From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Wed, 22 Mar 2023 17:43:50 +0000 (+0100)
Subject: auth: sasl-server - Retain authid in struct sasl_server_mech_request
X-Git-Tag: 2.4.2~232
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=56105841f91cacc454ecd6216789ff073a5ae521;p=thirdparty%2Fdovecot%2Fcore.git

auth: sasl-server - Retain authid in struct sasl_server_mech_request
---

diff --git a/src/auth/sasl-server-protected.h b/src/auth/sasl-server-protected.h
index 4bbc496b5e..d31dc501b3 100644
--- a/src/auth/sasl-server-protected.h
+++ b/src/auth/sasl-server-protected.h
@@ -46,7 +46,9 @@ struct sasl_server_mech_request {
 	const struct sasl_server_mech_def *mech;
 	struct sasl_server_request *req;
 	struct event *mech_event;
+
 	const char *protocol;
+	const char *authid;
 
 	const struct sasl_server_settings *set;
 
diff --git a/src/auth/sasl-server-request.c b/src/auth/sasl-server-request.c
index 03f2dcbf46..3b47a0aadb 100644
--- a/src/auth/sasl-server-request.c
+++ b/src/auth/sasl-server-request.c
@@ -117,6 +117,14 @@ void sasl_server_request_input(struct sasl_server_req_ctx *rctx,
 	mech->auth_continue(mreq, data, data_size);
 }
 
+void sasl_server_request_test_set_authid(struct sasl_server_req_ctx *rctx,
+					 const char *authid)
+{
+	struct sasl_server_request *req = rctx->request;
+
+	req->mech->authid = p_strdup(req->mech->pool, authid);
+}
+
 /*
  * Mechanism API
  */
@@ -129,6 +137,8 @@ bool sasl_server_request_set_authid(struct sasl_server_mech_request *mreq,
 	struct sasl_server *server = req->sinst->server;
 	const struct sasl_server_request_funcs *funcs = server->funcs;
 
+	mreq->authid = p_strdup(req->pool, authid);
+
 	i_assert(funcs->request_set_authid != NULL);
 	return funcs->request_set_authid(req->rctx, authid_type, authid);
 }
diff --git a/src/auth/sasl-server.h b/src/auth/sasl-server.h
index eadbd57625..0ed6e3b5bf 100644
--- a/src/auth/sasl-server.h
+++ b/src/auth/sasl-server.h
@@ -142,6 +142,12 @@ void sasl_server_request_initial(struct sasl_server_req_ctx *rctx,
 void sasl_server_request_input(struct sasl_server_req_ctx *rctx,
 			       const unsigned char *data, size_t data_size);
 
+/* Test */
+
+// FIXME: get rid of this
+void sasl_server_request_test_set_authid(struct sasl_server_req_ctx *rctx,
+					 const char *authid);
+
 /*
  * Instance
  */
diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
index dc3878437d..495d112623 100644
--- a/src/auth/test-mech.c
+++ b/src/auth/test-mech.c
@@ -117,6 +117,10 @@ static void test_mech_prepare_request(struct auth_request **request_r,
 		request->fields.user =
 			p_strdup(request->pool, test_case->username);
 	}
+	if (test_case->set_username_before_test) {
+		sasl_server_request_test_set_authid(&request->sasl.req,
+						    test_case->username);
+	}
 	if (test_case->set_cert_username)
 		request->fields.cert_username = TRUE;
 
@@ -183,7 +187,7 @@ static void test_mechs(void)
 		{&mech_digest_md5, UCHAR_LEN("username=\"test\xc3\xbaser@example.com\",realm=\"example.com\",nonce=\"OA6MG9tEQGm2hh\",cnonce=\"OA6MHXh6VqTrRk\",nc=00000001,digest-uriresponse=d388dad90d4bbd760a152321f2143af7,qop=\"auth\",authzid=\"masteruser\""), "test\xc3\xbaser@example.com", NULL, TRUE, FALSE, FALSE},
 		{&mech_digest_md5, UCHAR_LEN("username=\"test\xc3\xbaser@example.com\",realm=\"example.com\",nonce=\"OA6MG9tEQGm2hh\",cnonce=\"OA6MHXh6VqTrRk\",charset=\"utf-8\",cipher=unsupported,nc=00000001,digest-uri=imap/server.com,response=d388dad90d4bbd760a152321f2143af7,qop=\"auth\",authzid=\"masteruser\""), "test\xc3\xbaser@example.com", NULL, TRUE, FALSE, FALSE},
 		{&mech_digest_md5, UCHAR_LEN("username=\"testuser\",realm=\"example.com\",nonce=\"OA6MG9tEQGm2hh\",cnonce=\"OA6MHXh6VqTrRk\",charset=\"utf-8\",cipher=unsupported,nc=00000001,digest-uri=imap/server.com,response=d388dad90d4bbd760a152321f2143af7,qop=\"auth\",authzid=\"masteruser\""), "testuser@example.com", NULL, TRUE, FALSE, FALSE},
-		{&mech_external, UCHAR_LEN(""), "testuser", NULL, TRUE, TRUE, TRUE},
+		{&mech_external, UCHAR_LEN(""), "testuser", NULL, TRUE, FALSE, TRUE},
 		{&mech_dovecot_token, NULL, 0, "testuser", NULL, TRUE, FALSE, FALSE},
 		{&mech_login, UCHAR_LEN("testuser"), "testuser", NULL, TRUE, FALSE, FALSE},
 		{&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE},
@@ -338,6 +342,7 @@ static void test_mechs(void)
 			test_assert_strcmp_idx(test_case->username, username,
 					       running_test);
 		} else if (!test_case->set_username_before_test &&
+			   !test_case->set_cert_username &&
 			   !test_case->success) {
 			/* If the username is not set by the testlogic and we
 			   expect failure, verify that the mechanism failed by