[dovecot-cvs] dovecot/src/login-common sasl-server.c, 1.1, 1.2 sasl-server.h, 1.1, 1.2

Wed Oct 13 19:38:38 EEST 2004

Update of /var/lib/cvs/dovecot/src/login-common
In directory talvi:/tmp/cvs-serv8894/login-common

Modified Files:
	sasl-server.c sasl-server.h 
Log Message:
Changed dovecot-auth protocol to ASCII based. Should be easier now to write
replacement server if needed by someone. Also cleaned up/made more
consistent auth code. The new code could still use some cleaning though..



Index: sasl-server.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/sasl-server.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2

--- sasl-server.c	11 Oct 2004 17:14:28 -0000	1.1
+++ sasl-server.c	13 Oct 2004 16:38:35 -0000	1.2
@@ -12,16 +12,16 @@
 /* Used only for string sanitization while verbose_auth is set. */
 #define MAX_MECH_NAME 64
 
-static enum auth_client_request_new_flags
+static enum auth_request_flags
 client_get_auth_flags(struct client *client)
 {
-        enum auth_client_request_new_flags auth_flags = 0;
+        enum auth_request_flags auth_flags = 0;
 
 	if (client->proxy != NULL &&
 	    ssl_proxy_has_valid_client_cert(client->proxy))
-		auth_flags |= AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT;
-	if (client->tls)
-		auth_flags |= AUTH_CLIENT_FLAG_SSL_ENABLED;
+		auth_flags |= AUTH_REQUEST_FLAG_VALID_CLIENT_CERT;
+	if (client->secured)
+		auth_flags |= AUTH_REQUEST_FLAG_SECURED;
 	return auth_flags;
 }
 
@@ -35,43 +35,22 @@
 			      SASL_SERVER_REPLY_MASTER_FAILED, NULL);
 }
 
-static const char *auth_client_get_str(struct auth_client_request_reply *reply,
-				       const unsigned char *data, size_t idx)
-{
-	size_t stop;
-
-	if (idx >= reply->data_size || idx >= reply->reply_idx)
-		return NULL;
-
-	stop = reply->reply_idx < reply->data_size ?
-		reply->reply_idx-1 : reply->data_size;
-
-	return t_strndup(data + idx, stop);
-}
-
-static void authenticate_callback(struct auth_request *request,
-				  struct auth_client_request_reply *reply,
-				  const unsigned char *data, void *context)
+static void authenticate_callback(struct auth_request *request, int status,
+				  const char *data_base64,
+				  const char *const *args, void *context)
 {
 	struct client *client = context;
-	buffer_t *buf;
-	const char *user, *error;
+	const char *error;
 
 	if (!client->authenticating) {
 		/* client aborted */
-		i_assert(reply == NULL);
-		return;
-	}
-
-	if (reply == NULL) {
-		/* failed */
-		client->auth_request = NULL;
-		sasl_server_auth_cancel(client, "Authentication process died.");
+		i_assert(status < 0);
 		return;
 	}
 
-	switch (reply->result) {
-	case AUTH_CLIENT_RESULT_CONTINUE:
+	switch (status) {
+	case 0:
+		/* continue */
 		if (client->auth_request != NULL) {
 			i_assert(client->auth_request == request);
 		} else {
@@ -80,34 +59,30 @@
 			client->auth_request = request;
 		}
 
-		t_push();
-		buf = buffer_create_dynamic(pool_datastack_create(),
-				MAX_BASE64_ENCODED_SIZE(reply->data_size));
-		base64_encode(data, reply->data_size, buf);
-		buffer_append_c(buf, '\0');
-
 		client->sasl_callback(client, SASL_SERVER_REPLY_CONTINUE,
-				      buf->data);
-		t_pop();
+				      data_base64);
 		break;
-	case AUTH_CLIENT_RESULT_SUCCESS:
+	case 1:
 		client->auth_request = NULL;
 
-		user = auth_client_get_str(reply, data, reply->username_idx);
-		i_free(client->virtual_user);
-		client->virtual_user = i_strdup(user);
+		for (; *args != NULL; args++) {
+			if (strncmp(*args, "user=", 5) == 0) {
+				i_free(client->virtual_user);
+				client->virtual_user = i_strdup(*args + 5);
+			}
+		}
 
 		master_request_login(client, master_callback,
 				auth_client_request_get_server_pid(request),
 				auth_client_request_get_id(request));
 		break;
-	case AUTH_CLIENT_RESULT_FAILURE:
+	case -1:
 		client->auth_request = NULL;
 
 		/* see if we have error message */
-		if (reply->data_size > 0 && data[reply->data_size-1] == '\0') {
+		if (data_base64 != NULL) {
 			error = t_strconcat("Authentication failed: ",
-					    (const char *)data, NULL);
+					    (const char *)data_base64, NULL);
 		} else {
 			error = NULL;
 		}
@@ -118,8 +93,7 @@
 
 void sasl_server_auth_begin(struct client *client,
 			    const char *protocol, const char *mech_name,
-			    const unsigned char *initial_resp,
-			    size_t initial_resp_size,
+			    const char *initial_resp_base64,
 			    sasl_server_callback_t *callback)
 {
 	struct auth_request_info info;
@@ -137,7 +111,8 @@
 		return;
 	}
 
-	if (!client->secured && mech->plaintext && disable_plaintext_auth) {
+	if (!client->secured && disable_plaintext_auth &&
+	    (mech->flags & MECH_SEC_PLAINTEXT) != 0) {
 		sasl_server_auth_cancel(client,
 					"Plaintext authentication disabled.");
 		return;
@@ -149,8 +124,7 @@
 	info.flags = client_get_auth_flags(client);
 	info.local_ip = client->local_ip;
 	info.remote_ip = client->ip;
-	info.initial_resp_data = initial_resp;
-	info.initial_resp_size = initial_resp_size;
+	info.initial_resp_base64 = initial_resp_base64;
 
 	client->auth_request =
 		auth_client_request_new(auth_client, NULL, &info,

Index: sasl-server.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/sasl-server.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- sasl-server.h	11 Oct 2004 17:14:28 -0000	1.1
+++ sasl-server.h	13 Oct 2004 16:38:35 -0000	1.2
@@ -14,8 +14,7 @@
 
 void sasl_server_auth_begin(struct client *client,
 			    const char *protocol, const char *mech_name,
-			    const unsigned char *initial_resp,
-			    size_t initial_resp_size,
+			    const char *initial_resp_base64,
 			    sasl_server_callback_t *callback);
 void sasl_server_auth_cancel(struct client *client, const char *reason);
 

