login-common: sasl-server - Remove handing of final response

author Stephan Bosch <stephan.bosch@open-xchange.com>

Fri, 27 Oct 2023 03:42:15 +0000 (05:42 +0200)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Fri, 17 Nov 2023 10:49:10 +0000 (10:49 +0000)
author Stephan Bosch <stephan.bosch@open-xchange.com>
Fri, 27 Oct 2023 03:42:15 +0000 (05:42 +0200)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Fri, 17 Nov 2023 10:49:10 +0000 (10:49 +0000)
diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c

index 0ab306c21593ce57bc0d65fa263c8a5b6f1d02d3..b28b5ce42545eb0940936d5f6a3c23f42d8869c5 100644 (file)
--- a/src/login-common/client-common-auth.c
+++ b/src/login-common/client-common-auth.c
@@ -806,8 +806,6 @@ void client_auth_respond(struct client *client, const char *response)
         if (!client_does_custom_io(client))
                 io_remove(&client->io);
  
-       if (sasl_server_auth_handle_delayed_final(client))
-               return;
         if (strcmp(response, "*") == 0) {
                 sasl_server_auth_abort(client);
                 return;
diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c

index e863ccc038b5875774b26580b87b965bfd16f6af..0cd07027ff86a9cb30c3d2fdd166601fec141824 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -430,8 +430,7 @@ void client_destroy(struct client *client, const char *reason)
                                            client->master_tag);
                 client->refcount--;
         } else if (client->auth_request != NULL ||
-                  client->anvil_query != NULL ||
-                  client->final_response) {
+                  client->anvil_query != NULL) {
                 i_assert(client->authenticating);
                 sasl_server_auth_abort(client);
         }
diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h

index cb9e3a2f2973d78ac490cbef972450e4e3929325..823439decc52801f0ec1fe0cce83164b2dbf7ec3 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -209,8 +209,6 @@ struct client {
         struct auth_client_request *reauth_request;
         string_t *auth_response;
         struct timeval auth_first_started, auth_finished;
-       enum sasl_server_reply delayed_final_reply;
-       const char *const *final_args;
         const char *const *auth_passdb_args;
         const char *auth_success_data;
         struct anvil_query *anvil_query;
@@ -284,7 +282,6 @@ struct client {
         bool auth_initializing:1;
         bool auth_process_comm_fail:1;
         bool auth_anonymous:1;
-       bool auth_nologin:1;
         bool auth_nologin_referral:1;
         bool proxy_auth_failed:1;
         bool proxy_noauth:1;
@@ -296,7 +293,6 @@ struct client {
         bool fd_proxying:1;
         bool shutting_down:1;
         bool resource_constraint:1;
-       bool final_response:1;
         /* ... */
  };
  
diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c

index 6f88a6aea28e0dd8b1fe015eea31cad4d02e9e27..66c67789abe607d4456ff1f09c574cbc4e21875a 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -322,10 +322,10 @@ args_parse_user(struct client *client, const char *key, const char *value)
  }
  
  static void
-sasl_server_auth_success_finish(struct client *client, const char *data,
-                               const char *const *args)
+sasl_server_auth_success_finish(struct client *client, bool nologin,
+                               const char *data, const char *const *args)
  {
-       if (client->auth_nologin) {
+       if (nologin) {
                 client->authenticating = FALSE;
                 call_client_callback(client, SASL_SERVER_REPLY_SUCCESS,
                                      data, args);
@@ -344,6 +344,7 @@ authenticate_callback(struct auth_client_request *request,
                       const char *const *args, void *context)
  {
         struct client *client = context;
+       bool nologin;
         unsigned int i;
  
         if (!client->authenticating) {
@@ -373,6 +374,7 @@ authenticate_callback(struct auth_client_request *request,
                 client->auth_passdb_args = p_strarray_dup(client->pool, args);
                 client->postlogin_socket_path = NULL;
  
+               nologin = FALSE;
                 for (i = 0; args[i] != NULL; i++) {
                         const char *key, *value;
                         t_split_key_value_eq(args[i], &key, &value);
@@ -386,7 +388,7 @@ authenticate_callback(struct auth_client_request *request,
                         } else if (strcmp(key, "nologin") == 0 ||
                                    strcmp(key, "proxy") == 0) {
                                 /* user can't login */
-                               client->auth_nologin = TRUE;
+                               nologin = TRUE;
                         } else if (strcmp(key, "anonymous") == 0) {
                                 client->auth_anonymous = TRUE;
                         } else if (str_begins(args[i], "event_", &key)) {
@@ -394,16 +396,8 @@ authenticate_callback(struct auth_client_request *request,
                         }
                 }
  
-               if (data_base64 != NULL &&
-                   !login_binary->sasl_support_final_reply) {
-                       client->final_response = TRUE;
-                       client->final_args = p_strarray_dup(client->preproxy_pool, args);
-                       client->delayed_final_reply = SASL_SERVER_REPLY_SUCCESS;
-                       client->sasl_callback(client, SASL_SERVER_REPLY_CONTINUE,
-                                             data_base64, NULL);
-               } else {
-                       sasl_server_auth_success_finish(client, data_base64, args);
-               }
+               sasl_server_auth_success_finish(client, nologin,
+                                               data_base64, args);
                 break;
         case AUTH_REQUEST_STATUS_INTERNAL_FAIL:
                 client->auth_process_comm_fail = TRUE;
@@ -422,18 +416,9 @@ authenticate_callback(struct auth_client_request *request,
                         }
                 }
  
-               if (data_base64 != NULL &&
-                   !login_binary->sasl_support_final_reply) {
-                       client->final_response = TRUE;
-                       client->final_args = p_strarray_dup(client->preproxy_pool, args);
-                       client->delayed_final_reply = SASL_SERVER_REPLY_AUTH_FAILED;
-                       client->sasl_callback(client, SASL_SERVER_REPLY_CONTINUE,
-                                             data_base64, NULL);
-               } else {
-                       client->authenticating = FALSE;
-                       call_client_callback(client, SASL_SERVER_REPLY_AUTH_FAILED,
-                                            NULL, args);
-               }
+               client->authenticating = FALSE;
+               call_client_callback(client, SASL_SERVER_REPLY_AUTH_FAILED,
+                                    NULL, args);
                 break;
         }
  }
@@ -542,7 +527,6 @@ void sasl_server_auth_begin(struct client *client, const char *mech_name,
  
         client->auth_attempts++;
         client->auth_aborted_by_client = FALSE;
-       client->auth_nologin = FALSE;
         client->authenticating = TRUE;
         client->master_auth_id = 0;
         if (client->auth_first_started.tv_sec == 0)
@@ -603,7 +587,6 @@ sasl_server_auth_cancel(struct client *client, const char *reason,
         }
  
         client->authenticating = FALSE;
-       client->final_response = FALSE;
         if (client->auth_request != NULL)
                 auth_client_request_abort(&client->auth_request, reason);
         if (client->master_auth_id != 0)
@@ -643,26 +626,3 @@ void sasl_server_auth_abort(struct client *client)
         sasl_server_auth_cancel(client, "Aborted", NULL,
                                 SASL_SERVER_REPLY_AUTH_ABORTED);
  }
-
-bool sasl_server_auth_handle_delayed_final(struct client *client)
-{
-       /* This has to happen before * handling, otherwise
-          client can abort failed request. */
-       if (!client->final_response)
-               return FALSE;
-       client->final_response = FALSE;
-       client->auth_client_continue_pending = FALSE;
-
-       if (client->delayed_final_reply == SASL_SERVER_REPLY_SUCCESS) {
-               const char *const *args = client->final_args;
-
-               sasl_server_auth_success_finish(client, NULL, args);
-               return TRUE;
-       }
-
-       client->authenticating = FALSE;
-       call_client_callback(client, client->delayed_final_reply,
-                            NULL, client->final_args);
-
-       return TRUE;
-}
diff --git a/src/login-common/sasl-server.h b/src/login-common/sasl-server.h

index 678e366c6fc69e9a78c4bf255937d1e1db3c4abe..99795e57942660a1b2af8c2e0c9d0c6e6c8c6b0e 100644 (file)
--- a/src/login-common/sasl-server.h
+++ b/src/login-common/sasl-server.h
@@ -44,6 +44,4 @@ void sasl_server_auth_failed(struct client *client, const char *reason,
     "*" line. */
  void sasl_server_auth_abort(struct client *client);
  
-bool sasl_server_auth_handle_delayed_final(struct client *client);
-
  #endif
author	Stephan Bosch <stephan.bosch@open-xchange.com>
	Fri, 27 Oct 2023 03:42:15 +0000 (05:42 +0200)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Fri, 17 Nov 2023 10:49:10 +0000 (10:49 +0000)
src/login-common/client-common-auth.c		patch \| blob \| blame \| history
src/login-common/client-common.c		patch \| blob \| blame \| history
src/login-common/client-common.h		patch \| blob \| blame \| history
src/login-common/sasl-server.c		patch \| blob \| blame \| history
src/login-common/sasl-server.h		patch \| blob \| blame \| history