From: Stephan Bosch Date: Thu, 23 Mar 2023 00:46:14 +0000 (+0100) Subject: auth: sasl-server - Move functions from struct sasl_server_mech_def to separate struct X-Git-Tag: 2.4.2~224 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be307be3631bac15b17eb2314f6d19cf7fe78254;p=thirdparty%2Fdovecot%2Fcore.git auth: sasl-server - Move functions from struct sasl_server_mech_def to separate struct --- diff --git a/src/auth/auth-sasl-mech-apop.c b/src/auth/auth-sasl-mech-apop.c index cb4c710ebd..ae200ce745 100644 --- a/src/auth/auth-sasl-mech-apop.c +++ b/src/auth/auth-sasl-mech-apop.c @@ -154,6 +154,11 @@ static struct sasl_server_mech_request *mech_apop_auth_new(pool_t pool) return &request->auth_request; } +static const struct sasl_server_mech_funcs mech_apop_funcs = { + .auth_new = mech_apop_auth_new, + .auth_initial = mech_apop_auth_initial, +}; + const struct sasl_server_mech_def mech_apop = { .mech_name = "APOP", @@ -161,6 +166,5 @@ const struct sasl_server_mech_def mech_apop = { SASL_MECH_SEC_ACTIVE | SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_RESPONSE, - .auth_new = mech_apop_auth_new, - .auth_initial = mech_apop_auth_initial, + .funcs = &mech_apop_funcs, }; diff --git a/src/auth/auth-sasl-mech-dovecot-token.c b/src/auth/auth-sasl-mech-dovecot-token.c index f3e140b374..e1b2453d72 100644 --- a/src/auth/auth-sasl-mech-dovecot-token.c +++ b/src/auth/auth-sasl-mech-dovecot-token.c @@ -68,12 +68,16 @@ mech_dovecot_token_auth_continue(struct sasl_server_mech_request *request, safe_memset(auth_token, 0, strlen(auth_token)); } +static const struct sasl_server_mech_funcs mech_dovecot_token_funcs = { + .auth_initial = sasl_server_mech_generic_auth_initial, + .auth_continue = mech_dovecot_token_auth_continue, +}; + const struct sasl_server_mech_def mech_dovecot_token = { .mech_name = "DOVECOT-TOKEN", .flags = SASL_MECH_SEC_PRIVATE | SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_NOTHING, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_dovecot_token_auth_continue, + .funcs = &mech_dovecot_token_funcs, }; diff --git a/src/auth/sasl-server-mech-anonymous.c b/src/auth/sasl-server-mech-anonymous.c index df90103514..d0dd09c3ad 100644 --- a/src/auth/sasl-server-mech-anonymous.c +++ b/src/auth/sasl-server-mech-anonymous.c @@ -19,12 +19,16 @@ mech_anonymous_auth_continue(struct sasl_server_mech_request *request, sasl_server_request_success(request, "", 0); } +static const struct sasl_server_mech_funcs mech_anonymous_funcs = { + .auth_initial = sasl_server_mech_generic_auth_initial, + .auth_continue = mech_anonymous_auth_continue, +}; + const struct sasl_server_mech_def mech_anonymous = { .mech_name = "ANONYMOUS", .flags = SASL_MECH_SEC_ANONYMOUS | SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_NOTHING, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_anonymous_auth_continue, + .funcs = &mech_anonymous_funcs, }; diff --git a/src/auth/sasl-server-mech-cram-md5.c b/src/auth/sasl-server-mech-cram-md5.c index c40c776242..b841c20ecf 100644 --- a/src/auth/sasl-server-mech-cram-md5.c +++ b/src/auth/sasl-server-mech-cram-md5.c @@ -173,13 +173,17 @@ static struct sasl_server_mech_request *mech_cram_md5_auth_new(pool_t pool) return &request->auth_request; } +static const struct sasl_server_mech_funcs mech_cram_md5_funcs = { + .auth_new = mech_cram_md5_auth_new, + .auth_initial = mech_cram_md5_auth_initial, + .auth_continue = mech_cram_md5_auth_continue, +}; + const struct sasl_server_mech_def mech_cram_md5 = { .mech_name = "CRAM-MD5", .flags = SASL_MECH_SEC_DICTIONARY | SASL_MECH_SEC_ACTIVE, .passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_RESPONSE, - .auth_new = mech_cram_md5_auth_new, - .auth_initial = mech_cram_md5_auth_initial, - .auth_continue = mech_cram_md5_auth_continue, + .funcs = &mech_cram_md5_funcs, }; diff --git a/src/auth/sasl-server-mech-digest-md5.c b/src/auth/sasl-server-mech-digest-md5.c index 081427dde8..c5e9cadc72 100644 --- a/src/auth/sasl-server-mech-digest-md5.c +++ b/src/auth/sasl-server-mech-digest-md5.c @@ -604,6 +604,12 @@ static struct sasl_server_mech_request *mech_digest_md5_auth_new(pool_t pool) return &request->auth_request; } +static const struct sasl_server_mech_funcs mech_digest_md5_funcs = { + .auth_new = mech_digest_md5_auth_new, + .auth_initial = mech_digest_md5_auth_initial, + .auth_continue = mech_digest_md5_auth_continue, +}; + const struct sasl_server_mech_def mech_digest_md5 = { .mech_name = "DIGEST-MD5", @@ -611,9 +617,7 @@ const struct sasl_server_mech_def mech_digest_md5 = { SASL_MECH_SEC_MUTUAL_AUTH, .passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, - .auth_new = mech_digest_md5_auth_new, - .auth_initial = mech_digest_md5_auth_initial, - .auth_continue = mech_digest_md5_auth_continue, + .funcs = &mech_digest_md5_funcs, }; void mech_digest_test_set_nonce(struct auth_request *auth_request, diff --git a/src/auth/sasl-server-mech-external.c b/src/auth/sasl-server-mech-external.c index 4cc3d457e6..2a65b0e198 100644 --- a/src/auth/sasl-server-mech-external.c +++ b/src/auth/sasl-server-mech-external.c @@ -28,12 +28,16 @@ mech_external_auth_continue(struct sasl_server_mech_request *request, request, "", sasl_server_mech_plain_verify_callback); } +static const struct sasl_server_mech_funcs mech_external_funcs = { + .auth_initial = sasl_server_mech_generic_auth_initial, + .auth_continue = mech_external_auth_continue, +}; + const struct sasl_server_mech_def mech_external = { .mech_name = "EXTERNAL", .flags = 0, .passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_PLAIN, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_external_auth_continue, + .funcs = &mech_external_funcs, }; diff --git a/src/auth/sasl-server-mech-gssapi.c b/src/auth/sasl-server-mech-gssapi.c index e99df5f071..dbcb82c8d0 100644 --- a/src/auth/sasl-server-mech-gssapi.c +++ b/src/auth/sasl-server-mech-gssapi.c @@ -672,16 +672,20 @@ mech_gssapi_auth_free(struct sasl_server_mech_request *auth_request) (void)gss_release_name(&minor_status, &request->authz_name); } +static const struct sasl_server_mech_funcs mech_gssapi_funcs = { + .auth_new = mech_gssapi_auth_new, + .auth_initial = mech_gssapi_auth_initial, + .auth_continue = mech_gssapi_auth_continue, + .auth_free = mech_gssapi_auth_free, +}; + const struct sasl_server_mech_def mech_gssapi = { .mech_name = "GSSAPI", .flags = SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_NOTHING, - .auth_new = mech_gssapi_auth_new, - .auth_initial = mech_gssapi_auth_initial, - .auth_continue = mech_gssapi_auth_continue, - .auth_free = mech_gssapi_auth_free, + .funcs = &mech_gssapi_funcs, }; /* MIT Kerberos v1.5+ and Heimdal v0.7+ support SPNEGO for Kerberos tickets @@ -693,10 +697,7 @@ const struct sasl_server_mech_def mech_gssapi_spnego = { .flags = SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_NOTHING, - .auth_new = mech_gssapi_auth_new, - .auth_initial = mech_gssapi_auth_initial, - .auth_continue = mech_gssapi_auth_continue, - .auth_free = mech_gssapi_auth_free, + .funcs = &mech_gssapi_funcs, }; static void mech_gssapi_initialize(const struct auth_settings *set) @@ -734,7 +735,7 @@ void mech_gssapi_deinit(void) const struct sasl_server_mech_def *mech; mech = mech_module_find(mech_gssapi_spnego.mech_name); - if (mech != NULL && mech->auth_new == mech_gssapi_auth_new) + if (mech != NULL && mech == &mech_gssapi_spnego) mech_unregister_module(&mech_gssapi_spnego); #endif mech_unregister_module(&mech_gssapi); diff --git a/src/auth/sasl-server-mech-login.c b/src/auth/sasl-server-mech-login.c index 9d215f8e90..bf7892a5b0 100644 --- a/src/auth/sasl-server-mech-login.c +++ b/src/auth/sasl-server-mech-login.c @@ -51,12 +51,16 @@ mech_login_auth_initial(struct sasl_server_mech_request *request, } } +static const struct sasl_server_mech_funcs mech_login_funcs = { + .auth_initial = mech_login_auth_initial, + .auth_continue = mech_login_auth_continue, +}; + const struct sasl_server_mech_def mech_login = { .mech_name = "LOGIN", .flags = SASL_MECH_SEC_PLAINTEXT, .passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_PLAIN, - .auth_initial = mech_login_auth_initial, - .auth_continue = mech_login_auth_continue, + .funcs = &mech_login_funcs, }; diff --git a/src/auth/sasl-server-mech-oauth2.c b/src/auth/sasl-server-mech-oauth2.c index 0e2fb0bcbc..e8988b0884 100644 --- a/src/auth/sasl-server-mech-oauth2.c +++ b/src/auth/sasl-server-mech-oauth2.c @@ -313,6 +313,12 @@ static struct sasl_server_mech_request *mech_oauth2_auth_new(pool_t pool) return &request->request; } +static const struct sasl_server_mech_funcs mech_oauthbearer_funcs = { + .auth_new = mech_oauth2_auth_new, + .auth_initial = sasl_server_mech_generic_auth_initial, + .auth_continue = mech_oauthbearer_auth_continue, +}; + const struct sasl_server_mech_def mech_oauthbearer = { .mech_name = "OAUTHBEARER", @@ -321,9 +327,13 @@ const struct sasl_server_mech_def mech_oauthbearer = { .flags = SASL_MECH_SEC_PLAINTEXT, .passdb_need = 0, + .funcs = &mech_oauthbearer_funcs, +}; + +static const struct sasl_server_mech_funcs mech_xoauth2_funcs = { .auth_new = mech_oauth2_auth_new, .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_oauthbearer_auth_continue, + .auth_continue = mech_xoauth2_auth_continue, }; const struct sasl_server_mech_def mech_xoauth2 = { @@ -332,7 +342,5 @@ const struct sasl_server_mech_def mech_xoauth2 = { .flags = SASL_MECH_SEC_PLAINTEXT, .passdb_need = 0, - .auth_new = mech_oauth2_auth_new, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_xoauth2_auth_continue, + .funcs = &mech_xoauth2_funcs, }; diff --git a/src/auth/sasl-server-mech-otp.c b/src/auth/sasl-server-mech-otp.c index b0a134e7db..6ff2cfadf9 100644 --- a/src/auth/sasl-server-mech-otp.c +++ b/src/auth/sasl-server-mech-otp.c @@ -311,6 +311,13 @@ static void mech_otp_auth_free(struct sasl_server_mech_request *auth_request) * Mechanism */ +static const struct sasl_server_mech_funcs mech_otp_funcs = { + .auth_new = mech_otp_auth_new, + .auth_initial = sasl_server_mech_generic_auth_initial, + .auth_continue = mech_otp_auth_continue, + .auth_free = mech_otp_auth_free, +}; + const struct sasl_server_mech_def mech_otp = { .mech_name = "OTP", @@ -318,10 +325,7 @@ const struct sasl_server_mech_def mech_otp = { SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_SET_CREDENTIALS, - .auth_new = mech_otp_auth_new, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_otp_auth_continue, - .auth_free = mech_otp_auth_free, + .funcs = &mech_otp_funcs, }; void mech_otp_deinit(void) diff --git a/src/auth/sasl-server-mech-plain.c b/src/auth/sasl-server-mech-plain.c index c12c5bbee8..86c3ef8154 100644 --- a/src/auth/sasl-server-mech-plain.c +++ b/src/auth/sasl-server-mech-plain.c @@ -62,12 +62,16 @@ mech_plain_auth_continue(struct sasl_server_mech_request *request, safe_memset(pass, 0, strlen(pass)); } +static const struct sasl_server_mech_funcs mech_plain_funcs = { + .auth_initial = sasl_server_mech_generic_auth_initial, + .auth_continue = mech_plain_auth_continue, +}; + const struct sasl_server_mech_def mech_plain = { .mech_name = "PLAIN", .flags = SASL_MECH_SEC_PLAINTEXT | SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_PLAIN, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_plain_auth_continue, + .funcs = &mech_plain_funcs, }; diff --git a/src/auth/sasl-server-mech-scram.c b/src/auth/sasl-server-mech-scram.c index 00ba1504cd..5ce483cffb 100644 --- a/src/auth/sasl-server-mech-scram.c +++ b/src/auth/sasl-server-mech-scram.c @@ -231,16 +231,20 @@ static void mech_scram_auth_free(struct sasl_server_mech_request *auth_request) auth_scram_server_deinit(&request->scram_server); } +static const struct sasl_server_mech_funcs mech_scram_sha1_funcs = { + .auth_new = mech_scram_sha1_auth_new, + .auth_initial = sasl_server_mech_generic_auth_initial, + .auth_continue = mech_scram_auth_continue, + .auth_free = mech_scram_auth_free, +}; + const struct sasl_server_mech_def mech_scram_sha1 = { .mech_name = "SCRAM-SHA-1", .flags = SASL_MECH_SEC_MUTUAL_AUTH, .passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, - .auth_new = mech_scram_sha1_auth_new, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_scram_auth_continue, - .auth_free = mech_scram_auth_free, + .funcs = &mech_scram_sha1_funcs, }; const struct sasl_server_mech_def mech_scram_sha1_plus = { @@ -249,7 +253,11 @@ const struct sasl_server_mech_def mech_scram_sha1_plus = { .flags = SASL_MECH_SEC_MUTUAL_AUTH | SASL_MECH_SEC_CHANNEL_BINDING, .passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, - .auth_new = mech_scram_sha1_auth_new, + .funcs = &mech_scram_sha1_funcs, +}; + +static const struct sasl_server_mech_funcs mech_scram_sha256_funcs = { + .auth_new = mech_scram_sha256_auth_new, .auth_initial = sasl_server_mech_generic_auth_initial, .auth_continue = mech_scram_auth_continue, .auth_free = mech_scram_auth_free, @@ -261,10 +269,7 @@ const struct sasl_server_mech_def mech_scram_sha256 = { .flags = SASL_MECH_SEC_MUTUAL_AUTH, .passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, - .auth_new = mech_scram_sha256_auth_new, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_scram_auth_continue, - .auth_free = mech_scram_auth_free, + .funcs = &mech_scram_sha256_funcs, }; const struct sasl_server_mech_def mech_scram_sha256_plus = { @@ -273,8 +278,5 @@ const struct sasl_server_mech_def mech_scram_sha256_plus = { .flags = SASL_MECH_SEC_MUTUAL_AUTH | SASL_MECH_SEC_CHANNEL_BINDING, .passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS, - .auth_new = mech_scram_sha256_auth_new, - .auth_initial = sasl_server_mech_generic_auth_initial, - .auth_continue = mech_scram_auth_continue, - .auth_free = mech_scram_auth_free, + .funcs = &mech_scram_sha256_funcs, }; diff --git a/src/auth/sasl-server-mech-winbind.c b/src/auth/sasl-server-mech-winbind.c index 95bc82c27b..2ed40d28c5 100644 --- a/src/auth/sasl-server-mech-winbind.c +++ b/src/auth/sasl-server-mech-winbind.c @@ -339,6 +339,12 @@ mech_winbind_spnego_auth_new(pool_t pool) return do_auth_new(pool, &winbind_spnego_context); } +static const struct sasl_server_mech_funcs mech_winbind_ntlm_funcs = { + .auth_new = mech_winbind_ntlm_auth_new, + .auth_initial = mech_winbind_auth_initial, + .auth_continue = mech_winbind_auth_continue, +}; + const struct sasl_server_mech_def mech_winbind_ntlm = { .mech_name = "NTLM", @@ -346,7 +352,11 @@ const struct sasl_server_mech_def mech_winbind_ntlm = { SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_NOTHING, - .auth_new = mech_winbind_ntlm_auth_new, + .funcs = &mech_winbind_ntlm_funcs, +}; + +static const struct sasl_server_mech_funcs mech_winbind_spnego_funcs = { + .auth_new = mech_winbind_spnego_auth_new, .auth_initial = mech_winbind_auth_initial, .auth_continue = mech_winbind_auth_continue, }; @@ -357,7 +367,5 @@ const struct sasl_server_mech_def mech_winbind_spnego = { .flags = SASL_MECH_SEC_ALLOW_NULS, .passdb_need = SASL_MECH_PASSDB_NEED_NOTHING, - .auth_new = mech_winbind_spnego_auth_new, - .auth_initial = mech_winbind_auth_initial, - .auth_continue = mech_winbind_auth_continue, + .funcs = &mech_winbind_spnego_funcs, }; diff --git a/src/auth/sasl-server-mech.c b/src/auth/sasl-server-mech.c index 4f334bc0b0..c91dbadb74 100644 --- a/src/auth/sasl-server-mech.c +++ b/src/auth/sasl-server-mech.c @@ -8,12 +8,13 @@ void sasl_server_mech_generic_auth_initial( struct sasl_server_mech_request *mreq, const unsigned char *data, size_t data_size) { - struct auth_request *request = mreq->request; + const struct sasl_server_mech_def *mech = mreq->mech; if (data == NULL) { sasl_server_request_output(mreq, uchar_empty_ptr, 0); } else { /* initial reply given, even if it was 0 bytes */ - request->mech->auth_continue(mreq, data, data_size); + i_assert(mech->funcs->auth_continue != NULL); + mech->funcs->auth_continue(mreq, data, data_size); } } diff --git a/src/auth/sasl-server-protected.h b/src/auth/sasl-server-protected.h index 7f8ec67ec4..275f5e9bc3 100644 --- a/src/auth/sasl-server-protected.h +++ b/src/auth/sasl-server-protected.h @@ -6,18 +6,14 @@ #include "sasl-server.h" struct auth_request; +struct sasl_server_mech_funcs; struct sasl_server_mech_request; typedef void sasl_server_mech_passdb_callback_t(struct sasl_server_mech_request *req, const struct sasl_passdb_result *result); -struct sasl_server_mech_def { - const char *mech_name; - - enum sasl_mech_security_flags flags; - enum sasl_mech_passdb_need passdb_need; - +struct sasl_server_mech_funcs { struct sasl_server_mech_request *(*auth_new)(pool_t pool); void (*auth_initial)(struct sasl_server_mech_request *req, const unsigned char *data, size_t data_size); @@ -26,6 +22,15 @@ struct sasl_server_mech_def { void (*auth_free)(struct sasl_server_mech_request *req); }; +struct sasl_server_mech_def { + const char *mech_name; + + enum sasl_mech_security_flags flags; + enum sasl_mech_passdb_need passdb_need; + + const struct sasl_server_mech_funcs *funcs; +}; + struct mech_module_list { struct mech_module_list *next; diff --git a/src/auth/sasl-server-request.c b/src/auth/sasl-server-request.c index 6f74277d67..1081596a54 100644 --- a/src/auth/sasl-server-request.c +++ b/src/auth/sasl-server-request.c @@ -21,6 +21,8 @@ void sasl_server_request_create(struct sasl_server_req_ctx *rctx, struct sasl_server_request *req; pool_t pool; + i_assert(mech->funcs != NULL); + i_zero(rctx); pool = request->pool; @@ -34,8 +36,8 @@ void sasl_server_request_create(struct sasl_server_req_ctx *rctx, struct sasl_server_mech_request *mreq; - if (mech->auth_new != NULL) - mreq = mech->auth_new(pool); + if (mech->funcs->auth_new != NULL) + mreq = mech->funcs->auth_new(pool); else mreq = p_new(pool, struct sasl_server_mech_request, 1); mreq->pool = pool; @@ -69,8 +71,8 @@ void sasl_server_request_destroy(struct sasl_server_req_ctx *rctx) i_assert(server->requests > 0); server->requests--; - if (mreq->mech->auth_free != NULL) - mreq->mech->auth_free(mreq); + if (mreq->mech->funcs->auth_free != NULL) + mreq->mech->funcs->auth_free(mreq); } static bool @@ -99,8 +101,8 @@ void sasl_server_request_initial(struct sasl_server_req_ctx *rctx, if (sasl_server_request_fail_on_nuls(req, data, data_size)) return; - i_assert(mech->auth_initial != NULL); - mech->auth_initial(mreq, data, data_size); + i_assert(mech->funcs->auth_initial != NULL); + mech->funcs->auth_initial(mreq, data, data_size); } void sasl_server_request_input(struct sasl_server_req_ctx *rctx, @@ -113,8 +115,8 @@ void sasl_server_request_input(struct sasl_server_req_ctx *rctx, if (sasl_server_request_fail_on_nuls(req, data, data_size)) return; - i_assert(mech->auth_continue != NULL); - mech->auth_continue(mreq, data, data_size); + i_assert(mech->funcs->auth_continue != NULL); + mech->funcs->auth_continue(mreq, data, data_size); } void sasl_server_request_test_set_authid(struct sasl_server_req_ctx *rctx,