}
if (cmd->server->oauth2 == NULL) {
- if (db_oauth2_init(cmd->event, &cmd->server->oauth2, &error) < 0) {
+ if (db_oauth2_init(cmd->event, FALSE, &cmd->server->oauth2, &error) < 0) {
e_error(cmd->event, "%s", error);
auth_worker_handle_token_continue(db_req,
PASSDB_RESULT_INTERNAL_FAILURE, error,
DEF(STR, openid_configuration_url),
DEF(BOOL, force_introspection),
DEF(BOOL, send_auth_headers),
- DEF(BOOL, use_grant_password),
DEF(BOOL, use_worker_with_mech),
{ .type = SET_FILTER_NAME, .key = "oauth2_local_validation",
.required_setting = "dict", },
.issuers = ARRAY_INIT,
.openid_configuration_url = "",
.send_auth_headers = FALSE,
- .use_grant_password = FALSE,
.use_worker_with_mech = FALSE,
};
db->oauth2_set.client_id = db->set->client_id;
db->oauth2_set.client_secret = db->set->client_secret;
db->oauth2_set.send_auth_headers = db->set->send_auth_headers;
- db->oauth2_set.use_grant_password = db->set->use_grant_password;
if (!array_is_empty(&db->set->scope)) {
db->oauth2_set.scope =
p_array_const_string_join(db->pool, &db->set->scope, " ");
return 0;
}
-int db_oauth2_init(struct event *event, struct db_oauth2 **db_r,
+int db_oauth2_init(struct event *event, bool use_grant_password, struct db_oauth2 **db_r,
const char **error_r)
{
struct db_oauth2 *db;
}
for (db = db_oauth2_head; db != NULL; db = db->next) {
+ /* Ensure we do not match a db with one that is using
+ grant password, as that does not work with mech oauth2. */
if (settings_equal(&auth_oauth2_setting_parser_info, db->set,
- db_set, NULL))
+ db_set, NULL) &&
+ use_grant_password == db->oauth2_set.use_grant_password)
break;
}
db_oauth2_free(&db);
return -1;
}
+ db->oauth2_set.use_grant_password = use_grant_password;
*db_r = db;
return 0;
input.protocol = req->auth_request->fields.protocol;
if (db->oauth2_set.introspection_mode == INTROSPECTION_MODE_LOCAL &&
- !db_oauth2_uses_password_grant(db)) {
+ !db->oauth2_set.use_grant_password) {
/* try to validate token locally */
e_debug(authdb_event(req->auth_request),
"Attempting to locally validate token");
DLLIST_PREPEND(&db->head, req);
}
-bool db_oauth2_uses_password_grant(const struct db_oauth2 *db)
-{
- return db->set->use_grant_password;
-}
-
bool db_oauth2_use_worker(const struct db_oauth2 *db)
{
return db->set->use_worker_with_mech;
bool force_introspection;
/* Should we send service and local/remote endpoints as X-Dovecot-Auth headers */
bool send_auth_headers;
- bool use_grant_password;
bool use_worker_with_mech;
};
};
-int db_oauth2_init(struct event *event, struct db_oauth2 **db_r,
+int db_oauth2_init(struct event *event, bool use_grant_password, struct db_oauth2 **db_r,
const char **error_r);
-bool db_oauth2_uses_password_grant(const struct db_oauth2 *db);
bool db_oauth2_use_worker(const struct db_oauth2 *db);
const char *db_oauth2_get_openid_configuration_url(const struct db_oauth2 *db);
array_foreach_elem(&global_auth_settings->mechanisms, mech) {
if (strcasecmp(mech, mech_xoauth2.mech_name) == 0 ||
strcasecmp(mech, mech_oauthbearer.mech_name) == 0) {
- if (db_oauth2_init(auth_event, &db_oauth2, &error) < 0)
+ if (db_oauth2_init(auth_event, FALSE, &db_oauth2, &error) < 0)
i_fatal("Cannot initialize oauth2: %s", error);
}
}
struct oauth2_passdb_module *module;
module = p_new(pool, struct oauth2_passdb_module, 1);
- if (db_oauth2_init(event, &module->db, error_r) < 0)
+ if (db_oauth2_init(event, TRUE, &module->db, error_r) < 0)
return -1;
module->module.default_pass_scheme = "PLAIN";
-
- if (db_oauth2_uses_password_grant(module->db)) {
- module->module.default_cache_key = "%u";
- } else {
- module->module.default_cache_key = "%u%w";
- }
-
+ module->module.default_cache_key = "%u";
*module_r = &module->module;
return 0;
}
projects / thirdparty / dovecot / core.git / commitdiff
