From: Timo Sirainen Date: Fri, 18 Jul 2025 10:55:43 +0000 (+0300) Subject: lib-sasl, global: Change dsasl_client_input/output() to return enum X-Git-Tag: 2.4.2~650 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5dd3495249c83ffd6a2116c8dc3c7ade25a32a9a;p=thirdparty%2Fdovecot%2Fcore.git lib-sasl, global: Change dsasl_client_input/output() to return enum --- diff --git a/src/doveadm/doveadm-auth.c b/src/doveadm/doveadm-auth.c index 939066c81d..1b015e874c 100644 --- a/src/doveadm/doveadm-auth.c +++ b/src/doveadm/doveadm-auth.c @@ -204,12 +204,12 @@ auth_callback(struct auth_client_request *request, if (base64_decode(data_base64, input_len, buf) < 0) i_fatal("Server sent invalid base64 input"); if (dsasl_client_input(input->sasl_client, buf->data, buf->used, - &error) < 0) { + &error) != DSASL_CLIENT_RESULT_OK) { e_error(input->event, "internal auth failure: %s", error); auth_client_request_abort(&request, error); break; } else if (dsasl_client_output(input->sasl_client, &sasl_output, - &sasl_output_len, &error) < 0) { + &sasl_output_len, &error) != DSASL_CLIENT_RESULT_OK) { e_error(input->event, "internal auth failure: %s", error); auth_client_request_abort(&request, error); break; @@ -285,7 +285,8 @@ static void auth_connected(struct auth_client *client, i_fatal("SASL mechanism '%s' not supported by server", mech); if (dsasl_client_output(input->sasl_client, &sasl_output, - &sasl_output_len, &error) < 0) + &sasl_output_len, + &error) != DSASL_CLIENT_RESULT_OK) i_fatal("Failed to create initial SASL reply: %s", error); sasl_output_base64 = t_str_new(MAX_BASE64_ENCODED_SIZE(sasl_output_len)); diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c index 15c5f800af..b58bf1b9ad 100644 --- a/src/imap-login/imap-proxy.c +++ b/src/imap-login/imap-proxy.c @@ -162,7 +162,8 @@ static int proxy_write_login(struct imap_client *client, string_t *str) str_append(str, mech_name); if (client->proxy_sasl_ir) { if (dsasl_client_output(client->common.proxy_sasl_client, - &output, &len, &error) < 0) { + &output, &len, + &error) != DSASL_CLIENT_RESULT_OK) { const char *reason = t_strdup_printf( "SASL mechanism %s init failed: %s", mech_name, error); @@ -363,13 +364,14 @@ int imap_proxy_parse_line(struct client *client, const char *line) LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } - ret = dsasl_client_input(client->proxy_sasl_client, - str_data(str), str_len(str), &error); - if (ret == 0) { - ret = dsasl_client_output(client->proxy_sasl_client, - &data, &data_len, &error); + enum dsasl_client_result sasl_res = + dsasl_client_input(client->proxy_sasl_client, + str_data(str), str_len(str), &error); + if (sasl_res == DSASL_CLIENT_RESULT_OK) { + sasl_res = dsasl_client_output(client->proxy_sasl_client, + &data, &data_len, &error); } - if (ret < 0) { + if (sasl_res != DSASL_CLIENT_RESULT_OK) { const char *reason = t_strdup_printf( "Invalid authentication data: %s", error); login_proxy_failed(client->login_proxy, @@ -377,7 +379,6 @@ int imap_proxy_parse_line(struct client *client, const char *line) LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } - i_assert(ret == 0); str_truncate(str, 0); base64_encode(data, data_len, str); diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c index 4fab35f241..b88b00395c 100644 --- a/src/lib-imap-client/imapc-connection.c +++ b/src/lib-imap-client/imapc-connection.c @@ -987,10 +987,11 @@ imapc_connection_authenticate_cb(const struct imapc_command_reply *reply, imapc_auth_failed(conn, reply, t_strdup_printf("Server sent non-base64 input for AUTHENTICATE: %s", reply->text_full)); - } else if (dsasl_client_input(conn->sasl_client, buf->data, buf->used, &error) < 0) { + } else if (dsasl_client_input(conn->sasl_client, buf->data, buf->used, + &error) != DSASL_CLIENT_RESULT_OK) { imapc_auth_failed(conn, reply, error); } else if (dsasl_client_output(conn->sasl_client, &sasl_output, - &sasl_output_len, &error) < 0) { + &sasl_output_len, &error) != DSASL_CLIENT_RESULT_OK) { imapc_auth_failed(conn, reply, error); } else if (sasl_output_len == 0) { o_stream_nsend_str(conn->output, "\r\n"); @@ -1138,7 +1139,8 @@ static void imapc_connection_authenticate(struct imapc_connection *conn) const char *error; if (dsasl_client_output(conn->sasl_client, &sasl_output, - &sasl_output_len, &error) < 0) { + &sasl_output_len, + &error) != DSASL_CLIENT_RESULT_OK) { e_error(conn->event, "Failed to create initial SASL reply: %s", error); diff --git a/src/lib-sasl/dsasl-client-private.h b/src/lib-sasl/dsasl-client-private.h index 8a0cd4f6cb..fc3982ea0f 100644 --- a/src/lib-sasl/dsasl-client-private.h +++ b/src/lib-sasl/dsasl-client-private.h @@ -24,12 +24,14 @@ struct dsasl_client_mech { size_t struct_size; enum dsasl_mech_security_flags flags; - int (*input)(struct dsasl_client *client, - const unsigned char *input, size_t input_len, - const char **error_r); - int (*output)(struct dsasl_client *client, - const unsigned char **output_r, size_t *output_len_r, - const char **error_r); + enum dsasl_client_result + (*input)(struct dsasl_client *client, + const unsigned char *input, size_t input_len, + const char **error_r); + enum dsasl_client_result + (*output)(struct dsasl_client *client, + const unsigned char **output_r, size_t *output_len_r, + const char **error_r); int (*set_parameter)(struct dsasl_client *client, const char *key, const char *value, const char **error_r); diff --git a/src/lib-sasl/dsasl-client.c b/src/lib-sasl/dsasl-client.c index d1e38fef3c..983abd1e65 100644 --- a/src/lib-sasl/dsasl-client.c +++ b/src/lib-sasl/dsasl-client.c @@ -100,21 +100,23 @@ void dsasl_client_enable_channel_binding( client->cbinding_context = context; } -int dsasl_client_input(struct dsasl_client *client, - const unsigned char *input, size_t input_len, - const char **error_r) +enum dsasl_client_result +dsasl_client_input(struct dsasl_client *client, + const unsigned char *input, size_t input_len, + const char **error_r) { if ((client->mech->flags & DSASL_MECH_SEC_ALLOW_NULS) == 0 && memchr(input, '\0', input_len) != NULL) { *error_r = "Unexpected NUL in input data"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } return client->mech->input(client, input, input_len, error_r); } -int dsasl_client_output(struct dsasl_client *client, - const unsigned char **output_r, size_t *output_len_r, - const char **error_r) +enum dsasl_client_result +dsasl_client_output(struct dsasl_client *client, + const unsigned char **output_r, size_t *output_len_r, + const char **error_r) { return client->mech->output(client, output_r, output_len_r, error_r); } diff --git a/src/lib-sasl/dsasl-client.h b/src/lib-sasl/dsasl-client.h index 1fef8ba93b..38b2d345c9 100644 --- a/src/lib-sasl/dsasl-client.h +++ b/src/lib-sasl/dsasl-client.h @@ -13,6 +13,12 @@ struct dsasl_client_settings { const char *password; }; +enum dsasl_client_result { + DSASL_CLIENT_RESULT_OK, + /* Client sent invalid SASL protocol input */ + DSASL_CLIENT_RESULT_ERR_PROTOCOL, +}; + typedef int dsasl_client_channel_binding_callback_t(const char *type, void *context, const buffer_t **data_r, @@ -36,14 +42,16 @@ void dsasl_client_enable_channel_binding( dsasl_client_channel_binding_callback_t *callback, void *context); /* Call for server input. */ -int dsasl_client_input(struct dsasl_client *client, - const unsigned char *input, size_t input_len, - const char **error_r); +enum dsasl_client_result +dsasl_client_input(struct dsasl_client *client, + const unsigned char *input, size_t input_len, + const char **error_r); /* Call for getting server output. Also used to get the initial SASL response if supported by the protocol. */ -int dsasl_client_output(struct dsasl_client *client, - const unsigned char **output_r, size_t *output_len_r, - const char **error_r); +enum dsasl_client_result +dsasl_client_output(struct dsasl_client *client, + const unsigned char **output_r, size_t *output_len_r, + const char **error_r); /* Call for setting extra parameters for authentication, these are mechanism dependent. -1 = error, 0 = not found, 1 = ok diff --git a/src/lib-sasl/mech-anonymous.c b/src/lib-sasl/mech-anonymous.c index 1659085932..bab0b7f467 100644 --- a/src/lib-sasl/mech-anonymous.c +++ b/src/lib-sasl/mech-anonymous.c @@ -8,7 +8,7 @@ struct anonymous_dsasl_client { bool output_sent; }; -static int +static enum dsasl_client_result mech_anonymous_input(struct dsasl_client *_client, const unsigned char *input ATTR_UNUSED, size_t input_len, const char **error_r) @@ -19,16 +19,16 @@ mech_anonymous_input(struct dsasl_client *_client, if (!client->output_sent) { if (input_len > 0) { *error_r = "Server sent non-empty initial response"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } } else if (input_len > 0) { *error_r = "Server sent non-empty response"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } - return 0; + return DSASL_CLIENT_RESULT_OK; } -static int +static enum dsasl_client_result mech_anonymous_output(struct dsasl_client *_client, const unsigned char **output_r, size_t *output_len_r, const char **error_r ATTR_UNUSED) @@ -42,7 +42,7 @@ mech_anonymous_output(struct dsasl_client *_client, *output_r = (const unsigned char*)authid; *output_len_r = strlen(authid); client->output_sent = TRUE; - return 0; + return DSASL_CLIENT_RESULT_OK; } const struct dsasl_client_mech dsasl_client_mech_anonymous = { diff --git a/src/lib-sasl/mech-external.c b/src/lib-sasl/mech-external.c index 2484f2d514..5606fc0d5e 100644 --- a/src/lib-sasl/mech-external.c +++ b/src/lib-sasl/mech-external.c @@ -8,7 +8,7 @@ struct external_dsasl_client { bool output_sent; }; -static int +static enum dsasl_client_result mech_external_input(struct dsasl_client *_client, const unsigned char *input ATTR_UNUSED, size_t input_len, const char **error_r) @@ -19,16 +19,16 @@ mech_external_input(struct dsasl_client *_client, if (!client->output_sent) { if (input_len > 0) { *error_r = "Server sent non-empty initial response"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } } else { *error_r = "Server didn't finish authentication"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } - return 0; + return DSASL_CLIENT_RESULT_OK; } -static int +static enum dsasl_client_result mech_external_output(struct dsasl_client *_client, const unsigned char **output_r, size_t *output_len_r, const char **error_r ATTR_UNUSED) @@ -47,7 +47,7 @@ mech_external_output(struct dsasl_client *_client, *output_r = (const void *)username; *output_len_r = strlen(username); client->output_sent = TRUE; - return 0; + return DSASL_CLIENT_RESULT_OK; } const struct dsasl_client_mech dsasl_client_mech_external = { diff --git a/src/lib-sasl/mech-login.c b/src/lib-sasl/mech-login.c index 83714f1fb3..66d7a4e831 100644 --- a/src/lib-sasl/mech-login.c +++ b/src/lib-sasl/mech-login.c @@ -15,7 +15,7 @@ struct login_dsasl_client { enum login_state state; }; -static int +static enum dsasl_client_result mech_login_input(struct dsasl_client *_client, const unsigned char *input ATTR_UNUSED, size_t input_len ATTR_UNUSED, @@ -26,13 +26,13 @@ mech_login_input(struct dsasl_client *_client, if (client->state == STATE_PASS) { *error_r = "Server didn't finish authentication"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } client->state++; - return 0; + return DSASL_CLIENT_RESULT_OK; } -static int +static enum dsasl_client_result mech_login_output(struct dsasl_client *_client, const unsigned char **output_r, size_t *output_len_r, const char **error_r) @@ -42,26 +42,26 @@ mech_login_output(struct dsasl_client *_client, if (_client->set.authid == NULL) { *error_r = "authid not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } if (_client->password == NULL) { *error_r = "password not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } switch (client->state) { case STATE_INIT: *output_r = uchar_empty_ptr; *output_len_r = 0; - return 0; + return DSASL_CLIENT_RESULT_OK; case STATE_USER: *output_r = (const unsigned char *)_client->set.authid; *output_len_r = strlen(_client->set.authid); - return 0; + return DSASL_CLIENT_RESULT_OK; case STATE_PASS: *output_r = (const unsigned char *)_client->set.password; *output_len_r = strlen(_client->set.password); - return 0; + return DSASL_CLIENT_RESULT_OK; } i_unreached(); } diff --git a/src/lib-sasl/mech-oauthbearer.c b/src/lib-sasl/mech-oauthbearer.c index c9aee47322..0d8c839fea 100644 --- a/src/lib-sasl/mech-oauthbearer.c +++ b/src/lib-sasl/mech-oauthbearer.c @@ -15,7 +15,7 @@ struct oauthbearer_dsasl_client { bool output_sent; }; -static int +static enum dsasl_client_result mech_oauthbearer_input(struct dsasl_client *_client, const unsigned char *input, size_t input_len, const char **error_r) @@ -26,13 +26,13 @@ mech_oauthbearer_input(struct dsasl_client *_client, if (!client->output_sent) { if (input_len > 0) { *error_r = "Server sent non-empty initial response"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } } else { client->status = ""; /* if response is empty, authentication has *SUCCEEDED* */ if (input_len == 0) - return 0; + return DSASL_CLIENT_RESULT_OK; /* authentication has failed, try parse status. we are only interested in extracting status if possible @@ -57,7 +57,7 @@ mech_oauthbearer_input(struct dsasl_client *_client, if (!json_node_is_string(&jnode) && !json_node_is_number(&jnode)) { *error_r = "Status field in response is not a string or a number."; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } client->status = p_strdup( _client->pool, @@ -71,23 +71,23 @@ mech_oauthbearer_input(struct dsasl_client *_client, if (ret < 0) { *error_r = t_strdup_printf( "Error parsing JSON reply: %s", error); - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } if (client->status == NULL) { *error_r = "Error parsing JSON reply: " "Status value missing"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } *error_r = t_strdup_printf("Failed to authenticate: %s", client->status); - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } - return 0; + return DSASL_CLIENT_RESULT_OK; } -static int +static enum dsasl_client_result mech_oauthbearer_output(struct dsasl_client *_client, const unsigned char **output_r, size_t *output_len_r, const char **error_r) @@ -98,11 +98,11 @@ mech_oauthbearer_output(struct dsasl_client *_client, if (_client->set.authid == NULL) { *error_r = "authid not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } if (_client->password == NULL) { *error_r = "password not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } str = str_new(_client->pool, 64); @@ -118,10 +118,10 @@ mech_oauthbearer_output(struct dsasl_client *_client, *output_r = str_data(str); *output_len_r = str_len(str); client->output_sent = TRUE; - return 0; + return DSASL_CLIENT_RESULT_OK; } -static int +static enum dsasl_client_result mech_xoauth2_output(struct dsasl_client *_client, const unsigned char **output_r, size_t *output_len_r, const char **error_r) @@ -132,11 +132,11 @@ mech_xoauth2_output(struct dsasl_client *_client, if (_client->set.authid == NULL) { *error_r = "authid not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } if (_client->password == NULL) { *error_r = "password not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } str = str_new(_client->pool, 64); @@ -148,7 +148,7 @@ mech_xoauth2_output(struct dsasl_client *_client, *output_r = str_data(str); *output_len_r = str_len(str); client->output_sent = TRUE; - return 0; + return DSASL_CLIENT_RESULT_OK; } static int diff --git a/src/lib-sasl/mech-plain.c b/src/lib-sasl/mech-plain.c index 432fa1f361..95fe4fa1ef 100644 --- a/src/lib-sasl/mech-plain.c +++ b/src/lib-sasl/mech-plain.c @@ -9,7 +9,7 @@ struct plain_dsasl_client { bool output_sent; }; -static int +static enum dsasl_client_result mech_plain_input(struct dsasl_client *_client, const unsigned char *input ATTR_UNUSED, size_t input_len, const char **error_r) @@ -20,16 +20,16 @@ mech_plain_input(struct dsasl_client *_client, if (!client->output_sent) { if (input_len > 0) { *error_r = "Server sent non-empty initial response"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } } else { *error_r = "Server didn't finish authentication"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } - return 0; + return DSASL_CLIENT_RESULT_OK; } -static int +static enum dsasl_client_result mech_plain_output(struct dsasl_client *_client, const unsigned char **output_r, size_t *output_len_r, const char **error_r) @@ -40,11 +40,11 @@ mech_plain_output(struct dsasl_client *_client, if (_client->set.authid == NULL) { *error_r = "authid not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } if (_client->password == NULL) { *error_r = "password not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } str = str_new(_client->pool, 64); diff --git a/src/lib-sasl/mech-scram.c b/src/lib-sasl/mech-scram.c index 65f0c07b90..94a5e37216 100644 --- a/src/lib-sasl/mech-scram.c +++ b/src/lib-sasl/mech-scram.c @@ -87,7 +87,7 @@ static int mech_scram_init(struct scram_dsasl_client *sclient, return 0; } -static int +static enum dsasl_client_result mech_scram_input(struct dsasl_client *client, const unsigned char *input, size_t input_len, const char **error_r) @@ -97,13 +97,15 @@ mech_scram_input(struct dsasl_client *client, if (sclient->scram_client.state == AUTH_SCRAM_CLIENT_STATE_INIT && mech_scram_init(sclient, error_r) < 0) - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; - return auth_scram_client_input(&sclient->scram_client, - input, input_len, error_r); + if (auth_scram_client_input(&sclient->scram_client, + input, input_len, error_r) < 0) + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; + return 0; } -static int +static enum dsasl_client_result mech_scram_output(struct dsasl_client *client, const unsigned char **output_r, size_t *output_len_r, const char **error_r) @@ -116,20 +118,20 @@ mech_scram_output(struct dsasl_client *client, if (client->set.authid == NULL) { *error_r = "authid not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } if (client->password == NULL) { *error_r = "password not set"; - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; } if (sclient->scram_client.state == AUTH_SCRAM_CLIENT_STATE_INIT && mech_scram_init(sclient, error_r) < 0) - return -1; + return DSASL_CLIENT_RESULT_ERR_PROTOCOL; auth_scram_client_output(&sclient->scram_client, output_r, output_len_r); - return 0; + return DSASL_CLIENT_RESULT_OK; } static void mech_scram_free(struct dsasl_client *client) diff --git a/src/lib-sasl/test-sasl-client.c b/src/lib-sasl/test-sasl-client.c index 05b65f2254..8fec4ebd6e 100644 --- a/src/lib-sasl/test-sasl-client.c +++ b/src/lib-sasl/test-sasl-client.c @@ -42,8 +42,8 @@ static void test_sasl_client_login(void) /* Any input is valid */ str_append(input, "Username:"); - test_assert(dsasl_client_input(client, input->data, input->used, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); + test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); /* see what we got */ str_append_data(output_s, output, olen); test_assert_strcmp(str_c(output_s), "testuser"); @@ -52,8 +52,8 @@ static void test_sasl_client_login(void) str_truncate(output_s, 0); str_append(input, "Password:"); - test_assert(dsasl_client_input(client, input->data, input->used, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); + test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); str_append_data(output_s, output, olen); test_assert_strcmp(str_c(output_s), "testpassword"); @@ -66,11 +66,11 @@ static void test_sasl_client_login(void) /* server sends input after password */ client = dsasl_client_new(mech, &sasl_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Server didn't finish authentication"); dsasl_client_free(&client); @@ -79,8 +79,8 @@ static void test_sasl_client_login(void) client = dsasl_client_new(mech, &sasl_empty_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "authid not set"); dsasl_client_free(&client); @@ -88,8 +88,8 @@ static void test_sasl_client_login(void) client = dsasl_client_new(mech, &sasl_no_password_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "password not set"); dsasl_client_free(&client); @@ -99,7 +99,7 @@ static void test_sasl_client_login(void) str_truncate(input, 0); str_append_data(input, "unexpected\0", 11); - test_assert(dsasl_client_input(client, input->data, input->used, &error) == -1); + test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Unexpected NUL in input data"); dsasl_client_free(&client); @@ -118,8 +118,8 @@ static void test_sasl_client_plain(void) const unsigned char *output; size_t olen; - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); const unsigned char expected[] = "\0testuser\0testpassword"; /* there is no NUL byte at the end */ test_assert(olen == sizeof(expected) - 1); @@ -131,8 +131,8 @@ static void test_sasl_client_plain(void) client = dsasl_client_new(mech, &sasl_master_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); const unsigned char expected_master[] = "testuser\0masteruser\0masterpassword"; /* there is no NUL byte at the end */ @@ -146,7 +146,7 @@ static void test_sasl_client_plain(void) const unsigned char input[] = "ir"; client = dsasl_client_new(mech, &sasl_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, input, sizeof(input)-1, &error) == -1); + test_assert(dsasl_client_input(client, input, sizeof(input)-1, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Server sent non-empty initial response"); dsasl_client_free(&client); @@ -154,9 +154,9 @@ static void test_sasl_client_plain(void) /* server sends input after response */ client = dsasl_client_new(mech, &sasl_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Server didn't finish authentication"); dsasl_client_free(&client); @@ -165,8 +165,8 @@ static void test_sasl_client_plain(void) client = dsasl_client_new(mech, &sasl_empty_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "authid not set"); dsasl_client_free(&client); @@ -174,8 +174,8 @@ static void test_sasl_client_plain(void) client = dsasl_client_new(mech, &sasl_no_password_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "password not set"); dsasl_client_free(&client); @@ -184,7 +184,7 @@ static void test_sasl_client_plain(void) i_assert(client != NULL); const unsigned char input2[] = "unexpected\0"; - test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == -1); + test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Unexpected NUL in input data"); dsasl_client_free(&client); @@ -203,8 +203,8 @@ static void test_sasl_client_external(void) const unsigned char *output; size_t olen; - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); const unsigned char expected[] = "testuser"; /* there is no NUL byte at the end */ test_assert(olen == sizeof(expected) - 1); @@ -216,8 +216,8 @@ static void test_sasl_client_external(void) client = dsasl_client_new(mech, &sasl_master_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); const unsigned char expected_master[] = "testuser"; /* there is no NUL byte at the end */ test_assert(olen == sizeof(expected_master) - 1); @@ -231,7 +231,7 @@ static void test_sasl_client_external(void) i_assert(client != NULL); const unsigned char input2[] = "unexpected\0"; - test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == -1); + test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Unexpected NUL in input data"); dsasl_client_free(&client); @@ -252,9 +252,9 @@ static void test_sasl_client_oauthbearer(void) const unsigned char *output; size_t olen; - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); const unsigned char expected[] = "n,a=testuser,\1" "auth=Bearer testpassword\1\1"; @@ -277,9 +277,9 @@ static void test_sasl_client_oauthbearer(void) test_assert(dsasl_client_set_parameter(client, "port", "143", &error) == 1); test_assert(dsasl_client_set_parameter(client, "unknown", "value", &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); const unsigned char expected_h_p[] = "n,a=testuser,\1" "host=example.com\1" @@ -295,11 +295,11 @@ static void test_sasl_client_oauthbearer(void) client = dsasl_client_new(mech, &sasl_set); /* test error response */ - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); str_append(input, "{\"status\":\"401\",\"schemes\":\"bearer\",\"scope\":\"mail\"}"); - test_assert(dsasl_client_input(client, input->data, input->used, &error) == -1); + test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Failed to authenticate: 401"); test_assert(dsasl_client_get_result(client, "status", &value, &error) == 1); test_assert_strcmp(value, "401"); @@ -310,8 +310,8 @@ static void test_sasl_client_oauthbearer(void) client = dsasl_client_new(mech, &sasl_empty_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "authid not set"); dsasl_client_free(&client); @@ -319,8 +319,8 @@ static void test_sasl_client_oauthbearer(void) client = dsasl_client_new(mech, &sasl_no_password_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "password not set"); dsasl_client_free(&client); @@ -329,7 +329,7 @@ static void test_sasl_client_oauthbearer(void) i_assert(client != NULL); const unsigned char input2[] = "unexpected\0"; - test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == -1); + test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Unexpected NUL in input data"); dsasl_client_free(&client); @@ -349,9 +349,9 @@ static void test_sasl_client_xoauth2(void) const unsigned char *output; size_t olen; - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); const unsigned char expected[] = "user=testuser\1auth=Bearer testpassword\1\1"; /* there is no NUL byte at the end */ @@ -363,11 +363,11 @@ static void test_sasl_client_xoauth2(void) client = dsasl_client_new(mech, &sasl_set); /* test error response */ - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == 0); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); str_append(input, "{\"status\":\"401\",\"schemes\":\"bearer\",\"scope\":\"mail\"}"); - test_assert(dsasl_client_input(client, input->data, input->used, &error) == -1); + test_assert(dsasl_client_input(client, input->data, input->used, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Failed to authenticate: 401"); dsasl_client_free(&client); @@ -376,8 +376,8 @@ static void test_sasl_client_xoauth2(void) client = dsasl_client_new(mech, &sasl_empty_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "authid not set"); dsasl_client_free(&client); @@ -385,8 +385,8 @@ static void test_sasl_client_xoauth2(void) client = dsasl_client_new(mech, &sasl_no_password_set); i_assert(client != NULL); - test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == 0); - test_assert(dsasl_client_output(client, &output, &olen, &error) == -1); + test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK); + test_assert(dsasl_client_output(client, &output, &olen, &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "password not set"); dsasl_client_free(&client); @@ -395,7 +395,7 @@ static void test_sasl_client_xoauth2(void) i_assert(client != NULL); const unsigned char input2[] = "unexpected\0"; - test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == -1); + test_assert(dsasl_client_input(client, input2, sizeof(input2), &error) == DSASL_CLIENT_RESULT_ERR_PROTOCOL); test_assert_strcmp(error, "Unexpected NUL in input data"); dsasl_client_free(&client); diff --git a/src/lib-smtp/smtp-client-connection.c b/src/lib-smtp/smtp-client-connection.c index 5d0abe24e4..8769435756 100644 --- a/src/lib-smtp/smtp-client-connection.c +++ b/src/lib-smtp/smtp-client-connection.c @@ -798,11 +798,11 @@ smtp_client_connection_auth_cb(const struct smtp_reply *reply, reply->text_lines[0]); } else if (dsasl_client_input(conn->sasl_client, buf->data, buf->used, - &error) < 0) { + &error) != DSASL_CLIENT_RESULT_OK) { error = t_strdup_printf("Authentication failed: %s", error); } else if (dsasl_client_output(conn->sasl_client, &sasl_output, - &sasl_output_len, &error) < 0) { + &sasl_output_len, &error) != DSASL_CLIENT_RESULT_OK) { error = t_strdup_printf("Authentication failed: %s", error); } else { @@ -951,7 +951,7 @@ smtp_client_connection_authenticate(struct smtp_client_connection *conn) conn->sasl_client = dsasl_client_new(sasl_mech, &sasl_set); if (dsasl_client_output(conn->sasl_client, &sasl_output, - &sasl_output_len, &error) < 0) { + &sasl_output_len, &error) != DSASL_CLIENT_RESULT_OK) { error = t_strdup_printf( "Failed to create initial %s SASL reply: %s", dsasl_client_mech_get_name(sasl_mech), error); diff --git a/src/pop3-login/pop3-proxy.c b/src/pop3-login/pop3-proxy.c index befd897d6b..07e0e7e39a 100644 --- a/src/pop3-login/pop3-proxy.c +++ b/src/pop3-login/pop3-proxy.c @@ -91,7 +91,7 @@ static int proxy_send_login(struct pop3_client *client, struct ostream *output) str_printfa(str, "AUTH %s ", mech_name); if (dsasl_client_output(client->common.proxy_sasl_client, - &sasl_output, &len, &error) < 0) { + &sasl_output, &len, &error) != DSASL_CLIENT_RESULT_OK) { const char *reason = t_strdup_printf( "SASL mechanism %s init failed: %s", mech_name, error); @@ -120,7 +120,6 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output, const unsigned char *data; size_t data_len; const char *error; - int ret; str = t_str_new(128); if (base64_decode(line, strlen(line), str) < 0) { @@ -131,13 +130,14 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output, LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } - ret = dsasl_client_input(client->proxy_sasl_client, - str_data(str), str_len(str), &error); - if (ret == 0) { - ret = dsasl_client_output(client->proxy_sasl_client, - &data, &data_len, &error); + enum dsasl_client_result sasl_res = + dsasl_client_input(client->proxy_sasl_client, + str_data(str), str_len(str), &error); + if (sasl_res == DSASL_CLIENT_RESULT_OK) { + sasl_res = dsasl_client_output(client->proxy_sasl_client, + &data, &data_len, &error); } - if (ret < 0) { + if (sasl_res != DSASL_CLIENT_RESULT_OK) { const char *reason = t_strdup_printf( "Invalid authentication data: %s", error); login_proxy_failed(client->login_proxy, @@ -145,7 +145,6 @@ pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output, LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } - i_assert(ret == 0); str_truncate(str, 0); base64_encode(data, data_len, str); diff --git a/src/submission-login/submission-proxy.c b/src/submission-login/submission-proxy.c index 7fc77bfc80..5f711f4a3a 100644 --- a/src/submission-login/submission-proxy.c +++ b/src/submission-login/submission-proxy.c @@ -250,7 +250,8 @@ proxy_send_login(struct submission_client *client, struct ostream *output) str_printfa(str, "AUTH %s", mech_name); if (dsasl_client_output(client->common.proxy_sasl_client, - &sasl_output, &sasl_output_len, &error) < 0) { + &sasl_output, &sasl_output_len, + &error) != DSASL_CLIENT_RESULT_OK) { const char *reason = t_strdup_printf( "SASL mechanism %s init failed: %s", mech_name, error); @@ -355,7 +356,6 @@ submission_proxy_continue_sasl_auth(struct client *client, const unsigned char *data; size_t data_len; const char *error; - int ret; if (!last_line) { const char *reason = t_strdup_printf( @@ -392,13 +392,15 @@ submission_proxy_continue_sasl_auth(struct client *client, "Invalid base64 data in AUTH response"); return -1; } - ret = dsasl_client_input(client->proxy_sasl_client, - str_data(str), str_len(str), &error); - if (ret == 0) { - ret = dsasl_client_output(client->proxy_sasl_client, - &data, &data_len, &error); + + enum dsasl_client_result sasl_res = + dsasl_client_input(client->proxy_sasl_client, + str_data(str), str_len(str), &error); + if (sasl_res == DSASL_CLIENT_RESULT_OK) { + sasl_res = dsasl_client_output(client->proxy_sasl_client, + &data, &data_len, &error); } - if (ret < 0) { + if (sasl_res != DSASL_CLIENT_RESULT_OK) { const char *reason = t_strdup_printf( "Invalid authentication data: %s", error); login_proxy_failed(client->login_proxy, @@ -406,7 +408,6 @@ submission_proxy_continue_sasl_auth(struct client *client, LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); return -1; } - i_assert(ret == 0); str_truncate(str, 0); base64_encode(data, data_len, str);