From: Stephan Bosch Date: Wed, 22 Mar 2023 05:19:06 +0000 (+0100) Subject: auth: sasl-server - Add protocol field to struct sasl_server_mech_request X-Git-Tag: 2.4.2~239 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9af748c81432f44ed77a1af17ea95244d9ef40ae;p=thirdparty%2Fdovecot%2Fcore.git auth: sasl-server - Add protocol field to struct sasl_server_mech_request Used by GSSAPI mechanisms. --- diff --git a/src/auth/auth-sasl.c b/src/auth/auth-sasl.c index 8ddf5588bd..90a597ee98 100644 --- a/src/auth/auth-sasl.c +++ b/src/auth/auth-sasl.c @@ -243,10 +243,28 @@ auth_sasl_request_set_credentials(struct sasl_server_req_ctx *rctx, set_credentials_callback); } +static const char * +auth_sasl_translate_protocol_name(struct auth_request *request) +{ + i_assert(request->fields.protocol != NULL); + + const char *protocol = request->fields.protocol; + + /* Translate to SASL/GSSAPI/Kerberos service name (IANA-registered) */ + if (strcasecmp(protocol, "POP3") == 0) { + /* The standard POP3 service name with SASL/GSSAPI/Kerberos is + called just "pop". */ + return "pop"; + } + + return t_str_lcase(protocol); +} + void auth_sasl_request_init(struct auth_request *request, const struct sasl_server_mech_def *mech) { sasl_server_request_create(&request->sasl.req, mech, + auth_sasl_translate_protocol_name(request), request->mech_event); } diff --git a/src/auth/sasl-server-mech-gssapi.c b/src/auth/sasl-server-mech-gssapi.c index 3606d2b87e..926a8241e3 100644 --- a/src/auth/sasl-server-mech-gssapi.c +++ b/src/auth/sasl-server-mech-gssapi.c @@ -116,7 +116,6 @@ obtain_service_credentials(struct gssapi_auth_request *request, string_t *principal_name; gss_buffer_desc inbuf; gss_name_t gss_principal; - const char *service_name; if (!gssapi_initialized) { gssapi_initialized = TRUE; @@ -130,16 +129,8 @@ obtain_service_credentials(struct gssapi_auth_request *request, return GSS_S_COMPLETE; } - if (strcasecmp(auth_request->request->fields.protocol, "POP3") == 0) { - /* The standard POP3 service name with GSSAPI is called - just "pop". */ - service_name = "pop"; - } else { - service_name = t_str_lcase(auth_request->request->fields.protocol); - } - principal_name = t_str_new(128); - str_append(principal_name, service_name); + str_append(principal_name, auth_request->protocol); str_append_c(principal_name, '@'); str_append(principal_name, auth_request->request->set->gssapi_hostname); diff --git a/src/auth/sasl-server-protected.h b/src/auth/sasl-server-protected.h index 8e6df4065a..ba1da40e6f 100644 --- a/src/auth/sasl-server-protected.h +++ b/src/auth/sasl-server-protected.h @@ -46,6 +46,7 @@ struct sasl_server_mech_request { const struct sasl_server_mech_def *mech; struct sasl_server_request *req; struct event *mech_event; + const char *protocol; // FIXME: To be removed struct auth_request *request; diff --git a/src/auth/sasl-server-request.c b/src/auth/sasl-server-request.c index cd36244524..6d4e048617 100644 --- a/src/auth/sasl-server-request.c +++ b/src/auth/sasl-server-request.c @@ -11,6 +11,7 @@ void sasl_server_request_create(struct sasl_server_req_ctx *rctx, const struct sasl_server_mech_def *mech, + const char *protocol, struct event *event_parent) { struct auth_request *request = @@ -36,6 +37,7 @@ void sasl_server_request_create(struct sasl_server_req_ctx *rctx, mreq->request = request; mreq->mech = mech; mreq->mech_event = event_parent; + mreq->protocol = p_strdup(mreq->pool, protocol); req->mech = mreq; rctx->mech = mech; diff --git a/src/auth/sasl-server.h b/src/auth/sasl-server.h index d6aa1f7ed3..eb2cc3c664 100644 --- a/src/auth/sasl-server.h +++ b/src/auth/sasl-server.h @@ -88,6 +88,7 @@ struct sasl_server_req_ctx { void sasl_server_request_create(struct sasl_server_req_ctx *rctx, const struct sasl_server_mech_def *mech, + const char *protocol, struct event *event_parent); void sasl_server_request_destroy(struct sasl_server_req_ctx *rctx);