From: Stephan Bosch Date: Sat, 4 Mar 2023 01:31:39 +0000 (+0100) Subject: auth: sasl-server - Add sasl_server_request_output() X-Git-Tag: 2.4.2~275 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fdff094036267bdfd1426a9a267b7f0f1e9d08b1;p=thirdparty%2Fdovecot%2Fcore.git auth: sasl-server - Add sasl_server_request_output() Wraps auth_request_handler_reply_continue(). --- diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am index a36350d786..43c522bf23 100644 --- a/src/auth/Makefile.am +++ b/src/auth/Makefile.am @@ -94,6 +94,7 @@ sasl_server_mechanisms = \ sasl_sources = \ ${sasl_server_mechanisms} \ + sasl-server-request.c \ sasl-server-mech.c auth_common_sources = \ diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h index 414283382a..f3ce45309c 100644 --- a/src/auth/auth-request.h +++ b/src/auth/auth-request.h @@ -11,6 +11,7 @@ #include "sasl-server-protected.h" // FIXME: Use public API only #include "userdb.h" #include "passdb.h" +#include "auth-sasl.h" #include "auth-request-var-expand.h" #include "password-scheme.h" diff --git a/src/auth/sasl-server-mech-cram-md5.c b/src/auth/sasl-server-mech-cram-md5.c index b479b54a70..49682fa763 100644 --- a/src/auth/sasl-server-mech-cram-md5.c +++ b/src/auth/sasl-server-mech-cram-md5.c @@ -161,8 +161,8 @@ mech_cram_md5_auth_initial(struct auth_request *auth_request, auth_request); request->challenge = p_strdup(auth_request->pool, get_cram_challenge()); - auth_request_handler_reply_continue(auth_request, request->challenge, - strlen(request->challenge)); + sasl_server_request_output(auth_request, request->challenge, + strlen(request->challenge)); } static struct auth_request *mech_cram_md5_auth_new(void) diff --git a/src/auth/sasl-server-mech-digest-md5.c b/src/auth/sasl-server-mech-digest-md5.c index a2b7211c32..f075f82ed8 100644 --- a/src/auth/sasl-server-mech-digest-md5.c +++ b/src/auth/sasl-server-mech-digest-md5.c @@ -599,8 +599,8 @@ mech_digest_md5_auth_initial(struct auth_request *auth_request, /* FIXME: there's no support for subsequent authentication */ challenge = get_digest_challenge(request); - auth_request_handler_reply_continue(auth_request, str_data(challenge), - str_len(challenge)); + sasl_server_request_output(auth_request, str_data(challenge), + str_len(challenge)); } static struct auth_request *mech_digest_md5_auth_new(void) diff --git a/src/auth/sasl-server-mech-gssapi.c b/src/auth/sasl-server-mech-gssapi.c index ce7b537df7..3c74fc2ef7 100644 --- a/src/auth/sasl-server-mech-gssapi.c +++ b/src/auth/sasl-server-mech-gssapi.c @@ -328,9 +328,9 @@ mech_gssapi_sec_context(struct gssapi_auth_request *request, if (ret == 0) { if (output_token.length > 0) { - auth_request_handler_reply_continue(auth_request, - output_token.value, - output_token.length); + sasl_server_request_output(auth_request, + output_token.value, + output_token.length); } else { /* If there is no output token, go straight to wrap, which is expecting an empty input token. */ @@ -375,8 +375,7 @@ mech_gssapi_wrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf) e_debug(auth_request->mech_event, "Negotiated security layer"); - auth_request_handler_reply_continue(auth_request, outbuf.value, - outbuf.length); + sasl_server_request_output(auth_request, outbuf.value, outbuf.length); (void)gss_release_buffer(&minor_status, &outbuf); request->sasl_gssapi_state = GSS_STATE_UNWRAP; @@ -662,8 +661,7 @@ mech_gssapi_auth_initial(struct auth_request *auth_request, if (data_size == 0) { /* The client should go first */ - auth_request_handler_reply_continue(auth_request, - uchar_empty_ptr, 0); + sasl_server_request_output(auth_request, uchar_empty_ptr, 0); } else { mech_gssapi_auth_continue(auth_request, data, data_size); } diff --git a/src/auth/sasl-server-mech-login.c b/src/auth/sasl-server-mech-login.c index 23cac3bd47..a7e0a9118b 100644 --- a/src/auth/sasl-server-mech-login.c +++ b/src/auth/sasl-server-mech-login.c @@ -28,8 +28,7 @@ mech_login_auth_continue(struct auth_request *request, return; } - auth_request_handler_reply_continue(request, prompt2, - strlen(prompt2)); + sasl_server_request_output(request, prompt2, strlen(prompt2)); } else { char *pass = p_strndup(unsafe_data_stack_pool, data, data_size); auth_request_verify_plain( @@ -45,8 +44,7 @@ mech_login_auth_initial(struct auth_request *request, static const char prompt1[] = "Username:"; if (data_size == 0) { - auth_request_handler_reply_continue(request, prompt1, - strlen(prompt1)); + sasl_server_request_output(request, prompt1, strlen(prompt1)); } else { mech_login_auth_continue(request, data, data_size); } diff --git a/src/auth/sasl-server-mech-otp.c b/src/auth/sasl-server-mech-otp.c index 1be7bc6f72..49d2bcca39 100644 --- a/src/auth/sasl-server-mech-otp.c +++ b/src/auth/sasl-server-mech-otp.c @@ -105,8 +105,7 @@ otp_send_challenge(struct otp_auth_request *request, digest_name(request->state.algo), request->state.seq, request->state.seed); - auth_request_handler_reply_continue(auth_request, answer, - strlen(answer)); + sasl_server_request_output(auth_request, answer, strlen(answer)); } static void diff --git a/src/auth/sasl-server-mech-scram.c b/src/auth/sasl-server-mech-scram.c index 4ab018eb95..10c2fd956c 100644 --- a/src/auth/sasl-server-mech-scram.c +++ b/src/auth/sasl-server-mech-scram.c @@ -49,8 +49,7 @@ credentials_callback(enum passdb_result result, end = auth_scram_server_output(&request->scram_server, &output, &output_len); i_assert(!end); - auth_request_handler_reply_continue(auth_request, - output, output_len); + sasl_server_request_output(auth_request, output, output_len); break; case PASSDB_RESULT_INTERNAL_FAILURE: auth_request_internal_failure(auth_request); @@ -159,8 +158,7 @@ void mech_scram_auth_continue(struct auth_request *auth_request, if (!auth_scram_server_output(&request->scram_server, &output, &output_len)) { - auth_request_handler_reply_continue(auth_request, - output, output_len); + sasl_server_request_output(auth_request, output, output_len); return; } diff --git a/src/auth/sasl-server-mech-winbind.c b/src/auth/sasl-server-mech-winbind.c index ab375ada76..9d554a93e5 100644 --- a/src/auth/sasl-server-mech-winbind.c +++ b/src/auth/sasl-server-mech-winbind.c @@ -232,8 +232,7 @@ do_auth_continue(struct winbind_auth_request *request, i_assert(token[1] != NULL); buf = t_base64_decode_str(token[1]); - auth_request_handler_reply_continue(auth_request, buf->data, - buf->used); + sasl_server_request_output(auth_request, buf->data, buf->used); request->continued = TRUE; return HR_OK; } else if (strcmp(token[0], "NA") == 0) { diff --git a/src/auth/sasl-server-mech.c b/src/auth/sasl-server-mech.c index d3d485f1a7..46d5951318 100644 --- a/src/auth/sasl-server-mech.c +++ b/src/auth/sasl-server-mech.c @@ -9,7 +9,7 @@ void sasl_server_mech_generic_auth_initial(struct auth_request *request, size_t data_size) { if (data == NULL) { - auth_request_handler_reply_continue(request, uchar_empty_ptr, 0); + sasl_server_request_output(request, uchar_empty_ptr, 0); } else { /* initial reply given, even if it was 0 bytes */ request->mech->auth_continue(request, data, data_size); diff --git a/src/auth/sasl-server-protected.h b/src/auth/sasl-server-protected.h index 16fec6b9da..616534dae4 100644 --- a/src/auth/sasl-server-protected.h +++ b/src/auth/sasl-server-protected.h @@ -63,4 +63,11 @@ void mech_deinit(const struct auth_settings *set); void mech_oauth2_initialize(void); +/* + * Request + */ + +void sasl_server_request_output(struct auth_request *request, + const void *data, size_t data_size); + #endif diff --git a/src/auth/sasl-server-request.c b/src/auth/sasl-server-request.c new file mode 100644 index 0000000000..7d22729f72 --- /dev/null +++ b/src/auth/sasl-server-request.c @@ -0,0 +1,21 @@ +/* Copyright (c) 2023 Dovecot authors, see the included COPYING file */ + +#include "lib.h" +#include "auth-request.h" + +#include "sasl-server-private.h" + +/* + * Mechanism API + */ + +void sasl_server_request_output(struct auth_request *request, + const void *data, size_t data_size) +{ + const struct sasl_server_output output = { + .status = SASL_SERVER_OUTPUT_CONTINUE, + .data = data, + .data_size = data_size, + }; + auth_sasl_request_output(request, &output); +}