return &request->auth_request;
}
+static const struct sasl_server_mech_funcs mech_apop_funcs = {
+ .auth_new = mech_apop_auth_new,
+ .auth_initial = mech_apop_auth_initial,
+};
+
const struct sasl_server_mech_def mech_apop = {
.mech_name = "APOP",
SASL_MECH_SEC_ACTIVE | SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_RESPONSE,
- .auth_new = mech_apop_auth_new,
- .auth_initial = mech_apop_auth_initial,
+ .funcs = &mech_apop_funcs,
};
safe_memset(auth_token, 0, strlen(auth_token));
}
+static const struct sasl_server_mech_funcs mech_dovecot_token_funcs = {
+ .auth_initial = sasl_server_mech_generic_auth_initial,
+ .auth_continue = mech_dovecot_token_auth_continue,
+};
+
const struct sasl_server_mech_def mech_dovecot_token = {
.mech_name = "DOVECOT-TOKEN",
.flags = SASL_MECH_SEC_PRIVATE | SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_NOTHING,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_dovecot_token_auth_continue,
+ .funcs = &mech_dovecot_token_funcs,
};
sasl_server_request_success(request, "", 0);
}
+static const struct sasl_server_mech_funcs mech_anonymous_funcs = {
+ .auth_initial = sasl_server_mech_generic_auth_initial,
+ .auth_continue = mech_anonymous_auth_continue,
+};
+
const struct sasl_server_mech_def mech_anonymous = {
.mech_name = "ANONYMOUS",
.flags = SASL_MECH_SEC_ANONYMOUS | SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_NOTHING,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_anonymous_auth_continue,
+ .funcs = &mech_anonymous_funcs,
};
return &request->auth_request;
}
+static const struct sasl_server_mech_funcs mech_cram_md5_funcs = {
+ .auth_new = mech_cram_md5_auth_new,
+ .auth_initial = mech_cram_md5_auth_initial,
+ .auth_continue = mech_cram_md5_auth_continue,
+};
+
const struct sasl_server_mech_def mech_cram_md5 = {
.mech_name = "CRAM-MD5",
.flags = SASL_MECH_SEC_DICTIONARY | SASL_MECH_SEC_ACTIVE,
.passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_RESPONSE,
- .auth_new = mech_cram_md5_auth_new,
- .auth_initial = mech_cram_md5_auth_initial,
- .auth_continue = mech_cram_md5_auth_continue,
+ .funcs = &mech_cram_md5_funcs,
};
return &request->auth_request;
}
+static const struct sasl_server_mech_funcs mech_digest_md5_funcs = {
+ .auth_new = mech_digest_md5_auth_new,
+ .auth_initial = mech_digest_md5_auth_initial,
+ .auth_continue = mech_digest_md5_auth_continue,
+};
+
const struct sasl_server_mech_def mech_digest_md5 = {
.mech_name = "DIGEST-MD5",
SASL_MECH_SEC_MUTUAL_AUTH,
.passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
- .auth_new = mech_digest_md5_auth_new,
- .auth_initial = mech_digest_md5_auth_initial,
- .auth_continue = mech_digest_md5_auth_continue,
+ .funcs = &mech_digest_md5_funcs,
};
void mech_digest_test_set_nonce(struct auth_request *auth_request,
request, "", sasl_server_mech_plain_verify_callback);
}
+static const struct sasl_server_mech_funcs mech_external_funcs = {
+ .auth_initial = sasl_server_mech_generic_auth_initial,
+ .auth_continue = mech_external_auth_continue,
+};
+
const struct sasl_server_mech_def mech_external = {
.mech_name = "EXTERNAL",
.flags = 0,
.passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_PLAIN,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_external_auth_continue,
+ .funcs = &mech_external_funcs,
};
(void)gss_release_name(&minor_status, &request->authz_name);
}
+static const struct sasl_server_mech_funcs mech_gssapi_funcs = {
+ .auth_new = mech_gssapi_auth_new,
+ .auth_initial = mech_gssapi_auth_initial,
+ .auth_continue = mech_gssapi_auth_continue,
+ .auth_free = mech_gssapi_auth_free,
+};
+
const struct sasl_server_mech_def mech_gssapi = {
.mech_name = "GSSAPI",
.flags = SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_NOTHING,
- .auth_new = mech_gssapi_auth_new,
- .auth_initial = mech_gssapi_auth_initial,
- .auth_continue = mech_gssapi_auth_continue,
- .auth_free = mech_gssapi_auth_free,
+ .funcs = &mech_gssapi_funcs,
};
/* MIT Kerberos v1.5+ and Heimdal v0.7+ support SPNEGO for Kerberos tickets
.flags = SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_NOTHING,
- .auth_new = mech_gssapi_auth_new,
- .auth_initial = mech_gssapi_auth_initial,
- .auth_continue = mech_gssapi_auth_continue,
- .auth_free = mech_gssapi_auth_free,
+ .funcs = &mech_gssapi_funcs,
};
static void mech_gssapi_initialize(const struct auth_settings *set)
const struct sasl_server_mech_def *mech;
mech = mech_module_find(mech_gssapi_spnego.mech_name);
- if (mech != NULL && mech->auth_new == mech_gssapi_auth_new)
+ if (mech != NULL && mech == &mech_gssapi_spnego)
mech_unregister_module(&mech_gssapi_spnego);
#endif
mech_unregister_module(&mech_gssapi);
}
}
+static const struct sasl_server_mech_funcs mech_login_funcs = {
+ .auth_initial = mech_login_auth_initial,
+ .auth_continue = mech_login_auth_continue,
+};
+
const struct sasl_server_mech_def mech_login = {
.mech_name = "LOGIN",
.flags = SASL_MECH_SEC_PLAINTEXT,
.passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_PLAIN,
- .auth_initial = mech_login_auth_initial,
- .auth_continue = mech_login_auth_continue,
+ .funcs = &mech_login_funcs,
};
return &request->request;
}
+static const struct sasl_server_mech_funcs mech_oauthbearer_funcs = {
+ .auth_new = mech_oauth2_auth_new,
+ .auth_initial = sasl_server_mech_generic_auth_initial,
+ .auth_continue = mech_oauthbearer_auth_continue,
+};
+
const struct sasl_server_mech_def mech_oauthbearer = {
.mech_name = "OAUTHBEARER",
.flags = SASL_MECH_SEC_PLAINTEXT,
.passdb_need = 0,
+ .funcs = &mech_oauthbearer_funcs,
+};
+
+static const struct sasl_server_mech_funcs mech_xoauth2_funcs = {
.auth_new = mech_oauth2_auth_new,
.auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_oauthbearer_auth_continue,
+ .auth_continue = mech_xoauth2_auth_continue,
};
const struct sasl_server_mech_def mech_xoauth2 = {
.flags = SASL_MECH_SEC_PLAINTEXT,
.passdb_need = 0,
- .auth_new = mech_oauth2_auth_new,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_xoauth2_auth_continue,
+ .funcs = &mech_xoauth2_funcs,
};
* Mechanism
*/
+static const struct sasl_server_mech_funcs mech_otp_funcs = {
+ .auth_new = mech_otp_auth_new,
+ .auth_initial = sasl_server_mech_generic_auth_initial,
+ .auth_continue = mech_otp_auth_continue,
+ .auth_free = mech_otp_auth_free,
+};
+
const struct sasl_server_mech_def mech_otp = {
.mech_name = "OTP",
SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_SET_CREDENTIALS,
- .auth_new = mech_otp_auth_new,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_otp_auth_continue,
- .auth_free = mech_otp_auth_free,
+ .funcs = &mech_otp_funcs,
};
void mech_otp_deinit(void)
safe_memset(pass, 0, strlen(pass));
}
+static const struct sasl_server_mech_funcs mech_plain_funcs = {
+ .auth_initial = sasl_server_mech_generic_auth_initial,
+ .auth_continue = mech_plain_auth_continue,
+};
+
const struct sasl_server_mech_def mech_plain = {
.mech_name = "PLAIN",
.flags = SASL_MECH_SEC_PLAINTEXT | SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_VERIFY_PLAIN,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_plain_auth_continue,
+ .funcs = &mech_plain_funcs,
};
auth_scram_server_deinit(&request->scram_server);
}
+static const struct sasl_server_mech_funcs mech_scram_sha1_funcs = {
+ .auth_new = mech_scram_sha1_auth_new,
+ .auth_initial = sasl_server_mech_generic_auth_initial,
+ .auth_continue = mech_scram_auth_continue,
+ .auth_free = mech_scram_auth_free,
+};
+
const struct sasl_server_mech_def mech_scram_sha1 = {
.mech_name = "SCRAM-SHA-1",
.flags = SASL_MECH_SEC_MUTUAL_AUTH,
.passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
- .auth_new = mech_scram_sha1_auth_new,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_scram_auth_continue,
- .auth_free = mech_scram_auth_free,
+ .funcs = &mech_scram_sha1_funcs,
};
const struct sasl_server_mech_def mech_scram_sha1_plus = {
.flags = SASL_MECH_SEC_MUTUAL_AUTH | SASL_MECH_SEC_CHANNEL_BINDING,
.passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
- .auth_new = mech_scram_sha1_auth_new,
+ .funcs = &mech_scram_sha1_funcs,
+};
+
+static const struct sasl_server_mech_funcs mech_scram_sha256_funcs = {
+ .auth_new = mech_scram_sha256_auth_new,
.auth_initial = sasl_server_mech_generic_auth_initial,
.auth_continue = mech_scram_auth_continue,
.auth_free = mech_scram_auth_free,
.flags = SASL_MECH_SEC_MUTUAL_AUTH,
.passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
- .auth_new = mech_scram_sha256_auth_new,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_scram_auth_continue,
- .auth_free = mech_scram_auth_free,
+ .funcs = &mech_scram_sha256_funcs,
};
const struct sasl_server_mech_def mech_scram_sha256_plus = {
.flags = SASL_MECH_SEC_MUTUAL_AUTH | SASL_MECH_SEC_CHANNEL_BINDING,
.passdb_need = SASL_MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
- .auth_new = mech_scram_sha256_auth_new,
- .auth_initial = sasl_server_mech_generic_auth_initial,
- .auth_continue = mech_scram_auth_continue,
- .auth_free = mech_scram_auth_free,
+ .funcs = &mech_scram_sha256_funcs,
};
return do_auth_new(pool, &winbind_spnego_context);
}
+static const struct sasl_server_mech_funcs mech_winbind_ntlm_funcs = {
+ .auth_new = mech_winbind_ntlm_auth_new,
+ .auth_initial = mech_winbind_auth_initial,
+ .auth_continue = mech_winbind_auth_continue,
+};
+
const struct sasl_server_mech_def mech_winbind_ntlm = {
.mech_name = "NTLM",
SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_NOTHING,
- .auth_new = mech_winbind_ntlm_auth_new,
+ .funcs = &mech_winbind_ntlm_funcs,
+};
+
+static const struct sasl_server_mech_funcs mech_winbind_spnego_funcs = {
+ .auth_new = mech_winbind_spnego_auth_new,
.auth_initial = mech_winbind_auth_initial,
.auth_continue = mech_winbind_auth_continue,
};
.flags = SASL_MECH_SEC_ALLOW_NULS,
.passdb_need = SASL_MECH_PASSDB_NEED_NOTHING,
- .auth_new = mech_winbind_spnego_auth_new,
- .auth_initial = mech_winbind_auth_initial,
- .auth_continue = mech_winbind_auth_continue,
+ .funcs = &mech_winbind_spnego_funcs,
};
struct sasl_server_mech_request *mreq,
const unsigned char *data, size_t data_size)
{
- struct auth_request *request = mreq->request;
+ const struct sasl_server_mech_def *mech = mreq->mech;
if (data == NULL) {
sasl_server_request_output(mreq, uchar_empty_ptr, 0);
} else {
/* initial reply given, even if it was 0 bytes */
- request->mech->auth_continue(mreq, data, data_size);
+ i_assert(mech->funcs->auth_continue != NULL);
+ mech->funcs->auth_continue(mreq, data, data_size);
}
}
#include "sasl-server.h"
struct auth_request;
+struct sasl_server_mech_funcs;
struct sasl_server_mech_request;
typedef void
sasl_server_mech_passdb_callback_t(struct sasl_server_mech_request *req,
const struct sasl_passdb_result *result);
-struct sasl_server_mech_def {
- const char *mech_name;
-
- enum sasl_mech_security_flags flags;
- enum sasl_mech_passdb_need passdb_need;
-
+struct sasl_server_mech_funcs {
struct sasl_server_mech_request *(*auth_new)(pool_t pool);
void (*auth_initial)(struct sasl_server_mech_request *req,
const unsigned char *data, size_t data_size);
void (*auth_free)(struct sasl_server_mech_request *req);
};
+struct sasl_server_mech_def {
+ const char *mech_name;
+
+ enum sasl_mech_security_flags flags;
+ enum sasl_mech_passdb_need passdb_need;
+
+ const struct sasl_server_mech_funcs *funcs;
+};
+
struct mech_module_list {
struct mech_module_list *next;
struct sasl_server_request *req;
pool_t pool;
+ i_assert(mech->funcs != NULL);
+
i_zero(rctx);
pool = request->pool;
struct sasl_server_mech_request *mreq;
- if (mech->auth_new != NULL)
- mreq = mech->auth_new(pool);
+ if (mech->funcs->auth_new != NULL)
+ mreq = mech->funcs->auth_new(pool);
else
mreq = p_new(pool, struct sasl_server_mech_request, 1);
mreq->pool = pool;
i_assert(server->requests > 0);
server->requests--;
- if (mreq->mech->auth_free != NULL)
- mreq->mech->auth_free(mreq);
+ if (mreq->mech->funcs->auth_free != NULL)
+ mreq->mech->funcs->auth_free(mreq);
}
static bool
if (sasl_server_request_fail_on_nuls(req, data, data_size))
return;
- i_assert(mech->auth_initial != NULL);
- mech->auth_initial(mreq, data, data_size);
+ i_assert(mech->funcs->auth_initial != NULL);
+ mech->funcs->auth_initial(mreq, data, data_size);
}
void sasl_server_request_input(struct sasl_server_req_ctx *rctx,
if (sasl_server_request_fail_on_nuls(req, data, data_size))
return;
- i_assert(mech->auth_continue != NULL);
- mech->auth_continue(mreq, data, data_size);
+ i_assert(mech->funcs->auth_continue != NULL);
+ mech->funcs->auth_continue(mreq, data, data_size);
}
void sasl_server_request_test_set_authid(struct sasl_server_req_ctx *rctx,
projects / thirdparty / dovecot / core.git / commitdiff
