267 		oauth2_request_abort(&db->head->req);
275 db_oauth2_have_all_fields(struct db_oauth2_request *req)
279 	const char *const *args = passdb_template_get_args(req->db->tmpl, &n);
281 	if (req->fields == NULL)
295 				    !auth_fields_exists(req->fields, ptr+8))
302 	if (!auth_fields_exists(req->fields, req->db->set.username_attribute))
304 	if (*req->db->set.active_attribute != '\0' && !auth_fields_exists(req->fields, req->db->set.active_attribute))
338 static const char *escape_none(const char *value, const struct auth_request *req ATTR_UNUSED)
358 db_oauth2_template_export(struct db_oauth2_request *req,
368 	struct passdb_template *tmpl = req->db->tmpl;
383 				table = db_oauth2_value_get_var_expand_table(req->auth_request,
384 									     auth_fields_find(req->fields, args[i]));
386 						  req, error_r) < 0) {
393 		auth_request_set_field(req->auth_request, args[i], value,
399 static void db_oauth2_fields_merge(struct db_oauth2_request *req,
404 	if (req->fields == NULL)
405 		req->fields = auth_fields_init(req->pool);
408 		if (req->auth_request->debug)
409 			auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
412 		auth_fields_add(req->fields, field->name, field->value, 0);
416 static void db_oauth2_callback(struct db_oauth2_request *req,
420 	db_oauth2_lookup_callback_t *callback = req->callback;
421 	req->callback = NULL;
425 	if (req->auth_request->debug)
426 		auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
431 		DLLIST_REMOVE(&req->db->head, req);
432 		callback(req, result, error, req->context);
437 db_oauth2_validate_username(struct db_oauth2_request *req,
448 		auth_fields_find(req->fields, req->db->set.username_attribute);
463 	if (auth_request_var_expand(username_req, req->db->set.username_format, req->auth_request, escape_none, &error) < 0 ||
464 	    var_expand(username_val, req->db->set.username_format, table, &error) < 0) {
466 					req->db->set.username_format, error);
480 db_oauth2_user_is_enabled(struct db_oauth2_request *req,
483 	if (*req->db->set.active_attribute != '\0') {
484 		const char *active_value = auth_fields_find(req->fields, req->db->set.active_attribute);
486 		    (*req->db->set.active_value != '\0' &&
487 		     strcmp(req->db->set.active_value, active_value) != 0)) {
497 db_oauth2_token_in_scope(struct db_oauth2_request *req,
500 	if (*req->db->set.scope != '\0') {
502 		const char *value = auth_fields_find(req->fields, "scope");
503 		if (req->auth_request->debug)
504 			auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
509 			found = str_array_find(scopes, req->db->set.scope);
513 						   req->db->set.scope);
521 static void db_oauth2_process_fields(struct db_oauth2_request *req,
527 	if (db_oauth2_validate_username(req, result_r, error_r) &&
528 	    db_oauth2_user_is_enabled(req, result_r, error_r) &&
529 	    db_oauth2_token_in_scope(req, result_r, error_r) &&
530 	    db_oauth2_template_export(req, result_r, error_r)) {
539 			      struct db_oauth2_request *req)
544 	req->req = NULL;
546 	if (req->auth_request->debug)
547 		auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
556 		db_oauth2_fields_merge(req, result->fields);
557 		db_oauth2_process_fields(req, &passdb_result, &error);
559 	db_oauth2_callback(req, passdb_result, error);
562 static void db_oauth2_lookup_introspect(struct db_oauth2_request *req)
567 	if (req->auth_request->debug)
568 		auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
570 					req->db->set.introspection_url);
571 	input.token = req->token;
572 	input.local_ip = req->auth_request->local_ip;
573 	input.local_port = req->auth_request->local_port;
574 	input.remote_ip = req->auth_request->remote_ip;
575 	input.remote_port = req->auth_request->remote_port;
576 	input.real_local_ip = req->auth_request->real_local_ip;
577 	input.real_local_port = req->auth_request->real_local_port;
578 	input.real_remote_ip = req->auth_request->real_remote_ip;
579 	input.real_remote_port = req->auth_request->real_remote_port;
580 	input.service = req->auth_request->service;
582 	req->req = oauth2_introspection_start(&req->db->oauth2_set, &input,
583 					      db_oauth2_introspect_continue, req);
588 			  struct db_oauth2_request *req)
593 	req->req = NULL;
602 		db_oauth2_fields_merge(req, result->fields);
603 		if (*req->db->set.introspection_url != '\0' &&
604 		    (req->db->set.force_introspection ||
605 		     !db_oauth2_have_all_fields(req))) {
606 			if (req->auth_request->debug)
607 				auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
609 			db_oauth2_lookup_introspect(req);
612 		db_oauth2_process_fields(req, &passdb_result, &error);
614 	db_oauth2_callback(req, passdb_result, error);
618 void db_oauth2_lookup(struct db_oauth2 *db, struct db_oauth2_request *req,
625 	req->db = db;
626 	req->token = p_strdup(req->pool, token);
627 	req->callback = callback;
628 	req->context = context;
629 	req->auth_request = request;
632 	input.local_ip = req->auth_request->local_ip;
633 	input.local_port = req->auth_request->local_port;
634 	input.remote_ip = req->auth_request->remote_ip;
635 	input.remote_port = req->auth_request->remote_port;
636 	input.real_local_ip = req->auth_request->real_local_ip;
637 	input.real_local_port = req->auth_request->real_local_port;
638 	input.real_remote_ip = req->auth_request->real_remote_ip;
639 	input.real_remote_port = req->auth_request->real_remote_port;
640 	input.service = req->auth_request->service;
643 		if (req->auth_request->debug)
644 			auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
647 		req->req = oauth2_introspection_start(&req->db->oauth2_set, &input,
648 						      db_oauth2_introspect_continue, req);
650 		if (req->auth_request->debug)
651 			auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB,
654 		req->req = oauth2_token_validation_start(&db->oauth2_set, &input,
655 							 db_oauth2_lookup_continue, req);
657 	DLLIST_PREPEND(&db->head, req);

Indexes created Tue Jul 24 14:28:13 CEST 2018