X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/fb6ea8dca0129dbb93ecb5fe1147a7b03138bbf8..b1722537108cceec472480a551b9a7fb9c660c55:/sbr/netsec.c?ds=inline diff --git a/sbr/netsec.c b/sbr/netsec.c index eb28cbac..990b2318 100644 --- a/sbr/netsec.c +++ b/sbr/netsec.c @@ -137,8 +137,9 @@ static int checkascii(const unsigned char *byte, size_t len); netsec_context * netsec_init(void) { - netsec_context *nsc = mh_xmalloc(sizeof(*nsc)); + netsec_context *nsc; + NEW(nsc); nsc->ns_readfd = -1; nsc->ns_writefd = -1; nsc->ns_snoop = 0; @@ -208,12 +209,8 @@ netsec_shutdown(netsec_context *nsc, int closeflag) free(nsc->sasl_hostname); if (nsc->sasl_cbs) free(nsc->sasl_cbs); - if (nsc->sasl_creds) { - if (nsc->sasl_creds->password) - memset(nsc->sasl_creds->password, 0, - strlen(nsc->sasl_creds->password)); - free(nsc->sasl_creds); - } + if (nsc->sasl_creds) + nmh_credentials_free(nsc->sasl_creds); if (nsc->sasl_secret) { if (nsc->sasl_secret->len > 0) { memset(nsc->sasl_secret->data, 0, nsc->sasl_secret->len); @@ -1001,7 +998,14 @@ netsec_set_sasl_params(netsec_context *nsc, const char *hostname, return NOTOK; } - nsc->sasl_hostname = getcpy(hostname); + nsc->sasl_hostname = mh_xstrdup(hostname); + + /* + * Set up our credentials + */ + + nsc->sasl_creds = nmh_get_credentials(nsc->sasl_hostname, nsc->ns_userid); + #else /* CYRUS_SASL */ NMH_UNUSED(hostname); NMH_UNUSED(service); @@ -1016,7 +1020,7 @@ netsec_set_sasl_params(netsec_context *nsc, const char *hostname, if (mechanism) { char *p; - nsc->sasl_mech = getcpy(mechanism); + nsc->sasl_mech = mh_xstrdup(mechanism); for (p = nsc->sasl_mech; *p; p++) if (isascii((unsigned char) *p)) /* Just in case */ @@ -1042,35 +1046,10 @@ int netsec_get_user(void *context, int id, const char **result, if (! result || (id != SASL_CB_USER && id != SASL_CB_AUTHNAME)) return SASL_BADPARAM; - if (nsc->ns_userid == NULL) { - /* - * Pass the 1 third argument to nmh_get_credentials() so that - * a default user if the -user switch wasn't supplied, and so - * that a default password will be supplied. That's used when - * those values really don't matter, and only with legacy/.netrc, - * i.e., with a credentials profile entry. - */ - - if (nsc->sasl_creds == NULL) { - nsc->sasl_creds = mh_xmalloc(sizeof(*nsc->sasl_creds)); - nsc->sasl_creds->user = NULL; - nsc->sasl_creds->password = NULL; - } - - if (nmh_get_credentials(nsc->sasl_hostname, nsc->ns_userid, 1, - nsc->sasl_creds) != OK) - return SASL_BADPARAM; + *result = nmh_cred_get_user(nsc->sasl_creds); - if (nsc->ns_userid != nsc->sasl_creds->user) { - if (nsc->ns_userid) - free(nsc->ns_userid); - nsc->ns_userid = getcpy(nsc->sasl_creds->user); - } - } - - *result = nsc->ns_userid; if (len) - *len = strlen(nsc->ns_userid); + *len = strlen(*result); return SASL_OK; } @@ -1084,6 +1063,7 @@ netsec_get_password(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret) { netsec_context *nsc = (netsec_context *) context; + const char *password; int len; NMH_UNUSED(conn); @@ -1091,27 +1071,9 @@ netsec_get_password(sasl_conn_t *conn, void *context, int id, if (! psecret || id != SASL_CB_PASS) return SASL_BADPARAM; - if (nsc->sasl_creds == NULL) { - nsc->sasl_creds = mh_xmalloc(sizeof(*nsc->sasl_creds)); - nsc->sasl_creds->user = NULL; - nsc->sasl_creds->password = NULL; - } - - if (nsc->sasl_creds->password == NULL) { - /* - * Pass the 0 third argument to nmh_get_credentials() so - * that the default password isn't used. With legacy/.netrc - * credentials support, we'll only get here if the -user - * switch to send(1)/post(8) wasn't used. - */ - - if (nmh_get_credentials(nsc->sasl_hostname, nsc->ns_userid, 0, - nsc->sasl_creds) != OK) { - return SASL_BADPARAM; - } - } + password = nmh_cred_get_password(nsc->sasl_creds); - len = strlen(nsc->sasl_creds->password); + len = strlen(password); /* * sasl_secret_t includes 1 bytes for "data" already, so that leaves @@ -1124,7 +1086,7 @@ netsec_get_password(sasl_conn_t *conn, void *context, int id, return SASL_NOMEM; (*psecret)->len = len; - strcpy((char *) (*psecret)->data, nsc->sasl_creds->password); + strcpy((char *) (*psecret)->data, password); nsc->sasl_secret = *psecret; @@ -1199,7 +1161,7 @@ netsec_negotiate_sasl(netsec_context *nsc, const char *mechlist, char **errstr) return NOTOK; } - nsc->sasl_chosen_mech = getcpy(nsc->sasl_mech); + nsc->sasl_chosen_mech = mh_xstrdup(nsc->sasl_mech); if (mh_oauth_do_xoauth(nsc->ns_userid, nsc->oauth_service, &xoauth_client_res, &xoauth_client_res_len,