Mercurial > dovecot > original-hg > dovecot-1.2

changeset 8605:84eea1977632 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: Code cleanup for specifying what passdb features auth mechanisms need.
author Timo Sirainen <tss@iki.fi>
date Fri, 09 Jan 2009 11:15:56 -0500
parents 67f923c9988a
children c1fea9e157c8
files src/auth/auth.c src/auth/mech-anonymous.c src/auth/mech-apop.c src/auth/mech-cram-md5.c src/auth/mech-digest-md5.c src/auth/mech-gssapi.c src/auth/mech-login.c src/auth/mech-ntlm.c src/auth/mech-otp.c src/auth/mech-plain.c src/auth/mech-rpa.c src/auth/mech-skey.c src/auth/mech-winbind.c src/auth/mech.h
diffstat 14 files changed, 59 insertions(+), 70 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/auth.c	Fri Jan 09 11:15:56 2009 -0500
@@ -125,7 +125,7 @@
 	auth->mech_modules = list;
 }
 
-static bool auth_passdb_list_have_plain(struct auth *auth)
+static bool auth_passdb_list_have_verify_plain(struct auth *auth)
 {
 	struct auth_passdb *passdb;
 
@@ -136,7 +136,7 @@
 	return FALSE;
 }
 
-static bool auth_passdb_list_have_credentials(struct auth *auth)
+static bool auth_passdb_list_have_lookup_credentials(struct auth *auth)
 {
 	struct auth_passdb *passdb;
 
@@ -158,20 +158,38 @@
 	return FALSE;
 }
 
+static bool
+auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list)
+{
+	switch (list->module.passdb_need) {
+	case MECH_PASSDB_NEED_NOTHING:
+		break;
+	case MECH_PASSDB_NEED_VERIFY_PLAIN:
+		if (!auth_passdb_list_have_verify_plain(auth))
+			return FALSE;
+		break;
+	case MECH_PASSDB_NEED_VERIFY_RESPONSE:
+	case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS:
+		if (!auth_passdb_list_have_lookup_credentials(auth))
+			return FALSE;
+		break;
+	case MECH_PASSDB_NEED_SET_CREDENTIALS:
+		if (!auth_passdb_list_have_lookup_credentials(auth))
+			return FALSE;
+		if (!auth_passdb_list_have_set_credentials(auth))
+			return FALSE;
+		break;
+	}
+	return TRUE;
+}
+
 static void auth_mech_list_verify_passdb(struct auth *auth)
 {
 	struct mech_module_list *list;
 
 	for (list = auth->mech_modules; list != NULL; list = list->next) {
-		if (list->module.passdb_need_plain &&
-		    !auth_passdb_list_have_plain(auth))
+		if (!auth_mech_verify_passdb(auth, list))
 			break;
-		if (list->module.passdb_need_credentials &&
-                    !auth_passdb_list_have_credentials(auth))
-			break;
- 		if (list->module.passdb_need_set_credentials &&
- 		    !auth_passdb_list_have_set_credentials(auth))
- 			break;
 	}
 
 	if (list != NULL) {
--- a/src/auth/mech-anonymous.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-anonymous.c	Fri Jan 09 11:15:56 2009 -0500
@@ -38,10 +38,7 @@
 	"ANONYMOUS",
 
 	MEMBER(flags) MECH_SEC_ANONYMOUS,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_anonymous_auth_new,
 	mech_generic_auth_initial,
--- a/src/auth/mech-apop.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-apop.c	Fri Jan 09 11:15:56 2009 -0500
@@ -155,10 +155,7 @@
 	"APOP",
 
 	MEMBER(flags) MECH_SEC_PRIVATE | MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
 
 	mech_apop_auth_new,
 	mech_apop_auth_initial,
--- a/src/auth/mech-cram-md5.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-cram-md5.c	Fri Jan 09 11:15:56 2009 -0500
@@ -178,10 +178,7 @@
 	"CRAM-MD5",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
 
 	mech_cram_md5_auth_new,
 	mech_cram_md5_auth_initial,
--- a/src/auth/mech-digest-md5.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-digest-md5.c	Fri Jan 09 11:15:56 2009 -0500
@@ -603,10 +603,7 @@
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
 		MECH_SEC_MUTUAL_AUTH,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
 	mech_digest_md5_auth_new,
 	mech_digest_md5_auth_initial,
--- a/src/auth/mech-gssapi.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-gssapi.c	Fri Jan 09 11:15:56 2009 -0500
@@ -543,10 +543,7 @@
 	"GSSAPI",
 
 	MEMBER(flags) 0,
-
-	MEMBER(passdb_need_plain) FALSE, 
-	MEMBER(passdb_need_credentials) FALSE, 
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_gssapi_auth_new,
 	mech_gssapi_auth_initial,
@@ -561,10 +558,7 @@
 	"GSS-SPNEGO",
 
 	MEMBER(flags) 0,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_gssapi_auth_new,
         mech_gssapi_auth_initial,
--- a/src/auth/mech-login.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-login.c	Fri Jan 09 11:15:56 2009 -0500
@@ -67,10 +67,7 @@
 	"LOGIN",
 
 	MEMBER(flags) MECH_SEC_PLAINTEXT,
-
-	MEMBER(passdb_need_plain) TRUE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
 
 	mech_login_auth_new,
 	mech_login_auth_initial,
--- a/src/auth/mech-ntlm.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-ntlm.c	Fri Jan 09 11:15:56 2009 -0500
@@ -251,10 +251,7 @@
 	"NTLM",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
 	mech_ntlm_auth_new,
 	mech_generic_auth_initial,
--- a/src/auth/mech-otp.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-otp.c	Fri Jan 09 11:15:56 2009 -0500
@@ -253,10 +253,7 @@
 	"OTP",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) TRUE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
 
 	mech_otp_auth_new,
 	mech_generic_auth_initial,
--- a/src/auth/mech-plain.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-plain.c	Fri Jan 09 11:15:56 2009 -0500
@@ -79,10 +79,7 @@
 	"PLAIN",
 
 	MEMBER(flags) MECH_SEC_PLAINTEXT,
-
-	MEMBER(passdb_need_plain) TRUE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
 
 	mech_plain_auth_new,
 	mech_generic_auth_initial,
--- a/src/auth/mech-rpa.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-rpa.c	Fri Jan 09 11:15:56 2009 -0500
@@ -602,10 +602,7 @@
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
 		MECH_SEC_MUTUAL_AUTH,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
 	mech_rpa_auth_new,
 	mech_generic_auth_initial,
--- a/src/auth/mech-skey.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-skey.c	Fri Jan 09 11:15:56 2009 -0500
@@ -190,10 +190,7 @@
 	"SKEY",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) TRUE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
 
 	mech_skey_auth_new,
 	mech_generic_auth_initial,
--- a/src/auth/mech-winbind.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-winbind.c	Fri Jan 09 11:15:56 2009 -0500
@@ -324,10 +324,7 @@
 	"NTLM",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_winbind_ntlm_auth_new,
 	mech_generic_auth_initial,
@@ -339,10 +336,7 @@
 	"GSS-SPNEGO",
 
 	MEMBER(flags) 0,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_winbind_spnego_auth_new,
 	mech_generic_auth_initial,
--- a/src/auth/mech.h	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech.h	Fri Jan 09 11:15:56 2009 -0500
@@ -20,13 +20,26 @@
 /* Used only for string sanitization. */
 #define MAX_MECH_NAME_LEN 64
 
+enum mech_passdb_need {
+	/* Mechanism doesn't need a passdb at all */
+	MECH_PASSDB_NEED_NOTHING = 0,
+	/* Mechanism just needs to verify a given plaintext password */
+	MECH_PASSDB_NEED_VERIFY_PLAIN,
+	/* Mechanism needs to verify a given challenge+response combination,
+	   i.e. there is only a single response from client.
+	   (Currently implemented the same as _LOOKUP_CREDENTIALS) */
+	MECH_PASSDB_NEED_VERIFY_RESPONSE,
+	/* Mechanism needs to look up credentials with appropriate scheme */
+	MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
+	/* Mechanism needs to look up credentials and also modify them */
+	MECH_PASSDB_NEED_SET_CREDENTIALS
+};
+
 struct mech_module {
 	const char *mech_name;
 
-        enum mech_security_flags flags;
-	unsigned int passdb_need_plain:1;
-	unsigned int passdb_need_credentials:1;
-	unsigned int passdb_need_set_credentials:1;
+	enum mech_security_flags flags;
+	enum mech_passdb_need passdb_need;
 
 	struct auth_request *(*auth_new)(void);
 	void (*auth_initial)(struct auth_request *request,