dovecot-1.2: auth: Code cleanup for specifying what passdb featu...

Fri Jan 9 18:17:28 EET 2009

details:   http://hg.dovecot.org/dovecot-1.2/rev/84eea1977632
changeset: 8605:84eea1977632
user:      Timo Sirainen <tss at iki.fi>
date:      Fri Jan 09 11:15:56 2009 -0500
description:
auth: Code cleanup for specifying what passdb features auth mechanisms need.

diffstat:

14 files changed, 59 insertions(+), 70 deletions(-)
src/auth/auth.c            |   38 ++++++++++++++++++++++++++++----------
src/auth/mech-anonymous.c  |    5 +----
src/auth/mech-apop.c       |    5 +----
src/auth/mech-cram-md5.c   |    5 +----
src/auth/mech-digest-md5.c |    5 +----
src/auth/mech-gssapi.c     |   10 ++--------
src/auth/mech-login.c      |    5 +----
src/auth/mech-ntlm.c       |    5 +----
src/auth/mech-otp.c        |    5 +----
src/auth/mech-plain.c      |    5 +----
src/auth/mech-rpa.c        |    5 +----
src/auth/mech-skey.c       |    5 +----
src/auth/mech-winbind.c    |   10 ++--------
src/auth/mech.h            |   21 +++++++++++++++++----

diffs (truncated from 306 to 300 lines):

diff -r 67f923c9988a -r 84eea1977632 src/auth/auth.c

--- a/src/auth/auth.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/auth.c	Fri Jan 09 11:15:56 2009 -0500
@@ -125,7 +125,7 @@ static void auth_mech_register(struct au
 	auth->mech_modules = list;
 }
 
-static bool auth_passdb_list_have_plain(struct auth *auth)
+static bool auth_passdb_list_have_verify_plain(struct auth *auth)
 {
 	struct auth_passdb *passdb;
 
@@ -136,7 +136,7 @@ static bool auth_passdb_list_have_plain(
 	return FALSE;
 }
 
-static bool auth_passdb_list_have_credentials(struct auth *auth)
+static bool auth_passdb_list_have_lookup_credentials(struct auth *auth)
 {
 	struct auth_passdb *passdb;
 
@@ -158,20 +158,38 @@ static int auth_passdb_list_have_set_cre
 	return FALSE;
 }
 
+static bool
+auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list)
+{
+	switch (list->module.passdb_need) {
+	case MECH_PASSDB_NEED_NOTHING:
+		break;
+	case MECH_PASSDB_NEED_VERIFY_PLAIN:
+		if (!auth_passdb_list_have_verify_plain(auth))
+			return FALSE;
+		break;
+	case MECH_PASSDB_NEED_VERIFY_RESPONSE:
+	case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS:
+		if (!auth_passdb_list_have_lookup_credentials(auth))
+			return FALSE;
+		break;
+	case MECH_PASSDB_NEED_SET_CREDENTIALS:
+		if (!auth_passdb_list_have_lookup_credentials(auth))
+			return FALSE;
+		if (!auth_passdb_list_have_set_credentials(auth))
+			return FALSE;
+		break;
+	}
+	return TRUE;
+}
+
 static void auth_mech_list_verify_passdb(struct auth *auth)
 {
 	struct mech_module_list *list;
 
 	for (list = auth->mech_modules; list != NULL; list = list->next) {
-		if (list->module.passdb_need_plain &&
-		    !auth_passdb_list_have_plain(auth))
+		if (!auth_mech_verify_passdb(auth, list))
 			break;
-		if (list->module.passdb_need_credentials &&
-                    !auth_passdb_list_have_credentials(auth))
-			break;
- 		if (list->module.passdb_need_set_credentials &&
- 		    !auth_passdb_list_have_set_credentials(auth))
- 			break;
 	}
 
 	if (list != NULL) {
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-anonymous.c
--- a/src/auth/mech-anonymous.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-anonymous.c	Fri Jan 09 11:15:56 2009 -0500
@@ -38,10 +38,7 @@ const struct mech_module mech_anonymous 
 	"ANONYMOUS",
 
 	MEMBER(flags) MECH_SEC_ANONYMOUS,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_anonymous_auth_new,
 	mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-apop.c
--- a/src/auth/mech-apop.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-apop.c	Fri Jan 09 11:15:56 2009 -0500
@@ -155,10 +155,7 @@ const struct mech_module mech_apop = {
 	"APOP",
 
 	MEMBER(flags) MECH_SEC_PRIVATE | MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
 
 	mech_apop_auth_new,
 	mech_apop_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-cram-md5.c
--- a/src/auth/mech-cram-md5.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-cram-md5.c	Fri Jan 09 11:15:56 2009 -0500
@@ -178,10 +178,7 @@ const struct mech_module mech_cram_md5 =
 	"CRAM-MD5",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
 
 	mech_cram_md5_auth_new,
 	mech_cram_md5_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-digest-md5.c
--- a/src/auth/mech-digest-md5.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-digest-md5.c	Fri Jan 09 11:15:56 2009 -0500
@@ -603,10 +603,7 @@ const struct mech_module mech_digest_md5
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
 		MECH_SEC_MUTUAL_AUTH,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
 	mech_digest_md5_auth_new,
 	mech_digest_md5_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-gssapi.c
--- a/src/auth/mech-gssapi.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-gssapi.c	Fri Jan 09 11:15:56 2009 -0500
@@ -543,10 +543,7 @@ const struct mech_module mech_gssapi = {
 	"GSSAPI",
 
 	MEMBER(flags) 0,
-
-	MEMBER(passdb_need_plain) FALSE, 
-	MEMBER(passdb_need_credentials) FALSE, 
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_gssapi_auth_new,
 	mech_gssapi_auth_initial,
@@ -561,10 +558,7 @@ const struct mech_module mech_gssapi_spn
 	"GSS-SPNEGO",
 
 	MEMBER(flags) 0,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_gssapi_auth_new,
         mech_gssapi_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-login.c
--- a/src/auth/mech-login.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-login.c	Fri Jan 09 11:15:56 2009 -0500
@@ -67,10 +67,7 @@ const struct mech_module mech_login = {
 	"LOGIN",
 
 	MEMBER(flags) MECH_SEC_PLAINTEXT,
-
-	MEMBER(passdb_need_plain) TRUE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
 
 	mech_login_auth_new,
 	mech_login_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-ntlm.c
--- a/src/auth/mech-ntlm.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-ntlm.c	Fri Jan 09 11:15:56 2009 -0500
@@ -251,10 +251,7 @@ const struct mech_module mech_ntlm = {
 	"NTLM",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
 	mech_ntlm_auth_new,
 	mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-otp.c
--- a/src/auth/mech-otp.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-otp.c	Fri Jan 09 11:15:56 2009 -0500
@@ -253,10 +253,7 @@ const struct mech_module mech_otp = {
 	"OTP",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) TRUE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
 
 	mech_otp_auth_new,
 	mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-plain.c
--- a/src/auth/mech-plain.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-plain.c	Fri Jan 09 11:15:56 2009 -0500
@@ -79,10 +79,7 @@ const struct mech_module mech_plain = {
 	"PLAIN",
 
 	MEMBER(flags) MECH_SEC_PLAINTEXT,
-
-	MEMBER(passdb_need_plain) TRUE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
 
 	mech_plain_auth_new,
 	mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-rpa.c
--- a/src/auth/mech-rpa.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-rpa.c	Fri Jan 09 11:15:56 2009 -0500
@@ -602,10 +602,7 @@ const struct mech_module mech_rpa = {
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
 		MECH_SEC_MUTUAL_AUTH,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
 
 	mech_rpa_auth_new,
 	mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-skey.c
--- a/src/auth/mech-skey.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-skey.c	Fri Jan 09 11:15:56 2009 -0500
@@ -190,10 +190,7 @@ const struct mech_module mech_skey = {
 	"SKEY",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) TRUE,
-	MEMBER(passdb_need_set_credentials) TRUE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
 
 	mech_skey_auth_new,
 	mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-winbind.c
--- a/src/auth/mech-winbind.c	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-winbind.c	Fri Jan 09 11:15:56 2009 -0500
@@ -324,10 +324,7 @@ const struct mech_module mech_winbind_nt
 	"NTLM",
 
 	MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_winbind_ntlm_auth_new,
 	mech_generic_auth_initial,
@@ -339,10 +336,7 @@ const struct mech_module mech_winbind_sp
 	"GSS-SPNEGO",
 
 	MEMBER(flags) 0,
-
-	MEMBER(passdb_need_plain) FALSE,
-	MEMBER(passdb_need_credentials) FALSE,
-	MEMBER(passdb_need_set_credentials) FALSE,
+	MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
 
 	mech_winbind_spnego_auth_new,
 	mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech.h
--- a/src/auth/mech.h	Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech.h	Fri Jan 09 11:15:56 2009 -0500
@@ -20,13 +20,26 @@ typedef void mech_callback_t(struct auth
 /* Used only for string sanitization. */
 #define MAX_MECH_NAME_LEN 64
 
+enum mech_passdb_need {
+	/* Mechanism doesn't need a passdb at all */
+	MECH_PASSDB_NEED_NOTHING = 0,
+	/* Mechanism just needs to verify a given plaintext password */
+	MECH_PASSDB_NEED_VERIFY_PLAIN,
+	/* Mechanism needs to verify a given challenge+response combination,
+	   i.e. there is only a single response from client.
+	   (Currently implemented the same as _LOOKUP_CREDENTIALS) */
+	MECH_PASSDB_NEED_VERIFY_RESPONSE,
+	/* Mechanism needs to look up credentials with appropriate scheme */
+	MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
+	/* Mechanism needs to look up credentials and also modify them */
+	MECH_PASSDB_NEED_SET_CREDENTIALS
+};
+
 struct mech_module {
 	const char *mech_name;
 
-        enum mech_security_flags flags;
-	unsigned int passdb_need_plain:1;
-	unsigned int passdb_need_credentials:1;
