From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Sun, 22 Oct 2023 18:29:13 +0000 (+0200)
Subject: auth: sasl-server - Use per-instance mechanism struct in request
X-Git-Tag: 2.4.2~218
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3f178c338639bc692060eac1e1d8fa4f75c777c;p=thirdparty%2Fdovecot%2Fcore.git

auth: sasl-server - Use per-instance mechanism struct in request
---

diff --git a/src/auth/auth-sasl.c b/src/auth/auth-sasl.c
index 2071b0ba6b..7282ae3dc0 100644
--- a/src/auth/auth-sasl.c
+++ b/src/auth/auth-sasl.c
@@ -290,11 +290,16 @@ auth_sasl_translate_protocol_name(struct auth_request *request)
 }
 
 void auth_sasl_request_init(struct auth_request *request,
-			    const struct sasl_server_mech_def *mech)
+			    const struct sasl_server_mech_def *mech_def)
 {
 	struct auth *auth = auth_request_get_auth(request);
+	const struct sasl_server_mech *mech;
 
-	sasl_server_request_create(&request->sasl.req, auth->sasl_inst, mech,
+	mech = sasl_server_mech_find(auth->sasl_inst, mech_def->name);
+	if (mech == NULL)
+		mech = sasl_server_mech_register(auth->sasl_inst, mech_def);
+	i_assert(mech != NULL);
+	sasl_server_request_create(&request->sasl.req, mech,
 				   auth_sasl_translate_protocol_name(request),
 				   request->mech_event);
 }
diff --git a/src/auth/auth-sasl.h b/src/auth/auth-sasl.h
index c9d1b9f298..246f62fd5f 100644
--- a/src/auth/auth-sasl.h
+++ b/src/auth/auth-sasl.h
@@ -18,7 +18,7 @@ struct auth_sasl_mech_module {
  */
 
 void auth_sasl_request_init(struct auth_request *request,
-			    const struct sasl_server_mech_def *mech);
+			    const struct sasl_server_mech_def *mech_def);
 void auth_sasl_request_deinit(struct auth_request *request);
 
 void auth_sasl_request_initial(struct auth_request *request);
diff --git a/src/auth/sasl-server-mech-oauth2.c b/src/auth/sasl-server-mech-oauth2.c
index 2213f2ee9c..711a0fdf94 100644
--- a/src/auth/sasl-server-mech-oauth2.c
+++ b/src/auth/sasl-server-mech-oauth2.c
@@ -45,7 +45,7 @@ oauth2_fail(struct oauth2_auth_request *oauth2_req,
 
 	i_assert(failure->status != NULL);
 	json_ostream_ndescend_object(joutput, NULL);
-	if (request->mech == &mech_xoauth2) {
+	if (request->mech->def == &mech_xoauth2) {
 		if (strcmp(failure->status, "invalid_token") == 0)
 			json_ostream_nwrite_string(joutput, "status", "401");
 		else if (strcmp(failure->status, "insufficient_scope") == 0)
@@ -54,7 +54,7 @@ oauth2_fail(struct oauth2_auth_request *oauth2_req,
 			json_ostream_nwrite_string(joutput, "status", "400");
 		json_ostream_nwrite_string(joutput, "schemes", "bearer");
 	} else {
-		i_assert(request->mech == &mech_oauthbearer);
+		i_assert(request->mech->def == &mech_oauthbearer);
 		json_ostream_nwrite_string(joutput, "status", failure->status);
 	}
 	if (failure->scope == NULL)
@@ -100,8 +100,8 @@ void sasl_server_oauth2_request_succeed(struct sasl_server_req_ctx *rctx)
 	struct sasl_server_mech_request *request =
 		sasl_server_request_get_mech_request(rctx);
 
-	i_assert(request->mech == &mech_oauthbearer ||
-		 request->mech == &mech_xoauth2);
+	i_assert(request->mech->def == &mech_oauthbearer ||
+		 request->mech->def == &mech_xoauth2);
 
 	struct oauth2_auth_request *oauth2_req =
 		container_of(request, struct oauth2_auth_request, request);
@@ -117,8 +117,8 @@ void sasl_server_oauth2_request_fail(
 	struct sasl_server_mech_request *request =
 		sasl_server_request_get_mech_request(rctx);
 
-	i_assert(request->mech == &mech_oauthbearer ||
-		 request->mech == &mech_xoauth2);
+	i_assert(request->mech->def == &mech_oauthbearer ||
+		 request->mech->def == &mech_xoauth2);
 
 	struct oauth2_auth_request *oauth2_req =
 		container_of(request, struct oauth2_auth_request, request);
diff --git a/src/auth/sasl-server-mech.c b/src/auth/sasl-server-mech.c
index b7c38a2883..039166c002 100644
--- a/src/auth/sasl-server-mech.c
+++ b/src/auth/sasl-server-mech.c
@@ -34,14 +34,14 @@ void sasl_server_mech_generic_auth_initial(
 	struct sasl_server_mech_request *mreq,
 	const unsigned char *data, size_t data_size)
 {
-	const struct sasl_server_mech_def *mech = mreq->mech;
+	const struct sasl_server_mech *mech = mreq->mech;
 
 	if (data == NULL) {
 		sasl_server_request_output(mreq, uchar_empty_ptr, 0);
 	} else {
 		/* initial reply given, even if it was 0 bytes */
-		i_assert(mech->funcs->auth_continue != NULL);
-		mech->funcs->auth_continue(mreq, data, data_size);
+		i_assert(mech->def->funcs->auth_continue != NULL);
+		mech->def->funcs->auth_continue(mreq, data, data_size);
 	}
 }
 
diff --git a/src/auth/sasl-server-protected.h b/src/auth/sasl-server-protected.h
index af042fd6ce..e5d7ac4411 100644
--- a/src/auth/sasl-server-protected.h
+++ b/src/auth/sasl-server-protected.h
@@ -7,6 +7,7 @@
 
 struct auth_request;
 struct sasl_server_mech_funcs;
+struct sasl_server_mech_def;
 struct sasl_server_mech_request;
 
 typedef void
@@ -57,7 +58,7 @@ struct sasl_server_mech {
 
 struct sasl_server_mech_request {
 	pool_t pool;
-	const struct sasl_server_mech_def *mech;
+	const struct sasl_server_mech *mech;
 	struct sasl_server_request *req;
 	struct event *mech_event;
 
diff --git a/src/auth/sasl-server-request.c b/src/auth/sasl-server-request.c
index f91d4888c9..fd732990c8 100644
--- a/src/auth/sasl-server-request.c
+++ b/src/auth/sasl-server-request.c
@@ -10,18 +10,19 @@
  */
 
 void sasl_server_request_create(struct sasl_server_req_ctx *rctx,
-				struct sasl_server_instance *sinst,
-				const struct sasl_server_mech_def *mech,
+				const struct sasl_server_mech *mech,
 				const char *protocol,
 				struct event *event_parent)
 {
+	struct sasl_server_instance *sinst = mech->sinst;
 	struct sasl_server *server = sinst->server;
 	struct auth_request *request =
 		container_of(rctx, struct auth_request, sasl.req);
 	struct sasl_server_request *req;
 	pool_t pool;
 
-	i_assert(mech->funcs != NULL);
+	i_assert(mech->def != NULL);
+	i_assert(mech->def->funcs != NULL);
 
 	i_zero(rctx);
 
@@ -36,8 +37,8 @@ void sasl_server_request_create(struct sasl_server_req_ctx *rctx,
 
 	struct sasl_server_mech_request *mreq;
 
-	if (mech->funcs->auth_new != NULL)
-		mreq = mech->funcs->auth_new(pool);
+	if (mech->def->funcs->auth_new != NULL)
+		mreq = mech->def->funcs->auth_new(pool);
 	else
 		mreq = p_new(pool, struct sasl_server_mech_request, 1);
 	mreq->pool = pool;
@@ -50,7 +51,7 @@ void sasl_server_request_create(struct sasl_server_req_ctx *rctx,
 
 	req->mech = mreq;
 	rctx->mech = mech;
-	rctx->mech_name = mech->name;
+	rctx->mech_name = mech->def->name;
 	rctx->request = req;
 }
 
@@ -71,17 +72,17 @@ void sasl_server_request_destroy(struct sasl_server_req_ctx *rctx)
 	i_assert(server->requests > 0);
 	server->requests--;
 
-	if (mreq->mech->funcs->auth_free != NULL)
-		mreq->mech->funcs->auth_free(mreq);
+	if (mreq->mech->def->funcs->auth_free != NULL)
+		mreq->mech->def->funcs->auth_free(mreq);
 }
 
 static bool
 sasl_server_request_fail_on_nuls(struct sasl_server_request *req,
 				 const unsigned char *data, size_t data_size)
 {
-	const struct sasl_server_mech_def *mech = req->mech->mech;
+	const struct sasl_server_mech *mech = req->mech->mech;
 
-	if ((mech->flags & SASL_MECH_SEC_ALLOW_NULS) != 0)
+	if ((mech->def->flags & SASL_MECH_SEC_ALLOW_NULS) != 0)
 		return FALSE;
 	if (memchr(data, '\0', data_size) != NULL) {
 		e_debug(req->mech->mech_event, "Unexpected NUL in auth data");
@@ -96,13 +97,13 @@ void sasl_server_request_initial(struct sasl_server_req_ctx *rctx,
 {
 	struct sasl_server_request *req = rctx->request;
 	struct sasl_server_mech_request *mreq = req->mech;
-	const struct sasl_server_mech_def *mech = mreq->mech;
+	const struct sasl_server_mech *mech = mreq->mech;
 
 	if (sasl_server_request_fail_on_nuls(req, data, data_size))
 		return;
 
-	i_assert(mech->funcs->auth_initial != NULL);
-	mech->funcs->auth_initial(mreq, data, data_size);
+	i_assert(mech->def->funcs->auth_initial != NULL);
+	mech->def->funcs->auth_initial(mreq, data, data_size);
 }
 
 void sasl_server_request_input(struct sasl_server_req_ctx *rctx,
@@ -110,13 +111,13 @@ void sasl_server_request_input(struct sasl_server_req_ctx *rctx,
 {
 	struct sasl_server_request *req = rctx->request;
 	struct sasl_server_mech_request *mreq = req->mech;
-	const struct sasl_server_mech_def *mech = mreq->mech;
+	const struct sasl_server_mech *mech = mreq->mech;
 
 	if (sasl_server_request_fail_on_nuls(req, data, data_size))
 		return;
 
-	i_assert(mech->funcs->auth_continue != NULL);
-	mech->funcs->auth_continue(mreq, data, data_size);
+	i_assert(mech->def->funcs->auth_continue != NULL);
+	mech->def->funcs->auth_continue(mreq, data, data_size);
 }
 
 void sasl_server_request_test_set_authid(struct sasl_server_req_ctx *rctx,
diff --git a/src/auth/sasl-server.h b/src/auth/sasl-server.h
index ab2a5c9609..31be9354ae 100644
--- a/src/auth/sasl-server.h
+++ b/src/auth/sasl-server.h
@@ -93,7 +93,7 @@ enum sasl_server_authid_type {
 };
 
 struct sasl_server_req_ctx {
-	const struct sasl_server_mech_def *mech;
+	const struct sasl_server_mech *mech;
 	const char *mech_name;
 
 	struct sasl_server_request *request;
@@ -132,8 +132,7 @@ struct sasl_server_request_funcs {
 };
 
 void sasl_server_request_create(struct sasl_server_req_ctx *rctx,
-				struct sasl_server_instance *sinst,
-				const struct sasl_server_mech_def *mech,
+				const struct sasl_server_mech *mech,
 				const char *protocol,
 				struct event *event_parent);
 void sasl_server_request_destroy(struct sasl_server_req_ctx *rctx);