1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
/* Copyright (c) 2003-2018 Dovecot authors, see the included COPYING file */
#include "auth-common.h"
#if defined(PASSDB_SQL) || defined(USERDB_SQL)
#include "settings.h"
#include "auth-request.h"
#include "auth-worker-client.h"
#include "db-sql.h"
#include <stddef.h>
#define DEF_STR(name) DEF_STRUCT_STR(name, db_sql_settings)
#define DEF_INT(name) DEF_STRUCT_INT(name, db_sql_settings)
#define DEF_BOOL(name) DEF_STRUCT_BOOL(name, db_sql_settings)
static struct setting_def setting_defs[] = {
DEF_STR(driver),
DEF_STR(connect),
DEF_STR(password_query),
DEF_STR(user_query),
DEF_STR(update_query),
DEF_STR(iterate_query),
DEF_STR(default_pass_scheme),
DEF_BOOL(userdb_warning_disable),
{ 0, NULL, 0 }
};
static struct db_sql_settings default_db_sql_settings = {
.driver = NULL,
.connect = NULL,
.password_query = "SELECT username, domain, password FROM users WHERE username = '%n' AND domain = '%d'",
.user_query = "SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d'",
.update_query = "UPDATE users SET password = '%w' WHERE username = '%n' AND domain = '%d'",
.iterate_query = "SELECT username, domain FROM users",
.default_pass_scheme = "MD5",
.userdb_warning_disable = FALSE
};
static struct db_sql_connection *connections = NULL;
static struct db_sql_connection *sql_conn_find(const char *config_path)
{
struct db_sql_connection *conn;
for (conn = connections; conn != NULL; conn = conn->next) {
if (strcmp(conn->config_path, config_path) == 0)
return conn;
}
return NULL;
}
static const char *parse_setting(const char *key, const char *value,
struct db_sql_connection *conn)
{
return parse_setting_from_defs(conn->pool, setting_defs,
&conn->set, key, value);
}
struct db_sql_connection *db_sql_init(const char *config_path, bool userdb)
{
struct db_sql_connection *conn;
struct sql_settings set;
const char *error;
pool_t pool;
conn = sql_conn_find(config_path);
if (conn != NULL) {
if (userdb)
conn->userdb_used = TRUE;
conn->refcount++;
return conn;
}
if (*config_path == '\0')
i_fatal("sql: Configuration file path not given");
pool = pool_alloconly_create("db_sql_connection", 1024);
conn = p_new(pool, struct db_sql_connection, 1);
conn->pool = pool;
conn->userdb_used = userdb;
conn->refcount = 1;
conn->config_path = p_strdup(pool, config_path);
conn->set = default_db_sql_settings;
if (!settings_read_nosection(config_path, parse_setting, conn, &error))
i_fatal("sql %s: %s", config_path, error);
if (conn->set.password_query == default_db_sql_settings.password_query)
conn->default_password_query = TRUE;
if (conn->set.user_query == default_db_sql_settings.user_query)
conn->default_user_query = TRUE;
if (conn->set.update_query == default_db_sql_settings.update_query)
conn->default_update_query = TRUE;
if (conn->set.iterate_query == default_db_sql_settings.iterate_query)
conn->default_iterate_query = TRUE;
if (conn->set.driver == NULL) {
i_fatal("sql: driver not set in configuration file %s",
config_path);
}
if (conn->set.connect == NULL) {
i_fatal("sql: connect string not set in configuration file %s",
config_path);
}
i_zero(&set);
set.driver = conn->set.driver;
set.connect_string = conn->set.connect;
set.event_parent = auth_event;
if (sql_init_full(&set, &conn->db, &error) < 0) {
i_fatal("sql: %s", error);
}
conn->next = connections;
connections = conn;
return conn;
}
void db_sql_unref(struct db_sql_connection **_conn)
{
struct db_sql_connection *conn = *_conn;
/* abort all pending auth requests before setting conn to NULL,
so that callbacks can still access it */
sql_disconnect(conn->db);
*_conn = NULL;
if (--conn->refcount > 0)
return;
sql_unref(&conn->db);
pool_unref(&conn->pool);
}
void db_sql_connect(struct db_sql_connection *conn)
{
if (sql_connect(conn->db) < 0 && worker) {
/* auth worker's sql connection failed. we can't do anything
useful until the connection works. there's no point in
having tons of worker processes all logging failures,
so tell the auth master to stop creating new workers (and
maybe close old ones). this handling is especially useful if
we reach the max. number of connections for sql server. */
auth_worker_client_send_error();
}
}
void db_sql_success(struct db_sql_connection *conn ATTR_UNUSED)
{
if (worker)
auth_worker_client_send_success();
}
void db_sql_check_userdb_warning(struct db_sql_connection *conn)
{
if (worker || conn->userdb_used || conn->set.userdb_warning_disable)
return;
if (strcmp(conn->set.user_query,
default_db_sql_settings.user_query) != 0) {
i_warning("sql: Ignoring changed user_query in %s, "
"because userdb sql not used. "
"(If this is intentional, set userdb_warning_disable=yes)",
conn->config_path);
} else if (strcmp(conn->set.iterate_query,
default_db_sql_settings.iterate_query) != 0) {
i_warning("sql: Ignoring changed iterate_query in %s, "
"because userdb sql not used. "
"(If this is intentional, set userdb_warning_disable=yes)",
conn->config_path);
}
}
#endif
|