diff options
Diffstat (limited to 'imap/src/c-client/auth_bea.c')
-rw-r--r-- | imap/src/c-client/auth_bea.c | 41 |
1 files changed, 25 insertions, 16 deletions
diff --git a/imap/src/c-client/auth_bea.c b/imap/src/c-client/auth_bea.c index 4b001ac7..2e12f1b6 100644 --- a/imap/src/c-client/auth_bea.c +++ b/imap/src/c-client/auth_bea.c @@ -1,5 +1,5 @@ /* ======================================================================== - * Copyright 2020 Eduardo Chappa + * Copyright 2020-2022 Eduardo Chappa * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,11 +27,21 @@ AUTHENTICATOR auth_bea = { }; #define BEARER_ACCOUNT "n,a=" +#define BEARER_ACCOUNT_LEN (4) + #ifndef OAUTH2_BEARER #define OAUTH2_BEARER "auth=Bearer " #endif + +#ifndef OAUTH2_BEARER_LEN +#define OAUTH2_BEARER_LEN (12) +#endif + #define BEARER_HOST "host=" +#define BEARER_HOST_LEN (5) + #define BEARER_PORT "port=" +#define BEARER_PORT_LEN (5) /* Client authenticator * Accepts: challenger function @@ -77,6 +87,9 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder oauth2.param[OA2_State].value = oauth2_generate_state(); + oauth2_code_challenge(&oauth2); + + oauth2_login_hint(&oauth2, user); /* * If we did not get an access token, try to get one through * our internal functions @@ -99,9 +112,12 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder && (oauth2.access_token || (!RefreshToken && oauth2.param[OA2_RefreshToken].value) || (RefreshToken && oauth2.param[OA2_RefreshToken].value - && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value) - || oauth2.cancel_refresh_token))) + && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value)) + || oauth2.cancel_refresh_token)) mm_login_method (mb, user, (void *) &oauth2, *trial, BEARERNAME); + + if(RefreshToken) + fs_give((void **) &RefreshToken); } /* empty challenge or user requested abort or client does not have info */ @@ -117,10 +133,10 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder char *response; sprintf(ports, "%lu", port); - rlen = strlen(BEARER_ACCOUNT) + strlen(user) + 1 + 1 - + strlen(BEARER_HOST) + strlen(mb->orighost) + 1 - + strlen(BEARER_PORT) + strlen(ports) + 1 - + strlen(OAUTH2_BEARER) + strlen(oauth2.access_token) + 2; + rlen = BEARER_ACCOUNT_LEN + strlen(user) + 1 + 1 + + BEARER_HOST_LEN + strlen(mb->orighost) + 1 + + BEARER_PORT_LEN + strlen(ports) + 1 + + OAUTH2_BEARER_LEN + strlen(oauth2.access_token) + 2; response = (char *) fs_get (rlen+1); sprintf(response, "%s%s,\001%s%s\001%s%s\001%s%s\001\001", BEARER_ACCOUNT, user, BEARER_HOST, mb->orighost, BEARER_PORT, ports, OAUTH2_BEARER, oauth2.access_token); @@ -135,13 +151,8 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder * Refresh Token has expired somehow, we invalidate it if we * reach *trial to 3. This forces the process to restart later on. */ - if(*trial == 3){ - if(oauth2.param[OA2_State].value) - fs_give((void **) &oauth2.param[OA2_State].value); - fs_give((void **) &oauth2.param[OA2_RefreshToken].value); - fs_give((void **) &oauth2.access_token); + if(*trial == 3) oauth2.expiration = 0L; - } } } fs_give ((void **) &response); @@ -149,8 +160,6 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder *trial = 65535; /* don't retry if bad protocol */ } } - if(oauth2.param[OA2_Id].value) fs_give((void **) &oauth2.param[OA2_Id].value); - if(oauth2.param[OA2_Secret].value) fs_give((void **) &oauth2.param[OA2_Secret].value); - if(oauth2.param[OA2_Tenant].value) fs_give((void **) &oauth2.param[OA2_Tenant].value); + oauth2_free_extra_values(oauth2); return ret; } |