Also add comments explaining what it actually does.
if (request->userdb_lookup) {
return e;
}
- e->add_str("credentials_scheme", request->credentials_scheme);
+ e->add_str("credentials_scheme", request->wanted_credentials_scheme);
e->add_str("realm", request->fields.realm);
if (request->policy_penalty > 0)
e->add_int("policy_penalty", request->policy_penalty);
}
auth_request_set_state(request, AUTH_REQUEST_STATE_PASSDB);
- request->credentials_scheme = NULL;
+ /* In case this request had already done a credentials lookup (is it
+ even possible?), make sure wanted_credentials_scheme is cleared
+ so passdbs don't think we're doing a credentials lookup. */
+ request->wanted_credentials_scheme = NULL;
if (passdb->passdb->iface.verify_plain == NULL) {
/* we're deinitializing and just want to get rid of this
credentials, size);
}
auth_request_lookup_credentials(request,
- request->credentials_scheme,
+ request->wanted_credentials_scheme,
request->private_callback.lookup_credentials);
} else {
if (request->fields.delayed_credentials != NULL && size == 0) {
i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
- if (request->credentials_scheme == NULL)
- request->credentials_scheme = p_strdup(request->pool, scheme);
+ if (request->wanted_credentials_scheme == NULL)
+ request->wanted_credentials_scheme =
+ p_strdup(request->pool, scheme);
request->user_changed_by_lookup = FALSE;
if (request->policy_processed || !request->set->policy_check_before_auth)
set_credentials_callback_t *set_credentials;
userdb_callback_t *userdb;
} private_callback;
- const char *credentials_scheme;
+ /* Used by passdb's credentials lookup to determine which scheme is
+ wanted by the caller. For example CRAM-MD5 SASL mechanism wants
+ CRAM-MD5 scheme for passwords.
+
+ When doing a PASS lookup (without authenticating), this is set to ""
+ to imply that caller accepts any kind of credentials. After the
+ credentials lookup is finished, this is set to the scheme that was
+ actually received.
+
+ Otherwise, this is kept as NULL. */
+ const char *wanted_credentials_scheme;
void *context;
if (request->user_changed_by_lookup)
str_append_tabescaped(str, request->fields.user);
str_append_c(str, '\t');
- if (request->credentials_scheme[0] != '\0') {
- str_printfa(str, "{%s.b64}", request->credentials_scheme);
+ if (request->wanted_credentials_scheme[0] != '\0') {
+ str_printfa(str, "{%s.b64}", request->wanted_credentials_scheme);
base64_encode(credentials, size, str);
} else {
i_assert(size == 0);
*error_r = "BUG: PASSL had missing parameters";
return FALSE;
}
- auth_request->credentials_scheme = p_strdup(auth_request->pool, scheme);
+ auth_request->wanted_credentials_scheme =
+ p_strdup(auth_request->pool, scheme);
while (auth_request->passdb->passdb->id != passdb_id) {
auth_request->passdb = auth_request->passdb->next;
special checkpassword program which knows how to
handle this. */
env_put("AUTHORIZED=1");
- if (request->credentials_scheme != NULL) {
+ if (request->wanted_credentials_scheme != NULL) {
/* passdb credentials lookup */
env_put("CREDENTIALS_LOOKUP=1");
env_put(t_strdup_printf("SCHEME=%s",
- request->credentials_scheme));
+ request->wanted_credentials_scheme));
}
}
checkpassword_setup_env(request);
str = t_str_new(128);
str_printfa(str, "PASSL\t%u\t", request->passdb->passdb->id);
- str_append_tabescaped(str, request->credentials_scheme);
+ str_append_tabescaped(str, request->wanted_credentials_scheme);
str_append_c(str, '\t');
auth_request_export(request, str);
}
scheme = password_get_scheme(&crypted_pass);
if (scheme == NULL)
- scheme = request->credentials_scheme;
+ scheme = request->wanted_credentials_scheme;
passdb_handle_credentials(PASSDB_RESULT_OK, crypted_pass, scheme,
callback, request);
i_assert(password == NULL || scheme != NULL);
}
- if (auth_request->credentials_scheme != NULL) {
+ if (auth_request->wanted_credentials_scheme != NULL) {
passdb_handle_credentials(passdb_result, password, scheme,
dict_request->callback.lookup_credentials,
auth_request);
/* auth_request_set_field() sets scheme */
i_assert(password == NULL || scheme != NULL);
- if (auth_request->credentials_scheme != NULL) {
+ if (auth_request->wanted_credentials_scheme != NULL) {
passdb_handle_credentials(passdb_result, password, scheme,
ldap_request->callback.lookup_credentials,
auth_request);
{
struct auth_request *auth_request = request->request.ldap.auth_request;
- if (auth_request->credentials_scheme != NULL) {
+ if (auth_request->wanted_credentials_scheme != NULL) {
request->callback.lookup_credentials(passdb_result, NULL, 0,
auth_request);
} else {
/* auth_request_set_field() sets scheme */
i_assert(password == NULL || scheme != NULL);
- if (auth_request->credentials_scheme != NULL) {
+ if (auth_request->wanted_credentials_scheme != NULL) {
passdb_handle_credentials(passdb_result, password, scheme,
sql_request->callback.lookup_credentials,
auth_request);
const char *input, const char *input_scheme,
const unsigned char **credentials_r, size_t *size_r)
{
- const char *wanted_scheme = auth_request->credentials_scheme;
+ const char *wanted_scheme = auth_request->wanted_credentials_scheme;
const char *plaintext, *error;
int ret;
struct password_generate_params pwd_gen_params;
}
if (*wanted_scheme == '\0') {
- /* anything goes. change the credentials_scheme to what we
- actually got, so blocking passdbs work. */
- auth_request->credentials_scheme =
+ /* anything goes. change the wanted_credentials_scheme to what
+ we actually got, so blocking passdbs work. */
+ auth_request->wanted_credentials_scheme =
p_strdup(auth_request->pool, t_strcut(input_scheme, '.'));
return TRUE;
}
if (!passdb_get_credentials(auth_request, password, scheme,
&credentials, &size))
result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
- } else if (*auth_request->credentials_scheme == '\0') {
+ } else if (*auth_request->wanted_credentials_scheme == '\0') {
/* We're doing a passdb lookup (not authenticating).
Pass through a NULL password without an error. */
} else if (auth_request->fields.delayed_credentials != NULL) {
} else {
e_info(authdb_event(auth_request),
"Requested %s scheme, but we have a NULL password",
- auth_request->credentials_scheme);
+ auth_request->wanted_credentials_scheme);
result = PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
}
projects / thirdparty / dovecot / core.git / commitdiff
