#include "hostpid.h"
#include "settings.h"
#include "master-service.h"
-#include "sasl-server-protected.h" // FIXME: remove
+#include "sasl-server-private.h" // FIXME: remove
#include "auth-cache.h"
#include "auth-request.h"
#include "auth-request-handler.h"
}
static void
-apop_credentials_callback(enum passdb_result result,
- const unsigned char *credentials, size_t size,
- struct sasl_server_mech_request *auth_request)
+apop_credentials_callback(struct sasl_server_mech_request *auth_request,
+ const struct sasl_passdb_result *result)
{
struct apop_auth_request *request =
container_of(auth_request, struct apop_auth_request,
auth_request);
- switch (result) {
- case PASSDB_RESULT_OK:
- if (verify_credentials(request, credentials, size))
+ switch (result->status) {
+ case SASL_PASSDB_RESULT_OK:
+ if (verify_credentials(request, result->credentials.data,
+ result->credentials.size))
sasl_server_request_success(auth_request, "", 0);
else
sasl_server_request_failure(auth_request);
break;
- case PASSDB_RESULT_INTERNAL_FAILURE:
+ case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
sasl_server_request_internal_failure(auth_request);
break;
default:
}
static void
-credentials_callback(enum passdb_result result,
- const unsigned char *credentials, size_t size,
- struct sasl_server_mech_request *auth_request)
+credentials_callback(struct sasl_server_mech_request *auth_request,
+ const struct sasl_passdb_result *result)
{
- switch (result) {
+ switch (result->status) {
case SASL_PASSDB_RESULT_OK:
- verify_credentials(auth_request, credentials, size);
+ verify_credentials(auth_request, result->credentials.data,
+ result->credentials.size);
break;
case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
sasl_server_request_internal_failure(auth_request);
}
static void
-credentials_callback(enum passdb_result result,
- const unsigned char *credentials, size_t size,
- struct sasl_server_mech_request *auth_request)
+credentials_callback(struct sasl_server_mech_request *auth_request,
+ const struct sasl_passdb_result *result)
{
- switch (result) {
+ switch (result->status) {
case SASL_PASSDB_RESULT_OK:
- verify_credentials(auth_request, credentials, size);
+ verify_credentials(auth_request, result->credentials.data,
+ result->credentials.size);
break;
case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
sasl_server_request_internal_failure(auth_request);
}
static void
-gssapi_credentials_callback(enum passdb_result result,
- const unsigned char *credentials ATTR_UNUSED,
- size_t size ATTR_UNUSED,
- struct sasl_server_mech_request *auth_request)
+gssapi_credentials_callback(struct sasl_server_mech_request *auth_request,
+ const struct sasl_passdb_result *result)
{
struct gssapi_auth_request *request =
container_of(auth_request, struct gssapi_auth_request,
/* We don't care much whether the lookup succeeded or not because GSSAPI
does not strictly require a passdb. But if a passdb is configured,
now the k5principals field will have been filled in. */
- switch (result) {
+ switch (result->status) {
case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
sasl_server_request_internal_failure(auth_request);
return;
/* User is explicitly disabled, don't allow it to log in */
sasl_server_request_failure(auth_request);
return;
- case PASSDB_RESULT_NEXT: /* FIXME: To be removed */
case SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
case SASL_PASSDB_RESULT_USER_UNKNOWN:
case SASL_PASSDB_RESULT_PASSWORD_MISMATCH:
}
static void
-otp_credentials_callback(enum passdb_result result,
- const unsigned char *credentials, size_t size,
- struct sasl_server_mech_request *auth_request)
+otp_credentials_callback(struct sasl_server_mech_request *auth_request,
+ const struct sasl_passdb_result *result)
{
struct otp_auth_request *request =
container_of(auth_request, struct otp_auth_request,
auth_request);
- switch (result) {
+ switch (result->status) {
case SASL_PASSDB_RESULT_OK:
- otp_send_challenge(request, credentials, size);
+ otp_send_challenge(request, result->credentials.data,
+ result->credentials.size);
break;
case SASL_PASSDB_RESULT_INTERNAL_FAILURE:
sasl_server_request_internal_failure(auth_request);
}
static void
-otp_set_credentials_callback(bool success,
- struct sasl_server_mech_request *auth_request)
+otp_set_credentials_callback(struct sasl_server_mech_request *auth_request,
+ const struct sasl_passdb_result *result)
{
struct otp_auth_request *request =
container_of(auth_request, struct otp_auth_request,
auth_request);
- if (success)
+ if (result->status == SASL_PASSDB_RESULT_OK)
sasl_server_request_success(auth_request, "", 0);
else {
sasl_server_request_internal_failure(auth_request);
#include "sasl-server-mech-plain-common.h"
void sasl_server_mech_plain_verify_callback(
- enum passdb_result result, struct sasl_server_mech_request *request)
+ struct sasl_server_mech_request *request,
+ const struct sasl_passdb_result *result)
{
- switch (result) {
+ switch (result->status) {
case SASL_PASSDB_RESULT_OK:
sasl_server_request_success(request, "", 0);
break;
#define SASL_SERVER_MECH_PLAIN_COMMON_H
void sasl_server_mech_plain_verify_callback(
- enum passdb_result result, struct sasl_server_mech_request *request);
+ struct sasl_server_mech_request *request,
+ const struct sasl_passdb_result *result);
#endif
};
static void
-credentials_callback(enum passdb_result result,
- const unsigned char *credentials, size_t size,
- struct sasl_server_mech_request *auth_request)
+credentials_callback(struct sasl_server_mech_request *auth_request,
+ const struct sasl_passdb_result *result)
{
struct scram_auth_request *request =
container_of(auth_request, struct scram_auth_request,
size_t output_len;
bool end;
- switch (result) {
+ switch (result->status) {
case SASL_PASSDB_RESULT_OK:
if (auth_scram_credentials_parse(key_data->hmethod,
request->password_scheme,
- credentials, size,
+ result->credentials.data,
+ result->credentials.size,
&key_data->iter_count,
&key_data->salt,
key_data->stored_key,
#include "sasl-server-protected.h"
+enum sasl_server_passdb_type {
+ SASL_SERVER_PASSDB_TYPE_VERIFY_PLAIN,
+ SASL_SERVER_PASSDB_TYPE_LOOKUP_CREDENTIALS,
+ SASL_SERVER_PASSDB_TYPE_SET_CREDENTIALS,
+};
+
struct sasl_server_request {
struct sasl_server_mech_request *mech;
+
+ enum sasl_server_passdb_type passdb_type;
+ sasl_server_mech_passdb_callback_t *passdb_callback;
};
#endif
struct sasl_server_mech_request;
typedef void
-sasl_server_verify_plain_callback_t(enum passdb_result result,
- struct sasl_server_mech_request *req);
-typedef void
-sasl_server_lookup_credentials_callback_t(enum passdb_result result,
- const unsigned char *credentials,
- size_t size,
- struct sasl_server_mech_request *req);
-typedef void
-sasl_server_set_credentials_callback_t(bool success,
- struct sasl_server_mech_request *req);
+sasl_server_mech_passdb_callback_t(struct sasl_server_mech_request *req,
+ const struct sasl_passdb_result *result);
struct sasl_server_mech_def {
const char *mech_name;
// FIXME: To be removed
struct auth_request *request;
- union {
- sasl_server_verify_plain_callback_t *verify_plain;
- sasl_server_lookup_credentials_callback_t *lookup_credentials;
- sasl_server_set_credentials_callback_t *set_credentials;
- } private_callback;
};
/*
void sasl_server_request_verify_plain(
struct sasl_server_mech_request *mreq, const char *password,
- sasl_server_verify_plain_callback_t *callback);
+ sasl_server_mech_passdb_callback_t *callback);
void sasl_server_request_lookup_credentials(
struct sasl_server_mech_request *mreq, const char *scheme,
- sasl_server_lookup_credentials_callback_t *callback);
+ sasl_server_mech_passdb_callback_t *callback);
void sasl_server_request_set_credentials(
struct sasl_server_mech_request *mreq,
const char *scheme, const char *data,
- sasl_server_set_credentials_callback_t *callback);
+ sasl_server_mech_passdb_callback_t *callback);
#endif
mreq, SASL_SERVER_OUTPUT_INTERNAL_FAILURE, "", 0);
}
+static enum sasl_passdb_result_status
+translate_result_status(enum passdb_result result)
+{
+ switch (result) {
+ case PASSDB_RESULT_INTERNAL_FAILURE:;
+ return SASL_PASSDB_RESULT_INTERNAL_FAILURE;
+ case PASSDB_RESULT_SCHEME_NOT_AVAILABLE:
+ return SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
+ case PASSDB_RESULT_USER_UNKNOWN:
+ return SASL_PASSDB_RESULT_USER_UNKNOWN;
+ case PASSDB_RESULT_USER_DISABLED:
+ return SASL_PASSDB_RESULT_USER_DISABLED;
+ case PASSDB_RESULT_PASS_EXPIRED:
+ return SASL_PASSDB_RESULT_PASS_EXPIRED;
+ case PASSDB_RESULT_PASSWORD_MISMATCH:
+ return SASL_PASSDB_RESULT_PASSWORD_MISMATCH;
+ case PASSDB_RESULT_NEXT:
+ case PASSDB_RESULT_OK:
+ return SASL_PASSDB_RESULT_OK;
+ }
+ i_unreached();
+}
+
static void
-verify_plain_callback(enum passdb_result result, struct auth_request *request)
+verify_plain_callback(enum passdb_result status, struct auth_request *request)
{
struct sasl_server_mech_request *mreq = request->sasl;
+ struct sasl_server_request *req = mreq->req;
+
+ i_assert(req->passdb_type == SASL_SERVER_PASSDB_TYPE_VERIFY_PLAIN);
- mreq->private_callback.verify_plain(result, request->sasl);
+ const struct sasl_passdb_result result = {
+ .status = translate_result_status(status),
+ };
+ req->passdb_callback(mreq, &result);
}
void sasl_server_request_verify_plain(
struct sasl_server_mech_request *mreq, const char *password,
- sasl_server_verify_plain_callback_t *callback)
+ sasl_server_mech_passdb_callback_t *callback)
{
struct auth_request *request = mreq->request;
+ struct sasl_server_request *req = mreq->req;
- mreq->private_callback.verify_plain = callback;
+ req->passdb_type = SASL_SERVER_PASSDB_TYPE_VERIFY_PLAIN;
+ req->passdb_callback = callback;
auth_sasl_request_verify_plain(request, password, verify_plain_callback);
}
static void
-lookup_credentials_callback(enum passdb_result result,
+lookup_credentials_callback(enum passdb_result status,
const unsigned char *credentials,
size_t size, struct auth_request *request)
{
struct sasl_server_mech_request *mreq = request->sasl;
+ struct sasl_server_request *req = mreq->req;
+
+ i_assert(req->passdb_type ==
+ SASL_SERVER_PASSDB_TYPE_LOOKUP_CREDENTIALS);
- mreq->private_callback.lookup_credentials(result, credentials, size,
- mreq);
+ const struct sasl_passdb_result result = {
+ .status = translate_result_status(status),
+ .credentials = {
+ .data = credentials,
+ .size = size,
+ },
+ };
+ req->passdb_callback(mreq, &result);
}
void sasl_server_request_lookup_credentials(
struct sasl_server_mech_request *mreq, const char *scheme,
- sasl_server_lookup_credentials_callback_t *callback)
+ sasl_server_mech_passdb_callback_t *callback)
{
struct auth_request *request = mreq->request;
+ struct sasl_server_request *req = mreq->req;
- mreq->private_callback.lookup_credentials = callback;
+ req->passdb_type = SASL_SERVER_PASSDB_TYPE_LOOKUP_CREDENTIALS;
+ req->passdb_callback = callback;
auth_sasl_request_lookup_credentials(request, scheme,
lookup_credentials_callback);
}
set_credentials_callback(bool success, struct auth_request *request)
{
struct sasl_server_mech_request *mreq = request->sasl;
+ struct sasl_server_request *req = mreq->req;
- mreq->private_callback.set_credentials(success, mreq);
+ i_assert(req->passdb_type == SASL_SERVER_PASSDB_TYPE_SET_CREDENTIALS);
+
+ const struct sasl_passdb_result result = {
+ .status = (success ?
+ SASL_PASSDB_RESULT_OK :
+ SASL_PASSDB_RESULT_INTERNAL_FAILURE),
+ };
+ req->passdb_callback(mreq, &result);
}
void sasl_server_request_set_credentials(
struct sasl_server_mech_request *mreq,
const char *scheme, const char *data,
- sasl_server_set_credentials_callback_t *callback)
+ sasl_server_mech_passdb_callback_t *callback)
{
struct auth_request *request = mreq->request;
+ struct sasl_server_request *req = mreq->req;
- mreq->private_callback.set_credentials = callback;
+ req->passdb_type = SASL_SERVER_PASSDB_TYPE_SET_CREDENTIALS;
+ req->passdb_callback = callback;
auth_sasl_request_set_credentials(request, scheme, data,
set_credentials_callback);
}
struct sasl_server_mech_def;
struct sasl_server_mech_request;
+struct sasl_server_request;
struct sasl_server_req_ctx;
enum sasl_passdb_result_status {
- SASL_PASSDB_RESULT_INTERNAL_FAILURE = PASSDB_RESULT_INTERNAL_FAILURE,
- SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE = PASSDB_RESULT_SCHEME_NOT_AVAILABLE,
+ SASL_PASSDB_RESULT_INTERNAL_FAILURE = -1,
+ SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE = -2,
- SASL_PASSDB_RESULT_USER_UNKNOWN = PASSDB_RESULT_USER_UNKNOWN,
- SASL_PASSDB_RESULT_USER_DISABLED = PASSDB_RESULT_USER_DISABLED,
- SASL_PASSDB_RESULT_PASS_EXPIRED = PASSDB_RESULT_PASS_EXPIRED,
+ SASL_PASSDB_RESULT_USER_UNKNOWN = -3,
+ SASL_PASSDB_RESULT_USER_DISABLED = -4,
+ SASL_PASSDB_RESULT_PASS_EXPIRED = -5,
- SASL_PASSDB_RESULT_PASSWORD_MISMATCH = PASSDB_RESULT_PASSWORD_MISMATCH,
- SASL_PASSDB_RESULT_OK = PASSDB_RESULT_OK,
+ SASL_PASSDB_RESULT_PASSWORD_MISMATCH = 0,
+ SASL_PASSDB_RESULT_OK = 1,
};
enum sasl_mech_passdb_need {
size_t data_size;
};
+struct sasl_passdb_result {
+ enum sasl_passdb_result_status status;
+
+ struct {
+ const unsigned char *data;
+ size_t size;
+ } credentials;
+};
+
/*
* Request
*/
projects / thirdparty / dovecot / core.git / commitdiff
