From: Stephan Bosch Date: Mon, 12 Aug 2019 21:33:11 +0000 (+0200) Subject: login-common: client-common - Add sasl_check_login() vfunc. X-Git-Tag: 2.3.9~317 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9aaf0554aeae4f8056eeef56cfd99bf386f4c009;p=thirdparty%2Fdovecot%2Fcore.git login-common: client-common - Add sasl_check_login() vfunc. This allows checking the auth service success reply before commencing the actual login. --- diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index 639778395c..bf44f6e4a9 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -112,6 +112,7 @@ struct client_vfuncs { void (*input)(struct client *client); bool (*sasl_filter_mech)(struct client *client, struct auth_mech_desc *mech); + bool (*sasl_check_login)(struct client *client); void (*auth_send_challenge)(struct client *client, const char *data); void (*auth_parse_response)(struct client *client); void (*auth_result)(struct client *client, diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c index a779fcbf71..3f9ff0ee5c 100644 --- a/src/login-common/sasl-server.c +++ b/src/login-common/sasl-server.c @@ -274,6 +274,15 @@ anvil_check_too_many_connections(struct client *client, anvil_client_query(anvil, query, anvil_lookup_callback, req); } +static bool +sasl_server_check_login(struct client *client) +{ + if (client->v.sasl_check_login != NULL && + !client->v.sasl_check_login(client)) + return FALSE; + return TRUE; +} + static void authenticate_callback(struct auth_client_request *request, enum auth_request_status status, const char *data_base64, @@ -337,6 +346,8 @@ authenticate_callback(struct auth_client_request *request, client->authenticating = FALSE; call_client_callback(client, SASL_SERVER_REPLY_SUCCESS, NULL, args); + } else if (!sasl_server_check_login(client)) { + i_assert(!client->authenticating); } else { anvil_check_too_many_connections(client, request); }