From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Tue, 14 Mar 2023 00:40:02 +0000 (+0100)
Subject: auth: auth-sasl - Add auth_sasl_request_set_authid()
X-Git-Tag: 2.4.2~281
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0b6936be559d0f24627df3a7d8159fecb752c63;p=thirdparty%2Fdovecot%2Fcore.git

auth: auth-sasl - Add auth_sasl_request_set_authid()
---

diff --git a/src/auth/auth-sasl.c b/src/auth/auth-sasl.c
index 56fe0220ab..bb6d0067ae 100644
--- a/src/auth/auth-sasl.c
+++ b/src/auth/auth-sasl.c
@@ -11,6 +11,48 @@
  * Request
  */
 
+bool
+auth_sasl_request_set_authid(struct auth_request *request,
+			     enum sasl_server_authid_type authid_type,
+			     const char *authid)
+{
+	const char *error;
+
+	switch (authid_type) {
+	case SASL_SERVER_AUTHID_TYPE_USERNAME:
+		if (!auth_request_set_username(request, authid, &error)) {
+			e_info(request->event, "%s", error);
+			return FALSE;
+		}
+		return TRUE;
+	case SASL_SERVER_AUTHID_TYPE_ANONYMOUS:
+		i_assert(*request->set->anonymous_username != '\0');
+
+		/* Temporarily set the user to the one that was given, so that
+		   the log  message goes right */
+		auth_request_set_username_forced(request, authid);
+		e_info(request->event, "anonymous login");
+		auth_request_set_username_forced(
+			request, request->set->anonymous_username);
+		return TRUE;
+	case SASL_SERVER_AUTHID_TYPE_EXTERNAL:
+		i_assert(authid == NULL || *authid == '\0');
+		if (request->fields.user == NULL) {
+			e_info(request->event, "Username not known");
+			return FALSE;
+		}
+
+		/* This call is done simply to put the username through
+		   translation settings */
+		if (!auth_request_set_username(request, "", &error)) {
+			e_info(request->event, "Invalid username");
+			return FALSE;
+		}
+		return TRUE;
+	}
+	i_unreached();
+}
+
 void
 auth_sasl_request_output(struct auth_request *request,
 			 const struct sasl_server_output *output)
diff --git a/src/auth/auth-sasl.h b/src/auth/auth-sasl.h
index 5cbce40c9a..a0885acd38 100644
--- a/src/auth/auth-sasl.h
+++ b/src/auth/auth-sasl.h
@@ -15,6 +15,11 @@ struct auth_sasl_mech_module {
  * Request
  */
 
+bool
+auth_sasl_request_set_authid(struct auth_request *request,
+			     enum sasl_server_authid_type authid_type,
+			     const char *authid);
+
 void
 auth_sasl_request_output(struct auth_request *request,
 			 const struct sasl_server_output *output);
diff --git a/src/auth/sasl-server.h b/src/auth/sasl-server.h
index 063c85d537..423ca2ea6a 100644
--- a/src/auth/sasl-server.h
+++ b/src/auth/sasl-server.h
@@ -36,4 +36,17 @@ struct sasl_server_output {
 	size_t data_size;
 };
 
+/*
+ * Request
+ */
+
+enum sasl_server_authid_type {
+	/* Normal authentication ID (username) */
+	SASL_SERVER_AUTHID_TYPE_USERNAME = 0,
+	/* Anonymous credentials; there is no verified authentication ID. */
+	SASL_SERVER_AUTHID_TYPE_ANONYMOUS,
+	/* The authentication ID is set and verified by an external source. */
+	SASL_SERVER_AUTHID_TYPE_EXTERNAL,
+};
+
 #endif