Merge branch 'upstream'

[hcoop/debian/courier-authlib.git] / preauthvchkpw.c

/*
** Copyright 1998 - 2001 Double Precision, Inc.  See COPYING for
** distribution information.
*/

#if     HAVE_CONFIG_H
#include        "courier_auth_config.h"
#endif
#include        <stdio.h>
#include        <stdlib.h>
#include        <string.h>
#include        <errno.h>
#include        <pwd.h>
#if     HAVE_UNISTD_H
#include        <unistd.h>
#endif
#include        "auth.h"
#include        "courierauthdebug.h"
#include        <vpopmail.h>
#include        <vauth.h>
#include        "vpopmail_config.h"

/* make use of pw_flags only if available */
#ifndef VQPASSWD_HAS_PW_FLAGS
#define pw_flags pw_gid
#endif

extern FILE *authvchkpw_file(const char *, const char *);

static const char rcsid[]="$Id: preauthvchkpw.c,v 1.26 2007/04/22 18:53:30 mrsam Exp $";

/* This function is called by the auth_vchkpw() function
 *
 * This function does the following :
 *   - extract the username and domain from the supplied userid
 *   - lookup the passwd entry for that user from the auth backend
 *   - populate *and return) a courier authinfo structure with the values
 *     from the vpopmail passwd entry 
 * 
 * Return -1 on perm failure
 * Return  0 on success
 * Return  1 on temp failure
 *
 */

int auth_vchkpw_pre(
        const char *userid,
        const char *service,
        int (*callback)(struct authinfo *, void *),
        void *arg)
{
struct vqpasswd *vpw;
static uid_t uid;
gid_t   gid;
struct authinfo auth;
static char User[256];
static char Domain[256];
static char options[80];

        /* Make sure the auth struct is empty */
        memset(&auth, 0, sizeof(auth));

        /* Take the supplied userid, and split it out into the user and domain
         * parts. (If a domain was not supplied, then set the domain to be
         * the default domain)
         */
        if ( parse_email(userid, User, Domain, 256) != 0) {
                /* Failed to successfully extract user and domain.
                 * So now exit with a permanent failure code
                 */
                DPRINTF("vchkpw: unable to split into user and domain");
                return(-1);
        }

        /* Check to see if the domain exists.
         * If so, on return vget_assign will :
         *   Rewrite Domain to be the real domain if it was sent as an alias domain
         *   Retrieve the domain's uid and gid
         */
        if ( vget_assign(Domain,NULL,0,&uid, &gid) == NULL ) {
                /* Domain does not exist
                 * So now exit with a permanent failure code */
                DPRINTF("vchkpw: domain does not exist");
                return (-1);
        }

        /* Try and retrieve the user's passwd entry from the auth backend */
        if ( (vpw=vauth_getpw(User, Domain)) == NULL) {
                /* User does not exist
                 * So now exit with a permanent failure code
                 */
                DPRINTF("vchkpw: user does not exist");
                return (-1);
        }

        /* Check to see if the user has been allocated a dir yet.
         * Some of the vpopmail backends (eg mysql) allow users to
         * be manually inserted into the auth backend but without
         * allocating a dir. A dir will be created when the user
         * first trys to auth (or when they 1st receive mail)
         */
        if (vpw->pw_dir == NULL || strlen(vpw->pw_dir) == 0 ) {
                /* user does not have a dir allocated yet */
                if ( make_user_dir(User, Domain, uid, gid) == NULL) {
                        /* Could not allocate a user dir at this time
                         * so exit with a temp error code 
                         */
                        DPRINTF("vchkpw: make_user_dir failed");
                        return(1);
                }
                /* We have allocated the user a dir now.
                 * Go and grab the updated passwd entry
                 */
                if ( (vpw=vauth_getpw(User, Domain)) == NULL ) {
                        /* Could not get the passwd entry
                         * So exit with a permanent failure code
                         */
                        DPRINTF("vchkpw: could not get the password entry");
                        return(-1);
                }
        }

        snprintf(options, sizeof(options),
                "disablewebmail=%d,disablepop3=%d,disableimap=%d",
                vpw->pw_flags & NO_WEBMAIL ? 1 : 0,
                vpw->pw_flags & NO_POP ? 1 : 0,
                vpw->pw_flags & NO_IMAP ? 1 : 0);

#ifdef HAVE_VSET_LASTAUTH
        /* if we are keeping track of their last auth time,
         * then store this value now. Note that this isnt 
         * consistent with the authentication via vchkpw 
         * because it only stores the lastauth attempt
         * after the password has been verified. Here we are
         * logging it after the user has been found to exist,
         * but before the password has been verified. We could
         * do the logging inside authvchkpw.c, but that would
         * be a lot harder because we would have to go and
         * parse_email() again there before calling vset_lastauth()
         */
        vset_lastauth(User, Domain, service);
#endif

        /* save the user's passwd fields into the appropriate 
         * courier structure 
         */
        /*auth.sysusername      = userid;*/
        auth.sysuserid          = &uid;
        auth.sysgroupid         = gid;
        auth.homedir            = vpw->pw_dir;
        auth.address            = userid;
        auth.fullname           = vpw->pw_gecos;
        auth.passwd             = vpw->pw_passwd;
        auth.clearpasswd        = vpw->pw_clear_passwd;
        auth.options            = options;
        courier_authdebug_authinfo("DEBUG: authvchkpw: ", &auth, 0, vpw->pw_passwd);

        return ((*callback)(&auth, arg));
}