summaryrefslogtreecommitdiffstats
path: root/src/auth/passdb-passwd.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:51:24 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:51:24 +0000
commitf7548d6d28c313cf80e6f3ef89aed16a19815df1 (patch)
treea3f6f2a3f247293bee59ecd28e8cd8ceb6ca064a /src/auth/passdb-passwd.c
parentInitial commit. (diff)
downloaddovecot-f7548d6d28c313cf80e6f3ef89aed16a19815df1.tar.xz
dovecot-f7548d6d28c313cf80e6f3ef89aed16a19815df1.zip
Adding upstream version 1:2.3.19.1+dfsg1.upstream/1%2.3.19.1+dfsg1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/auth/passdb-passwd.c')
-rw-r--r--src/auth/passdb-passwd.c128
1 files changed, 128 insertions, 0 deletions
diff --git a/src/auth/passdb-passwd.c b/src/auth/passdb-passwd.c
new file mode 100644
index 0000000..e09f9ed
--- /dev/null
+++ b/src/auth/passdb-passwd.c
@@ -0,0 +1,128 @@
+/* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */
+
+#include "auth-common.h"
+#include "passdb.h"
+
+#ifdef PASSDB_PASSWD
+
+#include "safe-memset.h"
+#include "ipwd.h"
+
+#define PASSWD_CACHE_KEY "%u"
+#define PASSWD_PASS_SCHEME "CRYPT"
+
+static enum passdb_result
+passwd_lookup(struct auth_request *request, struct passwd *pw_r)
+{
+ e_debug(authdb_event(request), "lookup");
+
+ switch (i_getpwnam(request->fields.user, pw_r)) {
+ case -1:
+ e_error(authdb_event(request),
+ "getpwnam() failed: %m");
+ return PASSDB_RESULT_INTERNAL_FAILURE;
+ case 0:
+ auth_request_log_unknown_user(request, AUTH_SUBSYS_DB);
+ return PASSDB_RESULT_USER_UNKNOWN;
+ }
+
+ if (!IS_VALID_PASSWD(pw_r->pw_passwd)) {
+ e_info(authdb_event(request),
+ "invalid password field '%s'", pw_r->pw_passwd);
+ return PASSDB_RESULT_USER_DISABLED;
+ }
+
+ /* save the password so cache can use it */
+ auth_request_set_field(request, "password", pw_r->pw_passwd,
+ PASSWD_PASS_SCHEME);
+ return PASSDB_RESULT_OK;
+}
+
+static void
+passwd_verify_plain(struct auth_request *request, const char *password,
+ verify_plain_callback_t *callback)
+{
+ struct passwd pw;
+ enum passdb_result res;
+ int ret;
+
+ res = passwd_lookup(request, &pw);
+ if (res != PASSDB_RESULT_OK) {
+ callback(res, request);
+ return;
+ }
+ /* check if the password is valid */
+ ret = auth_request_password_verify(request, password, pw.pw_passwd,
+ PASSWD_PASS_SCHEME, AUTH_SUBSYS_DB);
+
+ /* clear the passwords from memory */
+ safe_memset(pw.pw_passwd, 0, strlen(pw.pw_passwd));
+
+ if (ret <= 0) {
+ callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
+ return;
+ }
+
+ /* make sure we're using the username exactly as it's in the database */
+ auth_request_set_field(request, "user", pw.pw_name, NULL);
+
+ callback(PASSDB_RESULT_OK, request);
+}
+
+static void
+passwd_lookup_credentials(struct auth_request *request,
+ lookup_credentials_callback_t *callback)
+{
+ struct passwd pw;
+ enum passdb_result res;
+
+ res = passwd_lookup(request, &pw);
+ if (res != PASSDB_RESULT_OK) {
+ callback(res, NULL, 0, request);
+ return;
+ }
+ /* make sure we're using the username exactly as it's in the database */
+ auth_request_set_field(request, "user", pw.pw_name, NULL);
+ passdb_handle_credentials(PASSDB_RESULT_OK, pw.pw_passwd,
+ PASSWD_PASS_SCHEME, callback, request);
+}
+
+static struct passdb_module *
+passwd_preinit(pool_t pool, const char *args)
+{
+ struct passdb_module *module;
+
+ module = p_new(pool, struct passdb_module, 1);
+ module->blocking = TRUE;
+ if (strcmp(args, "blocking=no") == 0)
+ module->blocking = FALSE;
+ else if (*args != '\0')
+ i_fatal("passdb passwd: Unknown setting: %s", args);
+
+ module->default_cache_key = PASSWD_CACHE_KEY;
+ module->default_pass_scheme = PASSWD_PASS_SCHEME;
+ return module;
+}
+
+static void passwd_deinit(struct passdb_module *module ATTR_UNUSED)
+{
+ endpwent();
+}
+
+struct passdb_module_interface passdb_passwd = {
+ "passwd",
+
+ passwd_preinit,
+ NULL,
+ passwd_deinit,
+
+ passwd_verify_plain,
+ passwd_lookup_credentials,
+ NULL
+};
+
+#else
+struct passdb_module_interface passdb_passwd = {
+ .name = "passwd"
+};
+#endif