From: Timo Sirainen <tss@iki.fi>
Date: Wed, 13 Aug 2008 20:43:29 +0000 (-0400)
Subject: Renamed auth_ntlm_use_winbind to auth_use_winbind,
X-Git-Tag: 1.2.alpha1~66
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6e873f135368bcfdd1de4458dded791d0c4d00cd;p=thirdparty%2Fdovecot%2Fcore.git

Renamed auth_ntlm_use_winbind to auth_use_winbind,
which also determines if GSS-SPNEGO is handled by GSSAPI or winbind.

--HG--
branch : HEAD
---

diff --git a/dovecot-example.conf b/dovecot-example.conf
index 6910ca1ecb..47e6fd6a1a 100644
--- a/dovecot-example.conf
+++ b/dovecot-example.conf
@@ -786,9 +786,9 @@ protocol lda {
 # default (usually /etc/krb5.keytab) if not specified.
 #auth_krb5_keytab = 
 
-# Do NTLM authentication using Samba's winbind daemon and ntlm_auth helper.
-# <doc/wiki/Authentication/Mechanisms/Winbind.txt>
-#auth_ntlm_use_winbind = no
+# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
+# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
+#auth_use_winbind = no
 
 # Path for Samba's ntlm_auth helper binary.
 #auth_winbind_helper_path = /usr/bin/ntlm_auth
diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
index f88ad54cbf..d932e778d2 100644
--- a/src/auth/mech-gssapi.c
+++ b/src/auth/mech-gssapi.c
@@ -578,7 +578,8 @@ void mech_gssapi_init(void)
 {
 	mech_register_module(&mech_gssapi);
 #ifdef HAVE_GSSAPI_SPNEGO
-	mech_register_module(&mech_gssapi_spnego);
+	if (getenv("NTLM_USE_WINBIND") == NULL)
+		mech_register_module(&mech_gssapi_spnego);
 #endif
 }
 
@@ -586,7 +587,8 @@ void mech_gssapi_deinit(void)
 {
 	mech_unregister_module(&mech_gssapi);
 #ifdef HAVE_GSSAPI_SPNEGO
-	mech_unregister_module(&mech_gssapi_spnego);
+	if (getenv("NTLM_USE_WINBIND") == NULL)
+		mech_unregister_module(&mech_gssapi_spnego);
 #endif
 }
 #endif
diff --git a/src/auth/mech.c b/src/auth/mech.c
index f357602644..f1dc784751 100644
--- a/src/auth/mech.c
+++ b/src/auth/mech.c
@@ -88,20 +88,21 @@ void mech_init(void)
 	mech_register_module(&mech_apop);
 	mech_register_module(&mech_cram_md5);
 	mech_register_module(&mech_digest_md5);
-	if (getenv("NTLM_USE_WINBIND") != NULL)
+	if (getenv("USE_WINBIND") != NULL) {
 		mech_register_module(&mech_winbind_ntlm);
-	else
+		mech_register_module(&mech_winbind_spnego);
+	} else {
 		mech_register_module(&mech_ntlm);
-	mech_register_module(&mech_winbind_spnego);
+#if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
+		mech_register_module(&mech_gssapi_spnego);
+#endif
+	}
 	mech_register_module(&mech_otp);
 	mech_register_module(&mech_skey);
 	mech_register_module(&mech_rpa);
 	mech_register_module(&mech_anonymous);
 #ifdef BUILTIN_GSSAPI
 	mech_register_module(&mech_gssapi);
-#ifdef HAVE_GSSAPI_SPNEGO
-	mech_register_module(&mech_gssapi_spnego);
-#endif
 #endif
 }
 
@@ -112,19 +113,20 @@ void mech_deinit(void)
 	mech_unregister_module(&mech_apop);
 	mech_unregister_module(&mech_cram_md5);
 	mech_unregister_module(&mech_digest_md5);
-	if (getenv("NTLM_USE_WINBIND") != NULL)
+	if (getenv("NTLM_USE_WINBIND") != NULL) {
 		mech_unregister_module(&mech_winbind_ntlm);
-	else
+		mech_unregister_module(&mech_winbind_spnego);
+	} else {
 		mech_unregister_module(&mech_ntlm);
-	mech_unregister_module(&mech_winbind_spnego);
+#if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
+		mech_unregister_module(&mech_gssapi_spnego);
+#endif
+	}
 	mech_unregister_module(&mech_otp);
 	mech_unregister_module(&mech_skey);
 	mech_unregister_module(&mech_rpa);
 	mech_unregister_module(&mech_anonymous);
 #ifdef BUILTIN_GSSAPI
 	mech_unregister_module(&mech_gssapi);
-#ifdef HAVE_GSSAPI_SPNEGO
-	mech_unregister_module(&mech_gssapi_spnego);
-#endif
 #endif
 }
diff --git a/src/master/auth-process.c b/src/master/auth-process.c
index 9d185397e8..5846b54ba7 100644
--- a/src/master/auth-process.c
+++ b/src/master/auth-process.c
@@ -485,8 +485,8 @@ static void auth_set_environment(struct auth_settings *set)
 		env_put("SSL_REQUIRE_CLIENT_CERT=1");
 	if (set->ssl_username_from_cert)
 		env_put("SSL_USERNAME_FROM_CERT=1");
-	if (set->ntlm_use_winbind)
-		env_put("NTLM_USE_WINBIND=1");
+	if (set->use_winbind)
+		env_put("USE_WINBIND=1");
 	if (*set->krb5_keytab != '\0') {
 		/* Environment may be used by Kerberos 5 library directly,
 		   although we also try to use it directly as well */
diff --git a/src/master/master-settings.c b/src/master/master-settings.c
index 8d210b22eb..5caa67bdbe 100644
--- a/src/master/master-settings.c
+++ b/src/master/master-settings.c
@@ -90,7 +90,7 @@ static struct setting_def auth_setting_defs[] = {
 	DEF_BOOL(debug_passwords),
 	DEF_BOOL(ssl_require_client_cert),
 	DEF_BOOL(ssl_username_from_cert),
-	DEF_BOOL(ntlm_use_winbind),
+	DEF_BOOL(use_winbind),
 
 	DEF_INT(count),
 	DEF_INT(worker_max_count),
@@ -327,7 +327,7 @@ struct auth_settings default_auth_settings = {
 	MEMBER(debug_passwords) FALSE,
 	MEMBER(ssl_require_client_cert) FALSE,
 	MEMBER(ssl_username_from_cert) FALSE,
-	MEMBER(ntlm_use_winbind) FALSE,
+	MEMBER(use_winbind) FALSE,
 
 	MEMBER(count) 1,
 	MEMBER(worker_max_count) 30,
diff --git a/src/master/master-settings.h b/src/master/master-settings.h
index 8b4c339627..c055d352ab 100644
--- a/src/master/master-settings.h
+++ b/src/master/master-settings.h
@@ -217,7 +217,7 @@ struct auth_settings {
 	bool verbose, debug, debug_passwords;
 	bool ssl_require_client_cert;
 	bool ssl_username_from_cert;
-	bool ntlm_use_winbind;
+	bool use_winbind;
 
 	unsigned int count;
 	unsigned int worker_max_count;