From 7be62c1193704f96f8292776aa3ab84dcc382e16 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Wed, 19 Feb 2025 02:21:57 +0100
Subject: [PATCH] lib-sasl: dsasl-client - Add protocol, host and port as
 normal settings

Host and port were special parameters before.
---
 src/lib-sasl/dsasl-client-mech-oauthbearer.c | 42 +++++---------------
 src/lib-sasl/dsasl-client.c                  |  3 ++
 src/lib-sasl/dsasl-client.h                  |  7 ++++
 src/lib-sasl/fuzz-sasl-authentication.c      |  2 +
 src/lib-sasl/test-sasl-authentication.c      |  2 +
 src/lib-sasl/test-sasl-client.c              |  9 ++---
 6 files changed, 27 insertions(+), 38 deletions(-)

diff --git a/src/lib-sasl/dsasl-client-mech-oauthbearer.c b/src/lib-sasl/dsasl-client-mech-oauthbearer.c
index e6ebfe4ebb..0bae54e280 100644
--- a/src/lib-sasl/dsasl-client-mech-oauthbearer.c
+++ b/src/lib-sasl/dsasl-client-mech-oauthbearer.c
@@ -11,9 +11,7 @@
 
 struct oauthbearer_dsasl_client {
 	struct dsasl_client client;
-	const char *host;
 	const char *status;
-	in_port_t port;
 	bool output_sent;
 };
 
@@ -110,6 +108,11 @@ mech_oauthbearer_output(struct dsasl_client *_client,
 		*error_r = "password contains unsupported characters";
 		return DSASL_CLIENT_RESULT_ERR_INTERNAL;
 	}
+	if (_client->set.host != NULL &&
+	    !sasl_oauth2_kvpair_check_value(_client->set.host)) {
+		*error_r = "host contains unsupported characters";
+		return DSASL_CLIENT_RESULT_ERR_INTERNAL;
+	}
 
 	struct auth_gs2_header gs2_header = {
 		.authzid = _client->set.authid,
@@ -118,10 +121,10 @@ mech_oauthbearer_output(struct dsasl_client *_client,
 	str = str_new(_client->pool, 64);
 	auth_gs2_header_encode(&gs2_header, str);
 	str_append_c(str, '\x01');
-	if (client->host != NULL && *client->host != '\0')
-		str_printfa(str, "host=%s\x01", client->host);
-	if (client->port > 0)
-		str_printfa(str, "port=%u\x01", client->port);
+	if (_client->set.host != NULL && *_client->set.host != '\0')
+		str_printfa(str, "host=%s\x01", _client->set.host);
+	if (_client->set.port > 0)
+		str_printfa(str, "port=%u\x01", _client->set.port);
 	str_printfa(str, "auth=Bearer %s\x01", _client->password);
 	str_append_c(str, '\x01');
 
@@ -165,31 +168,6 @@ mech_xoauth2_output(struct dsasl_client *_client,
 	return DSASL_CLIENT_RESULT_OK;
 }
 
-static int
-mech_oauthbearer_set_parameter(struct dsasl_client *_client, const char *key,
-			       const char *value, const char **error_r)
-{
-	struct oauthbearer_dsasl_client *client =
-		container_of(_client, struct oauthbearer_dsasl_client, client);
-
-	if (strcmp(key, "host") == 0) {
-		if (value != NULL)
-			client->host = p_strdup(_client->pool, value);
-		else
-			client->host = NULL;
-		return 1;
-	} else if (strcmp(key, "port") == 0) {
-		if (value == NULL) {
-			client->port = 0;
-		} else if (net_str2port(value, &client->port) < 0) {
-			*error_r = "Invalid port value";
-			return -1;
-		}
-		return 1;
-	}
-	return 0;
-}
-
 static int
 mech_oauthbearer_get_result(struct dsasl_client *_client, const char *key,
 			    const char **value_r,
@@ -213,7 +191,6 @@ const struct dsasl_client_mech dsasl_client_mech_oauthbearer = {
 
 	.input = mech_oauthbearer_input,
 	.output = mech_oauthbearer_output,
-	.set_parameter = mech_oauthbearer_set_parameter,
 	.get_result = mech_oauthbearer_get_result,
 };
 
@@ -223,6 +200,5 @@ const struct dsasl_client_mech dsasl_client_mech_xoauth2 = {
 
 	.input = mech_oauthbearer_input,
 	.output = mech_xoauth2_output,
-	.set_parameter = mech_oauthbearer_set_parameter,
 	.get_result = mech_oauthbearer_get_result,
 };
diff --git a/src/lib-sasl/dsasl-client.c b/src/lib-sasl/dsasl-client.c
index 548ff32fbb..8337971513 100644
--- a/src/lib-sasl/dsasl-client.c
+++ b/src/lib-sasl/dsasl-client.c
@@ -72,6 +72,9 @@ struct dsasl_client *dsasl_client_new(const struct dsasl_client_mech *mech,
 	client->set.authzid = p_strdup(pool, set->authzid);
 	client->password = p_strdup(pool, set->password);
 	client->set.password = client->password;
+	client->set.protocol = p_strdup(pool, set->protocol);
+	client->set.host = p_strdup(pool, set->host);
+	client->set.port = set->port;
 	return client;
 }
 
diff --git a/src/lib-sasl/dsasl-client.h b/src/lib-sasl/dsasl-client.h
index cb3c3d1b0f..6e32a9fa5a 100644
--- a/src/lib-sasl/dsasl-client.h
+++ b/src/lib-sasl/dsasl-client.h
@@ -11,6 +11,13 @@ struct dsasl_client_settings {
 	const char *authzid;
 	/* password - must be set with most mechanisms */
 	const char *password;
+
+	/* protocol using SASL */
+	const char *protocol;
+	/* host name */
+	const char *host;
+	/* port */
+	in_port_t port;
 };
 
 enum dsasl_client_result {
diff --git a/src/lib-sasl/fuzz-sasl-authentication.c b/src/lib-sasl/fuzz-sasl-authentication.c
index 220f45e58b..98eb87f7d4 100644
--- a/src/lib-sasl/fuzz-sasl-authentication.c
+++ b/src/lib-sasl/fuzz-sasl-authentication.c
@@ -629,6 +629,8 @@ static void fuzz_sasl_run(struct istream *input)
 		.authid = params.authid,
 		.authzid = params.authzid,
 		.password = params.client_password,
+		.protocol = "imap",
+		.host = "example.com",
 	};
 	client_mech = dsasl_client_mech_find(params.mech);
 	if (client_mech != NULL) {
diff --git a/src/lib-sasl/test-sasl-authentication.c b/src/lib-sasl/test-sasl-authentication.c
index 5a84afbb86..8cdd43815c 100644
--- a/src/lib-sasl/test-sasl-authentication.c
+++ b/src/lib-sasl/test-sasl-authentication.c
@@ -386,6 +386,8 @@ test_sasl_run_once(const struct test_sasl *test,
 		.authid = authid,
 		.authzid = authzid,
 		.password = password,
+		.protocol = "imap",
+		.host = "example.com",
 	};
 	client_mech = dsasl_client_mech_find(test->mech);
 	i_assert(client_mech != NULL);
diff --git a/src/lib-sasl/test-sasl-client.c b/src/lib-sasl/test-sasl-client.c
index 11b38428cf..7bc99d7a4d 100644
--- a/src/lib-sasl/test-sasl-client.c
+++ b/src/lib-sasl/test-sasl-client.c
@@ -268,13 +268,12 @@ static void test_sasl_client_oauthbearer(void)
 	test_assert(client == NULL);
 
 	/* with host & port set */
-	client = dsasl_client_new(mech, &sasl_set);
+	struct dsasl_client_settings sasl_set_host = sasl_set;
+	sasl_set_host.host = "example.com";
+	sasl_set_host.port = 143;
+	client = dsasl_client_new(mech, &sasl_set_host);
 	i_assert(client != NULL);
 
-	test_assert(dsasl_client_set_parameter(client, "host", "example.com", &error) == 1);
-	test_assert(dsasl_client_set_parameter(client, "port", "imap", &error) == -1);
-	test_assert_strcmp(error, "Invalid port value");
-	test_assert(dsasl_client_set_parameter(client, "port", "143", &error) == 1);
 	test_assert(dsasl_client_set_parameter(client, "unknown", "value", &error) == 0);
 
 	test_assert(dsasl_client_input(client, uchar_empty_ptr, 0, &error) == DSASL_CLIENT_RESULT_OK);
-- 
2.47.3