void
netsec_shutdown(netsec_context *nsc, int closeflag)
{
- if (nsc->ns_userid)
- free(nsc->ns_userid);
- if (nsc->ns_inbuffer)
- free(nsc->ns_inbuffer);
- if (nsc->ns_outbuffer)
- free(nsc->ns_outbuffer);
- if (nsc->sasl_mech)
- free(nsc->sasl_mech);
- if (nsc->sasl_chosen_mech)
- free(nsc->sasl_chosen_mech);
+ mh_xfree(nsc->ns_userid);
+ mh_xfree(nsc->ns_inbuffer);
+ mh_xfree(nsc->ns_outbuffer);
+ mh_xfree(nsc->sasl_mech);
+ mh_xfree(nsc->sasl_chosen_mech);
#ifdef OAUTH_SERVICE
- if (nsc->oauth_service)
- free(nsc->oauth_service);
+ mh_xfree(nsc->oauth_service);
#endif /* OAUTH_SERVICE */
#ifdef CYRUS_SASL
if (nsc->sasl_conn)
sasl_dispose(&nsc->sasl_conn);
- if (nsc->sasl_hostname)
- free(nsc->sasl_hostname);
- if (nsc->sasl_cbs)
- free(nsc->sasl_cbs);
- if (nsc->sasl_creds) {
- if (nsc->sasl_creds->password)
- memset(nsc->sasl_creds->password, 0,
- strlen(nsc->sasl_creds->password));
- free(nsc->sasl_creds);
- }
+ mh_xfree(nsc->sasl_hostname);
+ mh_xfree(nsc->sasl_cbs);
+ if (nsc->sasl_creds)
+ nmh_credentials_free(nsc->sasl_creds);
if (nsc->sasl_secret) {
if (nsc->sasl_secret->len > 0) {
memset(nsc->sasl_secret->data, 0, nsc->sasl_secret->len);
}
free(nsc->sasl_secret);
}
- if (nsc->sasl_tmpbuf)
- free(nsc->sasl_tmpbuf);
+ mh_xfree(nsc->sasl_tmpbuf);
#endif /* CYRUS_SASL */
#ifdef TLS_SUPPORT
if (nsc->ssl_io)
if (nsc->ns_snoop)
ERR_print_errors_fp(stderr);
return NOTOK;
- } else if (rc < 0) {
+ }
+ if (rc < 0) {
/* Definitely an error */
netsec_err(errstr, "Read on TLS connection failed: %s",
ERR_error_string(ERR_get_error(), NULL));
"%d bytes, but our buffer size was only %d bytes",
rc, nsc->ns_outbufsize);
return NOTOK;
- } else {
- /*
- * Generate a flush (which may be inefficient, but hopefully
- * it isn't) and then try again.
- */
- if (netsec_flush(nsc, errstr) != OK)
- return NOTOK;
- /*
- * After this, outbuffer should == outptr, so we shouldn't
- * hit this next time around.
- */
- goto retry;
}
+ /*
+ * Generate a flush (which may be inefficient, but hopefully
+ * it isn't) and then try again.
+ */
+ if (netsec_flush(nsc, errstr) != OK)
+ return NOTOK;
+ /*
+ * After this, outbuffer should == outptr, so we shouldn't
+ * hit this next time around.
+ */
+ goto retry;
}
if (nsc->ns_snoop) {
}
nsc->sasl_hostname = mh_xstrdup(hostname);
+
+ /*
+ * Set up our credentials
+ */
+
+ nsc->sasl_creds = nmh_get_credentials(nsc->sasl_hostname, nsc->ns_userid);
+
#else /* CYRUS_SASL */
NMH_UNUSED(hostname);
NMH_UNUSED(service);
nsc->sasl_mech = mh_xstrdup(mechanism);
for (p = nsc->sasl_mech; *p; p++)
- if (isascii((unsigned char) *p)) /* Just in case */
+ if (isascii((unsigned char) *p)) /* Leave non-ASCII lower alone. */
*p = toupper((unsigned char) *p);
}
if (! result || (id != SASL_CB_USER && id != SASL_CB_AUTHNAME))
return SASL_BADPARAM;
- if (nsc->ns_userid == NULL) {
- /*
- * Pass the 1 third argument to nmh_get_credentials() so that
- * a default user if the -user switch wasn't supplied, and so
- * that a default password will be supplied. That's used when
- * those values really don't matter, and only with legacy/.netrc,
- * i.e., with a credentials profile entry.
- */
-
- if (nsc->sasl_creds == NULL) {
- NEW(nsc->sasl_creds);
- nsc->sasl_creds->user = NULL;
- nsc->sasl_creds->password = NULL;
- }
-
- if (nmh_get_credentials(nsc->sasl_hostname, nsc->ns_userid, 1,
- nsc->sasl_creds) != OK)
- return SASL_BADPARAM;
-
- if (nsc->ns_userid != nsc->sasl_creds->user) {
- if (nsc->ns_userid)
- free(nsc->ns_userid);
- nsc->ns_userid = getcpy(nsc->sasl_creds->user);
- }
- }
+ *result = nmh_cred_get_user(nsc->sasl_creds);
- *result = nsc->ns_userid;
if (len)
- *len = strlen(nsc->ns_userid);
+ *len = strlen(*result);
return SASL_OK;
}
sasl_secret_t **psecret)
{
netsec_context *nsc = (netsec_context *) context;
+ const char *password;
int len;
NMH_UNUSED(conn);
if (! psecret || id != SASL_CB_PASS)
return SASL_BADPARAM;
- if (nsc->sasl_creds == NULL) {
- NEW(nsc->sasl_creds);
- nsc->sasl_creds->user = NULL;
- nsc->sasl_creds->password = NULL;
- }
-
- if (nsc->sasl_creds->password == NULL) {
- /*
- * Pass the 0 third argument to nmh_get_credentials() so
- * that the default password isn't used. With legacy/.netrc
- * credentials support, we'll only get here if the -user
- * switch to send(1)/post(8) wasn't used.
- */
+ password = nmh_cred_get_password(nsc->sasl_creds);
- if (nmh_get_credentials(nsc->sasl_hostname, nsc->ns_userid, 0,
- nsc->sasl_creds) != OK) {
- return SASL_BADPARAM;
- }
- }
-
- len = strlen(nsc->sasl_creds->password);
+ len = strlen(password);
/*
* sasl_secret_t includes 1 bytes for "data" already, so that leaves
return SASL_NOMEM;
(*psecret)->len = len;
- strcpy((char *) (*psecret)->data, nsc->sasl_creds->password);
+ strcpy((char *) (*psecret)->data, password);
nsc->sasl_secret = *psecret;
rc = sasl_client_step(nsc->sasl_conn, (char *) outbuf, outbuflen, NULL,
(const char **) &saslbuf, &saslbuflen);
- if (outbuf)
- free(outbuf);
+ mh_xfree(outbuf);
if (rc != SASL_OK && rc != SASL_CONTINUE) {
netsec_err(errstr, "SASL client negotiation failed: %s",
int
netsec_set_tls(netsec_context *nsc, int tls, char **errstr)
{
- if (tls) {
#ifdef TLS_SUPPORT
+ if (tls) {
SSL *ssl;
BIO *rbio, *wbio, *ssl_bio;;
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
nsc->ssl_io = ssl_bio;
- return OK;
- } else {
- BIO_free_all(nsc->ssl_io);
- nsc->ssl_io = NULL;
-
return OK;
}
+ BIO_free_all(nsc->ssl_io);
+ nsc->ssl_io = NULL;
+
#else /* TLS_SUPPORT */
- netsec_err(errstr, "TLS is not supported");
+ NMH_UNUSED(nsc);
+ if (tls) {
+ netsec_err(errstr, "TLS is not supported");
return NOTOK;
}
#endif /* TLS_SUPPORT */
+
+ return OK;
}
/*
return OK;
#else /* TLS_SUPPORT */
+ NMH_UNUSED(nsc);
netsec_err(errstr, "TLS not supported");
return NOTOK;
projects / nmh / blobdiff