From: Stephan Bosch Date: Sun, 5 Oct 2025 01:57:49 +0000 (+0200) Subject: lib-auth: auth-scram-server - Don't pass error message through set_*username() calls X-Git-Tag: 2.4.2~264 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1d27b6607c52d51a519a0ce5601cdd9e946f49e;p=thirdparty%2Fdovecot%2Fcore.git lib-auth: auth-scram-server - Don't pass error message through set_*username() calls Let the application log it directly. --- diff --git a/src/auth/sasl-server-mech-scram.c b/src/auth/sasl-server-mech-scram.c index 4f00e2b7b5..3735e70f70 100644 --- a/src/auth/sasl-server-mech-scram.c +++ b/src/auth/sasl-server-mech-scram.c @@ -62,24 +62,34 @@ credentials_callback(enum passdb_result result, static bool mech_scram_set_username(struct auth_scram_server *asserver, - const char *username, const char **error_r) + const char *username) { struct scram_auth_request *request = container_of(asserver, struct scram_auth_request, scram_server); struct auth_request *auth_request = &request->auth_request; + const char *error; - return auth_request_set_username(auth_request, username, error_r); + if (!auth_request_set_username(auth_request, username, &error)) { + e_info(auth_request->mech_event, "%s", error); + return FALSE; + } + return TRUE; } static bool mech_scram_set_login_username(struct auth_scram_server *asserver, - const char *username, const char **error_r) + const char *username) { struct scram_auth_request *request = container_of(asserver, struct scram_auth_request, scram_server); struct auth_request *auth_request = &request->auth_request; + const char *error; - return auth_request_set_login_username(auth_request, username, error_r); + if (!auth_request_set_login_username(auth_request, username, &error)) { + e_info(auth_request->mech_event, "login user: %s", error); + return FALSE; + } + return TRUE; } static void @@ -145,11 +155,20 @@ void mech_scram_auth_continue(struct auth_request *auth_request, &error_code, &error); if (ret < 0) { i_assert(error != NULL); - if (error_code == AUTH_SCRAM_SERVER_ERROR_VERIFICATION_FAILED) { + switch (error_code) { + case AUTH_SCRAM_SERVER_ERROR_NONE: + i_unreached(); + case AUTH_SCRAM_SERVER_ERROR_PROTOCOL_VIOLATION: + e_info(auth_request->mech_event, "%s", error); + break; + case AUTH_SCRAM_SERVER_ERROR_BAD_USERNAME: + case AUTH_SCRAM_SERVER_ERROR_BAD_LOGIN_USERNAME: + case AUTH_SCRAM_SERVER_ERROR_LOOKUP_FAILED: + break; + case AUTH_SCRAM_SERVER_ERROR_VERIFICATION_FAILED: e_info(auth_request->mech_event, AUTH_LOG_MSG_PASSWORD_MISMATCH); - } else { - e_info(auth_request->mech_event, "%s", error); + break; } sasl_server_request_failure(auth_request); return; diff --git a/src/lib-auth/auth-scram-server.c b/src/lib-auth/auth-scram-server.c index 3a884e0ba1..fe57807716 100644 --- a/src/lib-auth/auth-scram-server.c +++ b/src/lib-auth/auth-scram-server.c @@ -25,16 +25,15 @@ static bool auth_scram_server_set_username(struct auth_scram_server *server, - const char *username, const char **error_r) + const char *username) { - return server->backend->set_username(server, username, error_r); + return server->backend->set_username(server, username); } static bool auth_scram_server_set_login_username(struct auth_scram_server *server, - const char *username, const char **error_r) + const char *username) { - return server->backend->set_login_username(server, username, - error_r); + return server->backend->set_login_username(server, username); } static void @@ -517,13 +516,14 @@ auth_scram_server_input_client_first(struct auth_scram_server *server, /* Pass usernames to backend */ i_assert(username != NULL); - if (!auth_scram_server_set_username(server, username, error_r)) { + if (!auth_scram_server_set_username(server, username)) { + *error_r = "Bad username"; *error_code_r = AUTH_SCRAM_SERVER_ERROR_BAD_USERNAME; return -1; } if (login_username != NULL && - !auth_scram_server_set_login_username(server, login_username, - error_r)) { + !auth_scram_server_set_login_username(server, login_username)) { + *error_r = "Bad login username"; *error_code_r = AUTH_SCRAM_SERVER_ERROR_BAD_LOGIN_USERNAME; return -1; } diff --git a/src/lib-auth/auth-scram-server.h b/src/lib-auth/auth-scram-server.h index 7c54f98d72..bc01038f23 100644 --- a/src/lib-auth/auth-scram-server.h +++ b/src/lib-auth/auth-scram-server.h @@ -44,9 +44,9 @@ struct auth_scram_server_backend { /* Pass the authentication and authorization usernames to the backend. */ bool (*set_username)(struct auth_scram_server *server, - const char *username, const char **error_r); + const char *username); bool (*set_login_username)(struct auth_scram_server *server, - const char *username, const char **error_r); + const char *username); /* Start channel binding in backend with provided type. */ void (*start_channel_binding)(struct auth_scram_server *server, diff --git a/src/lib-auth/test-auth-scram.c b/src/lib-auth/test-auth-scram.c index 37dc595caa..5f13d5495a 100644 --- a/src/lib-auth/test-auth-scram.c +++ b/src/lib-auth/test-auth-scram.c @@ -37,36 +37,29 @@ struct backend_context { }; static bool -test_auth_set_username(struct auth_scram_server *asserver, const char *username, - const char **error_r) +test_auth_set_username(struct auth_scram_server *asserver, const char *username) { struct backend_context *bctx = container_of(asserver, struct backend_context, asserver); - if (bctx->expect_error == AUTH_SCRAM_SERVER_ERROR_BAD_USERNAME) { - *error_r = "Bad username"; + if (bctx->expect_error == AUTH_SCRAM_SERVER_ERROR_BAD_USERNAME) return FALSE; - } bctx->username = p_strdup(bctx->pool, username); - *error_r = NULL; return TRUE; } static bool test_auth_set_login_username(struct auth_scram_server *asserver, - const char *username, const char **error_r) + const char *username) { struct backend_context *bctx = container_of(asserver, struct backend_context, asserver); - if (bctx->expect_error == AUTH_SCRAM_SERVER_ERROR_BAD_LOGIN_USERNAME) { - *error_r = "Bad login username"; + if (bctx->expect_error == AUTH_SCRAM_SERVER_ERROR_BAD_LOGIN_USERNAME) return FALSE; - } bctx->login_username = p_strdup(bctx->pool, username); - *error_r = NULL; return TRUE; }