_result(result); |
892 | return(0); |
893 | } |
894 | if (num_fields > 6 && row[6] && row[6][0]) |
895 | ui.maildir=strdup(row[6]); |
896 | if (num_fields > 7 && row[7] && row[7][0]) |
897 | ui.quota=strdup(row[7]); |
898 | if (num_fields > 8 && row[8] && row[8][0]) |
899 | ui.fullname=strdup(row[8]); |
900 | if (num_fields > 9 && row[9] && row[9][0]) |
901 | ui.options=strdup(row[9]); |
902 | } |
903 | else |
904 | { |
905 | DPRINTF("zero rows returned"); |
906 | mysql_free_result(result); |
907 | return (&ui); /* User not found */ |
908 | } |
909 | } |
910 | else |
911 | { |
912 | DPRINTF("mysql_store_result failed"); |
913 | return (0); |
914 | } |
915 | mysql_free_result(result); |
916 | return (&ui); |
917 | } |
918 | |
919 | int auth_mysql_setpass(const char *user, const char *pass, |
920 | const char *oldpass) |
921 | { |
922 | char *newpass_crypt; |
923 | const char *p; |
924 | int l; |
925 | char *sql_buf; |
926 | const char *comma; |
927 | int rc=0; |
928 | |
929 | const char *clear_field =NULL, |
930 | *crypt_field =NULL, |
931 | *defdomain =NULL, |
932 | *where_clause =NULL, |
933 | *user_table =NULL, |
934 | *login_field =NULL, |
935 | *chpass_clause =NULL; /* siefca@pld.org.pl */ |
936 | |
937 | if (!mysql) |
938 | return (-1); |
939 | |
940 | |
941 | if (!(newpass_crypt=authcryptpasswd(pass, oldpass))) |
942 | return (-1); |
943 | |
944 | for (l=0, p=pass; *p; p++) |
945 | { |
946 | if ((int)(unsigned char)*p < ' ') |
947 | { |
948 | free(newpass_crypt); |
949 | return (-1); |
950 | } |
951 | if (*p == '"' || *p == '\\') |
952 | ++l; |
953 | ++l; |
954 | } |
955 | |
956 | /* siefca@pld.org.pl */ |
957 | chpass_clause=read_env("MYSQL_CHPASS_CLAUSE"); |
958 | defdomain=read_env("DEFAULT_DOMAIN"); |
959 | user_table=read_env("MYSQL_USER_TABLE"); |
960 | if (!chpass_clause) |
961 | { |
962 | login_field = read_env("MYSQL_LOGIN_FIELD"); |
963 | if (!login_field) login_field = "id"; |
964 | crypt_field=read_env("MYSQL_CRYPT_PWFIELD"); |
965 | clear_field=read_env("MYSQL_CLEAR_PWFIELD"); |
966 | where_clause=read_env("MYSQL_WHERE_CLAUSE"); |
967 | sql_buf=malloc(strlen(crypt_field ? crypt_field:"") |
968 | + strlen(clear_field ? clear_field:"") |
969 | + strlen(defdomain ? defdomain:"") |
970 | + strlen(login_field) + l + strlen(newpass_crypt) |
971 | + strlen(user_table) |
972 | + strlen(where_clause ? where_clause:"") |
973 | + 200); |
974 | } |
975 | else |
976 | { |
977 | sql_buf=parse_chpass_clause(chpass_clause, |
978 | user, |
979 | defdomain, |
980 | pass, |
981 | newpass_crypt); |
982 | } |
983 | |
984 | |
985 | if (!sql_buf) |
986 | { |
987 | free(newpass_crypt); |
988 | return (-1); |
989 | } |
990 | |
991 | if (!chpass_clause) /*siefca@pld.org.pl */ |
992 | { |
993 | sprintf(sql_buf, "UPDATE %s SET", user_table); |
994 | |
995 | comma=""; |
996 | |
997 | if (clear_field && *clear_field) |
998 | { |
999 | char *q; |
1000 | |
1001 | strcat(strcat(strcat(sql_buf, " "), clear_field), |
1002 | "=\""); |
1003 | |
1004 | q=sql_buf+strlen(sql_buf); |
1005 | while (*pass) |
1006 | { |
1007 | if (*pass == '"' || *pass == '\\') |
1008 | *q++= '\\'; |
1009 | *q++ = *pass++; |
1010 | } |
1011 | strcpy(q, "\""); |
1012 | comma=", "; |
1013 | } |
1014 | |
1015 | if (crypt_field && *crypt_field) |
1016 | { |
1017 | strcat(strcat(strcat(strcat(strcat(strcat(sql_buf, comma), |
1018 | " "), |
1019 | crypt_field), |
1020 | "=\""), |
1021 | newpass_crypt), |
1022 | "\""); |
1023 | } |
1024 | free(newpass_crypt); |
1025 | |
1026 | strcat(strcat(strcat(sql_buf, " WHERE "), |
1027 | login_field), |
1028 | "=\""); |
1029 | |
1030 | append_username(sql_buf+strlen(sql_buf), user, defdomain); |
1031 | |
1032 | strcat(sql_buf, "\""); |
1033 | |
1034 | if (where_clause && *where_clause) |
1035 | { |
1036 | strcat(sql_buf, " AND ("); |
1037 | strcat(sql_buf, where_clause); |
1038 | strcat(sql_buf, ")"); |
1039 | } |
1040 | |
1041 | } |
1042 | else |
1043 | { |
1044 | free(newpass_crypt); |
1045 | } |
1046 | |
1047 | |
1048 | if (courier_authdebug_login_level >= 2) |
1049 | { |
1050 | DPRINTF("setpass SQL: %s", sql_buf); |
1051 | } |
1052 | if (mysql_query (mysql, sql_buf)) |
1053 | { |
1054 | DPRINTF("setpass SQL failed"); |
1055 | rc= -1; |
1056 | auth_mysql_cleanup(); |
1057 | } |
1058 | free(sql_buf); |
1059 | return (rc); |
1060 | } |
1061 | |
1062 | void auth_mysql_enumerate( void(*cb_func)(const char *name, |
1063 | uid_t uid, |
1064 | gid_t gid, |
1065 | const char *homedir, |
1066 | const char *maildir, |
1067 | const char *options, |
1068 | void *void_arg), |
1069 | void *void_arg) |
1070 | { |
1071 | const char *defdomain, *select_clause; |
1072 | char *querybuf, *p; |
1073 | MYSQL_ROW row; |
1074 | MYSQL_RES *result; |
1075 | |
1076 | static const char query[]= |
1077 | "SELECT %s, %s, %s, %s, %s, %s FROM %s WHERE 1=1"; |
1078 | |
1079 | if (do_connect()) return; |
1080 | |
1081 | initui(); |
1082 | |
1083 | select_clause=read_env("MYSQL_ENUMERATE_CLAUSE"); |
1084 | defdomain=read_env("DEFAULT_DOMAIN"); |
1085 | if (!defdomain || !defdomain[0]) |
1086 | defdomain="*"; /* otherwise parse_select_clause fails */ |
1087 | |
1088 | if (!select_clause) |
1089 | { |
1090 | const char *user_table, |
1091 | *uid_field, |
1092 | *gid_field, |
1093 | *login_field, |
1094 | *home_field, |
1095 | *maildir_field, |
1096 | *options_field, |
1097 | *where_clause; |
1098 | |
1099 | user_table=read_env("MYSQL_USER_TABLE"); |
1100 | |
1101 | if (!user_table) |
1102 | { |
1103 | err("authmysql: MYSQL_USER_TABLE not set in " |
1104 | AUTHMYSQLRC "."); |
1105 | return; |
1106 | } |
1107 | |
1108 | uid_field = read_env("MYSQL_UID_FIELD"); |
1109 | if (!uid_field) uid_field = "uid"; |
1110 | |
1111 | gid_field = read_env("MYSQL_GID_FIELD"); |
1112 | if (!gid_field) gid_field = "gid"; |
1113 | |
1114 | login_field = read_env("MYSQL_LOGIN_FIELD"); |
1115 | if (!login_field) login_field = "id"; |
1116 | |
1117 | home_field = read_env("MYSQL_HOME_FIELD"); |
1118 | if (!home_field) home_field = "home"; |
1119 | |
1120 | maildir_field=read_env("MYSQL_MAILDIR_FIELD"); |
1121 | if (!maildir_field) maildir_field="\"\""; |
1122 | |
1123 | options_field=read_env("MYSQL_AUXOPTIONS_FIELD"); |
1124 | if (!options_field) options_field="\"\""; |
1125 | |
1126 | where_clause=read_env("MYSQL_WHERE_CLAUSE"); |
1127 | if (!where_clause) where_clause = ""; |
1128 | |
1129 | querybuf=malloc(sizeof(query) + 100 |
1130 | + strlen(login_field) |
1131 | + strlen(uid_field) + strlen(gid_field) |
1132 | + strlen(home_field) |
1133 | + strlen(maildir_field) |
1134 | + strlen(options_field) |
1135 | + strlen(user_table) |
1136 | + strlen(where_clause)); |
1137 | |
1138 | if (!querybuf) |
1139 | { |
1140 | perror("malloc"); |
1141 | return; |
1142 | } |
1143 | |
1144 | sprintf(querybuf, query, login_field, |
1145 | uid_field, gid_field, home_field, maildir_field, |
1146 | options_field, user_table); |
1147 | |
1148 | p=querybuf+strlen(querybuf); |
1149 | |
1150 | if (strcmp(where_clause, "")) { |
1151 | strcat(p, " AND ("); |
1152 | strcat(p, where_clause); |
1153 | strcat(p, ")"); |
1154 | } |
1155 | } |
1156 | else |
1157 | { |
1158 | /* siefca@pld.org.pl */ |
1159 | querybuf=parse_select_clause (select_clause, "*", |
1160 | defdomain, "enumerate"); |
1161 | if (!querybuf) |
1162 | { |
1163 | DPRINTF("authmysql: parse_select_clause failed"); |
1164 | return; |
1165 | } |
1166 | } |
1167 | DPRINTF("authmysql: enumerate query: %s", querybuf); |
1168 | |
1169 | if (mysql_query (mysql, querybuf)) |
1170 | { |
1171 | DPRINTF("mysql_query failed, reconnecting: %s", mysql_error(mysql)); |
1172 | /* <o.blasnik@nextra.de> */ |
1173 | |
1174 | auth_mysql_cleanup(); |
1175 | |
1176 | if (do_connect()) |
1177 | { |
1178 | free(querybuf); |
1179 | return; |
1180 | } |
1181 | |
1182 | if (mysql_query (mysql, querybuf)) |
1183 | { |
1184 | DPRINTF("mysql_query failed second time, giving up: %s", mysql_error(mysql)); |
1185 | free(querybuf); |
1186 | auth_mysql_cleanup(); |
1187 | return; |
1188 | } |
1189 | } |
1190 | free(querybuf); |
1191 | |
1192 | result = mysql_use_result (mysql); |
1193 | if (result) |
1194 | { |
1195 | const char *username; |
1196 | uid_t uid; |
1197 | gid_t gid; |
1198 | const char *homedir; |
1199 | const char *maildir; |
1200 | const char *options; |
1201 | |
1202 | while ((row = mysql_fetch_row (result)) != NULL) |
1203 | { |
1204 | if(!row[0] || !row[0][0] |
1205 | || !row[1] || !row[1][0] |
1206 | || !row[2] || !row[2][0] |
1207 | || !row[3] || !row[3][0]) |
1208 | { |
1209 | continue; |
1210 | } |
1211 | |
1212 | username=row[0]; |
1213 | uid=atol(row[1]); /* FIXME use strtol to validate */ |
1214 | gid=atol(row[2]); |
1215 | homedir=row[3]; |
1216 | maildir=row[4]; |
1217 | options=row[5]; |
1218 | |
1219 | if (maildir && !*maildir) |
1220 | maildir=NULL; |
1221 | |
1222 | (*cb_func)(username, uid, gid, homedir, |
1223 | maildir, options, void_arg); |
1224 | } |
1225 | } |
1226 | /* NULL row could indicate end of result or an error */ |
1227 | if (mysql_errno(mysql)) |
1228 | { |
1229 | DPRINTF("mysql error during enumeration: %s", mysql_error(mysql)); |
1230 | } |
1231 | else |
1232 | (*cb_func)(NULL, 0, 0, NULL, NULL, NULL, void_arg); |
1233 | |
1234 | if (result) mysql_free_result(result); |
1235 | } |