#include "strescape.h"
#include "str-sanitize.h"
#include "base64.h"
+#include "sasl-server-protected.h" // FIXME: remove
#include "auth-request.h"
void auth_request_fields_init(struct auth_request *request)
#include "str.h"
#include "strescape.h"
#include "str-sanitize.h"
+#include "sasl-server-protected.h" // FIXME: remove
#include "master-interface.h"
#include "auth-sasl.h"
#include "auth-penalty.h"
#include "hostpid.h"
#include "settings.h"
#include "master-service.h"
+#include "sasl-server-protected.h" // FIXME: remove
#include "auth-cache.h"
#include "auth-request.h"
#include "auth-request-handler.h"
struct event *parent_event)
{
struct auth_request *request;
+ pool_t pool;
- request = mech->auth_new();
+ pool = pool_alloconly_create(MEMPOOL_GROWING"auth_request", 1024);
+ request = p_new(pool, struct auth_request, 1);
+ request->pool = pool;
request->mech = mech;
auth_request_post_alloc_init(request, parent_event);
event_set_min_log_level(request->mech_event, level);
event_set_append_log_prefix(request->mech_event, prefix);
+ auth_sasl_request_init(request, mech);
+
return request;
}
timeout_remove(&request->to_abort);
timeout_remove(&request->to_penalty);
- if (request->mech != NULL)
- request->mech->auth_free(request);
- else
- pool_unref(&request->pool);
+ auth_sasl_request_deinit(request);
+ pool_unref(&request->pool);
}
bool auth_request_import_master(struct auth_request *request,
request->initial_response_len))
return;
- request->mech->auth_initial(request, request->initial_response,
- request->initial_response_len);
+ auth_sasl_request_initial(request);
}
void auth_request_continue(struct auth_request *request,
return;
auth_request_refresh_last_access(request);
- request->mech->auth_continue(request, data, data_size);
+ auth_sasl_request_continue(request, data, data_size);
}
static void
#define AUTH_REQUEST_USER_KEY_IGNORE " "
+struct sasl_server_mech_def;
+struct sasl_server_mech_request;
+
struct auth_client_connection;
enum auth_request_state {
enum passdb_result passdb_result;
const struct sasl_server_mech_def *mech;
+ struct sasl_server_mech_request *sasl;
/* Protocol-specific settings */
const struct auth_settings *protocol_set;
/* Currently active settings. May be the same as protocol_set, but
#include <unistd.h>
struct apop_auth_request {
- struct auth_request auth_request;
+ struct sasl_server_mech_request auth_request;
/* requested: */
char *challenge;
static void
apop_credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
- struct auth_request *auth_request)
+ struct sasl_server_mech_request *auth_request)
{
struct apop_auth_request *request =
container_of(auth_request, struct apop_auth_request,
}
static void
-mech_apop_auth_initial(struct auth_request *auth_request,
+mech_apop_auth_initial(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct apop_auth_request *request =
if (sscanf(request->challenge, "<%lx.%lx.%lx.",
&pid, &connect_uid, ×tamp) != 3 ||
- connect_uid != auth_request->connect_uid ||
+ connect_uid != auth_request->request->connect_uid ||
pid != (unsigned long)getpid() ||
(time_t)timestamp < process_start_time) {
e_info(auth_request->mech_event,
apop_credentials_callback);
}
-static struct auth_request *mech_apop_auth_new(void)
+static struct sasl_server_mech_request *mech_apop_auth_new(pool_t pool)
{
struct apop_auth_request *request;
- pool_t pool;
- pool = pool_alloconly_create(MEMPOOL_GROWING"apop_auth_request", 2048);
request = p_new(pool, struct apop_auth_request, 1);
- request->auth_request.pool = pool;
return &request->auth_request;
}
#include "auth-token.h"
static void
-mech_dovecot_token_auth_continue(struct auth_request *request,
- const unsigned char *data, size_t data_size)
+mech_dovecot_token_auth_continue(struct sasl_server_mech_request *request,
+ const unsigned char *data, size_t data_size)
{
const char *session_id, *username, *pid, *service;
char *auth_token;
sasl_server_request_failure(request);
} else {
const char *valid_token =
- auth_token_get(service, pid, request->fields.user,
+ auth_token_get(service, pid, request->request->fields.user,
session_id);
if (auth_token != NULL &&
str_equals_timing_almost_safe(auth_token, valid_token)) {
- request->passdb_success = TRUE;
- auth_request_set_field(request, "userdb_client_service", service, "");
+ request->request->passdb_success = TRUE;
+ auth_request_set_field(request->request, "userdb_client_service", service, "");
sasl_server_request_success(request, NULL, 0);
} else {
sasl_server_request_failure(request);
safe_memset(auth_token, 0, strlen(auth_token));
}
-static struct auth_request *mech_dovecot_token_auth_new(void)
+static struct sasl_server_mech_request *mech_dovecot_token_auth_new(pool_t pool)
{
- struct auth_request *request;
- pool_t pool;
+ struct sasl_server_mech_request *request;
+
+ request = p_new(pool, struct sasl_server_mech_request, 1);
- pool = pool_alloconly_create(MEMPOOL_GROWING"dovecot_token_auth_request", 512);
- request = p_new(pool, struct auth_request, 1);
- request->pool = pool;
return request;
}
oauth2_verify_finish(enum passdb_result result, struct auth_request *request)
{
struct oauth2_auth_request *oauth2_req =
- container_of(request, struct oauth2_auth_request, request);
+ container_of(request->sasl,
+ struct oauth2_auth_request, request);
struct sasl_server_oauth2_failure failure;
i_zero(&failure);
mech_oauth2_verify_token_continue(struct oauth2_auth_request *oauth2_req,
const char *const *args)
{
- struct auth_request *request = &oauth2_req->request;
+ struct auth_request *request = oauth2_req->request.request;
int parsed;
enum passdb_result result;
const char *error,
struct oauth2_auth_request *oauth2_req)
{
- struct auth_request *request = &oauth2_req->request;
+ struct auth_request *request = oauth2_req->request.request;
if (result == PASSDB_RESULT_OK) {
auth_request_set_password_verified(request);
static void
auth_sasl_oauth2_verify_token(struct oauth2_auth_request *oauth2_req,
- const char *token)
+ const char *token)
{
- struct auth_request *auth_request = &oauth2_req->request;
+ struct auth_request *auth_request = oauth2_req->request.request;
auth_request_ref(auth_request);
if (!db_oauth2_use_worker(oauth2_req->db)) {
#include "lib.h"
#include "sasl-server-protected.h" // FIXME: Use public API only
+#include "sasl-server.h"
#include "auth.h"
#include "auth-common.h"
#include "auth-sasl.h"
set_credentials_callback);
}
+void auth_sasl_request_init(struct auth_request *request,
+ const struct sasl_server_mech_def *mech)
+{
+ sasl_server_request_create(request, mech, request->mech_event);
+}
+
+void auth_sasl_request_deinit(struct auth_request *request)
+{
+ sasl_server_request_destroy(request);
+}
+
+void auth_sasl_request_initial(struct auth_request *request)
+{
+ request->mech->auth_initial(request->sasl, request->initial_response,
+ request->initial_response_len);
+}
+
+void auth_sasl_request_continue(struct auth_request *request,
+ const unsigned char *data, size_t data_size)
+{
+ request->mech->auth_continue(request->sasl, data, data_size);
+}
+
/*
* Mechanisms
*/
#ifndef AUTH_SASL_H
#define AUTH_SASL_H
-#include "auth-request.h" // FIXME: remove
#include "sasl-server.h"
/* Used only for string sanitization. */
#define AUTH_SASL_MAX_MECH_NAME_LEN 64
+struct auth_request;
+
struct auth_sasl_mech_module {
const char *mech_name;
};
const char *scheme, const char *data,
set_credentials_callback_t *set_credentials_callback);
+void auth_sasl_request_init(struct auth_request *request,
+ const struct sasl_server_mech_def *mech);
+void auth_sasl_request_deinit(struct auth_request *request);
+
+void auth_sasl_request_initial(struct auth_request *request);
+void auth_sasl_request_continue(struct auth_request *request,
+ const unsigned char *data, size_t data_size);
+
/*
* Mechanisms
*/
#include "sasl-server-protected.h"
static void
-mech_anonymous_auth_continue(struct auth_request *request,
+mech_anonymous_auth_continue(struct sasl_server_mech_request *request,
const unsigned char *data, size_t data_size)
{
- i_assert(*request->set->anonymous_username != '\0');
-
if (!sasl_server_request_set_authid(request,
SASL_SERVER_AUTHID_TYPE_ANONYMOUS,
t_strndup(data, data_size))) {
return;
}
- request->passdb_success = TRUE;
+ request->request->passdb_success = TRUE;
sasl_server_request_success(request, "", 0);
}
-static struct auth_request *mech_anonymous_auth_new(void)
+static struct sasl_server_mech_request *mech_anonymous_auth_new(pool_t pool)
{
- struct auth_request *request;
- pool_t pool;
+ struct sasl_server_mech_request *request;
- pool = pool_alloconly_create(MEMPOOL_GROWING"anonymous_auth_request", 2048);
- request = p_new(pool, struct auth_request, 1);
+ request = p_new(pool, struct sasl_server_mech_request, 1);
request->pool = pool;
return request;
}
#include <time.h>
struct cram_auth_request {
- struct auth_request auth_request;
+ struct sasl_server_mech_request auth_request;
/* requested: */
char *challenge;
}
static void
-verify_credentials(struct auth_request *auth_request,
+verify_credentials(struct sasl_server_mech_request *auth_request,
const unsigned char *credentials, size_t size)
{
struct cram_auth_request *request =
parse_cram_response(struct cram_auth_request *request,
const unsigned char *data, size_t size)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
size_t i, space;
/* <username> SPACE <response>. Username may contain spaces, so assume
static void
credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
- struct auth_request *auth_request)
+ struct sasl_server_mech_request *auth_request)
{
switch (result) {
case SASL_PASSDB_RESULT_OK:
}
static void
-mech_cram_md5_auth_continue(struct auth_request *auth_request,
+mech_cram_md5_auth_continue(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct cram_auth_request *request =
}
static void
-mech_cram_md5_auth_initial(struct auth_request *auth_request,
+mech_cram_md5_auth_initial(struct sasl_server_mech_request *auth_request,
const unsigned char *data ATTR_UNUSED,
size_t data_size ATTR_UNUSED)
{
strlen(request->challenge));
}
-static struct auth_request *mech_cram_md5_auth_new(void)
+static struct sasl_server_mech_request *mech_cram_md5_auth_new(pool_t pool)
{
struct cram_auth_request *request;
- pool_t pool;
- pool = pool_alloconly_create(MEMPOOL_GROWING"cram_md5_auth_request", 2048);
request = p_new(pool, struct cram_auth_request, 1);
- request->auth_request.pool = pool;
return &request->auth_request;
}
};
struct digest_auth_request {
- struct auth_request auth_request;
+ struct sasl_server_mech_request auth_request;
/* requested: */
char *nonce;
static string_t *get_digest_challenge(struct digest_auth_request *request)
{
- struct auth_request *auth_request = &request->auth_request;
- const struct auth_settings *set = auth_request->set;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
+ const struct auth_settings *set = auth_request->request->set;
buffer_t buf;
string_t *str;
const char *const *tmp;
}
static void
-verify_credentials(struct auth_request *auth_request,
+verify_credentials(struct sasl_server_mech_request *auth_request,
const unsigned char *credentials, size_t size)
{
struct digest_auth_request *request =
auth_handle_response(struct digest_auth_request *request,
char *key, char *value, const char **error)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
unsigned int i;
(void)str_lcase(key);
if (strcmp(key, "realm") == 0) {
- if (auth_request->fields.realm == NULL && *value != '\0')
+ if (auth_request->request->fields.realm == NULL && *value != '\0')
sasl_server_request_set_realm(auth_request, value);
return TRUE;
}
const unsigned char *data, size_t size,
const char **error)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
char *copy, *key, *value;
bool failed;
static void
credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
- struct auth_request *auth_request)
+ struct sasl_server_mech_request *auth_request)
{
switch (result) {
case SASL_PASSDB_RESULT_OK:
}
static void
-mech_digest_md5_auth_continue(struct auth_request *auth_request,
+mech_digest_md5_auth_continue(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct digest_auth_request *request =
}
static void
-mech_digest_md5_auth_initial(struct auth_request *auth_request,
+mech_digest_md5_auth_initial(struct sasl_server_mech_request *auth_request,
const unsigned char *data ATTR_UNUSED,
size_t data_size ATTR_UNUSED)
{
str_len(challenge));
}
-static struct auth_request *mech_digest_md5_auth_new(void)
+static struct sasl_server_mech_request *mech_digest_md5_auth_new(pool_t pool)
{
struct digest_auth_request *request;
- pool_t pool;
- pool = pool_alloconly_create(
- MEMPOOL_GROWING"digest_md5_auth_request", 2048);
request = p_new(pool, struct digest_auth_request, 1);
request->qop = QOP_AUTH;
- request->auth_request.pool = pool;
return &request->auth_request;
}
const char *nonce)
{
struct digest_auth_request *request =
- container_of(auth_request, struct digest_auth_request,
+ container_of(auth_request->sasl, struct digest_auth_request,
auth_request);
i_assert(auth_request->mech == &mech_digest_md5);
#include "sasl-server-mech-plain-common.h"
static void
-mech_external_auth_continue(struct auth_request *request,
+mech_external_auth_continue(struct sasl_server_mech_request *request,
const unsigned char *data, size_t data_size)
{
const char *authzid;
request, "", sasl_server_mech_plain_verify_callback);
}
-static struct auth_request *mech_external_auth_new(void)
+static struct sasl_server_mech_request *mech_external_auth_new(pool_t pool)
{
- struct auth_request *request;
- pool_t pool;
+ struct sasl_server_mech_request *request;
+
+ request = p_new(pool, struct sasl_server_mech_request, 1);
- pool = pool_alloconly_create(MEMPOOL_GROWING"external_auth_request", 2048);
- request = p_new(pool, struct auth_request, 1);
- request->pool = pool;
return request;
}
};
struct gssapi_auth_request {
- struct auth_request auth_request;
+ struct sasl_server_mech_request auth_request;
gss_ctx_id_t gss_ctx;
gss_cred_id_t service_cred;
OM_uint32 status_value, int status_type,
const char *description)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
OM_uint32 message_context = 0;
OM_uint32 minor_status;
gss_buffer_desc status_string;
} while (message_context != 0);
}
-static struct auth_request *mech_gssapi_auth_new(void)
+static struct sasl_server_mech_request *mech_gssapi_auth_new(pool_t pool)
{
struct gssapi_auth_request *request;
- pool_t pool;
- pool = pool_alloconly_create(
- MEMPOOL_GROWING"gssapi_auth_request", 2048);
request = p_new(pool, struct gssapi_auth_request, 1);
request->gss_ctx = GSS_C_NO_CONTEXT;
- request->auth_request.pool = pool;
return &request->auth_request;
}
obtain_service_credentials(struct gssapi_auth_request *request,
gss_cred_id_t *ret_r)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
OM_uint32 major_status, minor_status;
string_t *principal_name;
gss_buffer_desc inbuf;
if (!gssapi_initialized) {
gssapi_initialized = TRUE;
- mech_gssapi_initialize(auth_request->set);
+ mech_gssapi_initialize(auth_request->request->set);
}
- if (strcmp(auth_request->set->gssapi_hostname, "$ALL") == 0) {
+ if (strcmp(auth_request->request->set->gssapi_hostname, "$ALL") == 0) {
e_debug(auth_request->mech_event,
"Using all keytab entries");
*ret_r = GSS_C_NO_CREDENTIAL;
return GSS_S_COMPLETE;
}
- if (strcasecmp(auth_request->fields.protocol, "POP3") == 0) {
+ if (strcasecmp(auth_request->request->fields.protocol, "POP3") == 0) {
/* The standard POP3 service name with GSSAPI is called
just "pop". */
service_name = "pop";
} else {
- service_name = t_str_lcase(auth_request->fields.protocol);
+ service_name = t_str_lcase(auth_request->request->fields.protocol);
}
principal_name = t_str_new(128);
str_append(principal_name, service_name);
str_append_c(principal_name, '@');
- str_append(principal_name, auth_request->set->gssapi_hostname);
+ str_append(principal_name, auth_request->request->set->gssapi_hostname);
e_debug(auth_request->mech_event,
"Obtaining credentials for %s", str_c(principal_name));
get_display_name(struct gssapi_auth_request *request, gss_name_t name,
gss_OID *name_type_r, const char **display_name_r)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
OM_uint32 major_status, minor_status;
gss_buffer_desc buf;
mech_gssapi_sec_context(struct gssapi_auth_request *request,
gss_buffer_desc inbuf)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
OM_uint32 major_status, minor_status;
gss_buffer_desc output_token;
gss_OID name_type;
static int
mech_gssapi_wrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
OM_uint32 major_status, minor_status;
gss_buffer_desc outbuf;
unsigned char ret[4];
static bool
k5_principal_is_authorized(struct gssapi_auth_request *request, const char *name)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
const char *value, *const *authorized_names, *const *tmp;
if (!sasl_server_request_get_extra_field(auth_request, "k5principals",
gss_name_t name, const char *login_user,
bool check_name_type)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
krb5_context ctx;
krb5_principal princ;
krb5_error_code krb5_err;
static int
mech_gssapi_userok(struct gssapi_auth_request *request, const char *login_user)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
OM_uint32 major_status, minor_status;
int equal_authn_authz;
gssapi_credentials_callback(enum passdb_result result,
const unsigned char *credentials ATTR_UNUSED,
size_t size ATTR_UNUSED,
- struct auth_request *auth_request)
+ struct sasl_server_mech_request *auth_request)
{
struct gssapi_auth_request *request =
container_of(auth_request, struct gssapi_auth_request,
break;
}
- if (mech_gssapi_userok(request, auth_request->fields.user) == 0)
+ if (mech_gssapi_userok(request, auth_request->request->fields.user) == 0)
sasl_server_request_success(auth_request, NULL, 0);
else
sasl_server_request_failure(auth_request);
static int
mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
OM_uint32 major_status, minor_status;
gss_buffer_desc outbuf;
const char *login_user, *error;
/* Continue in callback once auth_request is populated with passdb
information. */
- auth_request->passdb_success = TRUE; /* default to success */
+ auth_request->request->passdb_success = TRUE; /* default to success */
sasl_server_request_lookup_credentials(auth_request, "",
gssapi_credentials_callback);
(void)gss_release_buffer(&minor_status, &outbuf);
}
static void
-mech_gssapi_auth_continue(struct auth_request *auth_request,
+mech_gssapi_auth_continue(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct gssapi_auth_request *request =
}
static void
-mech_gssapi_auth_initial(struct auth_request *auth_request,
+mech_gssapi_auth_initial(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct gssapi_auth_request *request =
}
static void
-mech_gssapi_auth_free(struct auth_request *auth_request)
+mech_gssapi_auth_free(struct sasl_server_mech_request *auth_request)
{
struct gssapi_auth_request *request =
container_of(auth_request, struct gssapi_auth_request,
(void)gss_release_name(&minor_status, &request->authn_name);
if (request->authz_name != GSS_C_NO_NAME)
(void)gss_release_name(&minor_status, &request->authz_name);
- pool_unref(&auth_request->pool);
}
const struct sasl_server_mech_def mech_gssapi = {
#include "sasl-server-mech-plain-common.h"
static void
-mech_login_auth_continue(struct auth_request *request,
+mech_login_auth_continue(struct sasl_server_mech_request *request,
const unsigned char *data, size_t data_size)
{
static const char prompt2[] = "Password:";
const char *username;
- if (request->fields.user == NULL) {
+ if (request->request->fields.user == NULL) {
username = t_strndup(data, data_size);
if (!sasl_server_request_set_authid(
}
static void
-mech_login_auth_initial(struct auth_request *request,
+mech_login_auth_initial(struct sasl_server_mech_request *request,
const unsigned char *data, size_t data_size)
{
static const char prompt1[] = "Username:";
}
}
-static struct auth_request *mech_login_auth_new(void)
+static struct sasl_server_mech_request *mech_login_auth_new(pool_t pool)
{
- struct auth_request *request;
- pool_t pool;
+ struct sasl_server_mech_request *request;
+
+ request = p_new(pool, struct sasl_server_mech_request, 1);
- pool = pool_alloconly_create(MEMPOOL_GROWING"login_auth_request", 2048);
- request = p_new(pool, struct auth_request, 1);
- request->pool = pool;
return request;
}
#include "sasl-server-oauth2.h"
struct oauth2_auth_request {
- struct auth_request request;
+ struct sasl_server_mech_request request;
struct db_oauth2 *db;
struct db_oauth2_request db_req;
lookup_credentials_callback_t *callback;
oauth2_fail(struct oauth2_auth_request *oauth2_req,
const struct sasl_server_oauth2_failure *failure)
{
- struct auth_request *request = &oauth2_req->request;
+ struct sasl_server_mech_request *request = &oauth2_req->request;
if (failure == NULL) {
sasl_server_request_internal_failure(request);
oauth2_fail_status(oauth2_req, "invalid_token");
}
-void sasl_server_oauth2_request_succeed(struct auth_request *request)
+void sasl_server_oauth2_request_succeed(struct auth_request *auth_request)
{
- i_assert(strcmp(request->mech->mech_name, "OAUTHBEARER") == 0 ||
- strcmp(request->mech->mech_name, "XOAUTH2") == 0);
+ struct sasl_server_mech_request *request = auth_request->sasl;
+
+ i_assert(request->mech == &mech_oauthbearer ||
+ request->mech == &mech_xoauth2);
struct oauth2_auth_request *oauth2_req =
container_of(request, struct oauth2_auth_request, request);
}
void sasl_server_oauth2_request_fail(
- struct auth_request *request,
+ struct auth_request *auth_request,
const struct sasl_server_oauth2_failure *failure)
{
- i_assert(strcmp(request->mech->mech_name, "OAUTHBEARER") == 0 ||
- strcmp(request->mech->mech_name, "XOAUTH2") == 0);
+ struct sasl_server_mech_request *request = auth_request->sasl;
+
+ i_assert(request->mech == &mech_oauthbearer ||
+ request->mech == &mech_xoauth2);
struct oauth2_auth_request *oauth2_req =
container_of(request, struct oauth2_auth_request, request);
gs2flag,a=username,^Afield=...^Afield=...^Aauth=Bearer token^A^A
*/
static void
-mech_oauthbearer_auth_continue(struct auth_request *request,
+mech_oauthbearer_auth_continue(struct sasl_server_mech_request *request,
const unsigned char *data,
size_t data_size)
{
container_of(request, struct oauth2_auth_request, request);
if (oauth2_req->db == NULL) {
- e_error(request->event, "BUG: oauth2 database missing");
- auth_request_internal_failure(request);
+ e_error(request->mech_event, "BUG: oauth2 database missing");
+ sasl_server_request_internal_failure(request);
return;
}
if (data_size == 0) {
user=Username^Aauth=Bearer token^A^A
*/
static void
-mech_xoauth2_auth_continue(struct auth_request *request,
+mech_xoauth2_auth_continue(struct sasl_server_mech_request *request,
const unsigned char *data,
size_t data_size)
{
container_of(request, struct oauth2_auth_request, request);
if (oauth2_req->db == NULL) {
- e_error(request->event, "BUG: oauth2 database missing");
- auth_request_internal_failure(request);
+ e_error(request->mech_event, "BUG: oauth2 database missing");
+ sasl_server_request_internal_failure(request);
return;
}
if (data_size == 0) {
}
}
-static struct auth_request *mech_oauth2_auth_new(void)
+static struct sasl_server_mech_request *mech_oauth2_auth_new(pool_t pool)
{
struct oauth2_auth_request *request;
- pool_t pool = pool_alloconly_create_clean(MEMPOOL_GROWING
- "oauth2_auth_request", 2048);
request = p_new(pool, struct oauth2_auth_request, 1);
- request->request.pool = pool;
request->db_req.pool = pool;
request->db = db_oauth2;
+
return &request->request;
}
#include "mech-otp.h"
struct otp_auth_request {
- struct auth_request auth_request;
+ struct sasl_server_mech_request auth_request;
bool lock;
struct otp_state state;
};
-static HASH_TABLE(char *, struct auth_request *) otp_lock_table;
+static HASH_TABLE(char *, struct sasl_server_mech_request *) otp_lock_table;
/*
* Locking
static bool otp_try_lock(struct otp_auth_request *request)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
if (hash_table_lookup(otp_lock_table,
- auth_request->fields.user) != NULL)
+ auth_request->request->fields.user) != NULL)
return FALSE;
- hash_table_insert(otp_lock_table, auth_request->fields.user,
+ hash_table_insert(otp_lock_table, auth_request->request->fields.user,
auth_request);
request->lock = TRUE;
return TRUE;
static void otp_unlock(struct otp_auth_request *request)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
if (!request->lock)
return;
- hash_table_remove(otp_lock_table, auth_request->fields.user);
+ hash_table_remove(otp_lock_table, auth_request->request->fields.user);
request->lock = FALSE;
}
otp_send_challenge(struct otp_auth_request *request,
const unsigned char *credentials, size_t size)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
const char *answer;
if (otp_parse_dbentry(t_strndup(credentials, size),
static void
otp_credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
- struct auth_request *auth_request)
+ struct sasl_server_mech_request *auth_request)
{
struct otp_auth_request *request =
container_of(auth_request, struct otp_auth_request,
mech_otp_auth_phase1(struct otp_auth_request *request,
const unsigned char *data, size_t data_size)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
const char *authenid;
size_t i, count;
}
static void
-otp_set_credentials_callback(bool success, struct auth_request *auth_request)
+otp_set_credentials_callback(bool success,
+ struct sasl_server_mech_request *auth_request)
{
struct otp_auth_request *request =
container_of(auth_request, struct otp_auth_request,
static void
mech_otp_verify(struct otp_auth_request *request, const char *data, bool hex)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
struct otp_state *state = &request->state;
unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE];
int ret;
mech_otp_verify_init(struct otp_auth_request *request, const char *data,
bool hex)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
struct otp_state new_state;
unsigned char hash[OTP_HASH_SIZE], cur_hash[OTP_HASH_SIZE];
const char *error;
mech_otp_auth_phase2(struct otp_auth_request *request,
const unsigned char *data, size_t data_size)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
const char *value, *str = t_strndup(data, data_size);
if (str_begins(str, "hex:", &value))
}
static void
-mech_otp_auth_continue(struct auth_request *auth_request,
+mech_otp_auth_continue(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct otp_auth_request *request =
container_of(auth_request, struct otp_auth_request,
auth_request);
- if (auth_request->fields.user == NULL)
+ if (auth_request->request->fields.user == NULL)
mech_otp_auth_phase1(request, data, data_size);
else
mech_otp_auth_phase2(request, data, data_size);
}
-static struct auth_request *mech_otp_auth_new(void)
+static struct sasl_server_mech_request *mech_otp_auth_new(pool_t pool)
{
struct otp_auth_request *request;
- pool_t pool;
otp_lock_init();
- pool = pool_alloconly_create(MEMPOOL_GROWING"otp_auth_request", 2048);
request = p_new(pool, struct otp_auth_request, 1);
request->lock = FALSE;
- request->auth_request.refcount = 1;
- request->auth_request.pool = pool;
return &request->auth_request;
}
-static void mech_otp_auth_free(struct auth_request *auth_request)
+static void mech_otp_auth_free(struct sasl_server_mech_request *auth_request)
{
struct otp_auth_request *request =
container_of(auth_request, struct otp_auth_request,
auth_request);
otp_unlock(request);
-
- pool_unref(&auth_request->pool);
}
/*
#include "sasl-server-protected.h"
#include "sasl-server-mech-plain-common.h"
-void sasl_server_mech_plain_verify_callback(enum passdb_result result,
- struct auth_request *request)
+void sasl_server_mech_plain_verify_callback(
+ enum passdb_result result, struct sasl_server_mech_request *request)
{
switch (result) {
case SASL_PASSDB_RESULT_OK:
#ifndef SASL_SERVER_MECH_PLAIN_COMMON_H
#define SASL_SERVER_MECH_PLAIN_COMMON_H
-void sasl_server_mech_plain_verify_callback(enum passdb_result result,
- struct auth_request *request);
+void sasl_server_mech_plain_verify_callback(
+ enum passdb_result result, struct sasl_server_mech_request *request);
#endif
#include "sasl-server-mech-plain-common.h"
static void
-mech_plain_auth_continue(struct auth_request *request,
+mech_plain_auth_continue(struct sasl_server_mech_request *request,
const unsigned char *data, size_t data_size)
{
const char *authid, *authenid;
safe_memset(pass, 0, strlen(pass));
}
-static struct auth_request *mech_plain_auth_new(void)
+static struct sasl_server_mech_request *mech_plain_auth_new(pool_t pool)
{
- struct auth_request *request;
- pool_t pool;
+ struct sasl_server_mech_request *request;
+
+ request = p_new(pool, struct sasl_server_mech_request, 1);
- pool = pool_alloconly_create(MEMPOOL_GROWING"plain_auth_request", 2048);
- request = p_new(pool, struct auth_request, 1);
- request->pool = pool;
return request;
}
#include "sasl-server-mech-scram.h"
struct scram_auth_request {
- struct auth_request auth_request;
+ struct sasl_server_mech_request auth_request;
const char *password_scheme;
static void
credentials_callback(enum passdb_result result,
const unsigned char *credentials, size_t size,
- struct auth_request *auth_request)
+ struct sasl_server_mech_request *auth_request)
{
struct scram_auth_request *request =
container_of(auth_request, struct scram_auth_request,
{
struct scram_auth_request *request =
container_of(asserver, struct scram_auth_request, scram_server);
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
return sasl_server_request_set_authid(auth_request,
SASL_SERVER_AUTHID_TYPE_USERNAME,
{
struct scram_auth_request *request =
container_of(asserver, struct scram_auth_request, scram_server);
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
return sasl_server_request_set_authzid(auth_request, username);
}
{
struct scram_auth_request *request =
container_of(asserver, struct scram_auth_request, scram_server);
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
sasl_server_request_start_channel_binding(auth_request, type);
}
{
struct scram_auth_request *request =
container_of(asserver, struct scram_auth_request, scram_server);
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
return sasl_server_request_accept_channel_binding(auth_request, data_r);
}
{
struct scram_auth_request *request =
container_of(asserver, struct scram_auth_request, scram_server);
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
request->key_data = key_data;
sasl_server_request_lookup_credentials(auth_request,
.credentials_lookup = mech_scram_credentials_lookup,
};
-void mech_scram_auth_continue(struct auth_request *auth_request,
+void mech_scram_auth_continue(struct sasl_server_mech_request *auth_request,
const unsigned char *input, size_t input_len)
{
struct scram_auth_request *request =
sasl_server_request_success(auth_request, output, output_len);
}
-struct auth_request *
-mech_scram_auth_new(const struct hash_method *hash_method,
+struct sasl_server_mech_request *
+mech_scram_auth_new(pool_t pool, const struct hash_method *hash_method,
const char *password_scheme)
{
struct scram_auth_request *request;
- pool_t pool;
- pool = pool_alloconly_create(MEMPOOL_GROWING"scram_auth_request", 2048);
request = p_new(pool, struct scram_auth_request, 1);
request->password_scheme = password_scheme;
auth_scram_server_init(&request->scram_server, pool,
&scram_set, &scram_server_backend);
- request->auth_request.pool = pool;
return &request->auth_request;
}
-static struct auth_request *mech_scram_sha1_auth_new(void)
+static struct sasl_server_mech_request *mech_scram_sha1_auth_new(pool_t pool)
{
- return mech_scram_auth_new(&hash_method_sha1, "SCRAM-SHA-1");
+ return mech_scram_auth_new(pool, &hash_method_sha1, "SCRAM-SHA-1");
}
-static struct auth_request *mech_scram_sha256_auth_new(void)
+static struct sasl_server_mech_request *mech_scram_sha256_auth_new(pool_t pool)
{
- return mech_scram_auth_new(&hash_method_sha256, "SCRAM-SHA-256");
+ return mech_scram_auth_new(pool, &hash_method_sha256, "SCRAM-SHA-256");
}
-static void mech_scram_auth_free(struct auth_request *auth_request)
+static void mech_scram_auth_free(struct sasl_server_mech_request *auth_request)
{
struct scram_auth_request *request =
container_of(auth_request, struct scram_auth_request,
auth_request);
auth_scram_server_deinit(&request->scram_server);
- pool_unref(&auth_request->pool);
}
const struct sasl_server_mech_def mech_scram_sha1 = {
#ifndef SASL_SERVER_MECH_SCRAM_H
#define SASL_SERVER_MECH_SCRAM_H
-struct auth_request *
-mech_scram_auth_new(const struct hash_method *hash_method,
+struct sasl_server_mech_request *
+mech_scram_auth_new(pool_t pool, const struct hash_method *hash_method,
const char *password_scheme);
-void mech_scram_auth_continue(struct auth_request *auth_request,
- const unsigned char *data, size_t data_size);
+void mech_scram_auth_continue(struct sasl_server_mech_request *auth_request,
+ const unsigned char *input, size_t input_len);
#endif
};
struct winbind_auth_request {
- struct auth_request auth_request;
+ struct sasl_server_mech_request auth_request;
struct winbind_helper *winbind;
bool continued;
do_auth_continue(struct winbind_auth_request *request,
const unsigned char *data, size_t data_size)
{
- struct auth_request *auth_request = &request->auth_request;
+ struct sasl_server_mech_request *auth_request = &request->auth_request;
struct istream *in_pipe = request->winbind->in_pipe;
string_t *str;
char *answer;
user))
return HR_FAIL;
- request->auth_request.passdb_success = TRUE;
+ request->auth_request.request->passdb_success = TRUE;
if (gss_spnego && strcmp(token[1], "*") != 0) {
buffer_t *buf;
}
static void
-mech_winbind_auth_initial(struct auth_request *auth_request,
+mech_winbind_auth_initial(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct winbind_auth_request *request =
container_of(auth_request,
struct winbind_auth_request, auth_request);
- winbind_helper_connect(auth_request->set, request->winbind,
- auth_request->event);
+ winbind_helper_connect(auth_request->request->set, request->winbind,
+ auth_request->mech_event);
sasl_server_mech_generic_auth_initial(auth_request, data, data_size);
}
static void
-mech_winbind_auth_continue(struct auth_request *auth_request,
+mech_winbind_auth_continue(struct sasl_server_mech_request *auth_request,
const unsigned char *data, size_t data_size)
{
struct winbind_auth_request *request =
}
}
-static struct auth_request *do_auth_new(struct winbind_helper *winbind)
+static struct sasl_server_mech_request *
+do_auth_new(pool_t pool, struct winbind_helper *winbind)
{
struct winbind_auth_request *request;
- pool_t pool;
- pool = pool_alloconly_create(MEMPOOL_GROWING"winbind_auth_request", 2048);
request = p_new(pool, struct winbind_auth_request, 1);
- request->auth_request.pool = pool;
-
request->winbind = winbind;
+
return &request->auth_request;
}
-static struct auth_request *mech_winbind_ntlm_auth_new(void)
+static struct sasl_server_mech_request *
+mech_winbind_ntlm_auth_new(pool_t pool)
{
- return do_auth_new(&winbind_ntlm_context);
+ return do_auth_new(pool, &winbind_ntlm_context);
}
-static struct auth_request *mech_winbind_spnego_auth_new(void)
+static struct sasl_server_mech_request *
+mech_winbind_spnego_auth_new(pool_t pool)
{
- return do_auth_new(&winbind_spnego_context);
+ return do_auth_new(pool, &winbind_spnego_context);
}
const struct sasl_server_mech_def mech_winbind_ntlm = {
#include "sasl-server-private.h"
-void sasl_server_mech_generic_auth_initial(struct auth_request *request,
- const unsigned char *data,
- size_t data_size)
+void sasl_server_mech_generic_auth_initial(
+ struct sasl_server_mech_request *mreq,
+ const unsigned char *data, size_t data_size)
{
+ struct auth_request *request = mreq->request;
+
if (data == NULL) {
- sasl_server_request_output(request, uchar_empty_ptr, 0);
+ sasl_server_request_output(mreq, uchar_empty_ptr, 0);
} else {
/* initial reply given, even if it was 0 bytes */
- request->mech->auth_continue(request, data, data_size);
+ request->mech->auth_continue(mreq, data, data_size);
}
}
-void sasl_server_mech_generic_auth_free(struct auth_request *request)
+void sasl_server_mech_generic_auth_free(struct sasl_server_mech_request *mreq)
{
- pool_unref(&request->pool);
+ (void)mreq;
}
#include "sasl-server.h"
struct auth_request;
+struct sasl_server_mech_request;
+
+typedef void
+sasl_server_verify_plain_callback_t(enum passdb_result result,
+ struct sasl_server_mech_request *req);
+typedef void
+sasl_server_lookup_credentials_callback_t(enum passdb_result result,
+ const unsigned char *credentials,
+ size_t size,
+ struct sasl_server_mech_request *req);
+typedef void
+sasl_server_set_credentials_callback_t(bool success,
+ struct sasl_server_mech_request *req);
struct sasl_server_mech_def {
const char *mech_name;
enum sasl_mech_security_flags flags;
enum sasl_mech_passdb_need passdb_need;
- struct auth_request *(*auth_new)(void);
- void (*auth_initial)(struct auth_request *request,
+ struct sasl_server_mech_request *(*auth_new)(pool_t pool);
+ void (*auth_initial)(struct sasl_server_mech_request *req,
const unsigned char *data, size_t data_size);
- void (*auth_continue)(struct auth_request *request,
+ void (*auth_continue)(struct sasl_server_mech_request *req,
const unsigned char *data, size_t data_size);
- void (*auth_free)(struct auth_request *request);
+ void (*auth_free)(struct sasl_server_mech_request *req);
};
struct mech_module_list {
buffer_t *handshake_cbind;
};
+struct sasl_server_mech_request {
+ pool_t pool;
+ const struct sasl_server_mech_def *mech;
+ struct event *mech_event;
+
+ // FIXME: To be removed
+ struct auth_request *request;
+ union {
+ sasl_server_verify_plain_callback_t *verify_plain;
+ sasl_server_lookup_credentials_callback_t *lookup_credentials;
+ sasl_server_set_credentials_callback_t *set_credentials;
+ } private_callback;
+};
+
/*
* Mechanism
*/
void mech_unregister_module(const struct sasl_server_mech_def *module);
const struct sasl_server_mech_def *mech_module_find(const char *name);
-void sasl_server_mech_generic_auth_initial(struct auth_request *request,
- const unsigned char *data,
- size_t data_size);
-void sasl_server_mech_generic_auth_free(struct auth_request *request);
+void sasl_server_mech_generic_auth_initial(
+ struct sasl_server_mech_request *mreq,
+ const unsigned char *data, size_t data_size);
+void sasl_server_mech_generic_auth_free(struct sasl_server_mech_request *mreq);
struct mechanisms_register *
mech_register_init(const struct auth_settings *set);
* Request
*/
-bool sasl_server_request_set_authid(struct auth_request *request,
+bool sasl_server_request_set_authid(struct sasl_server_mech_request *mreq,
enum sasl_server_authid_type authid_type,
const char *authid);
-bool sasl_server_request_set_authzid(struct auth_request *request,
+bool sasl_server_request_set_authzid(struct sasl_server_mech_request *mreq,
const char *authzid);
-void sasl_server_request_set_realm(struct auth_request *request,
+void sasl_server_request_set_realm(struct sasl_server_mech_request *mreq,
const char *realm);
-bool sasl_server_request_get_extra_field(struct auth_request *request,
+bool sasl_server_request_get_extra_field(struct sasl_server_mech_request *mreq,
const char *name,
const char **field_r);
void sasl_server_request_start_channel_binding(
- struct auth_request *request, const char *type);
+ struct sasl_server_mech_request *mreq, const char *type);
int sasl_server_request_accept_channel_binding(
- struct auth_request *request, buffer_t **data_r);
+ struct sasl_server_mech_request *mreq, buffer_t **data_r);
-void sasl_server_request_output(struct auth_request *request,
+void sasl_server_request_output(struct sasl_server_mech_request *mreq,
const void *data, size_t data_size);
-void sasl_server_request_success(struct auth_request *request,
+void sasl_server_request_success(struct sasl_server_mech_request *mreq,
const void *data, size_t data_size);
-void sasl_server_request_failure_with_reply(struct auth_request *request,
- const void *data, size_t data_size);
-void sasl_server_request_failure(struct auth_request *request);
-void sasl_server_request_internal_failure(struct auth_request *request);
+void sasl_server_request_failure_with_reply(
+ struct sasl_server_mech_request *mreq,
+ const void *data, size_t data_size);
+void sasl_server_request_failure(struct sasl_server_mech_request *mreq);
+void sasl_server_request_internal_failure(
+ struct sasl_server_mech_request *mreq);
void sasl_server_request_verify_plain(
- struct auth_request *request, const char *password,
+ struct sasl_server_mech_request *mreq, const char *password,
sasl_server_verify_plain_callback_t *callback);
void sasl_server_request_lookup_credentials(
- struct auth_request *request, const char *scheme,
+ struct sasl_server_mech_request *mreq, const char *scheme,
sasl_server_lookup_credentials_callback_t *callback);
void sasl_server_request_set_credentials(
- struct auth_request *request, const char *scheme, const char *data,
+ struct sasl_server_mech_request *mreq,
+ const char *scheme, const char *data,
sasl_server_set_credentials_callback_t *callback);
#endif
#include "sasl-server-private.h"
+/*
+ * Public API
+ */
+
+void sasl_server_request_create(struct auth_request *request,
+ const struct sasl_server_mech_def *mech,
+ struct event *event_parent)
+{
+ struct sasl_server_mech_request *mreq;
+ pool_t pool;
+
+ pool = request->pool;
+ mreq = mech->auth_new(pool);
+ mreq->pool = pool;
+ mreq->request = request;
+ mreq->mech = mech;
+ mreq->mech_event = event_parent;
+
+ request->sasl = mreq;
+}
+
+void sasl_server_request_destroy(struct auth_request *request)
+{
+ struct sasl_server_mech_request *mreq = request->sasl;
+
+ if (mreq == NULL)
+ return;
+ request->sasl = NULL;
+
+ mreq->mech->auth_free(mreq);
+}
+
/*
* Mechanism API
*/
-bool sasl_server_request_set_authid(struct auth_request *request,
+bool sasl_server_request_set_authid(struct sasl_server_mech_request *mreq,
enum sasl_server_authid_type authid_type,
const char *authid)
{
+ struct auth_request *request = mreq->request;
+
return auth_sasl_request_set_authid(request, authid_type, authid);
}
-bool sasl_server_request_set_authzid(struct auth_request *request,
+bool sasl_server_request_set_authzid(struct sasl_server_mech_request *mreq,
const char *authzid)
{
+ struct auth_request *request = mreq->request;
+
return auth_sasl_request_set_authzid(request, authzid);
}
-void sasl_server_request_set_realm(struct auth_request *request,
+void sasl_server_request_set_realm(struct sasl_server_mech_request *mreq,
const char *realm)
{
+ struct auth_request *request = mreq->request;
+
auth_sasl_request_set_realm(request, realm);
}
-bool sasl_server_request_get_extra_field(struct auth_request *request,
+bool sasl_server_request_get_extra_field(struct sasl_server_mech_request *mreq,
const char *name,
const char **field_r)
{
+ struct auth_request *request = mreq->request;
+
return auth_sasl_request_get_extra_field(request, name, field_r);
}
void sasl_server_request_start_channel_binding(
- struct auth_request *request, const char *type)
+ struct sasl_server_mech_request *mreq, const char *type)
{
+ struct auth_request *request = mreq->request;
+
auth_sasl_request_start_channel_binding(request, type);
}
int sasl_server_request_accept_channel_binding(
- struct auth_request *request, buffer_t **data_r)
+ struct sasl_server_mech_request *mreq, buffer_t **data_r)
{
+ struct auth_request *request = mreq->request;
+
return auth_sasl_request_accept_channel_binding(request, data_r);
}
-void sasl_server_request_output(struct auth_request *request,
+void sasl_server_request_output(struct sasl_server_mech_request *mreq,
const void *data, size_t data_size)
{
+ struct auth_request *request = mreq->request;
+
const struct sasl_server_output output = {
.status = SASL_SERVER_OUTPUT_CONTINUE,
.data = data,
auth_sasl_request_output(request, &output);
}
-void sasl_server_request_success(struct auth_request *request,
+void sasl_server_request_success(struct sasl_server_mech_request *mreq,
const void *data, size_t data_size)
{
+ struct auth_request *request = mreq->request;
+
const struct sasl_server_output output = {
.status = SASL_SERVER_OUTPUT_SUCCESS,
.data = data,
}
static void
-sasl_server_request_failure_common(struct auth_request *request,
+sasl_server_request_failure_common(struct sasl_server_mech_request *mreq,
enum sasl_server_output_status status,
const void *data, size_t data_size)
{
+ struct auth_request *request = mreq->request;
+
const struct sasl_server_output output = {
.status = status,
.data = data,
auth_sasl_request_output(request, &output);
}
-void sasl_server_request_failure_with_reply(struct auth_request *request,
- const void *data, size_t data_size)
+void sasl_server_request_failure_with_reply(
+ struct sasl_server_mech_request *mreq,
+ const void *data, size_t data_size)
{
- sasl_server_request_failure_common(request, SASL_SERVER_OUTPUT_FAILURE,
+ sasl_server_request_failure_common(mreq, SASL_SERVER_OUTPUT_FAILURE,
data, data_size);
}
-void sasl_server_request_failure(struct auth_request *request)
+void sasl_server_request_failure(struct sasl_server_mech_request *mreq)
{
- sasl_server_request_failure_common(request, SASL_SERVER_OUTPUT_FAILURE,
+ sasl_server_request_failure_common(mreq, SASL_SERVER_OUTPUT_FAILURE,
"", 0);
}
-void sasl_server_request_internal_failure(struct auth_request *request)
+void sasl_server_request_internal_failure(
+ struct sasl_server_mech_request *mreq)
{
- sasl_server_request_failure_common(request,
- SASL_SERVER_OUTPUT_INTERNAL_FAILURE,
- "", 0);
+ sasl_server_request_failure_common(
+ mreq, SASL_SERVER_OUTPUT_INTERNAL_FAILURE, "", 0);
+}
+
+static void
+verify_plain_callback(enum passdb_result result, struct auth_request *request)
+{
+ struct sasl_server_mech_request *mreq = request->sasl;
+
+ mreq->private_callback.verify_plain(result, request->sasl);
}
void sasl_server_request_verify_plain(
- struct auth_request *request, const char *password,
+ struct sasl_server_mech_request *mreq, const char *password,
sasl_server_verify_plain_callback_t *callback)
{
- auth_sasl_request_verify_plain(request, password, callback);
+ struct auth_request *request = mreq->request;
+
+ mreq->private_callback.verify_plain = callback;
+ auth_sasl_request_verify_plain(request, password, verify_plain_callback);
+}
+
+static void
+lookup_credentials_callback(enum passdb_result result,
+ const unsigned char *credentials,
+ size_t size, struct auth_request *request)
+{
+ struct sasl_server_mech_request *mreq = request->sasl;
+
+ mreq->private_callback.lookup_credentials(result, credentials, size,
+ mreq);
}
void sasl_server_request_lookup_credentials(
- struct auth_request *request, const char *scheme,
+ struct sasl_server_mech_request *mreq, const char *scheme,
sasl_server_lookup_credentials_callback_t *callback)
{
- auth_sasl_request_lookup_credentials(request, scheme, callback);
+ struct auth_request *request = mreq->request;
+
+ mreq->private_callback.lookup_credentials = callback;
+ auth_sasl_request_lookup_credentials(request, scheme,
+ lookup_credentials_callback);
+}
+
+static void
+set_credentials_callback(bool success, struct auth_request *request)
+{
+ struct sasl_server_mech_request *mreq = request->sasl;
+
+ mreq->private_callback.set_credentials(success, mreq);
}
void sasl_server_request_set_credentials(
- struct auth_request *request, const char *scheme, const char *data,
+ struct sasl_server_mech_request *mreq,
+ const char *scheme, const char *data,
sasl_server_set_credentials_callback_t *callback)
{
- auth_sasl_request_set_credentials(request, scheme, data, callback);
+ struct auth_request *request = mreq->request;
+
+ mreq->private_callback.set_credentials = callback;
+ auth_sasl_request_set_credentials(request, scheme, data,
+ set_credentials_callback);
}
#include "sasl-common.h"
+struct sasl_server_mech_def;
+
enum sasl_passdb_result_status {
SASL_PASSDB_RESULT_INTERNAL_FAILURE = PASSDB_RESULT_INTERNAL_FAILURE,
SASL_PASSDB_RESULT_SCHEME_NOT_AVAILABLE = PASSDB_RESULT_SCHEME_NOT_AVAILABLE,
SASL_SERVER_OUTPUT_SUCCESS = 1,
};
-typedef verify_plain_callback_t sasl_server_verify_plain_callback_t;
-typedef lookup_credentials_callback_t sasl_server_lookup_credentials_callback_t;
-typedef set_credentials_callback_t sasl_server_set_credentials_callback_t;
-
struct sasl_server_output {
enum sasl_server_output_status status;
SASL_SERVER_AUTHID_TYPE_EXTERNAL,
};
+void sasl_server_request_create(struct auth_request *request,
+ const struct sasl_server_mech_def *mech,
+ struct event *event_parent);
+void sasl_server_request_destroy(struct auth_request *request);
+
#endif
#include "str.h"
#include "ioloop.h"
#include "master-service.h"
+#include "sasl-server-protected.h" // FIXME: remove
#include "auth-common.h"
#include "auth-request.h"
#include "auth-request-handler-private.h"
projects / thirdparty / dovecot / core.git / commitdiff
