[dovecot-cvs] dovecot/src/auth auth-request.c, 1.97, 1.98 auth-request.h, 1.37, 1.38 auth-worker-client.c, 1.33, 1.34 mech-apop.c, 1.26, 1.27 mech-cram-md5.c, 1.27, 1.28 mech-digest-md5.c, 1.45, 1.46 mech-ntlm.c, 1.29, 1.30 mech-otp.c, 1.3, 1.4 mech-rpa.c, 1.30, 1.31 mech-skey.c, 1.3, 1.4 passdb-blocking.c, 1.17, 1.18 passdb-ldap.c, 1.61, 1.62 passdb-sql.c, 1.33, 1.34 passdb.c, 1.49, 1.50 passdb.h, 1.39, 1.40 password-scheme.c, 1.30, 1.31 password-scheme.h, 1.10, 1.11 userdb-static.c, 1.25, 1.26
tss at dovecot.org
tss at dovecot.org
Sun May 13 11:24:10 EEST 2007
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv5536
Modified Files:
auth-request.c auth-request.h auth-worker-client.c mech-apop.c
mech-cram-md5.c mech-digest-md5.c mech-ntlm.c mech-otp.c
mech-rpa.c mech-skey.c passdb-blocking.c passdb-ldap.c
passdb-sql.c passdb.c passdb.h password-scheme.c
password-scheme.h userdb-static.c
Log Message:
Removed enum passdb_credentials. Use scheme strings directly instead. This
makes it possible to implement new mechanisms in plugins.
Index: auth-request.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.c,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -d -r1.97 -r1.98
--- auth-request.c 11 May 2007 12:01:42 -0000 1.97
+++ auth-request.c 13 May 2007 08:24:06 -0000 1.98
@@ -34,7 +34,6 @@
request->refcount = 1;
request->last_access = ioloop_time;
- request->credentials = -1;
request->auth = auth;
request->mech = mech;
@@ -57,7 +56,6 @@
auth_request->auth = auth;
auth_request->passdb = auth->passdbs;
auth_request->userdb = auth->userdbs;
- auth_request->credentials = -1;
return auth_request;
}
@@ -440,7 +438,7 @@
}
request->state = AUTH_REQUEST_STATE_PASSDB;
- request->credentials = -1;
+ request->credentials_scheme = NULL;
if (passdb->blocking)
passdb_blocking_verify_plain(request);
@@ -457,7 +455,8 @@
{
if (!auth_request_handle_passdb_callback(&result, request)) {
/* try next passdb */
- auth_request_lookup_credentials(request, request->credentials,
+ auth_request_lookup_credentials(request,
+ request->credentials_scheme,
request->private_callback.lookup_credentials);
} else {
if (request->auth->verbose_debug_passwords &&
@@ -504,28 +503,28 @@
}
void auth_request_lookup_credentials(struct auth_request *request,
- enum passdb_credentials credentials,
+ const char *scheme,
lookup_credentials_callback_t *callback)
{
struct passdb_module *passdb = request->passdb->passdb;
- const char *cache_key, *password, *scheme;
+ const char *cache_key, *cache_cred, *cache_scheme;
enum passdb_result result;
i_assert(request->state == AUTH_REQUEST_STATE_MECH_CONTINUE);
- request->credentials = credentials;
+ request->credentials_scheme = p_strdup(request->pool, scheme);
request->private_callback.lookup_credentials = callback;
cache_key = passdb_cache == NULL ? NULL : passdb->cache_key;
if (cache_key != NULL) {
if (passdb_cache_lookup_credentials(request, cache_key,
- &password, &scheme,
+ &cache_cred, &cache_scheme,
&result, FALSE)) {
- password = result != PASSDB_RESULT_OK ? NULL :
- passdb_get_credentials(request, password,
- scheme);
+ cache_cred = result != PASSDB_RESULT_OK ? NULL :
+ passdb_get_credentials(request, cache_cred,
+ cache_scheme);
auth_request_lookup_credentials_callback_finish(
- result, password, request);
+ result, cache_cred, request);
return;
}
}
@@ -545,8 +544,7 @@
}
void auth_request_set_credentials(struct auth_request *request,
- enum passdb_credentials credentials,
- const char *data,
+ const char *scheme, const char *data,
set_credentials_callback_t *callback)
{
struct passdb_module *passdb = request->passdb->passdb;
@@ -558,9 +556,7 @@
request->private_callback.set_credentials = callback;
- new_credentials = t_strconcat("{",
- passdb_credentials_to_str(credentials, ""), "}", data, NULL);
-
+ new_credentials = t_strdup_printf("{%s}%s", scheme, data);
if (passdb->blocking)
passdb_blocking_set_credentials(request, new_credentials);
else if (passdb->iface.set_credentials != NULL) {
Index: auth-request.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-request.h,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -d -r1.37 -r1.38
--- auth-request.h 11 May 2007 12:01:42 -0000 1.37
+++ auth-request.h 13 May 2007 08:24:06 -0000 1.38
@@ -65,7 +65,7 @@
set_credentials_callback_t *set_credentials;
userdb_callback_t *userdb;
} private_callback;
- enum passdb_credentials credentials;
+ const char *credentials_scheme;
mech_callback_t *callback;
void *context;
@@ -115,7 +115,7 @@
const char *password,
verify_plain_callback_t *callback);
void auth_request_lookup_credentials(struct auth_request *request,
- enum passdb_credentials credentials,
+ const char *scheme,
lookup_credentials_callback_t *callback);
void auth_request_lookup_user(struct auth_request *request,
userdb_callback_t *callback);
@@ -160,8 +160,7 @@
const char *credentials,
struct auth_request *request);
void auth_request_set_credentials(struct auth_request *request,
- enum passdb_credentials credentials,
- const char *data,
+ const char *scheme, const char *data,
set_credentials_callback_t *callback);
void auth_request_userdb_callback(enum userdb_result result,
struct auth_stream_reply *reply,
Index: auth-worker-client.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/auth-worker-client.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- auth-worker-client.c 31 Mar 2007 04:41:55 -0000 1.33
+++ auth-worker-client.c 13 May 2007 08:24:06 -0000 1.34
@@ -181,8 +181,7 @@
str_printfa(str, "FAIL\t%d", result);
else {
str_printfa(str, "OK\t%s\t{%s}%s\t", request->user,
- passdb_credentials_to_str(request->credentials, ""),
- credentials);
+ request->credentials_scheme, credentials);
if (request->extra_fields != NULL) {
const char *field =
auth_stream_reply_export(request->extra_fields);
@@ -203,8 +202,7 @@
{
/* lookup credentials */
struct auth_request *auth_request;
- const char *credentials_str;
- enum passdb_credentials credentials;
+ const char *scheme;
unsigned int passdb_id;
passdb_id = atoi(t_strcut(args, '\t'));
@@ -215,14 +213,12 @@
}
args++;
- credentials_str = t_strcut(args, '\t');
+ scheme = t_strcut(args, '\t');
args = strchr(args, '\t');
if (args != NULL) args++;
- credentials = atoi(credentials_str);
-
auth_request = worker_auth_request_new(client, id, args);
- auth_request->credentials = credentials;
+ auth_request->credentials_scheme = p_strdup(auth_request->pool, scheme);
if (auth_request->user == NULL || auth_request->service == NULL) {
i_error("BUG: PASSL had missing parameters");
Index: mech-apop.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-apop.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- mech-apop.c 31 Mar 2007 04:41:55 -0000 1.26
+++ mech-apop.c 13 May 2007 08:24:06 -0000 1.27
@@ -133,8 +133,7 @@
memcpy(request->digest, tmp, sizeof(request->digest));
- auth_request_lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_PLAINTEXT,
+ auth_request_lookup_credentials(auth_request, "PLAIN",
apop_credentials_callback);
}
Index: mech-cram-md5.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-cram-md5.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- mech-cram-md5.c 31 Mar 2007 04:41:55 -0000 1.27
+++ mech-cram-md5.c 13 May 2007 08:24:06 -0000 1.28
@@ -142,8 +142,7 @@
if (auth_request_set_username(auth_request, request->username,
&error)) {
auth_request_lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_CRAM_MD5,
- credentials_callback);
+ "CRAM-MD5", credentials_callback);
return;
}
}
Index: mech-digest-md5.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-digest-md5.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- mech-digest-md5.c 31 Mar 2007 04:41:55 -0000 1.45
+++ mech-digest-md5.c 13 May 2007 08:24:06 -0000 1.46
@@ -569,8 +569,7 @@
if (auth_request_set_username(auth_request, username, &error)) {
auth_request_lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_DIGEST_MD5,
- credentials_callback);
+ "DIGEST-MD5", credentials_callback);
return;
}
}
Index: mech-ntlm.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-ntlm.c,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30
--- mech-ntlm.c 31 Mar 2007 04:41:55 -0000 1.29
+++ mech-ntlm.c 13 May 2007 08:24:06 -0000 1.30
@@ -175,7 +175,7 @@
/* NTLM credentials not found or didn't want to use them,
try with LM credentials */
- auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN,
+ auth_request_lookup_credentials(auth_request, "LANMAN",
lm_credentials_callback);
}
@@ -236,8 +236,7 @@
return;
}
- auth_request_lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_NTLM,
+ auth_request_lookup_credentials(auth_request, "NTLM",
ntlm_credentials_callback);
}
}
Index: mech-otp.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-otp.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- mech-otp.c 31 Mar 2007 04:41:55 -0000 1.3
+++ mech-otp.c 13 May 2007 08:24:06 -0000 1.4
@@ -86,8 +86,7 @@
break;
default:
/* OTP credentials not found, try S/KEY */
- auth_request_lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_OTP,
+ auth_request_lookup_credentials(auth_request, "OTP",
skey_credentials_callback);
break;
}
@@ -128,7 +127,7 @@
return;
}
- auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_OTP,
+ auth_request_lookup_credentials(auth_request, "OTP",
otp_credentials_callback);
}
@@ -161,8 +160,7 @@
memcpy(state->hash, hash, sizeof(state->hash));
- auth_request_set_credentials(auth_request,
- PASSDB_CREDENTIALS_OTP,
+ auth_request_set_credentials(auth_request, "OTP",
otp_print_dbentry(state),
otp_set_credentials_callback);
}
@@ -195,8 +193,7 @@
return;
}
- auth_request_set_credentials(auth_request,
- PASSDB_CREDENTIALS_OTP,
+ auth_request_set_credentials(auth_request, "OTP",
otp_print_dbentry(&new_state),
otp_set_credentials_callback);
}
Index: mech-rpa.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-rpa.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -d -r1.30 -r1.31
--- mech-rpa.c 31 Mar 2007 04:41:55 -0000 1.30
+++ mech-rpa.c 13 May 2007 08:24:06 -0000 1.31
@@ -528,7 +528,7 @@
return;
}
- auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_RPA,
+ auth_request_lookup_credentials(auth_request, "RPA",
rpa_credentials_callback);
}
Index: mech-skey.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-skey.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- mech-skey.c 31 Mar 2007 04:41:55 -0000 1.3
+++ mech-skey.c 13 May 2007 08:24:06 -0000 1.4
@@ -92,8 +92,7 @@
break;
default:
/* S/KEY credentials not found, try OTP */
- auth_request_lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_OTP,
+ auth_request_lookup_credentials(auth_request, "OTP",
otp_credentials_callback);
break;
}
@@ -113,7 +112,7 @@
return;
}
- auth_request_lookup_credentials(auth_request, PASSDB_CREDENTIALS_SKEY,
+ auth_request_lookup_credentials(auth_request, "SKEY",
skey_credentials_callback);
}
@@ -153,8 +152,7 @@
memcpy(state->hash, hash, sizeof(state->hash));
- auth_request_set_credentials(auth_request,
- PASSDB_CREDENTIALS_OTP,
+ auth_request_set_credentials(auth_request, "OTP",
otp_print_dbentry(state),
otp_set_credentials_callback);
}
Index: passdb-blocking.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-blocking.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- passdb-blocking.c 19 Feb 2007 19:59:48 -0000 1.17
+++ passdb-blocking.c 13 May 2007 08:24:06 -0000 1.18
@@ -151,8 +151,8 @@
request->master_user != NULL);
str = t_str_new(64);
- str_printfa(str, "PASSL\t%u\t%d\t",
- request->passdb->id, request->credentials);
+ str_printfa(str, "PASSL\t%u\t%s\t",
+ request->passdb->id, request->credentials_scheme);
auth_request_export(request, str);
auth_worker_call(request, str_c(str), lookup_credentials_callback);
Index: passdb-ldap.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-ldap.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -d -r1.61 -r1.62
--- passdb-ldap.c 17 Apr 2007 14:07:08 -0000 1.61
+++ passdb-ldap.c 13 May 2007 08:24:06 -0000 1.62
@@ -173,7 +173,7 @@
}
}
- if (auth_request->credentials != -1) {
+ if (auth_request->credentials_scheme != NULL) {
request->callback.lookup_credentials(passdb_result, NULL,
auth_request);
} else {
@@ -232,7 +232,7 @@
scheme = "PLAIN-MD5";
}
- if (auth_request->credentials != -1) {
+ if (auth_request->credentials_scheme != NULL) {
passdb_handle_credentials(passdb_result, password, scheme,
ldap_request->callback.lookup_credentials,
auth_request);
Index: passdb-sql.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb-sql.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- passdb-sql.c 31 Mar 2007 04:41:55 -0000 1.33
+++ passdb-sql.c 13 May 2007 08:24:06 -0000 1.34
@@ -100,7 +100,7 @@
/* auth_request_set_field() sets scheme */
i_assert(password == NULL || scheme != NULL);
- if (auth_request->credentials != -1) {
+ if (auth_request->credentials_scheme != NULL) {
passdb_handle_credentials(passdb_result, password, scheme,
sql_request->callback.lookup_credentials,
auth_request);
Index: passdb.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb.c,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- passdb.c 31 Mar 2007 04:41:55 -0000 1.49
+++ passdb.c 13 May 2007 08:24:06 -0000 1.50
@@ -54,55 +54,18 @@
};
const char *
-passdb_credentials_to_str(enum passdb_credentials credentials,
- const char *wanted_scheme)
-{
- switch (credentials) {
- case _PASSDB_CREDENTIALS_INTERNAL:
- break;
- case PASSDB_CREDENTIALS_PLAINTEXT:
- if (strcasecmp(wanted_scheme, "CLEARTEXT") == 0)
- return wanted_scheme;
- return "PLAIN";
- case PASSDB_CREDENTIALS_CRYPT:
- return "CRYPT";
- case PASSDB_CREDENTIALS_CRAM_MD5:
- if (strcasecmp(wanted_scheme, "HMAC-MD5") == 0)
- return wanted_scheme;
- return "CRAM-MD5";
- case PASSDB_CREDENTIALS_DIGEST_MD5:
- return "DIGEST-MD5";
- case PASSDB_CREDENTIALS_LANMAN:
- return "LANMAN";
- case PASSDB_CREDENTIALS_NTLM:
- return "NTLM";
- case PASSDB_CREDENTIALS_OTP:
- return "OTP";
- case PASSDB_CREDENTIALS_SKEY:
- return "SKEY";
- case PASSDB_CREDENTIALS_RPA:
- return "RPA";
- }
-
- return "??";
-}
-
-const char *
passdb_get_credentials(struct auth_request *auth_request,
const char *password, const char *scheme)
{
- const char *wanted_scheme;
+ const char *wanted_scheme = auth_request->credentials_scheme;
- if (auth_request->credentials == PASSDB_CREDENTIALS_CRYPT) {
+ if (strcasecmp(wanted_scheme, "CRYPT") == 0) {
/* anything goes */
return t_strdup_printf("{%s}%s", scheme, password);
}
- wanted_scheme = passdb_credentials_to_str(auth_request->credentials,
- scheme);
- if (strcasecmp(scheme, wanted_scheme) != 0) {
- if (strcasecmp(scheme, "PLAIN") != 0 &&
- strcasecmp(scheme, "CLEARTEXT") != 0) {
+ if (!password_scheme_is_alias(scheme, wanted_scheme)) {
+ if (!password_scheme_is_alias(scheme, "PLAIN")) {
auth_request_log_info(auth_request, "password",
"Requested %s scheme, but we have only %s",
wanted_scheme, scheme);
Index: passdb.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/passdb.h,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -d -r1.39 -r1.40
--- passdb.h 31 Mar 2007 04:41:55 -0000 1.39
+++ passdb.h 13 May 2007 08:24:06 -0000 1.40
@@ -6,20 +6,6 @@
struct auth_request;
-enum passdb_credentials {
- _PASSDB_CREDENTIALS_INTERNAL = -1,
-
- PASSDB_CREDENTIALS_PLAINTEXT,
- PASSDB_CREDENTIALS_CRYPT,
- PASSDB_CREDENTIALS_CRAM_MD5,
- PASSDB_CREDENTIALS_DIGEST_MD5,
- PASSDB_CREDENTIALS_LANMAN,
- PASSDB_CREDENTIALS_NTLM,
- PASSDB_CREDENTIALS_OTP,
- PASSDB_CREDENTIALS_SKEY,
- PASSDB_CREDENTIALS_RPA
-};
-
enum passdb_result {
PASSDB_RESULT_INTERNAL_FAILURE = -1,
PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2,
@@ -85,9 +71,6 @@
lookup_credentials_callback_t *callback,
struct auth_request *auth_request);
-const char *passdb_credentials_to_str(enum passdb_credentials credentials,
- const char *wanted_scheme);
-
struct auth_passdb *passdb_preinit(struct auth *auth, const char *driver,
const char *args, unsigned int id);
void passdb_init(struct auth_passdb *passdb);
Index: password-scheme.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -d -r1.30 -r1.31
--- password-scheme.c 17 Apr 2007 14:07:08 -0000 1.30
+++ password-scheme.c 13 May 2007 08:24:06 -0000 1.31
@@ -52,6 +52,25 @@
return (*listptr)++->name;
}
+bool password_scheme_is_alias(const char *scheme1, const char *scheme2)
+{
+ const struct password_scheme *s, *s1 = NULL, *s2 = NULL;
+
+ if (strcasecmp(scheme1, scheme2) == 0)
+ return TRUE;
+
+ for (s = schemes; s->name != NULL; s++) {
+ if (strcasecmp(s->name, scheme1) == 0)
+ s1 = s;
+ else if (strcasecmp(s->name, scheme2) == 0)
+ s2 = s;
+ }
+
+ /* if they've the same verify function, they're equivalent */
+ return s1 != NULL && s2 != NULL &&
+ s1->password_verify == s2->password_verify;
+}
+
const char *password_get_scheme(const char **password)
{
const char *p, *scheme;
Index: password-scheme.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/password-scheme.h,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- password-scheme.h 17 Apr 2007 14:07:08 -0000 1.10
+++ password-scheme.h 13 May 2007 08:24:06 -0000 1.11
@@ -25,6 +25,9 @@
/* Iterate through the list of password schemes, returning names */
const char *password_list_schemes(const struct password_scheme **listptr);
+/* Returns TRUE if schemes are equivalent. */
+bool password_scheme_is_alias(const char *scheme1, const char *scheme2);
+
void password_schemes_init(void);
void password_schemes_deinit(void);
Index: userdb-static.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/userdb-static.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- userdb-static.c 31 Mar 2007 04:41:55 -0000 1.25
+++ userdb-static.c 13 May 2007 08:24:06 -0000 1.26
@@ -116,8 +116,7 @@
auth_request->state = AUTH_REQUEST_STATE_MECH_CONTINUE;
auth_request->context = ctx;
- auth_request_lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_CRYPT,
+ auth_request_lookup_credentials(auth_request, "CRYPT",
static_credentials_callback);
} else {
static_lookup_real(auth_request, callback);
More information about the dovecot-cvs
mailing list