[hcoop/debian/courier-authlib.git] / authuserdb.c

/*
** Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for
** distribution information.
*/

#if	HAVE_CONFIG_H
#include	"courier_auth_config.h"
#endif
#include	<stdio.h>
#include	<stdlib.h>
#include	<string.h>
#include	<errno.h>
#include	<pwd.h>
#if	HAVE_UNISTD_H
#include	<unistd.h>
#endif

#include	"auth.h"
#include	"courierauth.h"
#include	"courierauthstaticlist.h"
#include	"courierauthdebug.h"
#include	"libhmac/hmac.h"
#include	"userdb/userdb.h"


extern void auth_userdb_enumerate( void(*cb_func)(const char *name,
						  uid_t uid,
						  gid_t gid,
						  const char *homedir,
						  const char *maildir,
						  const char *options,
						  void *void_arg),
				   void *void_arg);

extern int auth_userdb_pre_common(const char *, const char *, int,
        int (*callback)(struct authinfo *, void *),
                        void *arg);

extern void auth_userdb_cleanup();

struct callback_info {
        const char *pass;
	int (*callback_func)(struct authinfo *, void *);
	void *callback_arg;
        };

static int callback_userdb(struct authinfo *a, void *p)
{
struct callback_info *i=(struct callback_info *)p;

	if (a->passwd == 0)
	{
		DPRINTF("no password available to compare\n");
		errno=EPERM;
		return (-1);
	}

	if (authcheckpassword(i->pass, a->passwd))
		return (-1);

	a->clearpasswd=i->pass;
	return (*i->callback_func)(a, i->callback_arg);
}


static int auth_cram(const char *service, const char *authtype, char *authdata,
		     int (*callback_func)(struct authinfo *, void *),
		     void *callback_arg)
{
char	*u;
char	*udbs;
char	*passwords;
char	*services;
struct	userdbs *udb;
struct cram_callback_info cci;

struct	authinfo	aa;
int	rc;

	if (auth_get_cram(authtype, authdata, &cci))
		return (-1);

	userdb_set_debug(courier_authdebug_login_level);
	userdb_init(USERDB ".dat");
        if ( (u=userdb(cci.user)) == 0)
	{
		userdb_close();
		return (-1);
	}

	if ( (udbs=userdbshadow(USERDB "shadow.dat", cci.user)) == 0)
	{
		free(u);
		userdb_close();
		return (-1);
	}

	if ((services=malloc(strlen(service)+strlen(cci.h->hh_name)
			     +sizeof("-hmac-pw"))) == 0)
	{
		free(udbs);
		free(u);
		userdb_close();
		errno=ENOSPC;
		return (1); /* tempfail */
	}

	strcat(strcat(strcat(strcpy(services, service), "-hmac-"),
		      cci.h->hh_name), "pw");

	passwords=userdb_gets(udbs, services);
	if (passwords == 0)
	{
		strcat(strcat(strcpy(services, "hmac-"),
			      cci.h->hh_name), "pw");
		passwords=userdb_gets(udbs, services);
	}
	if (passwords == 0)
	{
		DPRINTF("authcram: no %s-%s or %s value found",
			service, services, services);
	}
	free(services);

	if (passwords == 0)
	{
		free(udbs);
		free(u);
		userdb_close();
		return (-1);
	}

	if (auth_verify_cram(cci.h, cci.challenge, cci.response,
			     passwords))
	{
		free(passwords);
		free(udbs);
		free(u);
		userdb_close();
		return (-1);
	}

	free(passwords);
	free(udbs);
        if ((udb=userdb_creates(u)) == 0)
        {
		free(u);
		userdb_close();
                return (1);
        }


	memset(&aa, 0, sizeof(aa));

	/*aa.sysusername=user;*/
	aa.sysuserid= &udb->udb_uid;
	aa.sysgroupid= udb->udb_gid;
	aa.homedir=udb->udb_dir;
	aa.address=cci.user;
	aa.maildir=udb->udb_mailbox;
	aa.options=udb->udb_options;
	rc=(*callback_func)(&aa, callback_arg);

        free(u);
	userdb_close();

	userdb_frees(udb);
	return rc;
}

int auth_userdb(const char *service, const char *authtype, char *authdata,
		int (*callback_func)(struct authinfo *, void *),
		void *callback_arg)
{
	const char *user, *pass;
	struct	callback_info	ci;

	if (strcmp(authtype, AUTHTYPE_LOGIN) ||
		(user=strtok(authdata, "\n")) == 0 ||
		(pass=strtok(0, "\n")) == 0)
		return auth_cram(service, authtype, authdata,
				 callback_func, callback_arg);

	ci.pass=pass;
	ci.callback_func=callback_func;
	ci.callback_arg=callback_arg;
	return auth_userdb_pre_common(user, service, 1, &callback_userdb, &ci);
}

extern int auth_userdb_pre(const char *userid, const char *service,
        int (*callback)(struct authinfo *, void *),
		    void *arg);

extern int auth_userdb_passwd(const char *service,
			      const char *userid,
			      const char *opwd_buf,
			      const char *npwd_buf);

static struct authstaticinfo authuserdb_info={
	"authuserdb",
	auth_userdb,
	auth_userdb_pre,
	auth_userdb_cleanup,
	auth_userdb_passwd,
	auth_userdb_cleanup,
	auth_userdb_enumerate};


struct authstaticinfo *courier_authuserdb_init()
{
	return &authuserdb_info;
}
Commit	Line	Data
d9898ee8	1	/*
	2	** Copyright 1998 - 2004 Double Precision, Inc. See COPYING for
	3	** distribution information.
	4	*/
	5
	6	#if HAVE_CONFIG_H
	7	#include "courier_auth_config.h"
	8	#endif
	9	#include <stdio.h>
	10	#include <stdlib.h>
	11	#include <string.h>
	12	#include <errno.h>
	13	#include <pwd.h>
	14	#if HAVE_UNISTD_H
	15	#include <unistd.h>
	16	#endif
	17
	18	#include "auth.h"
0e333c05	19	#include "courierauth.h"
b0322a85	20	#include "courierauthstaticlist.h"
d9898ee8	21	#include "courierauthdebug.h"
d9898ee8	22	#include "libhmac/hmac.h"
	23	#include "userdb/userdb.h"
	24
d9898ee8	25
	26	extern void auth_userdb_enumerate( void(cb_func)(const char name,
	27	uid_t uid,
	28	gid_t gid,
	29	const char *homedir,
	30	const char *maildir,
	31	const char *options,
	32	void *void_arg),
	33	void *void_arg);
	34
	35	extern int auth_userdb_pre_common(const char , const char , int,
	36	int (callback)(struct authinfo , void *),
	37	void *arg);
	38
	39	extern void auth_userdb_cleanup();
	40
	41	struct callback_info {
	42	const char *pass;
	43	int (callback_func)(struct authinfo , void *);
	44	void *callback_arg;
	45	};
	46
	47	static int callback_userdb(struct authinfo a, void p)
	48	{
	49	struct callback_info i=(struct callback_info )p;
	50
	51	if (a->passwd == 0)
	52	{
	53	DPRINTF("no password available to compare\n");
	54	errno=EPERM;
	55	return (-1);
	56	}
	57
	58	if (authcheckpassword(i->pass, a->passwd))
	59	return (-1);
	60
	61	a->clearpasswd=i->pass;
	62	return (*i->callback_func)(a, i->callback_arg);
	63	}
	64
	65
	66	static int auth_cram(const char service, const char authtype, char *authdata,
	67	int (callback_func)(struct authinfo , void *),
	68	void *callback_arg)
	69	{
	70	char *u;
	71	char *udbs;
	72	char *passwords;
	73	char *services;
	74	struct userdbs *udb;
	75	struct cram_callback_info cci;
	76
	77	struct authinfo aa;
	78	int rc;
	79
	80	if (auth_get_cram(authtype, authdata, &cci))
	81	return (-1);
	82
	83	userdb_set_debug(courier_authdebug_login_level);
	84	userdb_init(USERDB ".dat");
	85	if ( (u=userdb(cci.user)) == 0)
	86	{
	87	userdb_close();
	88	return (-1);
89	}
90
91	if ( (udbs=userdbshadow(USERDB "shadow.dat", cci.user)) == 0)
92	{
93	free(u);
94	userdb_close();
95	return (-1);
96	}
97
98	if ((services=malloc(strlen(service)+strlen(cci.h->hh_name)
99	+sizeof("-hmac-pw"))) == 0)
100	{
101	free(udbs);
102	free(u);
103	userdb_close();
104	errno=ENOSPC;
105	return (1); /* tempfail */
106	}
107
108	strcat(strcat(strcat(strcpy(services, service), "-hmac-"),
109	cci.h->hh_name), "pw");
110
111	passwords=userdb_gets(udbs, services);
112	if (passwords == 0)
113	{
114	strcat(strcat(strcpy(services, "hmac-"),
115	cci.h->hh_name), "pw");
116	passwords=userdb_gets(udbs, services);
117	}
118	if (passwords == 0)
119	{
120	DPRINTF("authcram: no %s-%s or %s value found",
121	service, services, services);
122	}
123	free(services);
124
125	if (passwords == 0)
126	{
127	free(udbs);
128	free(u);
129	userdb_close();
130	return (-1);
131	}
132
133	if (auth_verify_cram(cci.h, cci.challenge, cci.response,
134	passwords))
135	{
136	free(passwords);
137	free(udbs);
138	free(u);
139	userdb_close();
140	return (-1);
141	}
142
143	free(passwords);
144	free(udbs);
145	if ((udb=userdb_creates(u)) == 0)
146	{
147	free(u);
148	userdb_close();
149	return (1);
150	}
151
152
153	memset(&aa, 0, sizeof(aa));
154
155	/aa.sysusername=user;/
156	aa.sysuserid= &udb->udb_uid;
157	aa.sysgroupid= udb->udb_gid;
158	aa.homedir=udb->udb_dir;
159	aa.address=cci.user;
160	aa.maildir=udb->udb_mailbox;
161	aa.options=udb->udb_options;
162	rc=(*callback_func)(&aa, callback_arg);
163
164	free(u);
165	userdb_close();
166
167	userdb_frees(udb);
168	return rc;
169	}
170
171	int auth_userdb(const char service, const char authtype, char *authdata,
172	int (callback_func)(struct authinfo , void *),
173	void *callback_arg)
174	{
175	const char user, pass;
176	struct callback_info ci;
177
178	if (strcmp(authtype, AUTHTYPE_LOGIN) \|\|
179	(user=strtok(authdata, "\n")) == 0 \|\|
180	(pass=strtok(0, "\n")) == 0)
181	return auth_cram(service, authtype, authdata,
182	callback_func, callback_arg);
183
184	ci.pass=pass;
185	ci.callback_func=callback_func;
186	ci.callback_arg=callback_arg;
187	return auth_userdb_pre_common(user, service, 1, &callback_userdb, &ci);
188	}
189
190	extern int auth_userdb_pre(const char userid, const char service,
191	int (callback)(struct authinfo , void *),
192	void *arg);
193
194	extern int auth_userdb_passwd(const char *service,
195	const char *userid,
196	const char *opwd_buf,
197	const char *npwd_buf);
198
199	static struct authstaticinfo authuserdb_info={
200	"authuserdb",
201	auth_userdb,
202	auth_userdb_pre,
203	auth_userdb_cleanup,
204	auth_userdb_passwd,
205	auth_userdb_cleanup,
206	auth_userdb_enumerate};
207
208
209	struct authstaticinfo *courier_authuserdb_init()
210	{
211	return &authuserdb_info;
212	}