From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 18 Jul 2025 11:13:23 +0000 (+0300)
Subject: *-login: Deduplicate shared SASL step handling code to login_proxy_sasl_step()
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d63ef5ec12b6c017f23d92778121ee87726fafec;p=thirdparty%2Fdovecot%2Fcore.git

*-login: Deduplicate shared SASL step handling code to login_proxy_sasl_step()
---

diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c
index e3d13a3c95..b890162534 100644
--- a/src/imap-login/imap-proxy.c
+++ b/src/imap-login/imap-proxy.c
@@ -330,9 +330,7 @@ int imap_proxy_parse_line(struct client *client, const char *line)
 	struct imap_client *imap_client = (struct imap_client *)client;
 	struct ostream *output;
 	string_t *str;
-	const unsigned char *data;
-	size_t data_len;
-	const char *suffix, *error;
+	const char *suffix;
 	int ret;
 
 	i_assert(!client->destroyed);
@@ -364,24 +362,8 @@ int imap_proxy_parse_line(struct client *client, const char *line)
 				LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
 			return -1;
 		}
-		enum dsasl_client_result sasl_res =
-			dsasl_client_input(client->proxy_sasl_client,
-					   str_data(str), str_len(str), &error);
-		if (sasl_res == DSASL_CLIENT_RESULT_OK) {
-			sasl_res = dsasl_client_output(client->proxy_sasl_client,
-						       &data, &data_len, &error);
-		}
-		if (sasl_res != DSASL_CLIENT_RESULT_OK) {
-			const char *reason = t_strdup_printf(
-				"Invalid authentication data: %s", error);
-			login_proxy_failed(client->login_proxy,
-				login_proxy_get_event(client->login_proxy),
-				LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+		if (login_proxy_sasl_step(client, str) < 0)
 			return -1;
-		}
-
-		str_truncate(str, 0);
-		base64_encode(data, data_len, str);
 		str_append(str, "\r\n");
 
 		imap_client->proxy_sent_state |= IMAP_PROXY_SENT_STATE_AUTH_CONTINUE;
diff --git a/src/login-common/login-proxy.c b/src/login-common/login-proxy.c
index 26353dbdb0..87cecdceea 100644
--- a/src/login-common/login-proxy.c
+++ b/src/login-common/login-proxy.c
@@ -12,12 +12,14 @@
 #include "iostream-ssl.h"
 #include "llist.h"
 #include "array.h"
+#include "base64.h"
 #include "hash.h"
 #include "str.h"
 #include "strescape.h"
 #include "time-util.h"
 #include "settings.h"
 #include "master-service.h"
+#include "dsasl-client.h"
 #include "client-common.h"
 #include "login-proxy-state.h"
 #include "login-proxy.h"
@@ -865,6 +867,32 @@ bool login_proxy_failed(struct login_proxy *proxy, struct event *event,
 	return FALSE;
 }
 
+int login_proxy_sasl_step(struct client *client, string_t *str)
+{
+	const unsigned char *data;
+	size_t data_len;
+	const char *error;
+
+	enum dsasl_client_result sasl_res =
+		dsasl_client_input(client->proxy_sasl_client,
+				   str_data(str), str_len(str), &error);
+	if (sasl_res == DSASL_CLIENT_RESULT_OK) {
+		sasl_res = dsasl_client_output(client->proxy_sasl_client,
+					       &data, &data_len, &error);
+	}
+	if (sasl_res != DSASL_CLIENT_RESULT_OK) {
+		const char *reason = t_strdup_printf(
+			"Invalid authentication data: %s", error);
+		login_proxy_failed(client->login_proxy,
+				   login_proxy_get_event(client->login_proxy),
+				   LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+		return -1;
+	}
+	str_truncate(str, 0);
+	base64_encode(data, data_len, str);
+	return 0;
+}
+
 bool login_proxy_is_ourself(const struct client *client, const char *host,
 			    const struct ip_addr *hostip,
 			    in_port_t port, const char *destuser)
diff --git a/src/login-common/login-proxy.h b/src/login-common/login-proxy.h
index e0b6199ed7..7ce6a04838 100644
--- a/src/login-common/login-proxy.h
+++ b/src/login-common/login-proxy.h
@@ -101,6 +101,9 @@ void login_proxy_redirect_finish(struct login_proxy *proxy,
 bool login_proxy_failed(struct login_proxy *proxy, struct event *event,
 			enum login_proxy_failure_type type, const char *reason);
 
+/* Handle SASL input in str, and write the SASL output to str. */
+int login_proxy_sasl_step(struct client *client, string_t *str);
+
 /* Return TRUE if host/port/destuser combination points to same as current
    connection. */
 bool login_proxy_is_ourself(const struct client *client, const char *host,
diff --git a/src/pop3-login/pop3-proxy.c b/src/pop3-login/pop3-proxy.c
index cc5b9cb634..39e1c8d3f3 100644
--- a/src/pop3-login/pop3-proxy.c
+++ b/src/pop3-login/pop3-proxy.c
@@ -117,9 +117,6 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output,
 			      const char *line)
 {
 	string_t *str;
-	const unsigned char *data;
-	size_t data_len;
-	const char *error;
 
 	str = t_str_new(128);
 	if (base64_decode(line, strlen(line), str) < 0) {
@@ -130,26 +127,9 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output,
 			LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
 		return -1;
 	}
-	enum dsasl_client_result sasl_res =
-		dsasl_client_input(client->proxy_sasl_client,
-				   str_data(str), str_len(str), &error);
-	if (sasl_res == DSASL_CLIENT_RESULT_OK) {
-		sasl_res = dsasl_client_output(client->proxy_sasl_client,
-					       &data, &data_len, &error);
-	}
-	if (sasl_res != DSASL_CLIENT_RESULT_OK) {
-		const char *reason = t_strdup_printf(
-			"Invalid authentication data: %s", error);
-		login_proxy_failed(client->login_proxy,
-				   login_proxy_get_event(client->login_proxy),
-				   LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+	if (login_proxy_sasl_step(client, str) < 0)
 		return -1;
-	}
-
-	str_truncate(str, 0);
-	base64_encode(data, data_len, str);
 	str_append(str, "\r\n");
-
 	o_stream_nsend(output, str_data(str), str_len(str));
 	return 0;
 }
diff --git a/src/submission-login/submission-proxy.c b/src/submission-login/submission-proxy.c
index 99d78403f8..abce3d5186 100644
--- a/src/submission-login/submission-proxy.c
+++ b/src/submission-login/submission-proxy.c
@@ -353,9 +353,6 @@ submission_proxy_continue_sasl_auth(struct client *client,
 	struct submission_client *subm_client =
 		container_of(client, struct submission_client, common);
 	string_t *str;
-	const unsigned char *data;
-	size_t data_len;
-	const char *error;
 
 	if (!last_line) {
 		const char *reason = t_strdup_printf(
@@ -393,26 +390,9 @@ submission_proxy_continue_sasl_auth(struct client *client,
 		return -1;
 	}
 
-	enum dsasl_client_result sasl_res =
-		dsasl_client_input(client->proxy_sasl_client,
-				   str_data(str), str_len(str), &error);
-	if (sasl_res == DSASL_CLIENT_RESULT_OK) {
-		sasl_res = dsasl_client_output(client->proxy_sasl_client,
-					       &data, &data_len, &error);
-	}
-	if (sasl_res != DSASL_CLIENT_RESULT_OK) {
-		const char *reason = t_strdup_printf(
-			"Invalid authentication data: %s", error);
-		login_proxy_failed(client->login_proxy,
-			login_proxy_get_event(client->login_proxy),
-			LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+	if (login_proxy_sasl_step(client, str) < 0)
 		return -1;
-	}
-
-	str_truncate(str, 0);
-	base64_encode(data, data_len, str);
 	str_append(str, "\r\n");
-
 	o_stream_nsend(output, str_data(str), str_len(str));
 	return 0;
 }