*-login: Deduplicate shared SASL step handling code to login_proxy_sasl_step()

author Timo Sirainen <timo.sirainen@open-xchange.com>

Fri, 18 Jul 2025 11:13:23 +0000 (14:13 +0300)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Tue, 22 Jul 2025 06:18:51 +0000 (06:18 +0000)
author Timo Sirainen <timo.sirainen@open-xchange.com>
Fri, 18 Jul 2025 11:13:23 +0000 (14:13 +0300)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Tue, 22 Jul 2025 06:18:51 +0000 (06:18 +0000)
diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c

index e3d13a3c95c0aeed493710d4fd28a8c34990f24b..b8901625349a3f4b35ea101a90a3af5538987e67 100644 (file)
--- a/src/imap-login/imap-proxy.c
+++ b/src/imap-login/imap-proxy.c
@@ -330,9 +330,7 @@ int imap_proxy_parse_line(struct client *client, const char *line)
         struct imap_client *imap_client = (struct imap_client *)client;
         struct ostream *output;
         string_t *str;
-       const unsigned char *data;
-       size_t data_len;
-       const char *suffix, *error;
+       const char *suffix;
         int ret;
  
         i_assert(!client->destroyed);
@@ -364,24 +362,8 @@ int imap_proxy_parse_line(struct client *client, const char *line)
                                 LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
                         return -1;
                 }
-               enum dsasl_client_result sasl_res =
-                       dsasl_client_input(client->proxy_sasl_client,
-                                          str_data(str), str_len(str), &error);
-               if (sasl_res == DSASL_CLIENT_RESULT_OK) {
-                       sasl_res = dsasl_client_output(client->proxy_sasl_client,
-                                                      &data, &data_len, &error);
-               }
-               if (sasl_res != DSASL_CLIENT_RESULT_OK) {
-                       const char *reason = t_strdup_printf(
-                               "Invalid authentication data: %s", error);
-                       login_proxy_failed(client->login_proxy,
-                               login_proxy_get_event(client->login_proxy),
-                               LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+               if (login_proxy_sasl_step(client, str) < 0)
                         return -1;
-               }
-
-               str_truncate(str, 0);
-               base64_encode(data, data_len, str);
                 str_append(str, "\r\n");
  
                 imap_client->proxy_sent_state |= IMAP_PROXY_SENT_STATE_AUTH_CONTINUE;
diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c

index 26353dbdb01ebb9f93de0a33eac4f578e365cd1a..87cecdceea0030b58eb5cf13eba30d372a04c3c8 100644 (file)
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -12,12 +12,14 @@
  #include "iostream-ssl.h"
  #include "llist.h"
  #include "array.h"
+#include "base64.h"
  #include "hash.h"
  #include "str.h"
  #include "strescape.h"
  #include "time-util.h"
  #include "settings.h"
  #include "master-service.h"
+#include "dsasl-client.h"
  #include "client-common.h"
  #include "login-proxy-state.h"
  #include "login-proxy.h"
@@ -865,6 +867,32 @@ bool login_proxy_failed(struct login_proxy *proxy, struct event *event,
         return FALSE;
  }
  
+int login_proxy_sasl_step(struct client *client, string_t *str)
+{
+       const unsigned char *data;
+       size_t data_len;
+       const char *error;
+
+       enum dsasl_client_result sasl_res =
+               dsasl_client_input(client->proxy_sasl_client,
+                                  str_data(str), str_len(str), &error);
+       if (sasl_res == DSASL_CLIENT_RESULT_OK) {
+               sasl_res = dsasl_client_output(client->proxy_sasl_client,
+                                              &data, &data_len, &error);
+       }
+       if (sasl_res != DSASL_CLIENT_RESULT_OK) {
+               const char *reason = t_strdup_printf(
+                       "Invalid authentication data: %s", error);
+               login_proxy_failed(client->login_proxy,
+                                  login_proxy_get_event(client->login_proxy),
+                                  LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+               return -1;
+       }
+       str_truncate(str, 0);
+       base64_encode(data, data_len, str);
+       return 0;
+}
+
  bool login_proxy_is_ourself(const struct client *client, const char *host,
                             const struct ip_addr *hostip,
                             in_port_t port, const char *destuser)
diff --git a/src/login-common/login-proxy.h b/src/login-common/login-proxy.h

index e0b6199ed767b90b4ed1cf0b9b4fa081c567c866..7ce6a04838f4f32f9ae8729f39a8adb511da133a 100644 (file)
--- a/src/login-common/login-proxy.h
+++ b/src/login-common/login-proxy.h
@@ -101,6 +101,9 @@ void login_proxy_redirect_finish(struct login_proxy *proxy,
  bool login_proxy_failed(struct login_proxy *proxy, struct event *event,
                         enum login_proxy_failure_type type, const char *reason);
  
+/* Handle SASL input in str, and write the SASL output to str. */
+int login_proxy_sasl_step(struct client *client, string_t *str);
+
  /* Return TRUE if host/port/destuser combination points to same as current
     connection. */
  bool login_proxy_is_ourself(const struct client *client, const char *host,
diff --git a/src/pop3-login/pop3-proxy.c b/src/pop3-login/pop3-proxy.c

index cc5b9cb634e239932612a75422b10bc5127be0c8..39e1c8d3f3399534cc838c7a98a1b4e40dbf1528 100644 (file)
--- a/src/pop3-login/pop3-proxy.c
+++ b/src/pop3-login/pop3-proxy.c
@@ -117,9 +117,6 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output,
                               const char *line)
  {
         string_t *str;
-       const unsigned char *data;
-       size_t data_len;
-       const char *error;
  
         str = t_str_new(128);
         if (base64_decode(line, strlen(line), str) < 0) {
@@ -130,26 +127,9 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output,
                         LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
                 return -1;
         }
-       enum dsasl_client_result sasl_res =
-               dsasl_client_input(client->proxy_sasl_client,
-                                  str_data(str), str_len(str), &error);
-       if (sasl_res == DSASL_CLIENT_RESULT_OK) {
-               sasl_res = dsasl_client_output(client->proxy_sasl_client,
-                                              &data, &data_len, &error);
-       }
-       if (sasl_res != DSASL_CLIENT_RESULT_OK) {
-               const char *reason = t_strdup_printf(
-                       "Invalid authentication data: %s", error);
-               login_proxy_failed(client->login_proxy,
-                                  login_proxy_get_event(client->login_proxy),
-                                  LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+       if (login_proxy_sasl_step(client, str) < 0)
                 return -1;
-       }
-
-       str_truncate(str, 0);
-       base64_encode(data, data_len, str);
         str_append(str, "\r\n");
-
         o_stream_nsend(output, str_data(str), str_len(str));
         return 0;
  }
diff --git a/src/submission-login/submission-proxy.c b/src/submission-login/submission-proxy.c

index 99d78403f8319557010833f9f80178c70b32da84..abce3d5186af5ef87101ea95acf9653c949b482a 100644 (file)
--- a/src/submission-login/submission-proxy.c
+++ b/src/submission-login/submission-proxy.c
@@ -353,9 +353,6 @@ submission_proxy_continue_sasl_auth(struct client *client,
         struct submission_client *subm_client =
                 container_of(client, struct submission_client, common);
         string_t *str;
-       const unsigned char *data;
-       size_t data_len;
-       const char *error;
  
         if (!last_line) {
                 const char *reason = t_strdup_printf(
@@ -393,26 +390,9 @@ submission_proxy_continue_sasl_auth(struct client *client,
                 return -1;
         }
  
-       enum dsasl_client_result sasl_res =
-               dsasl_client_input(client->proxy_sasl_client,
-                                  str_data(str), str_len(str), &error);
-       if (sasl_res == DSASL_CLIENT_RESULT_OK) {
-               sasl_res = dsasl_client_output(client->proxy_sasl_client,
-                                              &data, &data_len, &error);
-       }
-       if (sasl_res != DSASL_CLIENT_RESULT_OK) {
-               const char *reason = t_strdup_printf(
-                       "Invalid authentication data: %s", error);
-               login_proxy_failed(client->login_proxy,
-                       login_proxy_get_event(client->login_proxy),
-                       LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+       if (login_proxy_sasl_step(client, str) < 0)
                 return -1;
-       }
-
-       str_truncate(str, 0);
-       base64_encode(data, data_len, str);
         str_append(str, "\r\n");
-
         o_stream_nsend(output, str_data(str), str_len(str));
         return 0;
  }
author	Timo Sirainen <timo.sirainen@open-xchange.com>
	Fri, 18 Jul 2025 11:13:23 +0000 (14:13 +0300)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Tue, 22 Jul 2025 06:18:51 +0000 (06:18 +0000)
src/imap-login/imap-proxy.c		patch \| blob \| blame \| history
src/login-common/login-proxy.c		patch \| blob \| blame \| history
src/login-common/login-proxy.h		patch \| blob \| blame \| history
src/pop3-login/pop3-proxy.c		patch \| blob \| blame \| history
src/submission-login/submission-proxy.c		patch \| blob \| blame \| history