From: Stephan Bosch Date: Sat, 28 Oct 2023 03:48:37 +0000 (+0200) Subject: auth: sasl-server-mech-winbind - Implement mechanism-specific settings X-Git-Tag: 2.4.2~177 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4a0a442cbfe230af42e73e35bd320b6a1d7b0c8;p=thirdparty%2Fdovecot%2Fcore.git auth: sasl-server-mech-winbind - Implement mechanism-specific settings --- diff --git a/src/auth/auth-sasl.c b/src/auth/auth-sasl.c index 17237d34eb..2b2df775f5 100644 --- a/src/auth/auth-sasl.c +++ b/src/auth/auth-sasl.c @@ -474,17 +474,23 @@ MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha256_plus) static bool mech_winbind_ntlm_register(struct sasl_server_instance *sasl_inst, - const struct auth_settings *set ATTR_UNUSED) + const struct auth_settings *set) { - sasl_server_mech_register_winbind_ntlm(sasl_inst); + const struct sasl_server_winbind_settings wb_set = { + .helper_path = set->winbind_helper_path, + }; + sasl_server_mech_register_winbind_ntlm(sasl_inst, &wb_set); return TRUE; } static bool mech_winbind_gss_spnego_register(struct sasl_server_instance *sasl_inst, - const struct auth_settings *set ATTR_UNUSED) + const struct auth_settings *set) { - sasl_server_mech_register_winbind_gss_spnego(sasl_inst); + const struct sasl_server_winbind_settings wb_set = { + .helper_path = set->winbind_helper_path, + }; + sasl_server_mech_register_winbind_gss_spnego(sasl_inst, &wb_set); return TRUE; } diff --git a/src/auth/sasl-server-mech-winbind.c b/src/auth/sasl-server-mech-winbind.c index a4e2884a9d..01008cab21 100644 --- a/src/auth/sasl-server-mech-winbind.c +++ b/src/auth/sasl-server-mech-winbind.c @@ -44,6 +44,12 @@ struct winbind_auth_request { bool continued; }; +struct winbind_auth_mech { + struct sasl_server_mech mech; + + const char *helper_path; +}; + static struct winbind_helper winbind_ntlm_context = { "--helper-protocol=squid-2.5-ntlmssp", -1, NULL, NULL }; @@ -95,8 +101,8 @@ static void sigchld_handler(const siginfo_t *si ATTR_UNUSED, } static void -winbind_helper_connect(const struct auth_settings *set, - struct winbind_helper *winbind, +winbind_helper_connect(struct winbind_helper *winbind, + const struct winbind_auth_mech *wb_mech, struct event *event) { int infd[2], outfd[2]; @@ -133,7 +139,7 @@ winbind_helper_connect(const struct auth_settings *set, dup2(infd[1], STDOUT_FILENO) < 0) i_fatal("dup2() failed: %m"); - args[0] = set->winbind_helper_path; + args[0] = wb_mech->helper_path; args[1] = winbind->param; args[2] = NULL; execv_const(args[0], args); @@ -289,11 +295,14 @@ static void mech_winbind_auth_initial(struct sasl_server_mech_request *auth_request, const unsigned char *data, size_t data_size) { + const struct winbind_auth_mech *wb_mech = + container_of(auth_request->mech, + const struct winbind_auth_mech, mech); struct winbind_auth_request *request = container_of(auth_request, struct winbind_auth_request, auth_request); - winbind_helper_connect(auth_request->request->set, request->winbind, + winbind_helper_connect(request->winbind, wb_mech, auth_request->mech_event); sasl_server_mech_generic_auth_initial(auth_request, data, data_size); } @@ -316,7 +325,7 @@ mech_winbind_auth_continue(struct sasl_server_mech_request *auth_request, } static struct sasl_server_mech_request * -do_auth_new(pool_t pool, struct winbind_helper *winbind) +mech_winbind_auth_new(struct winbind_helper *winbind, pool_t pool) { struct winbind_auth_request *request; @@ -330,20 +339,31 @@ static struct sasl_server_mech_request * mech_winbind_ntlm_auth_new( const struct sasl_server_mech *mech ATTR_UNUSED, pool_t pool) { - return do_auth_new(pool, &winbind_ntlm_context); + return mech_winbind_auth_new(&winbind_ntlm_context, pool); } static struct sasl_server_mech_request * mech_winbind_gss_spnego_auth_new( const struct sasl_server_mech *mech ATTR_UNUSED, pool_t pool) { - return do_auth_new(pool, &winbind_spnego_context); + return mech_winbind_auth_new(&winbind_spnego_context, pool); +} + +static struct sasl_server_mech *mech_winbind_mech_new(pool_t pool) +{ + struct winbind_auth_mech *wb_mech; + + wb_mech = p_new(pool, struct winbind_auth_mech, 1); + + return &wb_mech->mech; } static const struct sasl_server_mech_funcs mech_ntlm_funcs = { .auth_new = mech_winbind_ntlm_auth_new, .auth_initial = mech_winbind_auth_initial, .auth_continue = mech_winbind_auth_continue, + + .mech_new = mech_winbind_mech_new, }; static const struct sasl_server_mech_def mech_ntlm = { @@ -360,6 +380,8 @@ static const struct sasl_server_mech_funcs mech_gss_spnego_funcs = { .auth_new = mech_winbind_gss_spnego_auth_new, .auth_initial = mech_winbind_auth_initial, .auth_continue = mech_winbind_auth_continue, + + .mech_new = mech_winbind_mech_new, }; static const struct sasl_server_mech_def mech_gss_spnego = { @@ -371,13 +393,33 @@ static const struct sasl_server_mech_def mech_gss_spnego = { .funcs = &mech_gss_spnego_funcs, }; -void sasl_server_mech_register_winbind_ntlm(struct sasl_server_instance *sinst) +static void +sasl_server_mech_register_winbind( + struct sasl_server_instance *sinst, + const struct sasl_server_mech_def *mech_def, + const struct sasl_server_winbind_settings *set) +{ + struct sasl_server_mech *mech; + struct winbind_auth_mech *wb_mech; + + i_assert(set->helper_path != NULL); + + mech = sasl_server_mech_register(sinst, mech_def); + + wb_mech = container_of(mech, struct winbind_auth_mech, mech); + wb_mech->helper_path = p_strdup(mech->pool, set->helper_path); +} + +void sasl_server_mech_register_winbind_ntlm( + struct sasl_server_instance *sinst, + const struct sasl_server_winbind_settings *set) { - sasl_server_mech_register(sinst, &mech_ntlm); + sasl_server_mech_register_winbind(sinst, &mech_ntlm, set); } void sasl_server_mech_register_winbind_gss_spnego( - struct sasl_server_instance *sinst) + struct sasl_server_instance *sinst, + const struct sasl_server_winbind_settings *set) { - sasl_server_mech_register(sinst, &mech_gss_spnego); + sasl_server_mech_register_winbind(sinst, &mech_gss_spnego, set); } diff --git a/src/auth/sasl-server.h b/src/auth/sasl-server.h index d57cedd1c5..90354dbb49 100644 --- a/src/auth/sasl-server.h +++ b/src/auth/sasl-server.h @@ -198,10 +198,16 @@ void sasl_server_mech_register_xoauth2(struct sasl_server_instance *sinst); /* Winbind */ +struct sasl_server_winbind_settings { + const char *helper_path; +}; + void sasl_server_mech_register_winbind_ntlm( - struct sasl_server_instance *sinst); + struct sasl_server_instance *sinst, + const struct sasl_server_winbind_settings *set); void sasl_server_mech_register_winbind_gss_spnego( - struct sasl_server_instance *sinst); + struct sasl_server_instance *sinst, + const struct sasl_server_winbind_settings *set); /* * Mechanism