From: Stephan Bosch Date: Mon, 6 Mar 2023 13:45:00 +0000 (+0100) Subject: auth: sasl-server - Move mechanism activities to use struct sasl_server_mech_request X-Git-Tag: 2.4.2~255 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8036145f7c29329a20fbf1840cd37c59f4eb0b0;p=thirdparty%2Fdovecot%2Fcore.git auth: sasl-server - Move mechanism activities to use struct sasl_server_mech_request --- diff --git a/src/auth/auth-request-fields.c b/src/auth/auth-request-fields.c index 94eceda763..8dbb8c9b0e 100644 --- a/src/auth/auth-request-fields.c +++ b/src/auth/auth-request-fields.c @@ -7,6 +7,7 @@ #include "strescape.h" #include "str-sanitize.h" #include "base64.h" +#include "sasl-server-protected.h" // FIXME: remove #include "auth-request.h" void auth_request_fields_init(struct auth_request *request) diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c index da7a67ad78..07abdf7584 100644 --- a/src/auth/auth-request-handler.c +++ b/src/auth/auth-request-handler.c @@ -10,6 +10,7 @@ #include "str.h" #include "strescape.h" #include "str-sanitize.h" +#include "sasl-server-protected.h" // FIXME: remove #include "master-interface.h" #include "auth-sasl.h" #include "auth-penalty.h" diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index 416dfa1602..490cb75f1a 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -15,6 +15,7 @@ #include "hostpid.h" #include "settings.h" #include "master-service.h" +#include "sasl-server-protected.h" // FIXME: remove #include "auth-cache.h" #include "auth-request.h" #include "auth-request-handler.h" @@ -154,8 +155,11 @@ auth_request_new(const struct sasl_server_mech_def *mech, struct event *parent_event) { struct auth_request *request; + pool_t pool; - request = mech->auth_new(); + pool = pool_alloconly_create(MEMPOOL_GROWING"auth_request", 1024); + request = p_new(pool, struct auth_request, 1); + request->pool = pool; request->mech = mech; auth_request_post_alloc_init(request, parent_event); @@ -168,6 +172,8 @@ auth_request_new(const struct sasl_server_mech_def *mech, event_set_min_log_level(request->mech_event, level); event_set_append_log_prefix(request->mech_event, prefix); + auth_sasl_request_init(request, mech); + return request; } @@ -396,10 +402,8 @@ void auth_request_unref(struct auth_request **_request) timeout_remove(&request->to_abort); timeout_remove(&request->to_penalty); - if (request->mech != NULL) - request->mech->auth_free(request); - else - pool_unref(&request->pool); + auth_sasl_request_deinit(request); + pool_unref(&request->pool); } bool auth_request_import_master(struct auth_request *request, @@ -444,8 +448,7 @@ void auth_request_initial(struct auth_request *request) request->initial_response_len)) return; - request->mech->auth_initial(request, request->initial_response, - request->initial_response_len); + auth_sasl_request_initial(request); } void auth_request_continue(struct auth_request *request, @@ -466,7 +469,7 @@ void auth_request_continue(struct auth_request *request, return; auth_request_refresh_last_access(request); - request->mech->auth_continue(request, data, data_size); + auth_sasl_request_continue(request, data, data_size); } static void diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h index 9bc5b9d0bd..d829448e8f 100644 --- a/src/auth/auth-request.h +++ b/src/auth/auth-request.h @@ -17,6 +17,9 @@ #define AUTH_REQUEST_USER_KEY_IGNORE " " +struct sasl_server_mech_def; +struct sasl_server_mech_request; + struct auth_client_connection; enum auth_request_state { @@ -136,6 +139,7 @@ struct auth_request { enum passdb_result passdb_result; const struct sasl_server_mech_def *mech; + struct sasl_server_mech_request *sasl; /* Protocol-specific settings */ const struct auth_settings *protocol_set; /* Currently active settings. May be the same as protocol_set, but diff --git a/src/auth/auth-sasl-mech-apop.c b/src/auth/auth-sasl-mech-apop.c index c00d3777a8..349341e154 100644 --- a/src/auth/auth-sasl-mech-apop.c +++ b/src/auth/auth-sasl-mech-apop.c @@ -18,7 +18,7 @@ #include struct apop_auth_request { - struct auth_request auth_request; + struct sasl_server_mech_request auth_request; /* requested: */ char *challenge; @@ -44,7 +44,7 @@ static bool verify_credentials(struct apop_auth_request *request, static void apop_credentials_callback(enum passdb_result result, const unsigned char *credentials, size_t size, - struct auth_request *auth_request) + struct sasl_server_mech_request *auth_request) { struct apop_auth_request *request = container_of(auth_request, struct apop_auth_request, @@ -67,7 +67,7 @@ apop_credentials_callback(enum passdb_result result, } static void -mech_apop_auth_initial(struct auth_request *auth_request, +mech_apop_auth_initial(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct apop_auth_request *request = @@ -125,7 +125,7 @@ mech_apop_auth_initial(struct auth_request *auth_request, if (sscanf(request->challenge, "<%lx.%lx.%lx.", &pid, &connect_uid, ×tamp) != 3 || - connect_uid != auth_request->connect_uid || + connect_uid != auth_request->request->connect_uid || pid != (unsigned long)getpid() || (time_t)timestamp < process_start_time) { e_info(auth_request->mech_event, @@ -145,15 +145,12 @@ mech_apop_auth_initial(struct auth_request *auth_request, apop_credentials_callback); } -static struct auth_request *mech_apop_auth_new(void) +static struct sasl_server_mech_request *mech_apop_auth_new(pool_t pool) { struct apop_auth_request *request; - pool_t pool; - pool = pool_alloconly_create(MEMPOOL_GROWING"apop_auth_request", 2048); request = p_new(pool, struct apop_auth_request, 1); - request->auth_request.pool = pool; return &request->auth_request; } diff --git a/src/auth/auth-sasl-mech-dovecot-token.c b/src/auth/auth-sasl-mech-dovecot-token.c index 2eae84fe31..a9faf54f68 100644 --- a/src/auth/auth-sasl-mech-dovecot-token.c +++ b/src/auth/auth-sasl-mech-dovecot-token.c @@ -9,8 +9,8 @@ #include "auth-token.h" static void -mech_dovecot_token_auth_continue(struct auth_request *request, - const unsigned char *data, size_t data_size) +mech_dovecot_token_auth_continue(struct sasl_server_mech_request *request, + const unsigned char *data, size_t data_size) { const char *session_id, *username, *pid, *service; char *auth_token; @@ -50,13 +50,13 @@ mech_dovecot_token_auth_continue(struct auth_request *request, sasl_server_request_failure(request); } else { const char *valid_token = - auth_token_get(service, pid, request->fields.user, + auth_token_get(service, pid, request->request->fields.user, session_id); if (auth_token != NULL && str_equals_timing_almost_safe(auth_token, valid_token)) { - request->passdb_success = TRUE; - auth_request_set_field(request, "userdb_client_service", service, ""); + request->request->passdb_success = TRUE; + auth_request_set_field(request->request, "userdb_client_service", service, ""); sasl_server_request_success(request, NULL, 0); } else { sasl_server_request_failure(request); @@ -68,14 +68,12 @@ mech_dovecot_token_auth_continue(struct auth_request *request, safe_memset(auth_token, 0, strlen(auth_token)); } -static struct auth_request *mech_dovecot_token_auth_new(void) +static struct sasl_server_mech_request *mech_dovecot_token_auth_new(pool_t pool) { - struct auth_request *request; - pool_t pool; + struct sasl_server_mech_request *request; + + request = p_new(pool, struct sasl_server_mech_request, 1); - pool = pool_alloconly_create(MEMPOOL_GROWING"dovecot_token_auth_request", 512); - request = p_new(pool, struct auth_request, 1); - request->pool = pool; return request; } diff --git a/src/auth/auth-sasl-mech-oauth2.c b/src/auth/auth-sasl-mech-oauth2.c index 45cd9b825f..9e540dfdf5 100644 --- a/src/auth/auth-sasl-mech-oauth2.c +++ b/src/auth/auth-sasl-mech-oauth2.c @@ -8,7 +8,8 @@ static void oauth2_verify_finish(enum passdb_result result, struct auth_request *request) { struct oauth2_auth_request *oauth2_req = - container_of(request, struct oauth2_auth_request, request); + container_of(request->sasl, + struct oauth2_auth_request, request); struct sasl_server_oauth2_failure failure; i_zero(&failure); @@ -57,7 +58,7 @@ static void mech_oauth2_verify_token_continue(struct oauth2_auth_request *oauth2_req, const char *const *args) { - struct auth_request *request = &oauth2_req->request; + struct auth_request *request = oauth2_req->request.request; int parsed; enum passdb_result result; @@ -111,7 +112,7 @@ mech_oauth2_verify_token_local_continue(struct db_oauth2_request *db_req, const char *error, struct oauth2_auth_request *oauth2_req) { - struct auth_request *request = &oauth2_req->request; + struct auth_request *request = oauth2_req->request.request; if (result == PASSDB_RESULT_OK) { auth_request_set_password_verified(request); @@ -133,9 +134,9 @@ mech_oauth2_verify_token_local_continue(struct db_oauth2_request *db_req, static void auth_sasl_oauth2_verify_token(struct oauth2_auth_request *oauth2_req, - const char *token) + const char *token) { - struct auth_request *auth_request = &oauth2_req->request; + struct auth_request *auth_request = oauth2_req->request.request; auth_request_ref(auth_request); if (!db_oauth2_use_worker(oauth2_req->db)) { diff --git a/src/auth/auth-sasl.c b/src/auth/auth-sasl.c index a161d2ad90..48c42f1a2e 100644 --- a/src/auth/auth-sasl.c +++ b/src/auth/auth-sasl.c @@ -2,6 +2,7 @@ #include "lib.h" #include "sasl-server-protected.h" // FIXME: Use public API only +#include "sasl-server.h" #include "auth.h" #include "auth-common.h" #include "auth-sasl.h" @@ -154,6 +155,29 @@ auth_sasl_request_set_credentials(struct auth_request *request, set_credentials_callback); } +void auth_sasl_request_init(struct auth_request *request, + const struct sasl_server_mech_def *mech) +{ + sasl_server_request_create(request, mech, request->mech_event); +} + +void auth_sasl_request_deinit(struct auth_request *request) +{ + sasl_server_request_destroy(request); +} + +void auth_sasl_request_initial(struct auth_request *request) +{ + request->mech->auth_initial(request->sasl, request->initial_response, + request->initial_response_len); +} + +void auth_sasl_request_continue(struct auth_request *request, + const unsigned char *data, size_t data_size) +{ + request->mech->auth_continue(request->sasl, data, data_size); +} + /* * Mechanisms */ diff --git a/src/auth/auth-sasl.h b/src/auth/auth-sasl.h index 47c3025bb0..3fdded49bf 100644 --- a/src/auth/auth-sasl.h +++ b/src/auth/auth-sasl.h @@ -1,12 +1,13 @@ #ifndef AUTH_SASL_H #define AUTH_SASL_H -#include "auth-request.h" // FIXME: remove #include "sasl-server.h" /* Used only for string sanitization. */ #define AUTH_SASL_MAX_MECH_NAME_LEN 64 +struct auth_request; + struct auth_sasl_mech_module { const char *mech_name; }; @@ -58,6 +59,14 @@ auth_sasl_request_set_credentials(struct auth_request *request, const char *scheme, const char *data, set_credentials_callback_t *set_credentials_callback); +void auth_sasl_request_init(struct auth_request *request, + const struct sasl_server_mech_def *mech); +void auth_sasl_request_deinit(struct auth_request *request); + +void auth_sasl_request_initial(struct auth_request *request); +void auth_sasl_request_continue(struct auth_request *request, + const unsigned char *data, size_t data_size); + /* * Mechanisms */ diff --git a/src/auth/sasl-server-mech-anonymous.c b/src/auth/sasl-server-mech-anonymous.c index 50d674633d..3fede9a725 100644 --- a/src/auth/sasl-server-mech-anonymous.c +++ b/src/auth/sasl-server-mech-anonymous.c @@ -5,11 +5,9 @@ #include "sasl-server-protected.h" static void -mech_anonymous_auth_continue(struct auth_request *request, +mech_anonymous_auth_continue(struct sasl_server_mech_request *request, const unsigned char *data, size_t data_size) { - i_assert(*request->set->anonymous_username != '\0'); - if (!sasl_server_request_set_authid(request, SASL_SERVER_AUTHID_TYPE_ANONYMOUS, t_strndup(data, data_size))) { @@ -17,17 +15,15 @@ mech_anonymous_auth_continue(struct auth_request *request, return; } - request->passdb_success = TRUE; + request->request->passdb_success = TRUE; sasl_server_request_success(request, "", 0); } -static struct auth_request *mech_anonymous_auth_new(void) +static struct sasl_server_mech_request *mech_anonymous_auth_new(pool_t pool) { - struct auth_request *request; - pool_t pool; + struct sasl_server_mech_request *request; - pool = pool_alloconly_create(MEMPOOL_GROWING"anonymous_auth_request", 2048); - request = p_new(pool, struct auth_request, 1); + request = p_new(pool, struct sasl_server_mech_request, 1); request->pool = pool; return request; } diff --git a/src/auth/sasl-server-mech-cram-md5.c b/src/auth/sasl-server-mech-cram-md5.c index 8367436193..bbfcb23a5f 100644 --- a/src/auth/sasl-server-mech-cram-md5.c +++ b/src/auth/sasl-server-mech-cram-md5.c @@ -18,7 +18,7 @@ #include struct cram_auth_request { - struct auth_request auth_request; + struct sasl_server_mech_request auth_request; /* requested: */ char *challenge; @@ -45,7 +45,7 @@ static const char *get_cram_challenge(void) } static void -verify_credentials(struct auth_request *auth_request, +verify_credentials(struct sasl_server_mech_request *auth_request, const unsigned char *credentials, size_t size) { struct cram_auth_request *request = @@ -83,7 +83,7 @@ static bool parse_cram_response(struct cram_auth_request *request, const unsigned char *data, size_t size) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; size_t i, space; /* SPACE . Username may contain spaces, so assume @@ -112,7 +112,7 @@ parse_cram_response(struct cram_auth_request *request, static void credentials_callback(enum passdb_result result, const unsigned char *credentials, size_t size, - struct auth_request *auth_request) + struct sasl_server_mech_request *auth_request) { switch (result) { case SASL_PASSDB_RESULT_OK: @@ -128,7 +128,7 @@ credentials_callback(enum passdb_result result, } static void -mech_cram_md5_auth_continue(struct auth_request *auth_request, +mech_cram_md5_auth_continue(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct cram_auth_request *request = @@ -151,7 +151,7 @@ mech_cram_md5_auth_continue(struct auth_request *auth_request, } static void -mech_cram_md5_auth_initial(struct auth_request *auth_request, +mech_cram_md5_auth_initial(struct sasl_server_mech_request *auth_request, const unsigned char *data ATTR_UNUSED, size_t data_size ATTR_UNUSED) { @@ -164,15 +164,12 @@ mech_cram_md5_auth_initial(struct auth_request *auth_request, strlen(request->challenge)); } -static struct auth_request *mech_cram_md5_auth_new(void) +static struct sasl_server_mech_request *mech_cram_md5_auth_new(pool_t pool) { struct cram_auth_request *request; - pool_t pool; - pool = pool_alloconly_create(MEMPOOL_GROWING"cram_md5_auth_request", 2048); request = p_new(pool, struct cram_auth_request, 1); - request->auth_request.pool = pool; return &request->auth_request; } diff --git a/src/auth/sasl-server-mech-digest-md5.c b/src/auth/sasl-server-mech-digest-md5.c index 815311a3eb..cef11b9137 100644 --- a/src/auth/sasl-server-mech-digest-md5.c +++ b/src/auth/sasl-server-mech-digest-md5.c @@ -27,7 +27,7 @@ enum qop_option { }; struct digest_auth_request { - struct auth_request auth_request; + struct sasl_server_mech_request auth_request; /* requested: */ char *nonce; @@ -53,8 +53,8 @@ static_assert_array_size(qop_names, QOP_COUNT); static string_t *get_digest_challenge(struct digest_auth_request *request) { - struct auth_request *auth_request = &request->auth_request; - const struct auth_settings *set = auth_request->set; + struct sasl_server_mech_request *auth_request = &request->auth_request; + const struct auth_settings *set = auth_request->request->set; buffer_t buf; string_t *str; const char *const *tmp; @@ -111,7 +111,7 @@ static string_t *get_digest_challenge(struct digest_auth_request *request) } static void -verify_credentials(struct auth_request *auth_request, +verify_credentials(struct sasl_server_mech_request *auth_request, const unsigned char *credentials, size_t size) { struct digest_auth_request *request = @@ -290,13 +290,13 @@ static bool auth_handle_response(struct digest_auth_request *request, char *key, char *value, const char **error) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; unsigned int i; (void)str_lcase(key); if (strcmp(key, "realm") == 0) { - if (auth_request->fields.realm == NULL && *value != '\0') + if (auth_request->request->fields.realm == NULL && *value != '\0') sasl_server_request_set_realm(auth_request, value); return TRUE; } @@ -465,7 +465,7 @@ parse_digest_response(struct digest_auth_request *request, const unsigned char *data, size_t size, const char **error) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; char *copy, *key, *value; bool failed; @@ -531,7 +531,7 @@ parse_digest_response(struct digest_auth_request *request, static void credentials_callback(enum passdb_result result, const unsigned char *credentials, size_t size, - struct auth_request *auth_request) + struct sasl_server_mech_request *auth_request) { switch (result) { case SASL_PASSDB_RESULT_OK: @@ -547,7 +547,7 @@ credentials_callback(enum passdb_result result, } static void -mech_digest_md5_auth_continue(struct auth_request *auth_request, +mech_digest_md5_auth_continue(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct digest_auth_request *request = @@ -578,7 +578,7 @@ mech_digest_md5_auth_continue(struct auth_request *auth_request, } static void -mech_digest_md5_auth_initial(struct auth_request *auth_request, +mech_digest_md5_auth_initial(struct sasl_server_mech_request *auth_request, const unsigned char *data ATTR_UNUSED, size_t data_size ATTR_UNUSED) { @@ -594,17 +594,13 @@ mech_digest_md5_auth_initial(struct auth_request *auth_request, str_len(challenge)); } -static struct auth_request *mech_digest_md5_auth_new(void) +static struct sasl_server_mech_request *mech_digest_md5_auth_new(pool_t pool) { struct digest_auth_request *request; - pool_t pool; - pool = pool_alloconly_create( - MEMPOOL_GROWING"digest_md5_auth_request", 2048); request = p_new(pool, struct digest_auth_request, 1); request->qop = QOP_AUTH; - request->auth_request.pool = pool; return &request->auth_request; } @@ -625,7 +621,7 @@ void mech_digest_test_set_nonce(struct auth_request *auth_request, const char *nonce) { struct digest_auth_request *request = - container_of(auth_request, struct digest_auth_request, + container_of(auth_request->sasl, struct digest_auth_request, auth_request); i_assert(auth_request->mech == &mech_digest_md5); diff --git a/src/auth/sasl-server-mech-external.c b/src/auth/sasl-server-mech-external.c index 4b1ba21c3e..53ac82846c 100644 --- a/src/auth/sasl-server-mech-external.c +++ b/src/auth/sasl-server-mech-external.c @@ -6,7 +6,7 @@ #include "sasl-server-mech-plain-common.h" static void -mech_external_auth_continue(struct auth_request *request, +mech_external_auth_continue(struct sasl_server_mech_request *request, const unsigned char *data, size_t data_size) { const char *authzid; @@ -28,14 +28,12 @@ mech_external_auth_continue(struct auth_request *request, request, "", sasl_server_mech_plain_verify_callback); } -static struct auth_request *mech_external_auth_new(void) +static struct sasl_server_mech_request *mech_external_auth_new(pool_t pool) { - struct auth_request *request; - pool_t pool; + struct sasl_server_mech_request *request; + + request = p_new(pool, struct sasl_server_mech_request, 1); - pool = pool_alloconly_create(MEMPOOL_GROWING"external_auth_request", 2048); - request = p_new(pool, struct auth_request, 1); - request->pool = pool; return request; } diff --git a/src/auth/sasl-server-mech-gssapi.c b/src/auth/sasl-server-mech-gssapi.c index 913f97fffe..2ec148b877 100644 --- a/src/auth/sasl-server-mech-gssapi.c +++ b/src/auth/sasl-server-mech-gssapi.c @@ -50,7 +50,7 @@ enum sasl_gssapi_qop { }; struct gssapi_auth_request { - struct auth_request auth_request; + struct sasl_server_mech_request auth_request; gss_ctx_id_t gss_ctx; gss_cred_id_t service_cred; @@ -78,7 +78,7 @@ mech_gssapi_log_error(struct gssapi_auth_request *request, OM_uint32 status_value, int status_type, const char *description) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; OM_uint32 message_context = 0; OM_uint32 minor_status; gss_buffer_desc status_string; @@ -96,18 +96,14 @@ mech_gssapi_log_error(struct gssapi_auth_request *request, } while (message_context != 0); } -static struct auth_request *mech_gssapi_auth_new(void) +static struct sasl_server_mech_request *mech_gssapi_auth_new(pool_t pool) { struct gssapi_auth_request *request; - pool_t pool; - pool = pool_alloconly_create( - MEMPOOL_GROWING"gssapi_auth_request", 2048); request = p_new(pool, struct gssapi_auth_request, 1); request->gss_ctx = GSS_C_NO_CONTEXT; - request->auth_request.pool = pool; return &request->auth_request; } @@ -115,7 +111,7 @@ static OM_uint32 obtain_service_credentials(struct gssapi_auth_request *request, gss_cred_id_t *ret_r) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; OM_uint32 major_status, minor_status; string_t *principal_name; gss_buffer_desc inbuf; @@ -124,28 +120,28 @@ obtain_service_credentials(struct gssapi_auth_request *request, if (!gssapi_initialized) { gssapi_initialized = TRUE; - mech_gssapi_initialize(auth_request->set); + mech_gssapi_initialize(auth_request->request->set); } - if (strcmp(auth_request->set->gssapi_hostname, "$ALL") == 0) { + if (strcmp(auth_request->request->set->gssapi_hostname, "$ALL") == 0) { e_debug(auth_request->mech_event, "Using all keytab entries"); *ret_r = GSS_C_NO_CREDENTIAL; return GSS_S_COMPLETE; } - if (strcasecmp(auth_request->fields.protocol, "POP3") == 0) { + if (strcasecmp(auth_request->request->fields.protocol, "POP3") == 0) { /* The standard POP3 service name with GSSAPI is called just "pop". */ service_name = "pop"; } else { - service_name = t_str_lcase(auth_request->fields.protocol); + service_name = t_str_lcase(auth_request->request->fields.protocol); } principal_name = t_str_new(128); str_append(principal_name, service_name); str_append_c(principal_name, '@'); - str_append(principal_name, auth_request->set->gssapi_hostname); + str_append(principal_name, auth_request->request->set->gssapi_hostname); e_debug(auth_request->mech_event, "Obtaining credentials for %s", str_c(principal_name)); @@ -233,7 +229,7 @@ static int get_display_name(struct gssapi_auth_request *request, gss_name_t name, gss_OID *name_type_r, const char **display_name_r) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; OM_uint32 major_status, minor_status; gss_buffer_desc buf; @@ -265,7 +261,7 @@ static int mech_gssapi_sec_context(struct gssapi_auth_request *request, gss_buffer_desc inbuf) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; OM_uint32 major_status, minor_status; gss_buffer_desc output_token; gss_OID name_type; @@ -343,7 +339,7 @@ mech_gssapi_sec_context(struct gssapi_auth_request *request, static int mech_gssapi_wrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; OM_uint32 major_status, minor_status; gss_buffer_desc outbuf; unsigned char ret[4]; @@ -384,7 +380,7 @@ mech_gssapi_wrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) static bool k5_principal_is_authorized(struct gssapi_auth_request *request, const char *name) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; const char *value, *const *authorized_names, *const *tmp; if (!sasl_server_request_get_extra_field(auth_request, "k5principals", @@ -407,7 +403,7 @@ mech_gssapi_krb5_userok(struct gssapi_auth_request *request, gss_name_t name, const char *login_user, bool check_name_type) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; krb5_context ctx; krb5_principal princ; krb5_error_code krb5_err; @@ -463,7 +459,7 @@ mech_gssapi_krb5_userok(struct gssapi_auth_request *request, static int mech_gssapi_userok(struct gssapi_auth_request *request, const char *login_user) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; OM_uint32 major_status, minor_status; int equal_authn_authz; @@ -495,7 +491,7 @@ static void gssapi_credentials_callback(enum passdb_result result, const unsigned char *credentials ATTR_UNUSED, size_t size ATTR_UNUSED, - struct auth_request *auth_request) + struct sasl_server_mech_request *auth_request) { struct gssapi_auth_request *request = container_of(auth_request, struct gssapi_auth_request, @@ -521,7 +517,7 @@ gssapi_credentials_callback(enum passdb_result result, break; } - if (mech_gssapi_userok(request, auth_request->fields.user) == 0) + if (mech_gssapi_userok(request, auth_request->request->fields.user) == 0) sasl_server_request_success(auth_request, NULL, 0); else sasl_server_request_failure(auth_request); @@ -530,7 +526,7 @@ gssapi_credentials_callback(enum passdb_result result, static int mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; OM_uint32 major_status, minor_status; gss_buffer_desc outbuf; const char *login_user, *error; @@ -601,7 +597,7 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) /* Continue in callback once auth_request is populated with passdb information. */ - auth_request->passdb_success = TRUE; /* default to success */ + auth_request->request->passdb_success = TRUE; /* default to success */ sasl_server_request_lookup_credentials(auth_request, "", gssapi_credentials_callback); (void)gss_release_buffer(&minor_status, &outbuf); @@ -609,7 +605,7 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) } static void -mech_gssapi_auth_continue(struct auth_request *auth_request, +mech_gssapi_auth_continue(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct gssapi_auth_request *request = @@ -639,7 +635,7 @@ mech_gssapi_auth_continue(struct auth_request *auth_request, } static void -mech_gssapi_auth_initial(struct auth_request *auth_request, +mech_gssapi_auth_initial(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct gssapi_auth_request *request = @@ -668,7 +664,7 @@ mech_gssapi_auth_initial(struct auth_request *auth_request, } static void -mech_gssapi_auth_free(struct auth_request *auth_request) +mech_gssapi_auth_free(struct sasl_server_mech_request *auth_request) { struct gssapi_auth_request *request = container_of(auth_request, struct gssapi_auth_request, @@ -686,7 +682,6 @@ mech_gssapi_auth_free(struct auth_request *auth_request) (void)gss_release_name(&minor_status, &request->authn_name); if (request->authz_name != GSS_C_NO_NAME) (void)gss_release_name(&minor_status, &request->authz_name); - pool_unref(&auth_request->pool); } const struct sasl_server_mech_def mech_gssapi = { diff --git a/src/auth/sasl-server-mech-login.c b/src/auth/sasl-server-mech-login.c index 13bdfb579e..40770cdd3a 100644 --- a/src/auth/sasl-server-mech-login.c +++ b/src/auth/sasl-server-mech-login.c @@ -13,13 +13,13 @@ #include "sasl-server-mech-plain-common.h" static void -mech_login_auth_continue(struct auth_request *request, +mech_login_auth_continue(struct sasl_server_mech_request *request, const unsigned char *data, size_t data_size) { static const char prompt2[] = "Password:"; const char *username; - if (request->fields.user == NULL) { + if (request->request->fields.user == NULL) { username = t_strndup(data, data_size); if (!sasl_server_request_set_authid( @@ -39,7 +39,7 @@ mech_login_auth_continue(struct auth_request *request, } static void -mech_login_auth_initial(struct auth_request *request, +mech_login_auth_initial(struct sasl_server_mech_request *request, const unsigned char *data, size_t data_size) { static const char prompt1[] = "Username:"; @@ -51,14 +51,12 @@ mech_login_auth_initial(struct auth_request *request, } } -static struct auth_request *mech_login_auth_new(void) +static struct sasl_server_mech_request *mech_login_auth_new(pool_t pool) { - struct auth_request *request; - pool_t pool; + struct sasl_server_mech_request *request; + + request = p_new(pool, struct sasl_server_mech_request, 1); - pool = pool_alloconly_create(MEMPOOL_GROWING"login_auth_request", 2048); - request = p_new(pool, struct auth_request, 1); - request->pool = pool; return request; } diff --git a/src/auth/sasl-server-mech-oauth2.c b/src/auth/sasl-server-mech-oauth2.c index f8548abf81..17a3178393 100644 --- a/src/auth/sasl-server-mech-oauth2.c +++ b/src/auth/sasl-server-mech-oauth2.c @@ -15,7 +15,7 @@ #include "sasl-server-oauth2.h" struct oauth2_auth_request { - struct auth_request request; + struct sasl_server_mech_request request; struct db_oauth2 *db; struct db_oauth2_request db_req; lookup_credentials_callback_t *callback; @@ -33,7 +33,7 @@ static void oauth2_fail(struct oauth2_auth_request *oauth2_req, const struct sasl_server_oauth2_failure *failure) { - struct auth_request *request = &oauth2_req->request; + struct sasl_server_mech_request *request = &oauth2_req->request; if (failure == NULL) { sasl_server_request_internal_failure(request); @@ -95,10 +95,12 @@ static void oauth2_fail_invalid_token(struct oauth2_auth_request *oauth2_req) oauth2_fail_status(oauth2_req, "invalid_token"); } -void sasl_server_oauth2_request_succeed(struct auth_request *request) +void sasl_server_oauth2_request_succeed(struct auth_request *auth_request) { - i_assert(strcmp(request->mech->mech_name, "OAUTHBEARER") == 0 || - strcmp(request->mech->mech_name, "XOAUTH2") == 0); + struct sasl_server_mech_request *request = auth_request->sasl; + + i_assert(request->mech == &mech_oauthbearer || + request->mech == &mech_xoauth2); struct oauth2_auth_request *oauth2_req = container_of(request, struct oauth2_auth_request, request); @@ -108,11 +110,13 @@ void sasl_server_oauth2_request_succeed(struct auth_request *request) } void sasl_server_oauth2_request_fail( - struct auth_request *request, + struct auth_request *auth_request, const struct sasl_server_oauth2_failure *failure) { - i_assert(strcmp(request->mech->mech_name, "OAUTHBEARER") == 0 || - strcmp(request->mech->mech_name, "XOAUTH2") == 0); + struct sasl_server_mech_request *request = auth_request->sasl; + + i_assert(request->mech == &mech_oauthbearer || + request->mech == &mech_xoauth2); struct oauth2_auth_request *oauth2_req = container_of(request, struct oauth2_auth_request, request); @@ -136,7 +140,7 @@ mech_oauth2_verify_token(struct oauth2_auth_request *oauth2_req, gs2flag,a=username,^Afield=...^Afield=...^Aauth=Bearer token^A^A */ static void -mech_oauthbearer_auth_continue(struct auth_request *request, +mech_oauthbearer_auth_continue(struct sasl_server_mech_request *request, const unsigned char *data, size_t data_size) { @@ -144,8 +148,8 @@ mech_oauthbearer_auth_continue(struct auth_request *request, container_of(request, struct oauth2_auth_request, request); if (oauth2_req->db == NULL) { - e_error(request->event, "BUG: oauth2 database missing"); - auth_request_internal_failure(request); + e_error(request->mech_event, "BUG: oauth2 database missing"); + sasl_server_request_internal_failure(request); return; } if (data_size == 0) { @@ -232,7 +236,7 @@ mech_oauthbearer_auth_continue(struct auth_request *request, user=Username^Aauth=Bearer token^A^A */ static void -mech_xoauth2_auth_continue(struct auth_request *request, +mech_xoauth2_auth_continue(struct sasl_server_mech_request *request, const unsigned char *data, size_t data_size) { @@ -240,8 +244,8 @@ mech_xoauth2_auth_continue(struct auth_request *request, container_of(request, struct oauth2_auth_request, request); if (oauth2_req->db == NULL) { - e_error(request->event, "BUG: oauth2 database missing"); - auth_request_internal_failure(request); + e_error(request->mech_event, "BUG: oauth2 database missing"); + sasl_server_request_internal_failure(request); return; } if (data_size == 0) { @@ -296,16 +300,14 @@ mech_xoauth2_auth_continue(struct auth_request *request, } } -static struct auth_request *mech_oauth2_auth_new(void) +static struct sasl_server_mech_request *mech_oauth2_auth_new(pool_t pool) { struct oauth2_auth_request *request; - pool_t pool = pool_alloconly_create_clean(MEMPOOL_GROWING - "oauth2_auth_request", 2048); request = p_new(pool, struct oauth2_auth_request, 1); - request->request.pool = pool; request->db_req.pool = pool; request->db = db_oauth2; + return &request->request; } diff --git a/src/auth/sasl-server-mech-otp.c b/src/auth/sasl-server-mech-otp.c index 26f900a52b..9bebf531dc 100644 --- a/src/auth/sasl-server-mech-otp.c +++ b/src/auth/sasl-server-mech-otp.c @@ -16,14 +16,14 @@ #include "mech-otp.h" struct otp_auth_request { - struct auth_request auth_request; + struct sasl_server_mech_request auth_request; bool lock; struct otp_state state; }; -static HASH_TABLE(char *, struct auth_request *) otp_lock_table; +static HASH_TABLE(char *, struct sasl_server_mech_request *) otp_lock_table; /* * Locking @@ -45,13 +45,13 @@ static void otp_lock_deinit(void) static bool otp_try_lock(struct otp_auth_request *request) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; if (hash_table_lookup(otp_lock_table, - auth_request->fields.user) != NULL) + auth_request->request->fields.user) != NULL) return FALSE; - hash_table_insert(otp_lock_table, auth_request->fields.user, + hash_table_insert(otp_lock_table, auth_request->request->fields.user, auth_request); request->lock = TRUE; return TRUE; @@ -59,12 +59,12 @@ static bool otp_try_lock(struct otp_auth_request *request) static void otp_unlock(struct otp_auth_request *request) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; if (!request->lock) return; - hash_table_remove(otp_lock_table, auth_request->fields.user); + hash_table_remove(otp_lock_table, auth_request->request->fields.user); request->lock = FALSE; } @@ -76,7 +76,7 @@ static void otp_send_challenge(struct otp_auth_request *request, const unsigned char *credentials, size_t size) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; const char *answer; if (otp_parse_dbentry(t_strndup(credentials, size), @@ -111,7 +111,7 @@ otp_send_challenge(struct otp_auth_request *request, static void otp_credentials_callback(enum passdb_result result, const unsigned char *credentials, size_t size, - struct auth_request *auth_request) + struct sasl_server_mech_request *auth_request) { struct otp_auth_request *request = container_of(auth_request, struct otp_auth_request, @@ -134,7 +134,7 @@ static void mech_otp_auth_phase1(struct otp_auth_request *request, const unsigned char *data, size_t data_size) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; const char *authenid; size_t i, count; @@ -168,7 +168,8 @@ mech_otp_auth_phase1(struct otp_auth_request *request, } static void -otp_set_credentials_callback(bool success, struct auth_request *auth_request) +otp_set_credentials_callback(bool success, + struct sasl_server_mech_request *auth_request) { struct otp_auth_request *request = container_of(auth_request, struct otp_auth_request, @@ -187,7 +188,7 @@ otp_set_credentials_callback(bool success, struct auth_request *auth_request) static void mech_otp_verify(struct otp_auth_request *request, const char *data, bool hex) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; struct otp_state *state = &request->state; unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE]; int ret; @@ -220,7 +221,7 @@ static void mech_otp_verify_init(struct otp_auth_request *request, const char *data, bool hex) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; struct otp_state new_state; unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE]; const char *error; @@ -253,7 +254,7 @@ static void mech_otp_auth_phase2(struct otp_auth_request *request, const unsigned char *data, size_t data_size) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; const char *value, *str = t_strndup(data, data_size); if (str_begins(str, "hex:", &value)) @@ -273,44 +274,38 @@ mech_otp_auth_phase2(struct otp_auth_request *request, } static void -mech_otp_auth_continue(struct auth_request *auth_request, +mech_otp_auth_continue(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct otp_auth_request *request = container_of(auth_request, struct otp_auth_request, auth_request); - if (auth_request->fields.user == NULL) + if (auth_request->request->fields.user == NULL) mech_otp_auth_phase1(request, data, data_size); else mech_otp_auth_phase2(request, data, data_size); } -static struct auth_request *mech_otp_auth_new(void) +static struct sasl_server_mech_request *mech_otp_auth_new(pool_t pool) { struct otp_auth_request *request; - pool_t pool; otp_lock_init(); - pool = pool_alloconly_create(MEMPOOL_GROWING"otp_auth_request", 2048); request = p_new(pool, struct otp_auth_request, 1); request->lock = FALSE; - request->auth_request.refcount = 1; - request->auth_request.pool = pool; return &request->auth_request; } -static void mech_otp_auth_free(struct auth_request *auth_request) +static void mech_otp_auth_free(struct sasl_server_mech_request *auth_request) { struct otp_auth_request *request = container_of(auth_request, struct otp_auth_request, auth_request); otp_unlock(request); - - pool_unref(&auth_request->pool); } /* diff --git a/src/auth/sasl-server-mech-plain-common.c b/src/auth/sasl-server-mech-plain-common.c index d2bdb90f6e..201fc940f4 100644 --- a/src/auth/sasl-server-mech-plain-common.c +++ b/src/auth/sasl-server-mech-plain-common.c @@ -5,8 +5,8 @@ #include "sasl-server-protected.h" #include "sasl-server-mech-plain-common.h" -void sasl_server_mech_plain_verify_callback(enum passdb_result result, - struct auth_request *request) +void sasl_server_mech_plain_verify_callback( + enum passdb_result result, struct sasl_server_mech_request *request) { switch (result) { case SASL_PASSDB_RESULT_OK: diff --git a/src/auth/sasl-server-mech-plain-common.h b/src/auth/sasl-server-mech-plain-common.h index 9c41d436fc..82bb1740d6 100644 --- a/src/auth/sasl-server-mech-plain-common.h +++ b/src/auth/sasl-server-mech-plain-common.h @@ -1,7 +1,7 @@ #ifndef SASL_SERVER_MECH_PLAIN_COMMON_H #define SASL_SERVER_MECH_PLAIN_COMMON_H -void sasl_server_mech_plain_verify_callback(enum passdb_result result, - struct auth_request *request); +void sasl_server_mech_plain_verify_callback( + enum passdb_result result, struct sasl_server_mech_request *request); #endif diff --git a/src/auth/sasl-server-mech-plain.c b/src/auth/sasl-server-mech-plain.c index 3ce208f585..ef002e651d 100644 --- a/src/auth/sasl-server-mech-plain.c +++ b/src/auth/sasl-server-mech-plain.c @@ -7,7 +7,7 @@ #include "sasl-server-mech-plain-common.h" static void -mech_plain_auth_continue(struct auth_request *request, +mech_plain_auth_continue(struct sasl_server_mech_request *request, const unsigned char *data, size_t data_size) { const char *authid, *authenid; @@ -62,14 +62,12 @@ mech_plain_auth_continue(struct auth_request *request, safe_memset(pass, 0, strlen(pass)); } -static struct auth_request *mech_plain_auth_new(void) +static struct sasl_server_mech_request *mech_plain_auth_new(pool_t pool) { - struct auth_request *request; - pool_t pool; + struct sasl_server_mech_request *request; + + request = p_new(pool, struct sasl_server_mech_request, 1); - pool = pool_alloconly_create(MEMPOOL_GROWING"plain_auth_request", 2048); - request = p_new(pool, struct auth_request, 1); - request->pool = pool; return request; } diff --git a/src/auth/sasl-server-mech-scram.c b/src/auth/sasl-server-mech-scram.c index c7c51a8305..3f7a906d2b 100644 --- a/src/auth/sasl-server-mech-scram.c +++ b/src/auth/sasl-server-mech-scram.c @@ -9,7 +9,7 @@ #include "sasl-server-mech-scram.h" struct scram_auth_request { - struct auth_request auth_request; + struct sasl_server_mech_request auth_request; const char *password_scheme; @@ -20,7 +20,7 @@ struct scram_auth_request { static void credentials_callback(enum passdb_result result, const unsigned char *credentials, size_t size, - struct auth_request *auth_request) + struct sasl_server_mech_request *auth_request) { struct scram_auth_request *request = container_of(auth_request, struct scram_auth_request, @@ -66,7 +66,7 @@ mech_scram_set_username(struct auth_scram_server *asserver, { struct scram_auth_request *request = container_of(asserver, struct scram_auth_request, scram_server); - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; return sasl_server_request_set_authid(auth_request, SASL_SERVER_AUTHID_TYPE_USERNAME, @@ -79,7 +79,7 @@ mech_scram_set_login_username(struct auth_scram_server *asserver, { struct scram_auth_request *request = container_of(asserver, struct scram_auth_request, scram_server); - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; return sasl_server_request_set_authzid(auth_request, username); } @@ -90,7 +90,7 @@ mech_scram_start_channel_binding(struct auth_scram_server *asserver, { struct scram_auth_request *request = container_of(asserver, struct scram_auth_request, scram_server); - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; sasl_server_request_start_channel_binding(auth_request, type); } @@ -101,7 +101,7 @@ mech_scram_accept_channel_binding(struct auth_scram_server *asserver, { struct scram_auth_request *request = container_of(asserver, struct scram_auth_request, scram_server); - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; return sasl_server_request_accept_channel_binding(auth_request, data_r); } @@ -112,7 +112,7 @@ mech_scram_credentials_lookup(struct auth_scram_server *asserver, { struct scram_auth_request *request = container_of(asserver, struct scram_auth_request, scram_server); - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; request->key_data = key_data; sasl_server_request_lookup_credentials(auth_request, @@ -131,7 +131,7 @@ static const struct auth_scram_server_backend scram_server_backend = { .credentials_lookup = mech_scram_credentials_lookup, }; -void mech_scram_auth_continue(struct auth_request *auth_request, +void mech_scram_auth_continue(struct sasl_server_mech_request *auth_request, const unsigned char *input, size_t input_len) { struct scram_auth_request *request = @@ -177,14 +177,12 @@ void mech_scram_auth_continue(struct auth_request *auth_request, sasl_server_request_success(auth_request, output, output_len); } -struct auth_request * -mech_scram_auth_new(const struct hash_method *hash_method, +struct sasl_server_mech_request * +mech_scram_auth_new(pool_t pool, const struct hash_method *hash_method, const char *password_scheme) { struct scram_auth_request *request; - pool_t pool; - pool = pool_alloconly_create(MEMPOOL_GROWING"scram_auth_request", 2048); request = p_new(pool, struct scram_auth_request, 1); request->password_scheme = password_scheme; @@ -211,28 +209,26 @@ mech_scram_auth_new(const struct hash_method *hash_method, auth_scram_server_init(&request->scram_server, pool, &scram_set, &scram_server_backend); - request->auth_request.pool = pool; return &request->auth_request; } -static struct auth_request *mech_scram_sha1_auth_new(void) +static struct sasl_server_mech_request *mech_scram_sha1_auth_new(pool_t pool) { - return mech_scram_auth_new(&hash_method_sha1, "SCRAM-SHA-1"); + return mech_scram_auth_new(pool, &hash_method_sha1, "SCRAM-SHA-1"); } -static struct auth_request *mech_scram_sha256_auth_new(void) +static struct sasl_server_mech_request *mech_scram_sha256_auth_new(pool_t pool) { - return mech_scram_auth_new(&hash_method_sha256, "SCRAM-SHA-256"); + return mech_scram_auth_new(pool, &hash_method_sha256, "SCRAM-SHA-256"); } -static void mech_scram_auth_free(struct auth_request *auth_request) +static void mech_scram_auth_free(struct sasl_server_mech_request *auth_request) { struct scram_auth_request *request = container_of(auth_request, struct scram_auth_request, auth_request); auth_scram_server_deinit(&request->scram_server); - pool_unref(&auth_request->pool); } const struct sasl_server_mech_def mech_scram_sha1 = { diff --git a/src/auth/sasl-server-mech-scram.h b/src/auth/sasl-server-mech-scram.h index 2fceea457a..3c00f2804e 100644 --- a/src/auth/sasl-server-mech-scram.h +++ b/src/auth/sasl-server-mech-scram.h @@ -1,10 +1,10 @@ #ifndef SASL_SERVER_MECH_SCRAM_H #define SASL_SERVER_MECH_SCRAM_H -struct auth_request * -mech_scram_auth_new(const struct hash_method *hash_method, +struct sasl_server_mech_request * +mech_scram_auth_new(pool_t pool, const struct hash_method *hash_method, const char *password_scheme); -void mech_scram_auth_continue(struct auth_request *auth_request, - const unsigned char *data, size_t data_size); +void mech_scram_auth_continue(struct sasl_server_mech_request *auth_request, + const unsigned char *input, size_t input_len); #endif diff --git a/src/auth/sasl-server-mech-winbind.c b/src/auth/sasl-server-mech-winbind.c index eb111d39fd..6eb17202b0 100644 --- a/src/auth/sasl-server-mech-winbind.c +++ b/src/auth/sasl-server-mech-winbind.c @@ -38,7 +38,7 @@ struct winbind_helper { }; struct winbind_auth_request { - struct auth_request auth_request; + struct sasl_server_mech_request auth_request; struct winbind_helper *winbind; bool continued; @@ -160,7 +160,7 @@ static enum helper_result do_auth_continue(struct winbind_auth_request *request, const unsigned char *data, size_t data_size) { - struct auth_request *auth_request = &request->auth_request; + struct sasl_server_mech_request *auth_request = &request->auth_request; struct istream *in_pipe = request->winbind->in_pipe; string_t *str; char *answer; @@ -262,7 +262,7 @@ do_auth_continue(struct winbind_auth_request *request, user)) return HR_FAIL; - request->auth_request.passdb_success = TRUE; + request->auth_request.request->passdb_success = TRUE; if (gss_spnego && strcmp(token[1], "*") != 0) { buffer_t *buf; @@ -287,20 +287,20 @@ do_auth_continue(struct winbind_auth_request *request, } static void -mech_winbind_auth_initial(struct auth_request *auth_request, +mech_winbind_auth_initial(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct winbind_auth_request *request = container_of(auth_request, struct winbind_auth_request, auth_request); - winbind_helper_connect(auth_request->set, request->winbind, - auth_request->event); + winbind_helper_connect(auth_request->request->set, request->winbind, + auth_request->mech_event); sasl_server_mech_generic_auth_initial(auth_request, data, data_size); } static void -mech_winbind_auth_continue(struct auth_request *auth_request, +mech_winbind_auth_continue(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { struct winbind_auth_request *request = @@ -316,27 +316,27 @@ mech_winbind_auth_continue(struct auth_request *auth_request, } } -static struct auth_request *do_auth_new(struct winbind_helper *winbind) +static struct sasl_server_mech_request * +do_auth_new(pool_t pool, struct winbind_helper *winbind) { struct winbind_auth_request *request; - pool_t pool; - pool = pool_alloconly_create(MEMPOOL_GROWING"winbind_auth_request", 2048); request = p_new(pool, struct winbind_auth_request, 1); - request->auth_request.pool = pool; - request->winbind = winbind; + return &request->auth_request; } -static struct auth_request *mech_winbind_ntlm_auth_new(void) +static struct sasl_server_mech_request * +mech_winbind_ntlm_auth_new(pool_t pool) { - return do_auth_new(&winbind_ntlm_context); + return do_auth_new(pool, &winbind_ntlm_context); } -static struct auth_request *mech_winbind_spnego_auth_new(void) +static struct sasl_server_mech_request * +mech_winbind_spnego_auth_new(pool_t pool) { - return do_auth_new(&winbind_spnego_context); + return do_auth_new(pool, &winbind_spnego_context); } const struct sasl_server_mech_def mech_winbind_ntlm = { diff --git a/src/auth/sasl-server-mech.c b/src/auth/sasl-server-mech.c index 46d5951318..91db9420cb 100644 --- a/src/auth/sasl-server-mech.c +++ b/src/auth/sasl-server-mech.c @@ -4,19 +4,21 @@ #include "sasl-server-private.h" -void sasl_server_mech_generic_auth_initial(struct auth_request *request, - const unsigned char *data, - size_t data_size) +void sasl_server_mech_generic_auth_initial( + struct sasl_server_mech_request *mreq, + const unsigned char *data, size_t data_size) { + struct auth_request *request = mreq->request; + if (data == NULL) { - sasl_server_request_output(request, uchar_empty_ptr, 0); + sasl_server_request_output(mreq, uchar_empty_ptr, 0); } else { /* initial reply given, even if it was 0 bytes */ - request->mech->auth_continue(request, data, data_size); + request->mech->auth_continue(mreq, data, data_size); } } -void sasl_server_mech_generic_auth_free(struct auth_request *request) +void sasl_server_mech_generic_auth_free(struct sasl_server_mech_request *mreq) { - pool_unref(&request->pool); + (void)mreq; } diff --git a/src/auth/sasl-server-protected.h b/src/auth/sasl-server-protected.h index 27d176f647..fb6eedbafc 100644 --- a/src/auth/sasl-server-protected.h +++ b/src/auth/sasl-server-protected.h @@ -7,6 +7,19 @@ #include "sasl-server.h" struct auth_request; +struct sasl_server_mech_request; + +typedef void +sasl_server_verify_plain_callback_t(enum passdb_result result, + struct sasl_server_mech_request *req); +typedef void +sasl_server_lookup_credentials_callback_t(enum passdb_result result, + const unsigned char *credentials, + size_t size, + struct sasl_server_mech_request *req); +typedef void +sasl_server_set_credentials_callback_t(bool success, + struct sasl_server_mech_request *req); struct sasl_server_mech_def { const char *mech_name; @@ -14,12 +27,12 @@ struct sasl_server_mech_def { enum sasl_mech_security_flags flags; enum sasl_mech_passdb_need passdb_need; - struct auth_request *(*auth_new)(void); - void (*auth_initial)(struct auth_request *request, + struct sasl_server_mech_request *(*auth_new)(pool_t pool); + void (*auth_initial)(struct sasl_server_mech_request *req, const unsigned char *data, size_t data_size); - void (*auth_continue)(struct auth_request *request, + void (*auth_continue)(struct sasl_server_mech_request *req, const unsigned char *data, size_t data_size); - void (*auth_free)(struct auth_request *request); + void (*auth_free)(struct sasl_server_mech_request *req); }; struct mech_module_list { @@ -37,6 +50,20 @@ struct mechanisms_register { buffer_t *handshake_cbind; }; +struct sasl_server_mech_request { + pool_t pool; + const struct sasl_server_mech_def *mech; + struct event *mech_event; + + // FIXME: To be removed + struct auth_request *request; + union { + sasl_server_verify_plain_callback_t *verify_plain; + sasl_server_lookup_credentials_callback_t *lookup_credentials; + sasl_server_set_credentials_callback_t *set_credentials; + } private_callback; +}; + /* * Mechanism */ @@ -47,10 +74,10 @@ void mech_register_module(const struct sasl_server_mech_def *module); void mech_unregister_module(const struct sasl_server_mech_def *module); const struct sasl_server_mech_def *mech_module_find(const char *name); -void sasl_server_mech_generic_auth_initial(struct auth_request *request, - const unsigned char *data, - size_t data_size); -void sasl_server_mech_generic_auth_free(struct auth_request *request); +void sasl_server_mech_generic_auth_initial( + struct sasl_server_mech_request *mreq, + const unsigned char *data, size_t data_size); +void sasl_server_mech_generic_auth_free(struct sasl_server_mech_request *mreq); struct mechanisms_register * mech_register_init(const struct auth_settings *set); @@ -67,40 +94,43 @@ void mech_oauth2_initialize(void); * Request */ -bool sasl_server_request_set_authid(struct auth_request *request, +bool sasl_server_request_set_authid(struct sasl_server_mech_request *mreq, enum sasl_server_authid_type authid_type, const char *authid); -bool sasl_server_request_set_authzid(struct auth_request *request, +bool sasl_server_request_set_authzid(struct sasl_server_mech_request *mreq, const char *authzid); -void sasl_server_request_set_realm(struct auth_request *request, +void sasl_server_request_set_realm(struct sasl_server_mech_request *mreq, const char *realm); -bool sasl_server_request_get_extra_field(struct auth_request *request, +bool sasl_server_request_get_extra_field(struct sasl_server_mech_request *mreq, const char *name, const char **field_r); void sasl_server_request_start_channel_binding( - struct auth_request *request, const char *type); + struct sasl_server_mech_request *mreq, const char *type); int sasl_server_request_accept_channel_binding( - struct auth_request *request, buffer_t **data_r); + struct sasl_server_mech_request *mreq, buffer_t **data_r); -void sasl_server_request_output(struct auth_request *request, +void sasl_server_request_output(struct sasl_server_mech_request *mreq, const void *data, size_t data_size); -void sasl_server_request_success(struct auth_request *request, +void sasl_server_request_success(struct sasl_server_mech_request *mreq, const void *data, size_t data_size); -void sasl_server_request_failure_with_reply(struct auth_request *request, - const void *data, size_t data_size); -void sasl_server_request_failure(struct auth_request *request); -void sasl_server_request_internal_failure(struct auth_request *request); +void sasl_server_request_failure_with_reply( + struct sasl_server_mech_request *mreq, + const void *data, size_t data_size); +void sasl_server_request_failure(struct sasl_server_mech_request *mreq); +void sasl_server_request_internal_failure( + struct sasl_server_mech_request *mreq); void sasl_server_request_verify_plain( - struct auth_request *request, const char *password, + struct sasl_server_mech_request *mreq, const char *password, sasl_server_verify_plain_callback_t *callback); void sasl_server_request_lookup_credentials( - struct auth_request *request, const char *scheme, + struct sasl_server_mech_request *mreq, const char *scheme, sasl_server_lookup_credentials_callback_t *callback); void sasl_server_request_set_credentials( - struct auth_request *request, const char *scheme, const char *data, + struct sasl_server_mech_request *mreq, + const char *scheme, const char *data, sasl_server_set_credentials_callback_t *callback); #endif diff --git a/src/auth/sasl-server-request.c b/src/auth/sasl-server-request.c index 1a5709e698..b787dab9ed 100644 --- a/src/auth/sasl-server-request.c +++ b/src/auth/sasl-server-request.c @@ -5,51 +5,97 @@ #include "sasl-server-private.h" +/* + * Public API + */ + +void sasl_server_request_create(struct auth_request *request, + const struct sasl_server_mech_def *mech, + struct event *event_parent) +{ + struct sasl_server_mech_request *mreq; + pool_t pool; + + pool = request->pool; + mreq = mech->auth_new(pool); + mreq->pool = pool; + mreq->request = request; + mreq->mech = mech; + mreq->mech_event = event_parent; + + request->sasl = mreq; +} + +void sasl_server_request_destroy(struct auth_request *request) +{ + struct sasl_server_mech_request *mreq = request->sasl; + + if (mreq == NULL) + return; + request->sasl = NULL; + + mreq->mech->auth_free(mreq); +} + /* * Mechanism API */ -bool sasl_server_request_set_authid(struct auth_request *request, +bool sasl_server_request_set_authid(struct sasl_server_mech_request *mreq, enum sasl_server_authid_type authid_type, const char *authid) { + struct auth_request *request = mreq->request; + return auth_sasl_request_set_authid(request, authid_type, authid); } -bool sasl_server_request_set_authzid(struct auth_request *request, +bool sasl_server_request_set_authzid(struct sasl_server_mech_request *mreq, const char *authzid) { + struct auth_request *request = mreq->request; + return auth_sasl_request_set_authzid(request, authzid); } -void sasl_server_request_set_realm(struct auth_request *request, +void sasl_server_request_set_realm(struct sasl_server_mech_request *mreq, const char *realm) { + struct auth_request *request = mreq->request; + auth_sasl_request_set_realm(request, realm); } -bool sasl_server_request_get_extra_field(struct auth_request *request, +bool sasl_server_request_get_extra_field(struct sasl_server_mech_request *mreq, const char *name, const char **field_r) { + struct auth_request *request = mreq->request; + return auth_sasl_request_get_extra_field(request, name, field_r); } void sasl_server_request_start_channel_binding( - struct auth_request *request, const char *type) + struct sasl_server_mech_request *mreq, const char *type) { + struct auth_request *request = mreq->request; + auth_sasl_request_start_channel_binding(request, type); } int sasl_server_request_accept_channel_binding( - struct auth_request *request, buffer_t **data_r) + struct sasl_server_mech_request *mreq, buffer_t **data_r) { + struct auth_request *request = mreq->request; + return auth_sasl_request_accept_channel_binding(request, data_r); } -void sasl_server_request_output(struct auth_request *request, +void sasl_server_request_output(struct sasl_server_mech_request *mreq, const void *data, size_t data_size) { + struct auth_request *request = mreq->request; + const struct sasl_server_output output = { .status = SASL_SERVER_OUTPUT_CONTINUE, .data = data, @@ -58,9 +104,11 @@ void sasl_server_request_output(struct auth_request *request, auth_sasl_request_output(request, &output); } -void sasl_server_request_success(struct auth_request *request, +void sasl_server_request_success(struct sasl_server_mech_request *mreq, const void *data, size_t data_size) { + struct auth_request *request = mreq->request; + const struct sasl_server_output output = { .status = SASL_SERVER_OUTPUT_SUCCESS, .data = data, @@ -70,10 +118,12 @@ void sasl_server_request_success(struct auth_request *request, } static void -sasl_server_request_failure_common(struct auth_request *request, +sasl_server_request_failure_common(struct sasl_server_mech_request *mreq, enum sasl_server_output_status status, const void *data, size_t data_size) { + struct auth_request *request = mreq->request; + const struct sasl_server_output output = { .status = status, .data = data, @@ -82,43 +132,83 @@ sasl_server_request_failure_common(struct auth_request *request, auth_sasl_request_output(request, &output); } -void sasl_server_request_failure_with_reply(struct auth_request *request, - const void *data, size_t data_size) +void sasl_server_request_failure_with_reply( + struct sasl_server_mech_request *mreq, + const void *data, size_t data_size) { - sasl_server_request_failure_common(request, SASL_SERVER_OUTPUT_FAILURE, + sasl_server_request_failure_common(mreq, SASL_SERVER_OUTPUT_FAILURE, data, data_size); } -void sasl_server_request_failure(struct auth_request *request) +void sasl_server_request_failure(struct sasl_server_mech_request *mreq) { - sasl_server_request_failure_common(request, SASL_SERVER_OUTPUT_FAILURE, + sasl_server_request_failure_common(mreq, SASL_SERVER_OUTPUT_FAILURE, "", 0); } -void sasl_server_request_internal_failure(struct auth_request *request) +void sasl_server_request_internal_failure( + struct sasl_server_mech_request *mreq) { - sasl_server_request_failure_common(request, - SASL_SERVER_OUTPUT_INTERNAL_FAILURE, - "", 0); + sasl_server_request_failure_common( + mreq, SASL_SERVER_OUTPUT_INTERNAL_FAILURE, "", 0); +} + +static void +verify_plain_callback(enum passdb_result result, struct auth_request *request) +{ + struct sasl_server_mech_request *mreq = request->sasl; + + mreq->private_callback.verify_plain(result, request->sasl); } void sasl_server_request_verify_plain( - struct auth_request *request, const char *password, + struct sasl_server_mech_request *mreq, const char *password, sasl_server_verify_plain_callback_t *callback) { - auth_sasl_request_verify_plain(request, password, callback); + struct auth_request *request = mreq->request; + + mreq->private_callback.verify_plain = callback; + auth_sasl_request_verify_plain(request, password, verify_plain_callback); +} + +static void +lookup_credentials_callback(enum passdb_result result, + const unsigned char *credentials, + size_t size, struct auth_request *request) +{ + struct sasl_server_mech_request *mreq = request->sasl; + + mreq->private_callback.lookup_credentials(result, credentials, size, + mreq); } void sasl_server_request_lookup_credentials( - struct auth_request *request, const char *scheme, + struct sasl_server_mech_request *mreq, const char *scheme, sasl_server_lookup_credentials_callback_t *callback) { - auth_sasl_request_lookup_credentials(request, scheme, callback); + struct auth_request *request = mreq->request; + + mreq->private_callback.lookup_credentials = callback; + auth_sasl_request_lookup_credentials(request, scheme, + lookup_credentials_callback); +} + +static void +set_credentials_callback(bool success, struct auth_request *request) +{ + struct sasl_server_mech_request *mreq = request->sasl; + + mreq->private_callback.set_credentials(success, mreq); } void sasl_server_request_set_credentials( - struct auth_request *request, const char *scheme, const char *data, + struct sasl_server_mech_request *mreq, + const char *scheme, const char *data, sasl_server_set_credentials_callback_t *callback) { - auth_sasl_request_set_credentials(request, scheme, data, callback); + struct auth_request *request = mreq->request; + + mreq->private_callback.set_credentials = callback; + auth_sasl_request_set_credentials(request, scheme, data, + set_credentials_callback); } diff --git a/src/auth/sasl-server.h b/src/auth/sasl-server.h index 6f4b4cab45..57518ee0be 100644 --- a/src/auth/sasl-server.h +++ b/src/auth/sasl-server.h @@ -3,6 +3,8 @@ #include "sasl-common.h" +struct sasl_server_mech_def; + enum sasl_passdb_result_status { SASL_PASSDB_RESULT_INTERNAL_FAILURE = PASSDB_RESULT_INTERNAL_FAILURE, SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE = PASSDB_RESULT_SCHEME_NOT_AVAILABLE, @@ -41,10 +43,6 @@ enum sasl_server_output_status { SASL_SERVER_OUTPUT_SUCCESS = 1, }; -typedef verify_plain_callback_t sasl_server_verify_plain_callback_t; -typedef lookup_credentials_callback_t sasl_server_lookup_credentials_callback_t; -typedef set_credentials_callback_t sasl_server_set_credentials_callback_t; - struct sasl_server_output { enum sasl_server_output_status status; @@ -65,4 +63,9 @@ enum sasl_server_authid_type { SASL_SERVER_AUTHID_TYPE_EXTERNAL, }; +void sasl_server_request_create(struct auth_request *request, + const struct sasl_server_mech_def *mech, + struct event *event_parent); +void sasl_server_request_destroy(struct auth_request *request); + #endif diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c index 351d43c249..1ba82e24bc 100644 --- a/src/auth/test-mech.c +++ b/src/auth/test-mech.c @@ -5,6 +5,7 @@ #include "str.h" #include "ioloop.h" #include "master-service.h" +#include "sasl-server-protected.h" // FIXME: remove #include "auth-common.h" #include "auth-request.h" #include "auth-request-handler-private.h"