From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Sat, 4 Mar 2023 22:44:37 +0000 (+0100)
Subject: auth: sasl-server - Add enum sasl_passdb_result_status and use it in the mechanisms
X-Git-Tag: 2.4.2~267
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55df91e6b429943cfecd44db78b82aa658cea2ab;p=thirdparty%2Fdovecot%2Fcore.git

auth: sasl-server - Add enum sasl_passdb_result_status and use it in the mechanisms
---

diff --git a/src/auth/sasl-server-mech-cram-md5.c b/src/auth/sasl-server-mech-cram-md5.c
index a5f0558965..4059e690d3 100644
--- a/src/auth/sasl-server-mech-cram-md5.c
+++ b/src/auth/sasl-server-mech-cram-md5.c
@@ -115,10 +115,10 @@ credentials_callback(enum passdb_result result,
 		     struct auth_request *auth_request)
 {
 	switch (result) {
-	case PASSDB_RESULT_OK:
+	case SASL_PASSDB_RESULT_OK:
 		verify_credentials(auth_request, credentials, size);
 		break;
-	case PASSDB_RESULT_INTERNAL_FAILURE:
+	case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
 		sasl_server_request_internal_failure(auth_request);
 		break;
 	default:
diff --git a/src/auth/sasl-server-mech-digest-md5.c b/src/auth/sasl-server-mech-digest-md5.c
index 710f6994ab..18230157b8 100644
--- a/src/auth/sasl-server-mech-digest-md5.c
+++ b/src/auth/sasl-server-mech-digest-md5.c
@@ -534,10 +534,10 @@ credentials_callback(enum passdb_result result,
 		     struct auth_request *auth_request)
 {
 	switch (result) {
-	case PASSDB_RESULT_OK:
+	case SASL_PASSDB_RESULT_OK:
 		verify_credentials(auth_request, credentials, size);
 		break;
-	case PASSDB_RESULT_INTERNAL_FAILURE:
+	case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
 		sasl_server_request_internal_failure(auth_request);
 		break;
 	default:
diff --git a/src/auth/sasl-server-mech-gssapi.c b/src/auth/sasl-server-mech-gssapi.c
index 20067559cb..d02b943638 100644
--- a/src/auth/sasl-server-mech-gssapi.c
+++ b/src/auth/sasl-server-mech-gssapi.c
@@ -507,19 +507,19 @@ gssapi_credentials_callback(enum passdb_result result,
 	   does not strictly require a passdb. But if a passdb is configured,
 	   now the k5principals field will have been filled in. */
 	switch (result) {
-	case PASSDB_RESULT_INTERNAL_FAILURE:
+	case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
 		sasl_server_request_internal_failure(auth_request);
 		return;
-	case PASSDB_RESULT_USER_DISABLED:
-	case PASSDB_RESULT_PASS_EXPIRED:
+	case SASL_PASSDB_RESULT_USER_DISABLED:
+	case SASL_PASSDB_RESULT_PASS_EXPIRED:
 		/* User is explicitly disabled, don't allow it to log in */
 		sasl_server_request_failure(auth_request);
 		return;
-	case PASSDB_RESULT_NEXT:
-	case PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
-	case PASSDB_RESULT_USER_UNKNOWN:
-	case PASSDB_RESULT_PASSWORD_MISMATCH:
-	case PASSDB_RESULT_OK:
+	case PASSDB_RESULT_NEXT: /* FIXME: To be removed */
+	case SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
+	case SASL_PASSDB_RESULT_USER_UNKNOWN:
+	case SASL_PASSDB_RESULT_PASSWORD_MISMATCH:
+	case SASL_PASSDB_RESULT_OK:
 		break;
 	}
 
diff --git a/src/auth/sasl-server-mech-otp.c b/src/auth/sasl-server-mech-otp.c
index 6206300ac8..92214d408c 100644
--- a/src/auth/sasl-server-mech-otp.c
+++ b/src/auth/sasl-server-mech-otp.c
@@ -118,10 +118,10 @@ otp_credentials_callback(enum passdb_result result,
 			     auth_request);
 
 	switch (result) {
-	case PASSDB_RESULT_OK:
+	case SASL_PASSDB_RESULT_OK:
 		otp_send_challenge(request, credentials, size);
 		break;
-	case PASSDB_RESULT_INTERNAL_FAILURE:
+	case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
 		sasl_server_request_internal_failure(auth_request);
 		break;
 	default:
diff --git a/src/auth/sasl-server-mech-plain-common.c b/src/auth/sasl-server-mech-plain-common.c
index e18981aaad..d2bdb90f6e 100644
--- a/src/auth/sasl-server-mech-plain-common.c
+++ b/src/auth/sasl-server-mech-plain-common.c
@@ -9,10 +9,10 @@ void sasl_server_mech_plain_verify_callback(enum passdb_result result,
 					    struct auth_request *request)
 {
 	switch (result) {
-	case PASSDB_RESULT_OK:
+	case SASL_PASSDB_RESULT_OK:
 		sasl_server_request_success(request, "", 0);
 		break;
-	case PASSDB_RESULT_INTERNAL_FAILURE:
+	case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
 		sasl_server_request_internal_failure(request);
 		break;
 	default:
diff --git a/src/auth/sasl-server-mech-scram.c b/src/auth/sasl-server-mech-scram.c
index 4baf20643f..3c71f4d839 100644
--- a/src/auth/sasl-server-mech-scram.c
+++ b/src/auth/sasl-server-mech-scram.c
@@ -32,7 +32,7 @@ credentials_callback(enum passdb_result result,
 	bool end;
 
 	switch (result) {
-	case PASSDB_RESULT_OK:
+	case SASL_PASSDB_RESULT_OK:
 		if (auth_scram_credentials_parse(key_data->hmethod,
 						 request->password_scheme,
 						 credentials, size,
@@ -51,7 +51,7 @@ credentials_callback(enum passdb_result result,
 		i_assert(!end);
 		sasl_server_request_output(auth_request, output, output_len);
 		break;
-	case PASSDB_RESULT_INTERNAL_FAILURE:
+	case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
 		sasl_server_request_internal_failure(auth_request);
 		break;
 	default:
diff --git a/src/auth/sasl-server.h b/src/auth/sasl-server.h
index e45266310f..3ace2c29a0 100644
--- a/src/auth/sasl-server.h
+++ b/src/auth/sasl-server.h
@@ -5,6 +5,18 @@
 
 #include "sasl-common.h"
 
+enum sasl_passdb_result_status {
+	SASL_PASSDB_RESULT_INTERNAL_FAILURE = PASSDB_RESULT_INTERNAL_FAILURE,
+	SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE = PASSDB_RESULT_SCHEME_NOT_AVAILABLE,
+
+	SASL_PASSDB_RESULT_USER_UNKNOWN = PASSDB_RESULT_USER_UNKNOWN,
+	SASL_PASSDB_RESULT_USER_DISABLED = PASSDB_RESULT_USER_DISABLED,
+	SASL_PASSDB_RESULT_PASS_EXPIRED = PASSDB_RESULT_PASS_EXPIRED,
+
+	SASL_PASSDB_RESULT_PASSWORD_MISMATCH = PASSDB_RESULT_PASSWORD_MISMATCH,
+	SASL_PASSDB_RESULT_OK = PASSDB_RESULT_OK,
+};
+
 enum mech_passdb_need {
 	/* Mechanism doesn't need a passdb at all */
 	MECH_PASSDB_NEED_NOTHING = 0,