From: Timo Sirainen Date: Fri, 9 Jan 2009 16:15:56 +0000 (-0500) Subject: auth: Code cleanup for specifying what passdb features auth mechanisms need. X-Git-Tag: 1.2.beta1~138 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ba8566b02903a4b00a39a611d19f421739a09456;p=thirdparty%2Fdovecot%2Fcore.git auth: Code cleanup for specifying what passdb features auth mechanisms need. --HG-- branch : HEAD --- diff --git a/src/auth/auth.c b/src/auth/auth.c index 2a0e2ed9d0..fc6cd62d26 100644 --- a/src/auth/auth.c +++ b/src/auth/auth.c @@ -125,7 +125,7 @@ static void auth_mech_register(struct auth *auth, const struct mech_module *mech auth->mech_modules = list; } -static bool auth_passdb_list_have_plain(struct auth *auth) +static bool auth_passdb_list_have_verify_plain(struct auth *auth) { struct auth_passdb *passdb; @@ -136,7 +136,7 @@ static bool auth_passdb_list_have_plain(struct auth *auth) return FALSE; } -static bool auth_passdb_list_have_credentials(struct auth *auth) +static bool auth_passdb_list_have_lookup_credentials(struct auth *auth) { struct auth_passdb *passdb; @@ -158,20 +158,38 @@ static int auth_passdb_list_have_set_credentials(struct auth *auth) return FALSE; } +static bool +auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list) +{ + switch (list->module.passdb_need) { + case MECH_PASSDB_NEED_NOTHING: + break; + case MECH_PASSDB_NEED_VERIFY_PLAIN: + if (!auth_passdb_list_have_verify_plain(auth)) + return FALSE; + break; + case MECH_PASSDB_NEED_VERIFY_RESPONSE: + case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS: + if (!auth_passdb_list_have_lookup_credentials(auth)) + return FALSE; + break; + case MECH_PASSDB_NEED_SET_CREDENTIALS: + if (!auth_passdb_list_have_lookup_credentials(auth)) + return FALSE; + if (!auth_passdb_list_have_set_credentials(auth)) + return FALSE; + break; + } + return TRUE; +} + static void auth_mech_list_verify_passdb(struct auth *auth) { struct mech_module_list *list; for (list = auth->mech_modules; list != NULL; list = list->next) { - if (list->module.passdb_need_plain && - !auth_passdb_list_have_plain(auth)) - break; - if (list->module.passdb_need_credentials && - !auth_passdb_list_have_credentials(auth)) + if (!auth_mech_verify_passdb(auth, list)) break; - if (list->module.passdb_need_set_credentials && - !auth_passdb_list_have_set_credentials(auth)) - break; } if (list != NULL) { diff --git a/src/auth/mech-anonymous.c b/src/auth/mech-anonymous.c index ea643e6a59..1758020db0 100644 --- a/src/auth/mech-anonymous.c +++ b/src/auth/mech-anonymous.c @@ -38,10 +38,7 @@ const struct mech_module mech_anonymous = { "ANONYMOUS", MEMBER(flags) MECH_SEC_ANONYMOUS, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_anonymous_auth_new, mech_generic_auth_initial, diff --git a/src/auth/mech-apop.c b/src/auth/mech-apop.c index 12e92f2fa9..46d59b995f 100644 --- a/src/auth/mech-apop.c +++ b/src/auth/mech-apop.c @@ -155,10 +155,7 @@ const struct mech_module mech_apop = { "APOP", MEMBER(flags) MECH_SEC_PRIVATE | MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE, mech_apop_auth_new, mech_apop_auth_initial, diff --git a/src/auth/mech-cram-md5.c b/src/auth/mech-cram-md5.c index 165e86f08b..ca03016277 100644 --- a/src/auth/mech-cram-md5.c +++ b/src/auth/mech-cram-md5.c @@ -178,10 +178,7 @@ const struct mech_module mech_cram_md5 = { "CRAM-MD5", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE, mech_cram_md5_auth_new, mech_cram_md5_auth_initial, diff --git a/src/auth/mech-digest-md5.c b/src/auth/mech-digest-md5.c index 58ae8431e3..ca000b443e 100644 --- a/src/auth/mech-digest-md5.c +++ b/src/auth/mech-digest-md5.c @@ -603,10 +603,7 @@ const struct mech_module mech_digest_md5 = { MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE | MECH_SEC_MUTUAL_AUTH, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, mech_digest_md5_auth_new, mech_digest_md5_auth_initial, diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c index fe1199e2bf..8d2c5ae897 100644 --- a/src/auth/mech-gssapi.c +++ b/src/auth/mech-gssapi.c @@ -543,10 +543,7 @@ const struct mech_module mech_gssapi = { "GSSAPI", MEMBER(flags) 0, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_gssapi_auth_new, mech_gssapi_auth_initial, @@ -561,10 +558,7 @@ const struct mech_module mech_gssapi_spnego = { "GSS-SPNEGO", MEMBER(flags) 0, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_gssapi_auth_new, mech_gssapi_auth_initial, diff --git a/src/auth/mech-login.c b/src/auth/mech-login.c index febb40cd44..16de5d9640 100644 --- a/src/auth/mech-login.c +++ b/src/auth/mech-login.c @@ -67,10 +67,7 @@ const struct mech_module mech_login = { "LOGIN", MEMBER(flags) MECH_SEC_PLAINTEXT, - - MEMBER(passdb_need_plain) TRUE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN, mech_login_auth_new, mech_login_auth_initial, diff --git a/src/auth/mech-ntlm.c b/src/auth/mech-ntlm.c index 7e22bce583..d4c3a4eefb 100644 --- a/src/auth/mech-ntlm.c +++ b/src/auth/mech-ntlm.c @@ -251,10 +251,7 @@ const struct mech_module mech_ntlm = { "NTLM", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, mech_ntlm_auth_new, mech_generic_auth_initial, diff --git a/src/auth/mech-otp.c b/src/auth/mech-otp.c index 128310e278..3a960b4d4d 100644 --- a/src/auth/mech-otp.c +++ b/src/auth/mech-otp.c @@ -253,10 +253,7 @@ const struct mech_module mech_otp = { "OTP", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) TRUE, + MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS, mech_otp_auth_new, mech_generic_auth_initial, diff --git a/src/auth/mech-plain.c b/src/auth/mech-plain.c index e49b86794d..f282e8729d 100644 --- a/src/auth/mech-plain.c +++ b/src/auth/mech-plain.c @@ -79,10 +79,7 @@ const struct mech_module mech_plain = { "PLAIN", MEMBER(flags) MECH_SEC_PLAINTEXT, - - MEMBER(passdb_need_plain) TRUE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN, mech_plain_auth_new, mech_generic_auth_initial, diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c index 51f67ca042..de41a2128e 100644 --- a/src/auth/mech-rpa.c +++ b/src/auth/mech-rpa.c @@ -602,10 +602,7 @@ const struct mech_module mech_rpa = { MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE | MECH_SEC_MUTUAL_AUTH, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, mech_rpa_auth_new, mech_generic_auth_initial, diff --git a/src/auth/mech-skey.c b/src/auth/mech-skey.c index bd736dc7a0..d4c5d19cad 100644 --- a/src/auth/mech-skey.c +++ b/src/auth/mech-skey.c @@ -190,10 +190,7 @@ const struct mech_module mech_skey = { "SKEY", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) TRUE, - MEMBER(passdb_need_set_credentials) TRUE, + MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS, mech_skey_auth_new, mech_generic_auth_initial, diff --git a/src/auth/mech-winbind.c b/src/auth/mech-winbind.c index 249db165ea..2579854730 100644 --- a/src/auth/mech-winbind.c +++ b/src/auth/mech-winbind.c @@ -324,10 +324,7 @@ const struct mech_module mech_winbind_ntlm = { "NTLM", MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_winbind_ntlm_auth_new, mech_generic_auth_initial, @@ -339,10 +336,7 @@ const struct mech_module mech_winbind_spnego = { "GSS-SPNEGO", MEMBER(flags) 0, - - MEMBER(passdb_need_plain) FALSE, - MEMBER(passdb_need_credentials) FALSE, - MEMBER(passdb_need_set_credentials) FALSE, + MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING, mech_winbind_spnego_auth_new, mech_generic_auth_initial, diff --git a/src/auth/mech.h b/src/auth/mech.h index 8cd2493afb..72327d2302 100644 --- a/src/auth/mech.h +++ b/src/auth/mech.h @@ -20,13 +20,26 @@ typedef void mech_callback_t(struct auth_request *request, /* Used only for string sanitization. */ #define MAX_MECH_NAME_LEN 64 +enum mech_passdb_need { + /* Mechanism doesn't need a passdb at all */ + MECH_PASSDB_NEED_NOTHING = 0, + /* Mechanism just needs to verify a given plaintext password */ + MECH_PASSDB_NEED_VERIFY_PLAIN, + /* Mechanism needs to verify a given challenge+response combination, + i.e. there is only a single response from client. + (Currently implemented the same as _LOOKUP_CREDENTIALS) */ + MECH_PASSDB_NEED_VERIFY_RESPONSE, + /* Mechanism needs to look up credentials with appropriate scheme */ + MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, + /* Mechanism needs to look up credentials and also modify them */ + MECH_PASSDB_NEED_SET_CREDENTIALS +}; + struct mech_module { const char *mech_name; - enum mech_security_flags flags; - unsigned int passdb_need_plain:1; - unsigned int passdb_need_credentials:1; - unsigned int passdb_need_set_credentials:1; + enum mech_security_flags flags; + enum mech_passdb_need passdb_need; struct auth_request *(*auth_new)(void); void (*auth_initial)(struct auth_request *request,