auth: Add and use auth_request_set_password_verified()

diff --git a/src/auth/auth-request-fields.c b/src/auth/auth-request-fields.c
index cd6409809161fabb07dca44aca6a51d281525389..e824d25b26f31ae0dda5876f69ffed01c0d16172 100644 (file)
--- a/src/auth/auth-request-fields.c
+++ b/src/auth/auth-request-fields.c
@@ -232,7 +232,7 @@ bool auth_request_import(struct auth_request *request,
        else if (strcmp(key, "successful") == 0)
                auth_request_set_auth_successful(request);
        else if (strcmp(key, "skip-password-check") == 0)
-               fields->skip_password_check = TRUE;
+               auth_request_set_password_verified(request);
        else if (strcmp(key, "delayed-credentials") == 0) {
                /* just make passdb_handle_credentials() work identically in
                   auth-worker as it does in auth-master. the worker shouldn't
@@ -437,3 +437,8 @@ void auth_request_set_auth_successful(struct auth_request *request)
 {
        request->fields.successful = TRUE;
 }
+
+void auth_request_set_password_verified(struct auth_request *request)
+{
+       request->fields.skip_password_check = TRUE;
+}

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 27eae077c493f2f96df927c31a81c1d03999d58e..6cb3479bc49913c16926630dd3e79eef72e56b29 100644 (file)
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -812,7 +812,7 @@ auth_request_handle_passdb_callback(enum passdb_result *result,
                if (*result == PASSDB_RESULT_OK) {
                        /* password was successfully verified. don't bother
                           checking it again. */
-                       request->fields.skip_password_check = TRUE;
+                       auth_request_set_password_verified(request);
                }
                break;
        case AUTH_DB_RULE_CONTINUE_OK:
@@ -820,7 +820,7 @@ auth_request_handle_passdb_callback(enum passdb_result *result,
                request->passdb_success = TRUE;
                /* password was successfully verified. don't bother
                   checking it again. */
-               request->fields.skip_password_check = TRUE;
+               auth_request_set_password_verified(request);
                break;
        case AUTH_DB_RULE_CONTINUE_FAIL:
                passdb_continue = TRUE;

diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h
index af682a6e9a06c6e4f43e8adb7bd140a175bdaa3a..94caecf6c6fa02cd5d0a738ba2d45fd6e9068ef2 100644 (file)
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -69,6 +69,10 @@ struct auth_request_fields {
           and such. There may still be some final delay or final SASL
           response. */
        bool successful:1;
+       /* Password was verified successfully by a passdb. The following
+          passdbs shouldn't attempt to verify the password again. Note that
+          this differs from passdb_success, which may be set to FALSE due to
+          the result_* rules. */
        bool skip_password_check:1;
 
        /* flags received from auth client: */
@@ -242,6 +246,8 @@ bool auth_request_set_login_username(struct auth_request *request,
 void auth_request_set_realm(struct auth_request *request, const char *realm);
 /* Request was fully successfully authenticated, including policy checks etc. */
 void auth_request_set_auth_successful(struct auth_request *request);
+/* Password was successfully verified by a passdb. */
+void auth_request_set_password_verified(struct auth_request *request);
 
 void auth_request_set_field(struct auth_request *request,
                            const char *name, const char *value,