#include "auth-common.h"
#include "ioloop.h"
#include "mech.h"
#include "str.h"
#include "passdb.h"
#include <stdlib.h>
static struct mech_module_list *mech_modules;
void mech_register_module(const struct mech_module *module)
{
struct mech_module_list *list;
list = i_new(struct mech_module_list, 1);
list->module = *module;
list->next = mech_modules;
mech_modules = list;
}
void mech_unregister_module(const struct mech_module *module)
{
struct mech_module_list **pos, *list;
for (pos = &mech_modules; *pos != NULL; pos = &(*pos)->next) {
if (strcmp((*pos)->module.mech_name, module->mech_name) == 0) {
list = *pos;
*pos = (*pos)->next;
i_free(list);
break;
}
}
}
const struct mech_module *mech_module_find(const char *name)
{
struct mech_module_list *list;
for (list = mech_modules; list != NULL; list = list->next) {
if (strcasecmp(list->module.mech_name, name) == 0)
return &list->module;
}
return NULL;
}
void mech_generic_auth_initial(struct auth_request *request,
const unsigned char *data, size_t data_size)
{
if (data == NULL) {
auth_request_handler_reply_continue(request, NULL, 0);
} else {
request->mech->auth_continue(request, data, data_size);
}
}
void mech_generic_auth_free(struct auth_request *request)
{
pool_unref(&request->pool);
}
extern const struct mech_module mech_plain;
extern const struct mech_module mech_x_plain_submit;
extern const struct mech_module mech_login;
extern const struct mech_module mech_apop;
extern const struct mech_module mech_cram_md5;
extern const struct mech_module mech_digest_md5;
extern const struct mech_module mech_external;
extern const struct mech_module mech_ntlm;
extern const struct mech_module mech_otp;
extern const struct mech_module mech_skey;
extern const struct mech_module mech_rpa;
extern const struct mech_module mech_anonymous;
#ifdef HAVE_GSSAPI
extern const struct mech_module mech_gssapi;
#endif
#ifdef HAVE_GSSAPI_SPNEGO
extern const struct mech_module mech_gssapi_spnego;
#endif
extern const struct mech_module mech_winbind_ntlm;
extern const struct mech_module mech_winbind_spnego;
static void mech_register_add(struct mechanisms_register *reg,
const struct mech_module *mech)
{
struct mech_module_list *list;
list = p_new(reg->pool, struct mech_module_list, 1);
list->module = *mech;
str_printfa(reg->handshake, "MECH\t%s", mech->mech_name);
if ((mech->flags & MECH_SEC_PRIVATE) != 0)
str_append(reg->handshake, "\tprivate");
if ((mech->flags & MECH_SEC_ANONYMOUS) != 0)
str_append(reg->handshake, "\tanonymous");
if ((mech->flags & MECH_SEC_PLAINTEXT) != 0)
str_append(reg->handshake, "\tplaintext");
if ((mech->flags & MECH_SEC_DICTIONARY) != 0)
str_append(reg->handshake, "\tdictionary");
if ((mech->flags & MECH_SEC_ACTIVE) != 0)
str_append(reg->handshake, "\tactive");
if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0)
str_append(reg->handshake, "\tforward-secrecy");
if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0)
str_append(reg->handshake, "\tmutual-auth");
str_append_c(reg->handshake, '\n');
list->next = reg->modules;
reg->modules = list;
}
struct mechanisms_register *
mech_register_init(const struct auth_settings *set)
{
struct mechanisms_register *reg;
const struct mech_module *mech;
const char *const *mechanisms;
pool_t pool;
pool = pool_alloconly_create("mechanisms register", 1024);
reg = p_new(pool, struct mechanisms_register, 1);
reg->pool = pool;
reg->set = set;
reg->handshake = str_new(pool, 512);
mechanisms = t_strsplit_spaces(set->mechanisms, " ");
for (; *mechanisms != NULL; mechanisms++) {
if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
if (*set->anonymous_username == '\0') {
i_fatal("ANONYMOUS listed in mechanisms, "
"but anonymous_username not set");
}
}
mech = mech_module_find(*mechanisms);
if (mech == NULL) {
i_fatal("Unknown authentication mechanism '%s'",
*mechanisms);
}
mech_register_add(reg, mech);
}
if (reg->modules == NULL)
i_fatal("No authentication mechanisms configured");
return reg;
}
void mech_register_deinit(struct mechanisms_register **_reg)
{
struct mechanisms_register *reg = *_reg;
*_reg = NULL;
pool_unref(®->pool);
}
void mech_init(const struct auth_settings *set)
{
mech_register_module(&mech_plain);
mech_register_module(&mech_x_plain_submit);
mech_register_module(&mech_login);
mech_register_module(&mech_apop);
mech_register_module(&mech_cram_md5);
mech_register_module(&mech_digest_md5);
mech_register_module(&mech_external);
if (set->use_winbind) {
mech_register_module(&mech_winbind_ntlm);
mech_register_module(&mech_winbind_spnego);
} else {
mech_register_module(&mech_ntlm);
#if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
mech_register_module(&mech_gssapi_spnego);
#endif
}
mech_register_module(&mech_otp);
mech_register_module(&mech_skey);
mech_register_module(&mech_rpa);
mech_register_module(&mech_anonymous);
#ifdef BUILTIN_GSSAPI
mech_register_module(&mech_gssapi);
#endif
}
void mech_deinit(const struct auth_settings *set)
{
mech_unregister_module(&mech_plain);
mech_unregister_module(&mech_x_plain_submit);
mech_unregister_module(&mech_login);
mech_unregister_module(&mech_apop);
mech_unregister_module(&mech_cram_md5);
mech_unregister_module(&mech_digest_md5);
mech_unregister_module(&mech_external);
if (set->use_winbind) {
mech_unregister_module(&mech_winbind_ntlm);
mech_unregister_module(&mech_winbind_spnego);
} else {
mech_unregister_module(&mech_ntlm);
#if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
mech_unregister_module(&mech_gssapi_spnego);
#endif
}
mech_unregister_module(&mech_otp);
mech_unregister_module(&mech_skey);
mech_unregister_module(&mech_rpa);
mech_unregister_module(&mech_anonymous);
#ifdef BUILTIN_GSSAPI
mech_unregister_module(&mech_gssapi);
#endif
}