From: Stephan Bosch Date: Sat, 18 Mar 2023 15:08:41 +0000 (+0100) Subject: auth: auth-request-handler - Move mechanism validation to separate function X-Git-Tag: 2.4.2~243 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=526164a60b757b85e2b67a2090e0bdd44373469b;p=thirdparty%2Fdovecot%2Fcore.git auth: auth-request-handler - Move mechanism validation to separate function --- diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c index 1d9e338800..e415acdc97 100644 --- a/src/auth/auth-request-handler.c +++ b/src/auth/auth-request-handler.c @@ -567,51 +567,65 @@ auth_penalty_callback(unsigned int penalty, struct auth_request *request) } } -int auth_request_handler_auth_begin(struct auth_request_handler *handler, - const char *const *args) +static int +auth_request_handler_find_mech(struct auth_request_handler *handler, + const char *mech_name, + const struct sasl_server_mech_def **mech_r) { const struct sasl_server_mech_def *mech; - struct auth_request *request; - const char *name, *arg, *initial_resp; - void *initial_resp_data; - unsigned int id; - buffer_t *buf; - - i_assert(!handler->destroyed); - - /* [...] */ - if (args[0] == NULL || args[1] == NULL || - str_to_uint(args[0], &id) < 0 || id == 0) { - e_error(handler->conn->conn.event, - "BUG: Authentication client %u " - "sent broken AUTH request", handler->client_pid); - return -1; - } if (handler->token_auth) { mech = &mech_dovecot_token; - if (strcmp(args[1], mech->mech_name) != 0) { + if (strcmp(mech_name, mech->mech_name) != 0) { /* unsupported mechanism */ e_error(handler->conn->conn.event, "BUG: Authentication client %u requested invalid " "authentication mechanism %s (DOVECOT-TOKEN required)", handler->client_pid, - str_sanitize(args[1], AUTH_SASL_MAX_MECH_NAME_LEN)); + str_sanitize(mech_name, AUTH_SASL_MAX_MECH_NAME_LEN)); return -1; } } else { struct auth *auth_default = auth_default_protocol(); - mech = mech_register_find(auth_default->reg, args[1]); + mech = mech_register_find(auth_default->reg, mech_name); if (mech == NULL) { /* unsupported mechanism */ e_error(handler->conn->conn.event, "BUG: Authentication client %u requested unsupported " "authentication mechanism %s", handler->client_pid, - str_sanitize(args[1], AUTH_SASL_MAX_MECH_NAME_LEN)); + str_sanitize(mech_name, AUTH_SASL_MAX_MECH_NAME_LEN)); return -1; } } + *mech_r = mech; + return 0; +} + +int auth_request_handler_auth_begin(struct auth_request_handler *handler, + const char *const *args) +{ + const struct sasl_server_mech_def *mech; + struct auth_request *request; + const char *name, *arg, *initial_resp; + void *initial_resp_data; + unsigned int id; + buffer_t *buf; + + i_assert(!handler->destroyed); + + /* [...] */ + if (args[0] == NULL || args[1] == NULL || + str_to_uint(args[0], &id) < 0 || id == 0) { + e_error(handler->conn->conn.event, + "BUG: Authentication client %u " + "sent broken AUTH request", handler->client_pid); + return -1; + } + + if (auth_request_handler_find_mech(handler, args[1], &mech) < 0) + return -1; + request = auth_request_new(mech, handler->conn->conn.event); request->handler = handler; request->connect_uid = handler->connect_uid;