auth: Code cleanup for specifying what passdb features auth mechanisms need.

--HG--
branch : HEAD

diff --git a/src/auth/auth.c b/src/auth/auth.c
index 2a0e2ed9d016ab1e733bf9b00d94b3bd6b1e5b98..fc6cd62d26b32f26535ec3c8495b2dd8fde25277 100644 (file)
--- a/src/auth/auth.c
+++ b/src/auth/auth.c
@@ -125,7 +125,7 @@ static void auth_mech_register(struct auth *auth, const struct mech_module *mech
        auth->mech_modules = list;
 }
 
-static bool auth_passdb_list_have_plain(struct auth *auth)
+static bool auth_passdb_list_have_verify_plain(struct auth *auth)
 {
        struct auth_passdb *passdb;
 
@@ -136,7 +136,7 @@ static bool auth_passdb_list_have_plain(struct auth *auth)
        return FALSE;
 }
 
-static bool auth_passdb_list_have_credentials(struct auth *auth)
+static bool auth_passdb_list_have_lookup_credentials(struct auth *auth)
 {
        struct auth_passdb *passdb;
 
@@ -158,20 +158,38 @@ static int auth_passdb_list_have_set_credentials(struct auth *auth)
        return FALSE;
 }
 
+static bool
+auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list)
+{
+       switch (list->module.passdb_need) {
+       case MECH_PASSDB_NEED_NOTHING:
+               break;
+       case MECH_PASSDB_NEED_VERIFY_PLAIN:
+               if (!auth_passdb_list_have_verify_plain(auth))
+                       return FALSE;
+               break;
+       case MECH_PASSDB_NEED_VERIFY_RESPONSE:
+       case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS:
+               if (!auth_passdb_list_have_lookup_credentials(auth))
+                       return FALSE;
+               break;
+       case MECH_PASSDB_NEED_SET_CREDENTIALS:
+               if (!auth_passdb_list_have_lookup_credentials(auth))
+                       return FALSE;
+               if (!auth_passdb_list_have_set_credentials(auth))
+                       return FALSE;
+               break;
+       }
+       return TRUE;
+}
+
 static void auth_mech_list_verify_passdb(struct auth *auth)
 {
        struct mech_module_list *list;
 
        for (list = auth->mech_modules; list != NULL; list = list->next) {
-               if (list->module.passdb_need_plain &&
-                   !auth_passdb_list_have_plain(auth))
-                       break;
-               if (list->module.passdb_need_credentials &&
-                    !auth_passdb_list_have_credentials(auth))
+               if (!auth_mech_verify_passdb(auth, list))
                        break;
-               if (list->module.passdb_need_set_credentials &&
-                   !auth_passdb_list_have_set_credentials(auth))
-                       break;
        }
 
        if (list != NULL) {

diff --git a/src/auth/mech-anonymous.c b/src/auth/mech-anonymous.c
index ea643e6a590a4091f6f62e08a2bdc81454624681..1758020db0f63e3b510c0305b6017207a782d562 100644 (file)
--- a/src/auth/mech-anonymous.c
+++ b/src/auth/mech-anonymous.c
@@ -38,10 +38,7 @@ const struct mech_module mech_anonymous = {
        "ANONYMOUS",
 
        MEMBER(flags) MECH_SEC_ANONYMOUS,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) FALSE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
        mech_anonymous_auth_new,
        mech_generic_auth_initial,

diff --git a/src/auth/mech-apop.c b/src/auth/mech-apop.c
index 12e92f2fa9f1a86fc2f5fc4f5f614e872bfa5271..46d59b995fca344e7b204afc8e6e22323a9270c0 100644 (file)
--- a/src/auth/mech-apop.c
+++ b/src/auth/mech-apop.c
@@ -155,10 +155,7 @@ const struct mech_module mech_apop = {
        "APOP",
 
        MEMBER(flags) MECH_SEC_PRIVATE | MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) TRUE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
 
        mech_apop_auth_new,
        mech_apop_auth_initial,

diff --git a/src/auth/mech-cram-md5.c b/src/auth/mech-cram-md5.c
index 165e86f08b929071c54e92f1fe383cd8f7c40c0b..ca03016277690c3e9471d97ec94ad7d4c2293af4 100644 (file)
--- a/src/auth/mech-cram-md5.c
+++ b/src/auth/mech-cram-md5.c
@@ -178,10 +178,7 @@ const struct mech_module mech_cram_md5 = {
        "CRAM-MD5",
 
        MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) TRUE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
 
        mech_cram_md5_auth_new,
        mech_cram_md5_auth_initial,

diff --git a/src/auth/mech-digest-md5.c b/src/auth/mech-digest-md5.c
index 58ae8431e3cc4a4b83c19532876bb721f6798844..ca000b443e632d25eb82e0024cd14c257db476a1 100644 (file)
--- a/src/auth/mech-digest-md5.c
+++ b/src/auth/mech-digest-md5.c
@@ -603,10 +603,7 @@ const struct mech_module mech_digest_md5 = {
 
        MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
                MECH_SEC_MUTUAL_AUTH,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) TRUE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
        mech_digest_md5_auth_new,
        mech_digest_md5_auth_initial,

diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
index fe1199e2bf5048b81cb6f9ae268521f6bbd7c3ff..8d2c5ae8972ed011467fdb0f1e2e1bb5e8ef78f9 100644 (file)
--- a/src/auth/mech-gssapi.c
+++ b/src/auth/mech-gssapi.c
@@ -543,10 +543,7 @@ const struct mech_module mech_gssapi = {
        "GSSAPI",
 
        MEMBER(flags) 0,
-
-       MEMBER(passdb_need_plain) FALSE, 
-       MEMBER(passdb_need_credentials) FALSE, 
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
        mech_gssapi_auth_new,
        mech_gssapi_auth_initial,
@@ -561,10 +558,7 @@ const struct mech_module mech_gssapi_spnego = {
        "GSS-SPNEGO",
 
        MEMBER(flags) 0,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) FALSE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
        mech_gssapi_auth_new,
         mech_gssapi_auth_initial,

diff --git a/src/auth/mech-login.c b/src/auth/mech-login.c
index febb40cd44363fea65e2513740c448a1d4c2dd94..16de5d96402b7768ba018e945e8683b36cb5a866 100644 (file)
--- a/src/auth/mech-login.c
+++ b/src/auth/mech-login.c
@@ -67,10 +67,7 @@ const struct mech_module mech_login = {
        "LOGIN",
 
        MEMBER(flags) MECH_SEC_PLAINTEXT,
-
-       MEMBER(passdb_need_plain) TRUE,
-       MEMBER(passdb_need_credentials) FALSE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
 
        mech_login_auth_new,
        mech_login_auth_initial,

diff --git a/src/auth/mech-ntlm.c b/src/auth/mech-ntlm.c
index 7e22bce583424235972f219e12ab19965f1899f6..d4c3a4eefbec40f8208b7b80b2712ee9e5ca2d71 100644 (file)
--- a/src/auth/mech-ntlm.c
+++ b/src/auth/mech-ntlm.c
@@ -251,10 +251,7 @@ const struct mech_module mech_ntlm = {
        "NTLM",
 
        MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) TRUE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
        mech_ntlm_auth_new,
        mech_generic_auth_initial,

diff --git a/src/auth/mech-otp.c b/src/auth/mech-otp.c
index 128310e278af55d51956631236084f2300a1fd86..3a960b4d4d84b61f4e1eb6072455e4ca249cb035 100644 (file)
--- a/src/auth/mech-otp.c
+++ b/src/auth/mech-otp.c
@@ -253,10 +253,7 @@ const struct mech_module mech_otp = {
        "OTP",
 
        MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) TRUE,
-       MEMBER(passdb_need_set_credentials) TRUE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
 
        mech_otp_auth_new,
        mech_generic_auth_initial,

diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c
index e49b86794d181dc450f42da09fe5382b0f498d39..f282e8729df7eb8f2749f54f6c0b0ba38b1905e6 100644 (file)
--- a/src/auth/mech-plain.c
+++ b/src/auth/mech-plain.c
@@ -79,10 +79,7 @@ const struct mech_module mech_plain = {
        "PLAIN",
 
        MEMBER(flags) MECH_SEC_PLAINTEXT,
-
-       MEMBER(passdb_need_plain) TRUE,
-       MEMBER(passdb_need_credentials) FALSE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
 
        mech_plain_auth_new,
        mech_generic_auth_initial,

diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c
index 51f67ca042644ff85e94e899a4bbd54db249bef7..de41a2128ec744e962cbe47341cf44a1293af772 100644 (file)
--- a/src/auth/mech-rpa.c
+++ b/src/auth/mech-rpa.c
@@ -602,10 +602,7 @@ const struct mech_module mech_rpa = {
 
        MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
                MECH_SEC_MUTUAL_AUTH,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) TRUE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
        mech_rpa_auth_new,
        mech_generic_auth_initial,

diff --git a/src/auth/mech-skey.c b/src/auth/mech-skey.c
index bd736dc7a0a6fa66b0b510a3ba1fee9f1100f862..d4c5d19cadfc5cb00325e98ae451f0a8be67b99c 100644 (file)
--- a/src/auth/mech-skey.c
+++ b/src/auth/mech-skey.c
@@ -190,10 +190,7 @@ const struct mech_module mech_skey = {
        "SKEY",
 
        MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) TRUE,
-       MEMBER(passdb_need_set_credentials) TRUE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
 
        mech_skey_auth_new,
        mech_generic_auth_initial,

diff --git a/src/auth/mech-winbind.c b/src/auth/mech-winbind.c
index 249db165ead489665c8c29cecf7b27b483a3509e..2579854730f13427b7125d14bb9235ac542da817 100644 (file)
--- a/src/auth/mech-winbind.c
+++ b/src/auth/mech-winbind.c
@@ -324,10 +324,7 @@ const struct mech_module mech_winbind_ntlm = {
        "NTLM",
 
        MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) FALSE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
        mech_winbind_ntlm_auth_new,
        mech_generic_auth_initial,
@@ -339,10 +336,7 @@ const struct mech_module mech_winbind_spnego = {
        "GSS-SPNEGO",
 
        MEMBER(flags) 0,
-
-       MEMBER(passdb_need_plain) FALSE,
-       MEMBER(passdb_need_credentials) FALSE,
-       MEMBER(passdb_need_set_credentials) FALSE,
+       MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
        mech_winbind_spnego_auth_new,
        mech_generic_auth_initial,

diff --git a/src/auth/mech.h b/src/auth/mech.h
index 8cd2493afb488d9907cb43e68b6954a73ef98565..72327d2302a437c7546ef397f4c791e8b83d3476 100644 (file)
--- a/src/auth/mech.h
+++ b/src/auth/mech.h
@@ -20,13 +20,26 @@ typedef void mech_callback_t(struct auth_request *request,
 /* Used only for string sanitization. */
 #define MAX_MECH_NAME_LEN 64
 
+enum mech_passdb_need {
+       /* Mechanism doesn't need a passdb at all */
+       MECH_PASSDB_NEED_NOTHING = 0,
+       /* Mechanism just needs to verify a given plaintext password */
+       MECH_PASSDB_NEED_VERIFY_PLAIN,
+       /* Mechanism needs to verify a given challenge+response combination,
+          i.e. there is only a single response from client.
+          (Currently implemented the same as _LOOKUP_CREDENTIALS) */
+       MECH_PASSDB_NEED_VERIFY_RESPONSE,
+       /* Mechanism needs to look up credentials with appropriate scheme */
+       MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
+       /* Mechanism needs to look up credentials and also modify them */
+       MECH_PASSDB_NEED_SET_CREDENTIALS
+};
+
 struct mech_module {
        const char *mech_name;
 
-        enum mech_security_flags flags;
-       unsigned int passdb_need_plain:1;
-       unsigned int passdb_need_credentials:1;
-       unsigned int passdb_need_set_credentials:1;
+       enum mech_security_flags flags;
+       enum mech_passdb_need passdb_need;
 
        struct auth_request *(*auth_new)(void);
        void (*auth_initial)(struct auth_request *request,