const char *const *error_fields,
struct auth_request *request)
{
- struct oauth2_auth_request *oauth2_req =
- (struct oauth2_auth_request*)request;
const char *oidc_url;
i_assert(result == PASSDB_RESULT_OK || error_fields != NULL);
auth_request_success(request, "", 0);
break;
case PASSDB_RESULT_INTERNAL_FAILURE:
- auth_request_internal_failure(request);
- break;
+ request->internal_failure = TRUE;
+ /* fall through */
default:
/* we could get new token after this */
if (request->mech_password != NULL)
str_append_c(error, '"');
}
str_append_c(error, '}');
- auth_request_handler_reply_continue(request, str_data(error),
- str_len(error));
- oauth2_req->failed = TRUE;
+ auth_request_fail_with_reply(request, str_data(error), str_len(error));
break;
}
}
+static void mech_oauth2_verify_token(struct auth_request *request,
+ const char *token,
+ enum passdb_result result,
+ verify_plain_callback_t callback)
+{
+ i_assert(token != NULL);
+ if (result != PASSDB_RESULT_OK) {
+ request->passdb_result = result;
+ request->failed = TRUE;
+ }
+ auth_request_verify_plain(request, token, callback);
+}
+
static void
xoauth2_verify_callback(enum passdb_result result, struct auth_request *request)
{
const unsigned char *data,
size_t data_size)
{
- struct oauth2_auth_request *oauth2_req =
- (struct oauth2_auth_request*)request;
-
- /* Specification says that client is sent "invalid token" challenge
- which the client is supposed to ack with empty response */
- if (oauth2_req->failed) {
- auth_request_fail(request);
- return;
- }
-
/* split the data from ^A */
bool user_given = FALSE;
const char *error;
} else {
e_info(request->mech_event,
"Invalid continued data");
- auth_request_fail(request);
+ xoauth2_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
return;
}
}
if (user_given && !auth_request_set_username(request, username, &error)) {
e_info(request->mech_event,
"%s", error);
- auth_request_fail(request);
+ xoauth2_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
return;
}
if (user_given && token != NULL)
- auth_request_verify_plain(request, token,
- xoauth2_verify_callback);
+ mech_oauth2_verify_token(request, token, PASSDB_RESULT_OK,
+ xoauth2_verify_callback);
else {
e_info(request->mech_event, "Username or token missing");
- auth_request_fail(request);
+ xoauth2_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
}
}
const unsigned char *data,
size_t data_size)
{
- struct oauth2_auth_request *oauth2_req =
- (struct oauth2_auth_request*)request;
-
- if (oauth2_req->failed) {
- auth_request_fail(request);
- return;
- }
-
bool user_given = FALSE;
const char *error;
const char *username;
if (*fields == NULL || *(fields[0]) == '\0') {
e_info(request->mech_event,
"Invalid continued data");
- auth_request_fail(request);
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
return;
}
case 'f':
e_info(request->mech_event,
"Client requested non-standard mechanism");
- auth_request_fail(request);
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
return;
case 'p':
/* channel binding is not supported */
e_info(request->mech_event,
"Client requested and used channel-binding");
- auth_request_fail(request);
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
return;
case 'n':
case 'y':
!oauth2_unescape_username((*ptr)+2, &username)) {
e_info(request->mech_event,
"Invalid username escaping");
- auth_request_fail(request);
- return;
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
+ return;
} else {
user_given = TRUE;
}
default:
e_info(request->mech_event,
"Invalid gs2-header in request");
- auth_request_fail(request);
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
return;
}
}
} else {
e_info(request->mech_event,
"Invalid continued data");
- auth_request_fail(request);
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
return;
}
}
if (user_given && !auth_request_set_username(request, username, &error)) {
e_info(request->mech_event,
"%s", error);
- auth_request_fail(request);
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
return;
}
if (user_given && token != NULL)
- auth_request_verify_plain(request, token,
- oauthbearer_verify_callback);
+ mech_oauth2_verify_token(request, token, PASSDB_RESULT_OK,
+ oauthbearer_verify_callback);
else {
e_info(request->mech_event, "Missing username or token");
- auth_request_fail(request);
+ oauthbearer_verify_callback(PASSDB_RESULT_PASSWORD_MISMATCH,
+ request);
}
}
projects / thirdparty / dovecot / core.git / commitdiff
