static bool
db_oauth2_template_export(struct db_oauth2_request *req,
- const char **error_r)
+ enum passdb_result *result_r, const char **error_r)
{
/* var=$ expands into var=${oauth2:var} */
const struct var_expand_func_table funcs_table[] = {
auth_fields_find(req->fields, args[i]));
if (var_expand_with_funcs(dest, args[i+1], table, funcs_table,
req, error_r) < 0) {
- req->result = PASSDB_RESULT_INTERNAL_FAILURE;
+ *result_r = PASSDB_RESULT_INTERNAL_FAILURE;
req->failed = TRUE;
return FALSE;
}
}
}
-static void db_oauth2_callback(struct db_oauth2_request *req, bool success,
+static void db_oauth2_callback(struct db_oauth2_request *req,
+ enum passdb_result result, bool success,
const char *error)
{
db_oauth2_lookup_callback_t *callback = req->callback;
req->callback = NULL;
- i_assert(req->result == PASSDB_RESULT_OK || (!success && error != NULL));
+ i_assert(result == PASSDB_RESULT_OK || (!success && error != NULL));
if (callback != NULL) {
DLLIST_REMOVE(&req->db->head, req);
- callback(req->db, success, req, error, req->context);
+ callback(req->db, result, success, req, error, req->context);
}
}
static bool
-db_oauth2_validate_username(struct db_oauth2_request *req, const char **error_r)
+db_oauth2_validate_username(struct db_oauth2_request *req,
+ enum passdb_result *result_r, const char **error_r)
{
const char *error;
struct var_expand_table table[] = {
auth_fields_find(req->fields, req->db->set.username_attribute);
if (username_value == NULL) {
- req->result = PASSDB_RESULT_INTERNAL_FAILURE;
+ *result_r = PASSDB_RESULT_INTERNAL_FAILURE;
req->failed = TRUE;
*error_r = "No username returned";
return FALSE;
var_expand(username_val, req->db->set.username_format, table, &error) < 0) {
*error_r = t_strdup_printf("var_expand(%s) failed: %s",
req->db->set.username_format, error);
- req->result = PASSDB_RESULT_INTERNAL_FAILURE;
+ *result_r = PASSDB_RESULT_INTERNAL_FAILURE;
req->failed = TRUE;
} else if (!str_equals(username_req, username_val)) {
*error_r = t_strdup_printf("Username '%s' did not match '%s'",
str_c(username_req), str_c(username_val));
- req->result = PASSDB_RESULT_USER_UNKNOWN;
+ *result_r = PASSDB_RESULT_USER_UNKNOWN;
req->failed = TRUE;
}
}
static bool
-db_oauth2_user_is_enabled(struct db_oauth2_request *req, const char **error_r)
+db_oauth2_user_is_enabled(struct db_oauth2_request *req,
+ enum passdb_result *result_r, const char **error_r)
{
if (*req->db->set.active_attribute != '\0') {
const char *active_value = auth_fields_find(req->fields, req->db->set.active_attribute);
(*req->db->set.active_value != '\0' &&
strcmp(req->db->set.active_value, active_value) != 0)) {
*error_r = "User account is not active";
- req->result = PASSDB_RESULT_USER_DISABLED;
+ *result_r = PASSDB_RESULT_USER_DISABLED;
req->failed = TRUE;
}
}
}
static bool
-db_oauth2_token_in_scope(struct db_oauth2_request *req, const char **error_r)
+db_oauth2_token_in_scope(struct db_oauth2_request *req,
+ enum passdb_result *result_r, const char **error_r)
{
if (*req->db->set.scope != '\0') {
bool found = FALSE;
if (!found) {
*error_r = t_strdup_printf("Token is not valid for scope '%s'",
req->db->set.scope);
- req->result = PASSDB_RESULT_USER_DISABLED;
+ *result_r = PASSDB_RESULT_USER_DISABLED;
req->failed = TRUE;
}
}
static void db_oauth2_process_fields(struct db_oauth2_request *req)
{
+ enum passdb_result result;
const char *error = NULL;
- if (db_oauth2_validate_username(req, &error) &&
- db_oauth2_user_is_enabled(req, &error) &&
- db_oauth2_token_in_scope(req, &error) &&
- db_oauth2_template_export(req, &error) &&
+ if (db_oauth2_validate_username(req, &result, &error) &&
+ db_oauth2_user_is_enabled(req, &result, &error) &&
+ db_oauth2_token_in_scope(req, &result, &error) &&
+ db_oauth2_template_export(req, &result, &error) &&
!req->failed) {
- req->result = PASSDB_RESULT_OK;
+ result = PASSDB_RESULT_OK;
} else {
- i_assert(req->result != PASSDB_RESULT_OK && error != NULL);
+ i_assert(result != PASSDB_RESULT_OK && error != NULL);
}
- db_oauth2_callback(req, !req->failed, error);
+ db_oauth2_callback(req, result, !req->failed, error);
}
static void
if (!result->success) {
/* fail here */
- req->result = PASSDB_RESULT_INTERNAL_FAILURE;
req->failed = TRUE;
- db_oauth2_callback(req, FALSE, result->error);
+ db_oauth2_callback(req, PASSDB_RESULT_INTERNAL_FAILURE, FALSE, result->error);
return;
}
db_oauth2_fields_merge(req, result->fields);
if (!result->success || !result->valid) {
/* no point going forward */
- req->result = result->success ?
+ enum passdb_result passdb_result = result->success ?
PASSDB_RESULT_PASSWORD_MISMATCH :
- PASSDB_RESULT_INTERNAL_FAILURE,
+ PASSDB_RESULT_INTERNAL_FAILURE;
req->failed = TRUE;
- db_oauth2_callback(req, FALSE, result->error == NULL ? "Invalid token" : result->error);
+ db_oauth2_callback(req, passdb_result, FALSE, result->error == NULL ? "Invalid token" : result->error);
return;
}
struct oauth2_request;
struct db_oauth2_request;
-typedef void db_oauth2_lookup_callback_t(struct db_oauth2 *db, bool success,
+typedef void db_oauth2_lookup_callback_t(struct db_oauth2 *db,
+ enum passdb_result result,
+ bool success,
struct db_oauth2_request *request,
const char *error,
void *context);
void *context;
verify_plain_callback_t *verify_callback;
- enum passdb_result result;
bool failed:1;
};
void db_oauth2_lookup(struct db_oauth2 *db, struct db_oauth2_request *req, const char *token, struct auth_request *request, db_oauth2_lookup_callback_t *callback, void *context);
#define db_oauth2_lookup(db, req, token, request, callback, context) \
db_oauth2_lookup(db, req, token + \
- CALLBACK_TYPECHECK(callback, void(*)(struct db_oauth2*, bool, struct db_oauth2_request *req, const char*, typeof(context))), \
+ CALLBACK_TYPECHECK(callback, void(*)(struct db_oauth2*, enum passdb_result, bool, struct db_oauth2_request *req, const char*, typeof(context))), \
request, (db_oauth2_lookup_callback_t*)callback, (void*)context)
#endif
projects / thirdparty / dovecot / core.git / commitdiff
