From: Stephan Bosch Date: Fri, 21 Feb 2025 16:19:19 +0000 (+0100) Subject: auth: mech-oauth2 - Reorder mechanism functions X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=266152db88dbd18a3f9410e05704c36722d95a3e;p=thirdparty%2Fdovecot%2Fcore.git auth: mech-oauth2 - Reorder mechanism functions Makes more sense this way. --- diff --git a/src/auth/mech-oauth2.c b/src/auth/mech-oauth2.c index a03e3dc996..31778e445d 100644 --- a/src/auth/mech-oauth2.c +++ b/src/auth/mech-oauth2.c @@ -214,74 +214,6 @@ mech_oauth2_verify_token(struct oauth2_auth_request *oauth2_req, } } -/* Input syntax: - user=Username^Aauth=Bearer token^A^A -*/ -static void -mech_xoauth2_auth_continue(struct auth_request *request, - const unsigned char *data, - size_t data_size) -{ - struct oauth2_auth_request *oauth2_req = - container_of(request, struct oauth2_auth_request, auth); - - if (oauth2_req->db == NULL) { - e_error(request->event, "BUG: oauth2 database missing"); - oauth2_fail(oauth2_req, 500, "internal_failure"); - return; - } - if (data_size == 0) { - oauth2_fail(oauth2_req, 401, "invalid_token"); - return; - } - - /* split the data from ^A */ - bool user_given = FALSE; - const char *value; - const char *error; - const char *token = NULL; - const char *const *ptr; - const char *username; - const char *const *fields = - t_strsplit(t_strndup(data, data_size), "\x01"); - - for (ptr = fields; *ptr != NULL; ptr++) { - if (str_begins(*ptr, "user=", &value)) { - /* xoauth2 does not require unescaping because the data - format does not contain anything to escape */ - username = value; - user_given = TRUE; - } else if (str_begins(*ptr, "auth=", &value)) { - if (str_begins_icase(value, "bearer ", &value) && - oauth2_valid_token(value)) { - token = value; - } else { - e_info(request->mech_event, - "Invalid continued data"); - oauth2_fail(oauth2_req, 401, "invalid_token"); - return; - } - } - /* do not fail on unexpected fields */ - } - - if (user_given && - !auth_request_set_username(request, username, &error)) { - e_info(request->mech_event, "%s", error); - oauth2_fail(oauth2_req, 400, "invalid_request"); - return; - } - if (user_given && token != NULL) - mech_oauth2_verify_token(oauth2_req, token); - else if (token == NULL) { - e_info(request->mech_event, "Missing token"); - oauth2_fail(oauth2_req, 401, "invalid_token"); - } else { - e_info(request->mech_event, "Missing username"); - oauth2_fail(oauth2_req, 401, "invalid_token"); - } -} - /* Input syntax for data: gs2flag,a=username,^Afield=...^Afield=...^Aauth=Bearer token^A^A */ @@ -386,6 +318,74 @@ mech_oauthbearer_auth_continue(struct auth_request *request, } } +/* Input syntax: + user=Username^Aauth=Bearer token^A^A +*/ +static void +mech_xoauth2_auth_continue(struct auth_request *request, + const unsigned char *data, + size_t data_size) +{ + struct oauth2_auth_request *oauth2_req = + container_of(request, struct oauth2_auth_request, auth); + + if (oauth2_req->db == NULL) { + e_error(request->event, "BUG: oauth2 database missing"); + oauth2_fail(oauth2_req, 500, "internal_failure"); + return; + } + if (data_size == 0) { + oauth2_fail(oauth2_req, 401, "invalid_token"); + return; + } + + /* split the data from ^A */ + bool user_given = FALSE; + const char *value; + const char *error; + const char *token = NULL; + const char *const *ptr; + const char *username; + const char *const *fields = + t_strsplit(t_strndup(data, data_size), "\x01"); + + for (ptr = fields; *ptr != NULL; ptr++) { + if (str_begins(*ptr, "user=", &value)) { + /* xoauth2 does not require unescaping because the data + format does not contain anything to escape */ + username = value; + user_given = TRUE; + } else if (str_begins(*ptr, "auth=", &value)) { + if (str_begins_icase(value, "bearer ", &value) && + oauth2_valid_token(value)) { + token = value; + } else { + e_info(request->mech_event, + "Invalid continued data"); + oauth2_fail(oauth2_req, 401, "invalid_token"); + return; + } + } + /* do not fail on unexpected fields */ + } + + if (user_given && + !auth_request_set_username(request, username, &error)) { + e_info(request->mech_event, "%s", error); + oauth2_fail(oauth2_req, 400, "invalid_request"); + return; + } + if (user_given && token != NULL) + mech_oauth2_verify_token(oauth2_req, token); + else if (token == NULL) { + e_info(request->mech_event, "Missing token"); + oauth2_fail(oauth2_req, 401, "invalid_token"); + } else { + e_info(request->mech_event, "Missing username"); + oauth2_fail(oauth2_req, 401, "invalid_token"); + } +} + static struct auth_request *mech_oauth2_auth_new(void) { struct oauth2_auth_request *request;