plain authentication uses the new parsing method

doc/sample.config

@@ -12,7 +12,7 @@
 #  The gid-min option is used by auto-select-group option, in order to
 # select the minimum valid group ID.
 #
-# plain[/etc/ocserv/ocpasswd]
+# plain[passwd=/etc/ocserv/ocpasswd]
 #  The plain option requires specifying a password file which contains
 # entries of the following format.
 # "username:groupname1,groupname2:encoded-password"
@@ -29,7 +29,7 @@
 
 #auth = "pam"
 #auth = "pam[gid-min=1000]"
-auth = "plain[./sample.passwd]"
+auth = "plain[passwd=./sample.passwd]"
 #auth = "certificate"
 #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
 

src/auth/plain.c

@@ -29,6 +29,7 @@
 #include <vpn.h>
 #include <c-ctype.h>
 #include "plain.h"
+#include "cfg.h"
 #include "auth/common.h"
 #include <ccan/htable/htable.h>
 #include <ccan/hash/hash.h>
@@ -50,7 +51,9 @@ static char *password_file = NULL;
 
 static void plain_global_init(void *pool, const char *server_name, void *additional)
 {
-	password_file = talloc_strdup(pool, (char*)additional);
+	struct plain_cfg_st *config = additional;
+
+	password_file = talloc_strdup(pool, config->passwd);
 	if (password_file == NULL) {
 		fprintf(stderr, "memory error\n");
 		exit(1);
@@ -300,15 +303,16 @@ static void plain_group_list(void *pool, void *additional, char ***groupname, un
 	char *tgroup[MAX_GROUPS];
 	unsigned tgroup_size;
 	struct htable hash;
+	struct plain_cfg_st *config = additional;
 
 	htable_init(&hash, rehash, NULL);
 
 	pool = talloc_init("plain");
-	fp = fopen(additional, "r");
+	fp = fopen(config->passwd, "r");
 	if (fp == NULL) {
 		syslog(LOG_AUTH,
 		       "error in plain authentication; cannot open: %s",
-		       (char*)additional);
+		       (char*)config->passwd);
 		return;
 	}
 

src/cfg.h

@@ -37,6 +37,10 @@ typedef struct radius_cfg_st {
 	char *config;
 } radius_cfg_st;
 
+typedef struct plain_cfg_st {
+	char *passwd;
+} plain_cfg_st;
+
 typedef struct pam_cfg_st {
 	int gid_min;
 } pam_cfg_st;
@@ -57,5 +61,6 @@ void *get_brackets_string1(struct cfg_st *config, const char *str);
 void *gssapi_get_brackets_string(struct cfg_st *config, const char *str);
 void *radius_get_brackets_string(struct cfg_st *config, const char *str);
 void *pam_get_brackets_string(struct cfg_st *config, const char *str);
+void *plain_get_brackets_string(struct cfg_st *config, const char *str);
 
 #endif

src/config.c

@@ -365,7 +365,7 @@ static auth_types_st avail_auth_types[] =
 #ifdef HAVE_RADIUS
 	{NAME("radius"), &radius_auth_funcs, AUTH_TYPE_RADIUS, radius_get_brackets_string},
 #endif
-	{NAME("plain"), &plain_auth_funcs, AUTH_TYPE_PLAIN, get_brackets_string1},
+	{NAME("plain"), &plain_auth_funcs, AUTH_TYPE_PLAIN, plain_get_brackets_string},
 	{NAME("certificate"), NULL, AUTH_TYPE_CERTIFICATE, NULL},
 };
 

src/ocserv-args.def

@@ -87,7 +87,7 @@ An example configuration file follows.
 #  The gid-min option is used by auto-select-group option, in order to
 # select the minimum valid group ID.
 #
-# plain[/etc/ocserv/ocpasswd]
+# plain[passwd=/etc/ocserv/ocpasswd]
 #  The plain option requires specifying a password file which contains
 # entries of the following format.
 # "username:groupname1,groupname2:encoded-password"
@@ -105,7 +105,7 @@ An example configuration file follows.
 #auth = "certificate"
 #auth = "pam"
 #auth = "pam[gid-min=1000]"
-#auth = "plain[/etc/ocserv/ocpasswd]"
+#auth = "plain[passwd=/etc/ocserv/ocpasswd]"
 #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
 
 # Specify alternative authentication methods that are sufficient

src/subconfig.c

@@ -192,10 +192,6 @@ void *radius_get_brackets_string(struct cfg_st *config, const char *str)
 		fprintf(stderr, "Parsing radius auth method subconfig using legacy format\n");
 
 		additional->config = get_brackets_string1(config, str);
-		if (additional->config == NULL) {
-			fprintf(stderr, "No radius configuration specified: %s\n", str);
-			exit(1);
-		}
 
 		p = get_brackets_string2(config, str);
 		if (p != NULL) {
@@ -223,6 +219,11 @@ void *radius_get_brackets_string(struct cfg_st *config, const char *str)
 		free_expanded_brackets_string(vals, vals_size);
 	}
 
+	if (additional->config == NULL) {
+		fprintf(stderr, "No radius configuration specified: %s\n", str);
+		exit(1);
+	}
+
 	return additional;
 }
 #endif
@@ -258,3 +259,39 @@ void *pam_get_brackets_string(struct cfg_st *config, const char *str)
 	return additional;
 }
 #endif
+
+void *plain_get_brackets_string(struct cfg_st *config, const char *str)
+{
+	subcfg_val_st vals[MAX_SUBOPTIONS];
+	unsigned vals_size, i;
+	plain_cfg_st *additional;
+
+	additional = talloc_zero(config, plain_cfg_st);
+	if (additional == NULL) {
+		return NULL;
+	}
+
+	if (str && str[0] == '[' && (str[1] == '/' || str[1] == '.')) { /* legacy format */
+		fprintf(stderr, "Parsing plain auth method subconfig using legacy format\n");
+		additional->passwd = get_brackets_string1(config, str);
+	} else {
+		vals_size = expand_brackets_string(config, str, vals);
+		for (i=0;i<vals_size;i++) {
+			if (c_strcasecmp(vals[i].name, "passwd") == 0) {
+				additional->passwd = vals[i].value;
+				vals[i].value = NULL;
+			} else {
+				fprintf(stderr, "unknown option '%s'\n", vals[i].name);
+				exit(1);
+			}
+		}
+		free_expanded_brackets_string(vals, vals_size);
+	}
+
+	if (additional->passwd == NULL) {
+		fprintf(stderr, "plain: no password file specified\n");
+		exit(1);
+	}
+
+	return additional;
+}