Mercurial > dovecot > core-2.2
changeset 5593:f8dc0bdb06a7 HEAD
Removed enum passdb_credentials. Use scheme strings directly instead. This
makes it possible to implement new mechanisms in plugins.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 13 May 2007 11:24:06 +0300 |
parents | 29ac17ec78ff |
children | 36c8fbd896fc |
files | src/auth/auth-request.c src/auth/auth-request.h src/auth/auth-worker-client.c src/auth/mech-apop.c src/auth/mech-cram-md5.c src/auth/mech-digest-md5.c src/auth/mech-ntlm.c src/auth/mech-otp.c src/auth/mech-rpa.c src/auth/mech-skey.c src/auth/passdb-blocking.c src/auth/passdb-ldap.c src/auth/passdb-sql.c src/auth/passdb.c src/auth/passdb.h src/auth/password-scheme.c src/auth/password-scheme.h src/auth/userdb-static.c |
diffstat | 18 files changed, 65 insertions(+), 116 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/auth-request.c Sun May 13 11:24:06 2007 +0300 @@ -34,7 +34,6 @@ request->refcount = 1; request->last_access = ioloop_time; - request->credentials = -1; request->auth = auth; request->mech = mech; @@ -57,7 +56,6 @@ auth_request->auth = auth; auth_request->passdb = auth->passdbs; auth_request->userdb = auth->userdbs; - auth_request->credentials = -1; return auth_request; } @@ -440,7 +438,7 @@ } request->state = AUTH_REQUEST_STATE_PASSDB; - request->credentials = -1; + request->credentials_scheme = NULL; if (passdb->blocking) passdb_blocking_verify_plain(request); @@ -457,7 +455,8 @@ { if (!auth_request_handle_passdb_callback(&result, request)) { /* try next passdb */ - auth_request_lookup_credentials(request, request->credentials, + auth_request_lookup_credentials(request, + request->credentials_scheme, request->private_callback.lookup_credentials); } else { if (request->auth->verbose_debug_passwords && @@ -504,28 +503,28 @@ } void auth_request_lookup_credentials(struct auth_request *request, - enum passdb_credentials credentials, + const char *scheme, lookup_credentials_callback_t *callback) { struct passdb_module *passdb = request->passdb->passdb; - const char *cache_key, *password, *scheme; + const char *cache_key, *cache_cred, *cache_scheme; enum passdb_result result; i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE); - request->credentials = credentials; + request->credentials_scheme = p_strdup(request->pool, scheme); request->private_callback.lookup_credentials = callback; cache_key = passdb_cache == NULL ? NULL : passdb->cache_key; if (cache_key != NULL) { if (passdb_cache_lookup_credentials(request, cache_key, - &password, &scheme, + &cache_cred, &cache_scheme, &result, FALSE)) { - password = result != PASSDB_RESULT_OK ? NULL : - passdb_get_credentials(request, password, - scheme); + cache_cred = result != PASSDB_RESULT_OK ? NULL : + passdb_get_credentials(request, cache_cred, + cache_scheme); auth_request_lookup_credentials_callback_finish( - result, password, request); + result, cache_cred, request); return; } } @@ -545,8 +544,7 @@ } void auth_request_set_credentials(struct auth_request *request, - enum passdb_credentials credentials, - const char *data, + const char *scheme, const char *data, set_credentials_callback_t *callback) { struct passdb_module *passdb = request->passdb->passdb; @@ -558,9 +556,7 @@ request->private_callback.set_credentials = callback; - new_credentials = t_strconcat("{", - passdb_credentials_to_str(credentials, ""), "}", data, NULL); - + new_credentials = t_strdup_printf("{%s}%s", scheme, data); if (passdb->blocking) passdb_blocking_set_credentials(request, new_credentials); else if (passdb->iface.set_credentials != NULL) {
--- a/src/auth/auth-request.h Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/auth-request.h Sun May 13 11:24:06 2007 +0300 @@ -65,7 +65,7 @@ set_credentials_callback_t *set_credentials; userdb_callback_t *userdb; } private_callback; - enum passdb_credentials credentials; + const char *credentials_scheme; mech_callback_t *callback; void *context; @@ -115,7 +115,7 @@ const char *password, verify_plain_callback_t *callback); void auth_request_lookup_credentials(struct auth_request *request, - enum passdb_credentials credentials, + const char *scheme, lookup_credentials_callback_t *callback); void auth_request_lookup_user(struct auth_request *request, userdb_callback_t *callback); @@ -160,8 +160,7 @@ const char *credentials, struct auth_request *request); void auth_request_set_credentials(struct auth_request *request, - enum passdb_credentials credentials, - const char *data, + const char *scheme, const char *data, set_credentials_callback_t *callback); void auth_request_userdb_callback(enum userdb_result result, struct auth_stream_reply *reply,
--- a/src/auth/auth-worker-client.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/auth-worker-client.c Sun May 13 11:24:06 2007 +0300 @@ -181,8 +181,7 @@ str_printfa(str, "FAIL\t%d", result); else { str_printfa(str, "OK\t%s\t{%s}%s\t", request->user, - passdb_credentials_to_str(request->credentials, ""), - credentials); + request->credentials_scheme, credentials); if (request->extra_fields != NULL) { const char *field = auth_stream_reply_export(request->extra_fields); @@ -203,8 +202,7 @@ { /* lookup credentials */ struct auth_request *auth_request; - const char *credentials_str; - enum passdb_credentials credentials; + const char *scheme; unsigned int passdb_id; passdb_id = atoi(t_strcut(args, '\t')); @@ -215,14 +213,12 @@ } args++; - credentials_str = t_strcut(args, '\t'); + scheme = t_strcut(args, '\t'); args = strchr(args, '\t'); if (args != NULL) args++; - credentials = atoi(credentials_str); - auth_request = worker_auth_request_new(client, id, args); - auth_request->credentials = credentials; + auth_request->credentials_scheme = p_strdup(auth_request->pool, scheme); if (auth_request->user == NULL || auth_request->service == NULL) { i_error("BUG: PASSL had missing parameters");
--- a/src/auth/mech-apop.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/mech-apop.c Sun May 13 11:24:06 2007 +0300 @@ -133,8 +133,7 @@ memcpy(request->digest, tmp, sizeof(request->digest)); - auth_request_lookup_credentials(auth_request, - PASSDB_CREDENTIALS_PLAINTEXT, + auth_request_lookup_credentials(auth_request, "PLAIN", apop_credentials_callback); }
--- a/src/auth/mech-cram-md5.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/mech-cram-md5.c Sun May 13 11:24:06 2007 +0300 @@ -142,8 +142,7 @@ if (auth_request_set_username(auth_request, request->username, &error)) { auth_request_lookup_credentials(auth_request, - PASSDB_CREDENTIALS_CRAM_MD5, - credentials_callback); + "CRAM-MD5", credentials_callback); return; } }
--- a/src/auth/mech-digest-md5.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/mech-digest-md5.c Sun May 13 11:24:06 2007 +0300 @@ -569,8 +569,7 @@ if (auth_request_set_username(auth_request, username, &error)) { auth_request_lookup_credentials(auth_request, - PASSDB_CREDENTIALS_DIGEST_MD5, - credentials_callback); + "DIGEST-MD5", credentials_callback); return; } }
--- a/src/auth/mech-ntlm.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/mech-ntlm.c Sun May 13 11:24:06 2007 +0300 @@ -175,7 +175,7 @@ /* NTLM credentials not found or didn't want to use them, try with LM credentials */ - auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN, + auth_request_lookup_credentials(auth_request, "LANMAN", lm_credentials_callback); } @@ -236,8 +236,7 @@ return; } - auth_request_lookup_credentials(auth_request, - PASSDB_CREDENTIALS_NTLM, + auth_request_lookup_credentials(auth_request, "NTLM", ntlm_credentials_callback); } }
--- a/src/auth/mech-otp.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/mech-otp.c Sun May 13 11:24:06 2007 +0300 @@ -86,8 +86,7 @@ break; default: /* OTP credentials not found, try S/KEY */ - auth_request_lookup_credentials(auth_request, - PASSDB_CREDENTIALS_OTP, + auth_request_lookup_credentials(auth_request, "OTP", skey_credentials_callback); break; } @@ -128,7 +127,7 @@ return; } - auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_OTP, + auth_request_lookup_credentials(auth_request, "OTP", otp_credentials_callback); } @@ -161,8 +160,7 @@ memcpy(state->hash, hash, sizeof(state->hash)); - auth_request_set_credentials(auth_request, - PASSDB_CREDENTIALS_OTP, + auth_request_set_credentials(auth_request, "OTP", otp_print_dbentry(state), otp_set_credentials_callback); } @@ -195,8 +193,7 @@ return; } - auth_request_set_credentials(auth_request, - PASSDB_CREDENTIALS_OTP, + auth_request_set_credentials(auth_request, "OTP", otp_print_dbentry(&new_state), otp_set_credentials_callback); }
--- a/src/auth/mech-rpa.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/mech-rpa.c Sun May 13 11:24:06 2007 +0300 @@ -528,7 +528,7 @@ return; } - auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA, + auth_request_lookup_credentials(auth_request, "RPA", rpa_credentials_callback); }
--- a/src/auth/mech-skey.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/mech-skey.c Sun May 13 11:24:06 2007 +0300 @@ -92,8 +92,7 @@ break; default: /* S/KEY credentials not found, try OTP */ - auth_request_lookup_credentials(auth_request, - PASSDB_CREDENTIALS_OTP, + auth_request_lookup_credentials(auth_request, "OTP", otp_credentials_callback); break; } @@ -113,7 +112,7 @@ return; } - auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_SKEY, + auth_request_lookup_credentials(auth_request, "SKEY", skey_credentials_callback); } @@ -153,8 +152,7 @@ memcpy(state->hash, hash, sizeof(state->hash)); - auth_request_set_credentials(auth_request, - PASSDB_CREDENTIALS_OTP, + auth_request_set_credentials(auth_request, "OTP", otp_print_dbentry(state), otp_set_credentials_callback); }
--- a/src/auth/passdb-blocking.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/passdb-blocking.c Sun May 13 11:24:06 2007 +0300 @@ -151,8 +151,8 @@ request->master_user != NULL); str = t_str_new(64); - str_printfa(str, "PASSL\t%u\t%d\t", - request->passdb->id, request->credentials); + str_printfa(str, "PASSL\t%u\t%s\t", + request->passdb->id, request->credentials_scheme); auth_request_export(request, str); auth_worker_call(request, str_c(str), lookup_credentials_callback);
--- a/src/auth/passdb-ldap.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/passdb-ldap.c Sun May 13 11:24:06 2007 +0300 @@ -173,7 +173,7 @@ } } - if (auth_request->credentials != -1) { + if (auth_request->credentials_scheme != NULL) { request->callback.lookup_credentials(passdb_result, NULL, auth_request); } else { @@ -232,7 +232,7 @@ scheme = "PLAIN-MD5"; } - if (auth_request->credentials != -1) { + if (auth_request->credentials_scheme != NULL) { passdb_handle_credentials(passdb_result, password, scheme, ldap_request->callback.lookup_credentials, auth_request);
--- a/src/auth/passdb-sql.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/passdb-sql.c Sun May 13 11:24:06 2007 +0300 @@ -100,7 +100,7 @@ /* auth_request_set_field() sets scheme */ i_assert(password == NULL || scheme != NULL); - if (auth_request->credentials != -1) { + if (auth_request->credentials_scheme != NULL) { passdb_handle_credentials(passdb_result, password, scheme, sql_request->callback.lookup_credentials, auth_request);
--- a/src/auth/passdb.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/passdb.c Sun May 13 11:24:06 2007 +0300 @@ -54,55 +54,18 @@ }; const char * -passdb_credentials_to_str(enum passdb_credentials credentials, - const char *wanted_scheme) -{ - switch (credentials) { - case _PASSDB_CREDENTIALS_INTERNAL: - break; - case PASSDB_CREDENTIALS_PLAINTEXT: - if (strcasecmp(wanted_scheme, "CLEARTEXT") == 0) - return wanted_scheme; - return "PLAIN"; - case PASSDB_CREDENTIALS_CRYPT: - return "CRYPT"; - case PASSDB_CREDENTIALS_CRAM_MD5: - if (strcasecmp(wanted_scheme, "HMAC-MD5") == 0) - return wanted_scheme; - return "CRAM-MD5"; - case PASSDB_CREDENTIALS_DIGEST_MD5: - return "DIGEST-MD5"; - case PASSDB_CREDENTIALS_LANMAN: - return "LANMAN"; - case PASSDB_CREDENTIALS_NTLM: - return "NTLM"; - case PASSDB_CREDENTIALS_OTP: - return "OTP"; - case PASSDB_CREDENTIALS_SKEY: - return "SKEY"; - case PASSDB_CREDENTIALS_RPA: - return "RPA"; - } - - return "??"; -} - -const char * passdb_get_credentials(struct auth_request *auth_request, const char *password, const char *scheme) { - const char *wanted_scheme; + const char *wanted_scheme = auth_request->credentials_scheme; - if (auth_request->credentials == PASSDB_CREDENTIALS_CRYPT) { + if (strcasecmp(wanted_scheme, "CRYPT") == 0) { /* anything goes */ return t_strdup_printf("{%s}%s", scheme, password); } - wanted_scheme = passdb_credentials_to_str(auth_request->credentials, - scheme); - if (strcasecmp(scheme, wanted_scheme) != 0) { - if (strcasecmp(scheme, "PLAIN") != 0 && - strcasecmp(scheme, "CLEARTEXT") != 0) { + if (!password_scheme_is_alias(scheme, wanted_scheme)) { + if (!password_scheme_is_alias(scheme, "PLAIN")) { auth_request_log_info(auth_request, "password", "Requested %s scheme, but we have only %s", wanted_scheme, scheme);
--- a/src/auth/passdb.h Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/passdb.h Sun May 13 11:24:06 2007 +0300 @@ -6,20 +6,6 @@ struct auth_request; -enum passdb_credentials { - _PASSDB_CREDENTIALS_INTERNAL = -1, - - PASSDB_CREDENTIALS_PLAINTEXT, - PASSDB_CREDENTIALS_CRYPT, - PASSDB_CREDENTIALS_CRAM_MD5, - PASSDB_CREDENTIALS_DIGEST_MD5, - PASSDB_CREDENTIALS_LANMAN, - PASSDB_CREDENTIALS_NTLM, - PASSDB_CREDENTIALS_OTP, - PASSDB_CREDENTIALS_SKEY, - PASSDB_CREDENTIALS_RPA -}; - enum passdb_result { PASSDB_RESULT_INTERNAL_FAILURE = -1, PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2, @@ -85,9 +71,6 @@ lookup_credentials_callback_t *callback, struct auth_request *auth_request); -const char *passdb_credentials_to_str(enum passdb_credentials credentials, - const char *wanted_scheme); - struct auth_passdb *passdb_preinit(struct auth *auth, const char *driver, const char *args, unsigned int id); void passdb_init(struct auth_passdb *passdb);
--- a/src/auth/password-scheme.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/password-scheme.c Sun May 13 11:24:06 2007 +0300 @@ -52,6 +52,25 @@ return (*listptr)++->name; } +bool password_scheme_is_alias(const char *scheme1, const char *scheme2) +{ + const struct password_scheme *s, *s1 = NULL, *s2 = NULL; + + if (strcasecmp(scheme1, scheme2) == 0) + return TRUE; + + for (s = schemes; s->name != NULL; s++) { + if (strcasecmp(s->name, scheme1) == 0) + s1 = s; + else if (strcasecmp(s->name, scheme2) == 0) + s2 = s; + } + + /* if they've the same verify function, they're equivalent */ + return s1 != NULL && s2 != NULL && + s1->password_verify == s2->password_verify; +} + const char *password_get_scheme(const char **password) { const char *p, *scheme;
--- a/src/auth/password-scheme.h Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/password-scheme.h Sun May 13 11:24:06 2007 +0300 @@ -25,6 +25,9 @@ /* Iterate through the list of password schemes, returning names */ const char *password_list_schemes(const struct password_scheme **listptr); +/* Returns TRUE if schemes are equivalent. */ +bool password_scheme_is_alias(const char *scheme1, const char *scheme2); + void password_schemes_init(void); void password_schemes_deinit(void);
--- a/src/auth/userdb-static.c Fri May 11 21:57:52 2007 +0300 +++ b/src/auth/userdb-static.c Sun May 13 11:24:06 2007 +0300 @@ -116,8 +116,7 @@ auth_request->state = AUTH_REQUEST_STATE_MECH_CONTINUE; auth_request->context = ctx; - auth_request_lookup_credentials(auth_request, - PASSDB_CREDENTIALS_CRYPT, + auth_request_lookup_credentials(auth_request, "CRYPT", static_credentials_callback); } else { static_lookup_real(auth_request, callback);