auth: auth-request - Restore final-resp-ok support

author Stephan Bosch <stephan.bosch@open-xchange.com>

Thu, 26 Oct 2023 22:36:23 +0000 (00:36 +0200)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Fri, 17 Nov 2023 10:49:10 +0000 (10:49 +0000)
author Stephan Bosch <stephan.bosch@open-xchange.com>
Thu, 26 Oct 2023 22:36:23 +0000 (00:36 +0200)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Fri, 17 Nov 2023 10:49:10 +0000 (10:49 +0000)
diff --git a/src/auth/auth-request-fields.c b/src/auth/auth-request-fields.c

index 4e57fa4175b99b54732a6b4488ebe87727673437..22cc1cccd6581fa6ef0150bdbd0a91a925afc069 100644 (file)
--- a/src/auth/auth-request-fields.c
+++ b/src/auth/auth-request-fields.c
@@ -226,6 +226,8 @@ bool auth_request_import_auth(struct auth_request *request,
                         event_add_str(request->event, "transport", "secured");
                 }
         }
+       else if (strcmp(key, "final-resp-ok") == 0)
+               fields->final_resp_ok = TRUE;
         else if (strcmp(key, "no-penalty") == 0)
                 fields->no_penalty = TRUE;
         else if (strcmp(key, "valid-client-cert") == 0)
diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c

index 0c4653376faba78c72775005d11ea6e7c807de50..a7db045f8afd90240530a7acf9f5335aaaadbf57 100644 (file)
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -273,6 +273,14 @@ static void auth_request_success_continue(struct auth_policy_check_ctx *ctx)
                 return;
         }
  
+       if (ctx->success_data->used > 0 && !request->fields.final_resp_ok) {
+               /* we'll need one more SASL round, since client doesn't support
+                  the final SASL response */
+               auth_request_handler_reply_continue(request,
+                       ctx->success_data->data, ctx->success_data->used);
+               return;
+       }
+
         auth_request_set_state(request, AUTH_REQUEST_STATE_FINISHED);
         auth_request_refresh_last_access(request);
         auth_request_handler_reply(request, AUTH_CLIENT_RESULT_SUCCESS,
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h

index 4663faec0ca23220527fdbfe3e570e9a1d00938a..4ed95dcbdf47e2ec22e4f69dbc98afbd91242658 100644 (file)
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -91,6 +91,7 @@ struct auth_request_fields {
         bool skip_password_check:1;
  
         /* flags received from auth client: */
+       bool final_resp_ok:1;
         bool no_penalty:1;
         bool valid_client_cert:1;
         bool cert_username:1;
diff --git a/src/lib-auth-client/auth-client-request.c b/src/lib-auth-client/auth-client-request.c

index a8bc2c2d6c3265ca6ca452a509100827f7883447..a20ebcc5ee4ab744f039e7fa640a7097a38ad6df 100644 (file)
--- a/src/lib-auth-client/auth-client-request.c
+++ b/src/lib-auth-client/auth-client-request.c
@@ -27,6 +27,7 @@ auth_server_send_new_request(struct auth_client_connection *conn,
         event_add_str(request->event, "mechanism", info->mech);
         event_add_str(request->event, "service", info->service);
  
+       str_append(str, "\tfinal-resp-ok");
         if ((info->flags & AUTH_REQUEST_FLAG_CONN_SECURED) != 0) {
                 str_append(str, "\tsecured");
                 if ((info->flags & AUTH_REQUEST_FLAG_CONN_SECURED_TLS) != 0) {
author	Stephan Bosch <stephan.bosch@open-xchange.com>
	Thu, 26 Oct 2023 22:36:23 +0000 (00:36 +0200)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Fri, 17 Nov 2023 10:49:10 +0000 (10:49 +0000)
src/auth/auth-request-fields.c		patch \| blob \| blame \| history
src/auth/auth-request.c		patch \| blob \| blame \| history
src/auth/auth-request.h		patch \| blob \| blame \| history
src/lib-auth-client/auth-client-request.c		patch \| blob \| blame \| history