From 3005ad55f333df565de2514e4ba69d3ddef7d98f Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Fri, 6 Oct 2023 00:59:04 +0200
Subject: [PATCH] auth: auth-sasl - Manage passdb_success field outside
 mechanism code

---
 src/auth/auth-sasl-mech-dovecot-token.c | 1 -
 src/auth/auth-sasl.c                    | 4 ++++
 src/auth/sasl-server-mech-anonymous.c   | 1 -
 src/auth/sasl-server-mech-gssapi.c      | 1 -
 src/auth/sasl-server-mech-winbind.c     | 1 -
 5 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/auth/auth-sasl-mech-dovecot-token.c b/src/auth/auth-sasl-mech-dovecot-token.c
index d9baf47718..0ef5d93971 100644
--- a/src/auth/auth-sasl-mech-dovecot-token.c
+++ b/src/auth/auth-sasl-mech-dovecot-token.c
@@ -56,7 +56,6 @@ mech_dovecot_token_auth_continue(struct sasl_server_mech_request *request,
 
 		if (auth_token != NULL &&
 		    str_equals_timing_almost_safe(auth_token, valid_token)) {
-			request->request->passdb_success = TRUE;
 			auth_request_set_field(request->request, "userdb_client_service", service, "");
 			sasl_server_request_success(request, NULL, 0);
 		} else {
diff --git a/src/auth/auth-sasl.c b/src/auth/auth-sasl.c
index 3be72cbf00..c6f9c7d5fb 100644
--- a/src/auth/auth-sasl.c
+++ b/src/auth/auth-sasl.c
@@ -152,6 +152,10 @@ auth_sasl_request_output(struct sasl_server_req_ctx *rctx,
 						    output->data_size);
 		break;
 	case SASL_SERVER_OUTPUT_SUCCESS:
+		if (sasl_server_mech_get_passdb_need(rctx->mech) ==
+				SASL_MECH_PASSDB_NEED_NOTHING)
+			request->passdb_success = TRUE;
+
 		auth_request_success(request, output->data, output->data_size);
 		break;
 	}
diff --git a/src/auth/sasl-server-mech-anonymous.c b/src/auth/sasl-server-mech-anonymous.c
index 95c776f34c..17fdea0fa4 100644
--- a/src/auth/sasl-server-mech-anonymous.c
+++ b/src/auth/sasl-server-mech-anonymous.c
@@ -15,7 +15,6 @@ mech_anonymous_auth_continue(struct sasl_server_mech_request *request,
 		return;
 	}
 
-	request->request->passdb_success = TRUE;
 	sasl_server_request_success(request, "", 0);
 }
 
diff --git a/src/auth/sasl-server-mech-gssapi.c b/src/auth/sasl-server-mech-gssapi.c
index 07091fe4fc..aea09c8206 100644
--- a/src/auth/sasl-server-mech-gssapi.c
+++ b/src/auth/sasl-server-mech-gssapi.c
@@ -585,7 +585,6 @@ mech_gssapi_unwrap(struct gssapi_auth_request *request, gss_buffer_desc inbuf)
 
 	/* Continue in callback once auth_request is populated with passdb
 	   information. */
-	auth_request->request->passdb_success = TRUE; /* default to success */
 	sasl_server_request_lookup_credentials(auth_request, "",
 					       gssapi_credentials_callback);
 	(void)gss_release_buffer(&minor_status, &outbuf);
diff --git a/src/auth/sasl-server-mech-winbind.c b/src/auth/sasl-server-mech-winbind.c
index 5d84cfcbec..e157480a95 100644
--- a/src/auth/sasl-server-mech-winbind.c
+++ b/src/auth/sasl-server-mech-winbind.c
@@ -262,7 +262,6 @@ do_auth_continue(struct winbind_auth_request *request,
 				user))
 			return HR_FAIL;
 
-		request->auth_request.request->passdb_success = TRUE;
 		if (gss_spnego && strcmp(token[1], "*") != 0) {
 			buffer_t *buf;
 
-- 
2.47.3