[hcoop/debian/courier-authlib.git] / authpgsql.c

/*
** Copyright 2000-2008 Double Precision, Inc.  See COPYING for
** distribution information.
*/
#if	HAVE_CONFIG_H
#include	"courier_auth_config.h"
#endif
#include	<stdio.h>
#include	<stdlib.h>
#include	<string.h>
#include	<errno.h>
#include	<pwd.h>
#if	HAVE_UNISTD_H
#include	<unistd.h>
#endif

#include	"auth.h"
#include	"authpgsql.h"
#include	"courierauthstaticlist.h"
#include	"courierauthdebug.h"
#include	"libhmac/hmac.h"
#include	"cramlib.h"


extern void auth_pgsql_enumerate( void(*cb_func)(const char *name,
						 uid_t uid,
						 gid_t gid,
						 const char *homedir,
						 const char *maildir,
						 const char *options,
						 void *void_arg),
				  void *void_arg);

static int auth_pgsql_login(const char *service, char *authdata,
			    int (*callback_func)(struct authinfo *, void *),
			    void *callback_arg)
{
	char *user, *pass;
	struct authpgsqluserinfo *authinfo;
	struct	authinfo	aa;

	if ((user=strtok(authdata, "\n")) == 0 ||
		(pass=strtok(0, "\n")) == 0)
	{
		errno=EPERM;
		return (-1);
	}

	authinfo=auth_pgsql_getuserinfo(user, service);

	if (!authinfo)		/* Fatal error - such as PgSQL being down */
	{
		errno=EACCES;
		return (-1);
	}

	if (authinfo->cryptpw)
	{
		if (authcheckpassword(pass,authinfo->cryptpw))
		{
			errno=EPERM;
			return (-1);	/* User/Password not found. */
		}
	}
	else if (authinfo->clearpw)
	{
		if (strcmp(pass, authinfo->clearpw))
		{
			if (courier_authdebug_login_level >= 2)
			{
				DPRINTF("supplied password '%s' does not match clearpasswd '%s'",
					pass, authinfo->clearpw);
			}
			else
			{
				DPRINTF("supplied password does not match clearpasswd");
			}
			errno=EPERM;
			return (-1);
		}
	}
	else
	{
		DPRINTF("no password available to compare");
		errno=EPERM;
		return (-1);		/* Username not found */
	}


	memset(&aa, 0, sizeof(aa));

	/*aa.sysusername=user;*/
	aa.sysuserid= &authinfo->uid;
	aa.sysgroupid= authinfo->gid;
	aa.homedir=authinfo->home;
	aa.maildir=authinfo->maildir && authinfo->maildir[0] ?
		authinfo->maildir:0;
	aa.address=authinfo->username;
	aa.quota=authinfo->quota && authinfo->quota[0] ?
		authinfo->quota:0;
	aa.fullname=authinfo->fullname;
	aa.options=authinfo->options;
	aa.passwd=authinfo->cryptpw;
	aa.clearpasswd=pass;
	courier_authdebug_authinfo("DEBUG: authpgsql: ", &aa,
			    authinfo->clearpw, authinfo->cryptpw);
	return (*callback_func)(&aa, callback_arg);
}

static int auth_pgsql_changepw(const char *service, const char *user,
				 const char *pass,
				 const char *newpass)
{
	struct authpgsqluserinfo *authinfo;

	authinfo=auth_pgsql_getuserinfo(user, service);

	if (!authinfo)
	{
		errno=ENOENT;
		return (-1);
	}

	if (authinfo->cryptpw)
	{
		if (authcheckpassword(pass,authinfo->cryptpw))
		{
			errno=EPERM;
			return (-1);	/* User/Password not found. */
		}
	}
	else if (authinfo->clearpw)
	{
		if (strcmp(pass, authinfo->clearpw))
		{
			errno=EPERM;
			return (-1);
		}
	}
	else
	{
		errno=EPERM;
		return (-1);
	}

	if (auth_pgsql_setpass(user, newpass, authinfo->cryptpw))
	{
		errno=EPERM;
		return (-1);
	}
	return (0);
}

static int auth_pgsql_cram(const char *service,
			   const char *authtype, char *authdata,
			   int (*callback_func)(struct authinfo *, void *),
			   void *callback_arg)
{
	struct	cram_callback_info	cci;

	if (auth_get_cram(authtype, authdata, &cci))
		return (-1);

	cci.callback_func=callback_func;
	cci.callback_arg=callback_arg;

	return auth_pgsql_pre(cci.user, service, &auth_cram_callback, &cci);
}

int auth_pgsql(const char *service, const char *authtype, char *authdata,
	       int (*callback_func)(struct authinfo *, void *),
	       void *callback_arg)
{
	if (strcmp(authtype, AUTHTYPE_LOGIN) == 0)
		return (auth_pgsql_login(service, authdata,
			callback_func, callback_arg));

	return (auth_pgsql_cram(service, authtype, authdata,
			callback_func, callback_arg));
}

extern int auth_pgsql_pre(const char *user, const char *service,
			  int (*callback)(struct authinfo *, void *),
			  void *arg);

static struct authstaticinfo authpgsql_info={
	"authpgsql",
	auth_pgsql,
	auth_pgsql_pre,
	auth_pgsql_cleanup,
	auth_pgsql_changepw,
	auth_pgsql_cleanup,
	auth_pgsql_enumerate};

struct authstaticinfo *courier_authpgsql_init()
{
	return &authpgsql_info;
}
Commit	Line	Data
d9898ee8	1	/*
ac40fd9e	2	** Copyright 2000-2008 Double Precision, Inc. See COPYING for
d9898ee8	3	** distribution information.
	4	*/
	5	#if HAVE_CONFIG_H
	6	#include "courier_auth_config.h"
	7	#endif
	8	#include <stdio.h>
	9	#include <stdlib.h>
	10	#include <string.h>
	11	#include <errno.h>
	12	#include <pwd.h>
	13	#if HAVE_UNISTD_H
	14	#include <unistd.h>
	15	#endif
	16
	17	#include "auth.h"
	18	#include "authpgsql.h"
b0322a85	19	#include "courierauthstaticlist.h"
d9898ee8	20	#include "courierauthdebug.h"
ac40fd9e	21	#include "libhmac/hmac.h"
ac40fd9e	22	#include "cramlib.h"
d9898ee8	23
d9898ee8	24
	25	extern void auth_pgsql_enumerate( void(cb_func)(const char name,
	26	uid_t uid,
	27	gid_t gid,
	28	const char *homedir,
	29	const char *maildir,
	30	const char *options,
	31	void *void_arg),
	32	void *void_arg);
	33
	34	static int auth_pgsql_login(const char service, char authdata,
	35	int (callback_func)(struct authinfo , void *),
	36	void *callback_arg)
	37	{
	38	char user, pass;
	39	struct authpgsqluserinfo *authinfo;
	40	struct authinfo aa;
	41
	42	if ((user=strtok(authdata, "\n")) == 0 \|\|
	43	(pass=strtok(0, "\n")) == 0)
	44	{
	45	errno=EPERM;
	46	return (-1);
	47	}
	48
	49	authinfo=auth_pgsql_getuserinfo(user, service);
	50
	51	if (!authinfo) /* Fatal error - such as PgSQL being down */
	52	{
	53	errno=EACCES;
b0322a85	54	return (-1);
d9898ee8	55	}
	56
	57	if (authinfo->cryptpw)
	58	{
	59	if (authcheckpassword(pass,authinfo->cryptpw))
	60	{
	61	errno=EPERM;
	62	return (-1); /* User/Password not found. */
	63	}
	64	}
	65	else if (authinfo->clearpw)
	66	{
	67	if (strcmp(pass, authinfo->clearpw))
	68	{
	69	if (courier_authdebug_login_level >= 2)
	70	{
	71	DPRINTF("supplied password '%s' does not match clearpasswd '%s'",
	72	pass, authinfo->clearpw);
	73	}
	74	else
	75	{
	76	DPRINTF("supplied password does not match clearpasswd");
	77	}
	78	errno=EPERM;
	79	return (-1);
	80	}
	81	}
	82	else
	83	{
	84	DPRINTF("no password available to compare");
	85	errno=EPERM;
	86	return (-1); /* Username not found */
	87	}
	88
	89
	90	memset(&aa, 0, sizeof(aa));
	91
	92	/aa.sysusername=user;/
	93	aa.sysuserid= &authinfo->uid;
	94	aa.sysgroupid= authinfo->gid;
	95	aa.homedir=authinfo->home;
	96	aa.maildir=authinfo->maildir && authinfo->maildir[0] ?
	97	authinfo->maildir:0;
	98	aa.address=authinfo->username;
	99	aa.quota=authinfo->quota && authinfo->quota[0] ?
	100	authinfo->quota:0;
	101	aa.fullname=authinfo->fullname;
	102	aa.options=authinfo->options;
	103	aa.passwd=authinfo->cryptpw;
	104	aa.clearpasswd=pass;
	105	courier_authdebug_authinfo("DEBUG: authpgsql: ", &aa,
	106	authinfo->clearpw, authinfo->cryptpw);
	107	return (*callback_func)(&aa, callback_arg);
	108	}
	109
	110	static int auth_pgsql_changepw(const char service, const char user,
	111	const char *pass,
	112	const char *newpass)
	113	{
	114	struct authpgsqluserinfo *authinfo;
	115
	116	authinfo=auth_pgsql_getuserinfo(user, service);
	117
	118	if (!authinfo)
119	{
120	errno=ENOENT;
121	return (-1);
122	}
123
124	if (authinfo->cryptpw)
125	{
126	if (authcheckpassword(pass,authinfo->cryptpw))
127	{
128	errno=EPERM;
129	return (-1); /* User/Password not found. */
130	}
131	}
132	else if (authinfo->clearpw)
133	{
134	if (strcmp(pass, authinfo->clearpw))
135	{
136	errno=EPERM;
137	return (-1);
138	}
139	}
140	else
141	{
142	errno=EPERM;
143	return (-1);
144	}
145
146	if (auth_pgsql_setpass(user, newpass, authinfo->cryptpw))
147	{
148	errno=EPERM;
149	return (-1);
150	}
151	return (0);
152	}
153
d9898ee8	154	static int auth_pgsql_cram(const char *service,
	155	const char authtype, char authdata,
	156	int (callback_func)(struct authinfo , void *),
	157	void *callback_arg)
	158	{
	159	struct cram_callback_info cci;
	160
	161	if (auth_get_cram(authtype, authdata, &cci))
	162	return (-1);
	163
	164	cci.callback_func=callback_func;
	165	cci.callback_arg=callback_arg;
	166
	167	return auth_pgsql_pre(cci.user, service, &auth_cram_callback, &cci);
	168	}
d9898ee8	169
	170	int auth_pgsql(const char service, const char authtype, char *authdata,
	171	int (callback_func)(struct authinfo , void *),
	172	void *callback_arg)
	173	{
	174	if (strcmp(authtype, AUTHTYPE_LOGIN) == 0)
	175	return (auth_pgsql_login(service, authdata,
	176	callback_func, callback_arg));
	177
d9898ee8	178	return (auth_pgsql_cram(service, authtype, authdata,
d9898ee8	179	callback_func, callback_arg));
d9898ee8	180	}
	181
	182	extern int auth_pgsql_pre(const char user, const char service,
	183	int (callback)(struct authinfo , void *),
	184	void *arg);
	185
	186	static struct authstaticinfo authpgsql_info={
	187	"authpgsql",
	188	auth_pgsql,
	189	auth_pgsql_pre,
	190	auth_pgsql_cleanup,
	191	auth_pgsql_changepw,
	192	auth_pgsql_cleanup,
	193	auth_pgsql_enumerate};
	194
	195	struct authstaticinfo *courier_authpgsql_init()
	196	{
	197	return &authpgsql_info;
	198	}