# HG changeset patch # User Timo Sirainen # Date 1231517756 18000 # Node ID 84eea1977632e947f3bfd36ad2a242e5214ee5d7 # Parent 67f923c9988a861e594d48fc5464e10b5ac3d82b auth: Code cleanup for specifying what passdb features auth mechanisms need. diff -r 67f923c9988a -r 84eea1977632 src/auth/auth.c --- a/src/auth/auth.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/auth.c Fri Jan 09 11:15:56 2009 -0500 @@ -125,7 +125,7 @@ auth->mech_modules = list; } -static bool auth_passdb_list_have_plain(struct auth *auth) +static bool auth_passdb_list_have_verify_plain(struct auth *auth) { struct auth_passdb *passdb; @@ -136,7 +136,7 @@ return FALSE; } -static bool auth_passdb_list_have_credentials(struct auth *auth) +static bool auth_passdb_list_have_lookup_credentials(struct auth *auth) { struct auth_passdb *passdb; @@ -158,20 +158,38 @@ return FALSE; } +static bool +auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list) +{ + switch (list->module.passdb_need) { + case MECH_PASSDB_NEED_NOTHING: + break; + case MECH_PASSDB_NEED_VERIFY_PLAIN: + if (!auth_passdb_list_have_verify_plain(auth)) + return FALSE; + break; + case MECH_PASSDB_NEED_VERIFY_RESPONSE: + case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS: + if (!auth_passdb_list_have_lookup_credentials(auth)) + return FALSE; + break; + case MECH_PASSDB_NEED_SET_CREDENTIALS: + if (!auth_passdb_list_have_lookup_credentials(auth)) + return FALSE; + if (!auth_passdb_list_have_set_credentials(auth)) + return FALSE; + break; + } + return TRUE; +} + static void auth_mech_list_verify_passdb(struct auth *auth) { struct mech_module_list *list; for (list = auth->mech_modules; list != NULL; list = list->next) { - if (list->module.passdb_need_plain && - !auth_passdb_list_have_plain(auth)) + if (!auth_mech_verify_passdb(auth, list)) break; - if (list->module.passdb_need_credentials && - !auth_passdb_list_have_credentials(auth)) - break; - if (list->module.passdb_need_set_credentials && - !auth_passdb_list_have_set_credentials(auth)) - break; } if (list != NULL) { diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-anonymous.c --- a/src/auth/mech-anonymous.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-anonymous.c Fri Jan 09 11:15:56 2009 -0500 @@ -38,10 +38,7 @@ "ANONYMOUS", MEMBER(flags) MECH_SEC_ANONYMOUS, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_anonymous_auth_new, mech_generic_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-apop.c --- a/src/auth/mech-apop.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-apop.c Fri Jan 09 11:15:56 2009 -0500 @@ -155,10 +155,7 @@ "APOP", MEMBER(flags) MECH_SEC_PRIVATE | MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE, mech_apop_auth_new, mech_apop_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-cram-md5.c --- a/src/auth/mech-cram-md5.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-cram-md5.c Fri Jan 09 11:15:56 2009 -0500 @@ -178,10 +178,7 @@ "CRAM-MD5", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE, mech_cram_md5_auth_new, mech_cram_md5_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-digest-md5.c --- a/src/auth/mech-digest-md5.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-digest-md5.c Fri Jan 09 11:15:56 2009 -0500 @@ -603,10 +603,7 @@ MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE | MECH_SEC_MUTUAL_AUTH, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, mech_digest_md5_auth_new, mech_digest_md5_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-gssapi.c --- a/src/auth/mech-gssapi.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-gssapi.c Fri Jan 09 11:15:56 2009 -0500 @@ -543,10 +543,7 @@ "GSSAPI", MEMBER(flags) 0, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_gssapi_auth_new, mech_gssapi_auth_initial, @@ -561,10 +558,7 @@ "GSS-SPNEGO", MEMBER(flags) 0, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_gssapi_auth_new, mech_gssapi_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-login.c --- a/src/auth/mech-login.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-login.c Fri Jan 09 11:15:56 2009 -0500 @@ -67,10 +67,7 @@ "LOGIN", MEMBER(flags) MECH_SEC_PLAINTEXT, - - MEMBER(passdb_need_plain) TRUE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN, mech_login_auth_new, mech_login_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-ntlm.c --- a/src/auth/mech-ntlm.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-ntlm.c Fri Jan 09 11:15:56 2009 -0500 @@ -251,10 +251,7 @@ "NTLM", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, mech_ntlm_auth_new, mech_generic_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-otp.c --- a/src/auth/mech-otp.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-otp.c Fri Jan 09 11:15:56 2009 -0500 @@ -253,10 +253,7 @@ "OTP", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) TRUE, + MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS, mech_otp_auth_new, mech_generic_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-plain.c --- a/src/auth/mech-plain.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-plain.c Fri Jan 09 11:15:56 2009 -0500 @@ -79,10 +79,7 @@ "PLAIN", MEMBER(flags) MECH_SEC_PLAINTEXT, - - MEMBER(passdb_need_plain) TRUE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN, mech_plain_auth_new, mech_generic_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-rpa.c --- a/src/auth/mech-rpa.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-rpa.c Fri Jan 09 11:15:56 2009 -0500 @@ -602,10 +602,7 @@ MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE | MECH_SEC_MUTUAL_AUTH, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, mech_rpa_auth_new, mech_generic_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-skey.c --- a/src/auth/mech-skey.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-skey.c Fri Jan 09 11:15:56 2009 -0500 @@ -190,10 +190,7 @@ "SKEY", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) TRUE, + MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS, mech_skey_auth_new, mech_generic_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-winbind.c --- a/src/auth/mech-winbind.c Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech-winbind.c Fri Jan 09 11:15:56 2009 -0500 @@ -324,10 +324,7 @@ "NTLM", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_winbind_ntlm_auth_new, mech_generic_auth_initial, @@ -339,10 +336,7 @@ "GSS-SPNEGO", MEMBER(flags) 0, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_winbind_spnego_auth_new, mech_generic_auth_initial, diff -r 67f923c9988a -r 84eea1977632 src/auth/mech.h --- a/src/auth/mech.h Fri Jan 09 11:09:17 2009 -0500 +++ b/src/auth/mech.h Fri Jan 09 11:15:56 2009 -0500 @@ -20,13 +20,26 @@ /* Used only for string sanitization. */ #define MAX_MECH_NAME_LEN 64 +enum mech_passdb_need { + /* Mechanism doesn't need a passdb at all */ + MECH_PASSDB_NEED_NOTHING = 0, + /* Mechanism just needs to verify a given plaintext password */ + MECH_PASSDB_NEED_VERIFY_PLAIN, + /* Mechanism needs to verify a given challenge+response combination, + i.e. there is only a single response from client. + (Currently implemented the same as _LOOKUP_CREDENTIALS) */ + MECH_PASSDB_NEED_VERIFY_RESPONSE, + /* Mechanism needs to look up credentials with appropriate scheme */ + MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, + /* Mechanism needs to look up credentials and also modify them */ + MECH_PASSDB_NEED_SET_CREDENTIALS +}; + struct mech_module { const char *mech_name; - enum mech_security_flags flags; - unsigned int passdb_need_plain:1; - unsigned int passdb_need_credentials:1; - unsigned int passdb_need_set_credentials:1; + enum mech_security_flags flags; + enum mech_passdb_need passdb_need; struct auth_request *(*auth_new)(void); void (*auth_initial)(struct auth_request *request,