dovecot-1.2: auth: Code cleanup for specifying what passdb featu...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Jan 9 18:17:28 EET 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/84eea1977632
changeset: 8605:84eea1977632
user: Timo Sirainen <tss at iki.fi>
date: Fri Jan 09 11:15:56 2009 -0500
description:
auth: Code cleanup for specifying what passdb features auth mechanisms need.
diffstat:
14 files changed, 59 insertions(+), 70 deletions(-)
src/auth/auth.c | 38 ++++++++++++++++++++++++++++----------
src/auth/mech-anonymous.c | 5 +----
src/auth/mech-apop.c | 5 +----
src/auth/mech-cram-md5.c | 5 +----
src/auth/mech-digest-md5.c | 5 +----
src/auth/mech-gssapi.c | 10 ++--------
src/auth/mech-login.c | 5 +----
src/auth/mech-ntlm.c | 5 +----
src/auth/mech-otp.c | 5 +----
src/auth/mech-plain.c | 5 +----
src/auth/mech-rpa.c | 5 +----
src/auth/mech-skey.c | 5 +----
src/auth/mech-winbind.c | 10 ++--------
src/auth/mech.h | 21 +++++++++++++++++----
diffs (truncated from 306 to 300 lines):
diff -r 67f923c9988a -r 84eea1977632 src/auth/auth.c
--- a/src/auth/auth.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/auth.c Fri Jan 09 11:15:56 2009 -0500
@@ -125,7 +125,7 @@ static void auth_mech_register(struct au
auth->mech_modules = list;
}
-static bool auth_passdb_list_have_plain(struct auth *auth)
+static bool auth_passdb_list_have_verify_plain(struct auth *auth)
{
struct auth_passdb *passdb;
@@ -136,7 +136,7 @@ static bool auth_passdb_list_have_plain(
return FALSE;
}
-static bool auth_passdb_list_have_credentials(struct auth *auth)
+static bool auth_passdb_list_have_lookup_credentials(struct auth *auth)
{
struct auth_passdb *passdb;
@@ -158,20 +158,38 @@ static int auth_passdb_list_have_set_cre
return FALSE;
}
+static bool
+auth_mech_verify_passdb(struct auth *auth, struct mech_module_list *list)
+{
+ switch (list->module.passdb_need) {
+ case MECH_PASSDB_NEED_NOTHING:
+ break;
+ case MECH_PASSDB_NEED_VERIFY_PLAIN:
+ if (!auth_passdb_list_have_verify_plain(auth))
+ return FALSE;
+ break;
+ case MECH_PASSDB_NEED_VERIFY_RESPONSE:
+ case MECH_PASSDB_NEED_LOOKUP_CREDENTIALS:
+ if (!auth_passdb_list_have_lookup_credentials(auth))
+ return FALSE;
+ break;
+ case MECH_PASSDB_NEED_SET_CREDENTIALS:
+ if (!auth_passdb_list_have_lookup_credentials(auth))
+ return FALSE;
+ if (!auth_passdb_list_have_set_credentials(auth))
+ return FALSE;
+ break;
+ }
+ return TRUE;
+}
+
static void auth_mech_list_verify_passdb(struct auth *auth)
{
struct mech_module_list *list;
for (list = auth->mech_modules; list != NULL; list = list->next) {
- if (list->module.passdb_need_plain &&
- !auth_passdb_list_have_plain(auth))
+ if (!auth_mech_verify_passdb(auth, list))
break;
- if (list->module.passdb_need_credentials &&
- !auth_passdb_list_have_credentials(auth))
- break;
- if (list->module.passdb_need_set_credentials &&
- !auth_passdb_list_have_set_credentials(auth))
- break;
}
if (list != NULL) {
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-anonymous.c
--- a/src/auth/mech-anonymous.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-anonymous.c Fri Jan 09 11:15:56 2009 -0500
@@ -38,10 +38,7 @@ const struct mech_module mech_anonymous
"ANONYMOUS",
MEMBER(flags) MECH_SEC_ANONYMOUS,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) FALSE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
mech_anonymous_auth_new,
mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-apop.c
--- a/src/auth/mech-apop.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-apop.c Fri Jan 09 11:15:56 2009 -0500
@@ -155,10 +155,7 @@ const struct mech_module mech_apop = {
"APOP",
MEMBER(flags) MECH_SEC_PRIVATE | MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) TRUE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
mech_apop_auth_new,
mech_apop_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-cram-md5.c
--- a/src/auth/mech-cram-md5.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-cram-md5.c Fri Jan 09 11:15:56 2009 -0500
@@ -178,10 +178,7 @@ const struct mech_module mech_cram_md5 =
"CRAM-MD5",
MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) TRUE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_RESPONSE,
mech_cram_md5_auth_new,
mech_cram_md5_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-digest-md5.c
--- a/src/auth/mech-digest-md5.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-digest-md5.c Fri Jan 09 11:15:56 2009 -0500
@@ -603,10 +603,7 @@ const struct mech_module mech_digest_md5
MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
MECH_SEC_MUTUAL_AUTH,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) TRUE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
mech_digest_md5_auth_new,
mech_digest_md5_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-gssapi.c
--- a/src/auth/mech-gssapi.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-gssapi.c Fri Jan 09 11:15:56 2009 -0500
@@ -543,10 +543,7 @@ const struct mech_module mech_gssapi = {
"GSSAPI",
MEMBER(flags) 0,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) FALSE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
mech_gssapi_auth_new,
mech_gssapi_auth_initial,
@@ -561,10 +558,7 @@ const struct mech_module mech_gssapi_spn
"GSS-SPNEGO",
MEMBER(flags) 0,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) FALSE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
mech_gssapi_auth_new,
mech_gssapi_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-login.c
--- a/src/auth/mech-login.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-login.c Fri Jan 09 11:15:56 2009 -0500
@@ -67,10 +67,7 @@ const struct mech_module mech_login = {
"LOGIN",
MEMBER(flags) MECH_SEC_PLAINTEXT,
-
- MEMBER(passdb_need_plain) TRUE,
- MEMBER(passdb_need_credentials) FALSE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
mech_login_auth_new,
mech_login_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-ntlm.c
--- a/src/auth/mech-ntlm.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-ntlm.c Fri Jan 09 11:15:56 2009 -0500
@@ -251,10 +251,7 @@ const struct mech_module mech_ntlm = {
"NTLM",
MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) TRUE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
mech_ntlm_auth_new,
mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-otp.c
--- a/src/auth/mech-otp.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-otp.c Fri Jan 09 11:15:56 2009 -0500
@@ -253,10 +253,7 @@ const struct mech_module mech_otp = {
"OTP",
MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) TRUE,
- MEMBER(passdb_need_set_credentials) TRUE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
mech_otp_auth_new,
mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-plain.c
--- a/src/auth/mech-plain.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-plain.c Fri Jan 09 11:15:56 2009 -0500
@@ -79,10 +79,7 @@ const struct mech_module mech_plain = {
"PLAIN",
MEMBER(flags) MECH_SEC_PLAINTEXT,
-
- MEMBER(passdb_need_plain) TRUE,
- MEMBER(passdb_need_credentials) FALSE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_VERIFY_PLAIN,
mech_plain_auth_new,
mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-rpa.c
--- a/src/auth/mech-rpa.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-rpa.c Fri Jan 09 11:15:56 2009 -0500
@@ -602,10 +602,7 @@ const struct mech_module mech_rpa = {
MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE |
MECH_SEC_MUTUAL_AUTH,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) TRUE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
mech_rpa_auth_new,
mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-skey.c
--- a/src/auth/mech-skey.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-skey.c Fri Jan 09 11:15:56 2009 -0500
@@ -190,10 +190,7 @@ const struct mech_module mech_skey = {
"SKEY",
MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) TRUE,
- MEMBER(passdb_need_set_credentials) TRUE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_SET_CREDENTIALS,
mech_skey_auth_new,
mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech-winbind.c
--- a/src/auth/mech-winbind.c Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech-winbind.c Fri Jan 09 11:15:56 2009 -0500
@@ -324,10 +324,7 @@ const struct mech_module mech_winbind_nt
"NTLM",
MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) FALSE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
mech_winbind_ntlm_auth_new,
mech_generic_auth_initial,
@@ -339,10 +336,7 @@ const struct mech_module mech_winbind_sp
"GSS-SPNEGO",
MEMBER(flags) 0,
-
- MEMBER(passdb_need_plain) FALSE,
- MEMBER(passdb_need_credentials) FALSE,
- MEMBER(passdb_need_set_credentials) FALSE,
+ MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
mech_winbind_spnego_auth_new,
mech_generic_auth_initial,
diff -r 67f923c9988a -r 84eea1977632 src/auth/mech.h
--- a/src/auth/mech.h Fri Jan 09 11:09:17 2009 -0500
+++ b/src/auth/mech.h Fri Jan 09 11:15:56 2009 -0500
@@ -20,13 +20,26 @@ typedef void mech_callback_t(struct auth
/* Used only for string sanitization. */
#define MAX_MECH_NAME_LEN 64
+enum mech_passdb_need {
+ /* Mechanism doesn't need a passdb at all */
+ MECH_PASSDB_NEED_NOTHING = 0,
+ /* Mechanism just needs to verify a given plaintext password */
+ MECH_PASSDB_NEED_VERIFY_PLAIN,
+ /* Mechanism needs to verify a given challenge+response combination,
+ i.e. there is only a single response from client.
+ (Currently implemented the same as _LOOKUP_CREDENTIALS) */
+ MECH_PASSDB_NEED_VERIFY_RESPONSE,
+ /* Mechanism needs to look up credentials with appropriate scheme */
+ MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
+ /* Mechanism needs to look up credentials and also modify them */
+ MECH_PASSDB_NEED_SET_CREDENTIALS
+};
+
struct mech_module {
const char *mech_name;
- enum mech_security_flags flags;
- unsigned int passdb_need_plain:1;
- unsigned int passdb_need_credentials:1;
More information about the dovecot-cvs
mailing list