--- a/src/auth/auth-request.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/auth-request.c	Sun May 13 11:24:06 2007 +0300
@@ -34,7 +34,6 @@
 
 	request->refcount = 1;
 	request->last_access = ioloop_time;
-	request->credentials = -1;
 
 	request->auth = auth;
 	request->mech = mech;
@@ -57,7 +56,6 @@
 	auth_request->auth = auth;
 	auth_request->passdb = auth->passdbs;
 	auth_request->userdb = auth->userdbs;
-	auth_request->credentials = -1;
 
 	return auth_request;
 }
@@ -440,7 +438,7 @@
 	}
 
 	request->state = AUTH_REQUEST_STATE_PASSDB;
-	request->credentials = -1;
+	request->credentials_scheme = NULL;
 
 	if (passdb->blocking)
 		passdb_blocking_verify_plain(request);
@@ -457,7 +455,8 @@
 {
 	if (!auth_request_handle_passdb_callback(&result, request)) {
 		/* try next passdb */
-		auth_request_lookup_credentials(request, request->credentials,
+		auth_request_lookup_credentials(request,
+			request->credentials_scheme,
                 	request->private_callback.lookup_credentials);
 	} else {
 		if (request->auth->verbose_debug_passwords &&
@@ -504,28 +503,28 @@
 }
 
 void auth_request_lookup_credentials(struct auth_request *request,
-				     enum passdb_credentials credentials,
+				     const char *scheme,
 				     lookup_credentials_callback_t *callback)
 {
 	struct passdb_module *passdb = request->passdb->passdb;
-	const char *cache_key, *password, *scheme;
+	const char *cache_key, *cache_cred, *cache_scheme;
 	enum passdb_result result;
 
 	i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
 
-	request->credentials = credentials;
+	request->credentials_scheme = p_strdup(request->pool, scheme);
 	request->private_callback.lookup_credentials = callback;
 
 	cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
 	if (cache_key != NULL) {
 		if (passdb_cache_lookup_credentials(request, cache_key,
-						    &password, &scheme,
+						    &cache_cred, &cache_scheme,
 						    &result, FALSE)) {
-			password = result != PASSDB_RESULT_OK ? NULL :
-				passdb_get_credentials(request, password,
-						       scheme);
+			cache_cred = result != PASSDB_RESULT_OK ? NULL :
+				passdb_get_credentials(request, cache_cred,
+						       cache_scheme);
 			auth_request_lookup_credentials_callback_finish(
-				result, password, request);
+				result, cache_cred, request);
 			return;
 		}
 	}
@@ -545,8 +544,7 @@
 }
 
 void auth_request_set_credentials(struct auth_request *request,
-				  enum passdb_credentials credentials,
-				  const char *data,
+				  const char *scheme, const char *data,
 				  set_credentials_callback_t *callback)
 {
 	struct passdb_module *passdb = request->passdb->passdb;
@@ -558,9 +556,7 @@
 
 	request->private_callback.set_credentials = callback;
 
-	new_credentials = t_strconcat("{",
-		passdb_credentials_to_str(credentials, ""), "}", data, NULL);
-
+	new_credentials = t_strdup_printf("{%s}%s", scheme, data);
 	if (passdb->blocking)
 		passdb_blocking_set_credentials(request, new_credentials);
 	else if (passdb->iface.set_credentials != NULL) {

--- a/src/auth/auth-request.h	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/auth-request.h	Sun May 13 11:24:06 2007 +0300
@@ -65,7 +65,7 @@
 		set_credentials_callback_t *set_credentials;
                 userdb_callback_t *userdb;
 	} private_callback;
-        enum passdb_credentials credentials;
+        const char *credentials_scheme;
 
 	mech_callback_t *callback;
 	void *context;
@@ -115,7 +115,7 @@
 			       const char *password,
 			       verify_plain_callback_t *callback);
 void auth_request_lookup_credentials(struct auth_request *request,
-				     enum passdb_credentials credentials,
+				     const char *scheme,
 				     lookup_credentials_callback_t *callback);
 void auth_request_lookup_user(struct auth_request *request,
 			      userdb_callback_t *callback);
@@ -160,8 +160,7 @@
 					      const char *credentials,
 					      struct auth_request *request);
 void auth_request_set_credentials(struct auth_request *request,
-				  enum passdb_credentials credentials,
-				  const char *data,
+				  const char *scheme, const char *data,
 				  set_credentials_callback_t *callback);
 void auth_request_userdb_callback(enum userdb_result result,
 				  struct auth_stream_reply *reply,

--- a/src/auth/auth-worker-client.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/auth-worker-client.c	Sun May 13 11:24:06 2007 +0300
@@ -181,8 +181,7 @@
 		str_printfa(str, "FAIL\t%d", result);
 	else {
 		str_printfa(str, "OK\t%s\t{%s}%s\t", request->user,
-			    passdb_credentials_to_str(request->credentials, ""),
-			    credentials);
+			    request->credentials_scheme, credentials);
 		if (request->extra_fields != NULL) {
 			const char *field =
 				auth_stream_reply_export(request->extra_fields);
@@ -203,8 +202,7 @@
 {
 	/* lookup credentials */
 	struct auth_request *auth_request;
-	const char *credentials_str;
-        enum passdb_credentials credentials;
+	const char *scheme;
 	unsigned int passdb_id;
 
 	passdb_id = atoi(t_strcut(args, '\t'));
@@ -215,14 +213,12 @@
 	}
 	args++;
 
-	credentials_str = t_strcut(args, '\t');
+	scheme = t_strcut(args, '\t');
 	args = strchr(args, '\t');
 	if (args != NULL) args++;
 
-	credentials = atoi(credentials_str);
-
 	auth_request = worker_auth_request_new(client, id, args);
-	auth_request->credentials = credentials;
+	auth_request->credentials_scheme = p_strdup(auth_request->pool, scheme);
 
 	if (auth_request->user == NULL || auth_request->service == NULL) {
 		i_error("BUG: PASSL had missing parameters");

--- a/src/auth/mech-apop.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/mech-apop.c	Sun May 13 11:24:06 2007 +0300
@@ -133,8 +133,7 @@
 
 	memcpy(request->digest, tmp, sizeof(request->digest));
 
-	auth_request_lookup_credentials(auth_request,
-					PASSDB_CREDENTIALS_PLAINTEXT,
+	auth_request_lookup_credentials(auth_request, "PLAIN",
 					apop_credentials_callback);
 }
 

--- a/src/auth/mech-cram-md5.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/mech-cram-md5.c	Sun May 13 11:24:06 2007 +0300
@@ -142,8 +142,7 @@
 		if (auth_request_set_username(auth_request, request->username,
 					      &error)) {
 			auth_request_lookup_credentials(auth_request,
-						PASSDB_CREDENTIALS_CRAM_MD5,
-						credentials_callback);
+					"CRAM-MD5", credentials_callback);
 			return;
 		}
 	}

--- a/src/auth/mech-digest-md5.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/mech-digest-md5.c	Sun May 13 11:24:06 2007 +0300
@@ -569,8 +569,7 @@
 
 		if (auth_request_set_username(auth_request, username, &error)) {
 			auth_request_lookup_credentials(auth_request,
-						PASSDB_CREDENTIALS_DIGEST_MD5,
-						credentials_callback);
+					"DIGEST-MD5", credentials_callback);
 			return;
 		}
 	}

--- a/src/auth/mech-ntlm.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/mech-ntlm.c	Sun May 13 11:24:06 2007 +0300
@@ -175,7 +175,7 @@
 
 	/* NTLM credentials not found or didn't want to use them,
 	   try with LM credentials */
-	auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN,
+	auth_request_lookup_credentials(auth_request, "LANMAN",
 					lm_credentials_callback);
 }
 
@@ -236,8 +236,7 @@
 			return;
 		}
 
-		auth_request_lookup_credentials(auth_request,
-						PASSDB_CREDENTIALS_NTLM,
+		auth_request_lookup_credentials(auth_request, "NTLM",
 						ntlm_credentials_callback);
 	}
 }

--- a/src/auth/mech-otp.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/mech-otp.c	Sun May 13 11:24:06 2007 +0300
@@ -86,8 +86,7 @@
 		break;
 	default:
 		/* OTP credentials not found, try S/KEY */
-		auth_request_lookup_credentials(auth_request,
-						PASSDB_CREDENTIALS_OTP,
+		auth_request_lookup_credentials(auth_request, "OTP",
 						skey_credentials_callback);
 		break;
 	}
@@ -128,7 +127,7 @@
 		return;
 	}
 
-	auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_OTP,
+	auth_request_lookup_credentials(auth_request, "OTP",
 					otp_credentials_callback);
 }
 
@@ -161,8 +160,7 @@
 
 	memcpy(state->hash, hash, sizeof(state->hash));
 
-	auth_request_set_credentials(auth_request,
-				     PASSDB_CREDENTIALS_OTP,
+	auth_request_set_credentials(auth_request, "OTP",
 				     otp_print_dbentry(state),
 				     otp_set_credentials_callback);
 }
@@ -195,8 +193,7 @@
 		return;
 	}
 
-	auth_request_set_credentials(auth_request,
-				     PASSDB_CREDENTIALS_OTP,
+	auth_request_set_credentials(auth_request, "OTP",
 				     otp_print_dbentry(&new_state),
 				     otp_set_credentials_callback);
 }

--- a/src/auth/mech-rpa.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/mech-rpa.c	Sun May 13 11:24:06 2007 +0300
@@ -528,7 +528,7 @@
 		return;
 	}
 
-	auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA,
+	auth_request_lookup_credentials(auth_request, "RPA",
 					rpa_credentials_callback);
 }
 

--- a/src/auth/mech-skey.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/mech-skey.c	Sun May 13 11:24:06 2007 +0300
@@ -92,8 +92,7 @@
 		break;
 	default:
 		/* S/KEY credentials not found, try OTP */
-		auth_request_lookup_credentials(auth_request,
-						PASSDB_CREDENTIALS_OTP,
+		auth_request_lookup_credentials(auth_request, "OTP",
 						otp_credentials_callback);
 		break;
 	}
@@ -113,7 +112,7 @@
 		return;
 	}
 
-	auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_SKEY,
+	auth_request_lookup_credentials(auth_request, "SKEY",
 					skey_credentials_callback);
 }
 
@@ -153,8 +152,7 @@
 
 	memcpy(state->hash, hash, sizeof(state->hash));
 
-	auth_request_set_credentials(auth_request,
-				     PASSDB_CREDENTIALS_OTP,
+	auth_request_set_credentials(auth_request, "OTP",
 				     otp_print_dbentry(state),
 				     otp_set_credentials_callback);
 }

--- a/src/auth/passdb-blocking.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/passdb-blocking.c	Sun May 13 11:24:06 2007 +0300
@@ -151,8 +151,8 @@
 		 request->master_user != NULL);
 
 	str = t_str_new(64);
-	str_printfa(str, "PASSL\t%u\t%d\t",
-		    request->passdb->id, request->credentials);
+	str_printfa(str, "PASSL\t%u\t%s\t",
+		    request->passdb->id, request->credentials_scheme);
 	auth_request_export(request, str);
 
 	auth_worker_call(request, str_c(str), lookup_credentials_callback);

--- a/src/auth/passdb-ldap.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/passdb-ldap.c	Sun May 13 11:24:06 2007 +0300
@@ -173,7 +173,7 @@
 		}
 	}
 
-	if (auth_request->credentials != -1) {
+	if (auth_request->credentials_scheme != NULL) {
 		request->callback.lookup_credentials(passdb_result, NULL,
 						     auth_request);
 	} else {
@@ -232,7 +232,7 @@
 		scheme = "PLAIN-MD5";
 	}
 
-	if (auth_request->credentials != -1) {
+	if (auth_request->credentials_scheme != NULL) {
 		passdb_handle_credentials(passdb_result, password, scheme,
 			ldap_request->callback.lookup_credentials,
 			auth_request);

--- a/src/auth/passdb-sql.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/passdb-sql.c	Sun May 13 11:24:06 2007 +0300
@@ -100,7 +100,7 @@
 	/* auth_request_set_field() sets scheme */
 	i_assert(password == NULL || scheme != NULL);
 
-	if (auth_request->credentials != -1) {
+	if (auth_request->credentials_scheme != NULL) {
 		passdb_handle_credentials(passdb_result, password, scheme,
 			sql_request->callback.lookup_credentials,
 			auth_request);

--- a/src/auth/passdb.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/passdb.c	Sun May 13 11:24:06 2007 +0300
@@ -54,55 +54,18 @@
 };
 
 const char *
-passdb_credentials_to_str(enum passdb_credentials credentials,
-			  const char *wanted_scheme)
-{
-	switch (credentials) {
-	case _PASSDB_CREDENTIALS_INTERNAL:
-		break;
-	case PASSDB_CREDENTIALS_PLAINTEXT:
-		if (strcasecmp(wanted_scheme, "CLEARTEXT") == 0)
-			return wanted_scheme;
-		return "PLAIN";
-	case PASSDB_CREDENTIALS_CRYPT:
-		return "CRYPT";
-	case PASSDB_CREDENTIALS_CRAM_MD5:
-		if (strcasecmp(wanted_scheme, "HMAC-MD5") == 0)
-			return wanted_scheme;
-		return "CRAM-MD5";
-	case PASSDB_CREDENTIALS_DIGEST_MD5:
-		return "DIGEST-MD5";
-	case PASSDB_CREDENTIALS_LANMAN:
-		return "LANMAN";
-	case PASSDB_CREDENTIALS_NTLM:
-		return "NTLM";
-	case PASSDB_CREDENTIALS_OTP:
-		return "OTP";
-	case PASSDB_CREDENTIALS_SKEY:
-		return "SKEY";
-	case PASSDB_CREDENTIALS_RPA:
-		return "RPA";
-	}
-
-	return "??";
-}
-
-const char *
 passdb_get_credentials(struct auth_request *auth_request,
 		       const char *password, const char *scheme)
 {
-	const char *wanted_scheme;
+	const char *wanted_scheme = auth_request->credentials_scheme;
 
-	if (auth_request->credentials == PASSDB_CREDENTIALS_CRYPT) {
+	if (strcasecmp(wanted_scheme, "CRYPT") == 0) {
 		/* anything goes */
 		return t_strdup_printf("{%s}%s", scheme, password);
 	}
 
-	wanted_scheme = passdb_credentials_to_str(auth_request->credentials,
-						  scheme);
-	if (strcasecmp(scheme, wanted_scheme) != 0) {
-		if (strcasecmp(scheme, "PLAIN") != 0 &&
-		    strcasecmp(scheme, "CLEARTEXT") != 0) {
+	if (!password_scheme_is_alias(scheme, wanted_scheme)) {
+		if (!password_scheme_is_alias(scheme, "PLAIN")) {
 			auth_request_log_info(auth_request, "password",
 				"Requested %s scheme, but we have only %s",
 				wanted_scheme, scheme);

--- a/src/auth/passdb.h	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/passdb.h	Sun May 13 11:24:06 2007 +0300
@@ -6,20 +6,6 @@
 
 struct auth_request;
 
-enum passdb_credentials {
-	_PASSDB_CREDENTIALS_INTERNAL = -1,
-
-	PASSDB_CREDENTIALS_PLAINTEXT,
-	PASSDB_CREDENTIALS_CRYPT,
-	PASSDB_CREDENTIALS_CRAM_MD5,
-	PASSDB_CREDENTIALS_DIGEST_MD5,
-	PASSDB_CREDENTIALS_LANMAN,
-	PASSDB_CREDENTIALS_NTLM,
-	PASSDB_CREDENTIALS_OTP,
-	PASSDB_CREDENTIALS_SKEY,
-	PASSDB_CREDENTIALS_RPA
-};
-
 enum passdb_result {
 	PASSDB_RESULT_INTERNAL_FAILURE = -1,
 	PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2,
@@ -85,9 +71,6 @@
 			       lookup_credentials_callback_t *callback,
                                struct auth_request *auth_request);
 
-const char *passdb_credentials_to_str(enum passdb_credentials credentials,
-				      const char *wanted_scheme);
-
 struct auth_passdb *passdb_preinit(struct auth *auth, const char *driver,
 				   const char *args, unsigned int id);
 void passdb_init(struct auth_passdb *passdb);

--- a/src/auth/password-scheme.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/password-scheme.c	Sun May 13 11:24:06 2007 +0300
@@ -52,6 +52,25 @@
 	return (*listptr)++->name;
 }
 
+bool password_scheme_is_alias(const char *scheme1, const char *scheme2)
+{
+	const struct password_scheme *s, *s1 = NULL, *s2 = NULL;
+
+	if (strcasecmp(scheme1, scheme2) == 0)
+		return TRUE;
+
+	for (s = schemes; s->name != NULL; s++) {
+		if (strcasecmp(s->name, scheme1) == 0)
+			s1 = s;
+		else if (strcasecmp(s->name, scheme2) == 0)
+			s2 = s;
+	}
+
+	/* if they've the same verify function, they're equivalent */
+	return s1 != NULL && s2 != NULL &&
+		s1->password_verify == s2->password_verify;
+}
+
 const char *password_get_scheme(const char **password)
 {
 	const char *p, *scheme;

--- a/src/auth/password-scheme.h	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/password-scheme.h	Sun May 13 11:24:06 2007 +0300
@@ -25,6 +25,9 @@
 /* Iterate through the list of password schemes, returning names */
 const char *password_list_schemes(const struct password_scheme **listptr);
 
+/* Returns TRUE if schemes are equivalent. */
+bool password_scheme_is_alias(const char *scheme1, const char *scheme2);
+
 void password_schemes_init(void);
 void password_schemes_deinit(void);
 

--- a/src/auth/userdb-static.c	Fri May 11 21:57:52 2007 +0300
+++ b/src/auth/userdb-static.c	Sun May 13 11:24:06 2007 +0300
@@ -116,8 +116,7 @@
 		auth_request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
 
 		auth_request->context = ctx;
-		auth_request_lookup_credentials(auth_request,
-						PASSDB_CREDENTIALS_CRYPT,
+		auth_request_lookup_credentials(auth_request, "CRYPT",
 						static_credentials_callback);
 	} else {
 		static_lookup_real(auth_request, callback);