From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Sun, 5 Nov 2023 21:29:34 +0000 (+0100)
Subject: lib-auth: auth-scram-client - Use settings struct
X-Git-Tag: 2.4.0~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d0222c6f9307d769f44851aa4636ebb30c37e3c;p=thirdparty%2Fdovecot%2Fcore.git

lib-auth: auth-scram-client - Use settings struct
---

diff --git a/src/lib-auth/auth-scram-client.c b/src/lib-auth/auth-scram-client.c
index 128096cf72..3c7767694a 100644
--- a/src/lib-auth/auth-scram-client.c
+++ b/src/lib-auth/auth-scram-client.c
@@ -21,26 +21,21 @@
 #define SCRAM_MAX_ITERATE_COUNT (128 * 4096)
 
 void auth_scram_client_init(struct auth_scram_client *client_r, pool_t pool,
-			    const struct hash_method *hmethod,
-			    const char *authid, const char *authzid,
-			    const char *password)
+			    const struct auth_scram_client_settings *set)
 {
+	i_assert(set->hash_method != NULL);
+
 	i_zero(client_r);
 	client_r->pool = pool;
-	client_r->hmethod = hmethod;
-
-	/* Not copying credentials, so these must persist externally */
-	client_r->authid = authid;
-	client_r->authzid = authzid;
-	client_r->password = password;
+	client_r->set = *set;
 }
 
 void auth_scram_client_deinit(struct auth_scram_client *client)
 {
 	if (client->server_signature != NULL) {
-		i_assert(client->hmethod != NULL);
+		i_assert(client->set.hash_method != NULL);
 		safe_memset(client->server_signature, 0,
-			    client->hmethod->digest_size);
+			    client->set.hash_method->digest_size);
 	}
 }
 
@@ -119,10 +114,10 @@ static string_t *auth_scram_get_client_first(struct auth_scram_client *client)
 
 	auth_scram_generate_cnonce(client);
 
-	authzid_enc = ((client->authzid == NULL ||
-			*client->authzid == '\0') ?
-		       "" : auth_scram_escape_username(client->authzid));
-	username_enc = auth_scram_escape_username(client->authid);
+	authzid_enc = ((client->set.authzid == NULL ||
+			*client->set.authzid == '\0') ?
+		       "" : auth_scram_escape_username(client->set.authzid));
+	username_enc = auth_scram_escape_username(client->set.authid);
 
 	str = t_str_new(256);
 	str_append(str, "n,"); /* Channel binding not supported */
@@ -233,7 +228,7 @@ auth_scram_parse_server_first(struct auth_scram_client *client,
 
 static string_t *auth_scram_get_client_final(struct auth_scram_client *client)
 {
-	const struct hash_method *hmethod = client->hmethod;
+	const struct hash_method *hmethod = client->set.hash_method;
 	unsigned char salted_password[hmethod->digest_size];
 	unsigned char client_key[hmethod->digest_size];
 	unsigned char stored_key[hmethod->digest_size];
@@ -279,8 +274,8 @@ static string_t *auth_scram_get_client_final(struct auth_scram_client *client)
 	/* SaltedPassword  := Hi(Normalize(password), salt, i)
 	     FIXME: credentials should be SASLprepped UTF8 data here */
 	auth_scram_hi(hmethod,
-		      (const unsigned char *)client->password,
-		      strlen(client->password),
+		      (const unsigned char *)client->set.password,
+		      strlen(client->set.password),
 		      client->salt->data, client->salt->used,
 		      client->iter, salted_password);
 
@@ -347,6 +342,7 @@ auth_scram_parse_server_final(struct auth_scram_client *client,
 			      const unsigned char *input, size_t input_len,
 			      const char **error_r)
 {
+	const struct hash_method *hmethod = client->set.hash_method;
 	const char **fields;
 	unsigned int field_count;
 	const char *error, *verifier;
@@ -385,14 +381,11 @@ auth_scram_parse_server_final(struct auth_scram_client *client,
 	}
 	verifier += 2;
 
-	i_assert(client->hmethod != NULL);
+	i_assert(hmethod != NULL);
 	i_assert(client->server_signature != NULL);
-	str = t_str_new(
-		MAX_BASE64_ENCODED_SIZE(client->hmethod->digest_size));
-	base64_encode(client->server_signature,
-		      client->hmethod->digest_size, str);
-	safe_memset(client->server_signature, 0,
-		    client->hmethod->digest_size);
+	str = t_str_new(MAX_BASE64_ENCODED_SIZE(hmethod->digest_size));
+	base64_encode(client->server_signature, hmethod->digest_size, str);
+	safe_memset(client->server_signature, 0, hmethod->digest_size);
 
 	bool equal = str_equals_timing_almost_safe(verifier, str_c(str));
 	str_clear_safe(str);
diff --git a/src/lib-auth/auth-scram-client.h b/src/lib-auth/auth-scram-client.h
index 75fc141ea2..a2257e3b99 100644
--- a/src/lib-auth/auth-scram-client.h
+++ b/src/lib-auth/auth-scram-client.h
@@ -11,12 +11,17 @@ enum auth_scram_client_state {
 	AUTH_SCRAM_CLIENT_STATE_END,
 };
 
+struct auth_scram_client_settings {
+	const struct hash_method *hash_method;
+
+	/* Credentials (not copied; must persist externally) */
+	const char *authid, *authzid, *password;
+};
+
 struct auth_scram_client {
 	pool_t pool;
-	const struct hash_method *hmethod;
-	
-	/* Credentials */
-	const char *authid, *authzid, *password;
+
+	struct auth_scram_client_settings set;
 
 	enum auth_scram_client_state state;
 
@@ -34,9 +39,7 @@ struct auth_scram_client {
 };
 
 void auth_scram_client_init(struct auth_scram_client *client_r, pool_t pool,
-			    const struct hash_method *hmethod,
-			    const char *authid, const char *authzid,
-			    const char *password);
+			    const struct auth_scram_client_settings *set);
 void auth_scram_client_deinit(struct auth_scram_client *client);
 
 /* Returns TRUE if client is still due to send first output. */
diff --git a/src/lib-auth/test-auth-scram.c b/src/lib-auth/test-auth-scram.c
index f1c334b045..7a813d57cf 100644
--- a/src/lib-auth/test-auth-scram.c
+++ b/src/lib-auth/test-auth-scram.c
@@ -222,8 +222,15 @@ test_auth_success_one(const struct hash_method *hmethod, const char *authid,
 	bctx->password = password;
 	bctx->iterate_count = 4096;
 
-	auth_scram_client_init(&bctx->asclient, pool, hmethod,
-			       authid, authzid, password);
+	struct auth_scram_client_settings client_set;
+
+	i_zero(&client_set);
+	client_set.hash_method = hmethod;
+	client_set.authid = authid;
+	client_set.authzid = authzid;
+	client_set.password = password;
+
+	auth_scram_client_init(&bctx->asclient, pool, &client_set);
 
 	struct auth_scram_server_settings server_set;
 
@@ -344,8 +351,15 @@ test_auth_server_error_one(const struct hash_method *hmethod,
 	bctx->expect_error = expect_error;
 	bctx->test_id = test_id;
 
-	auth_scram_client_init(&bctx->asclient, pool, hmethod,
-			       authid, authzid, client_password);
+	struct auth_scram_client_settings client_set;
+
+	i_zero(&client_set);
+	client_set.hash_method = hmethod;
+	client_set.authid = authid;
+	client_set.authzid = authzid;
+	client_set.password = client_password;
+
+	auth_scram_client_init(&bctx->asclient, pool, &client_set);
 
 	struct auth_scram_server_settings server_set;
 
diff --git a/src/lib-sasl/mech-scram.c b/src/lib-sasl/mech-scram.c
index 415035d7a3..d42fbc58a2 100644
--- a/src/lib-sasl/mech-scram.c
+++ b/src/lib-sasl/mech-scram.c
@@ -27,9 +27,16 @@ static void mech_scram_init(struct scram_dsasl_client *sclient)
 		i_unreached();
 	}
 
-	auth_scram_client_init(&sclient->scram_client, client->pool, hmethod,
-			       client->set.authid, client->set.authzid,
-			       client->password);
+	struct auth_scram_client_settings scram_set;
+
+	i_zero(&scram_set);
+	scram_set.hash_method = hmethod;
+	scram_set.authid = client->set.authid;
+	scram_set.authzid = client->set.authzid;
+	scram_set.password = client->password;
+
+	auth_scram_client_init(&sclient->scram_client, client->pool,
+			       &scram_set);
 }
 
 static int