X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/acb1b3461349256ee2422aa39b6f2d810681ae47..44bbabb570db6e700a31469a0faf2ac27bf3bfe0:/src/src/auths/cyrus_sasl.c

diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c
index 849c3d1c0..df7abc928 100644
--- a/src/src/auths/cyrus_sasl.c
+++ b/src/src/auths/cyrus_sasl.c
@@ -1,13 +1,11 @@
-/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.2 2005/04/05 14:02:30 ph10 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2003 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
 /* See the file NOTICE for conditions of use and distribution. */
 
-/* This code was contributed by Matthew Byng-Maddick */
+/* This code was originally contributed by Matthew Byng-Maddick */
 
 /* Copyright (c) A L Digital 2004 */
 
@@ -53,7 +51,7 @@ address can appear in the tables drtables.c. */
 int auth_cyrus_sasl_options_count =
   sizeof(auth_cyrus_sasl_options)/sizeof(optionlist);
 
-/* Default private options block for the contidion authentication method. */
+/* Default private options block for the cyrus_sasl authentication method. */
 
 auth_cyrus_sasl_options_block auth_cyrus_sasl_option_defaults = {
   US"smtp",         /* server_service */
@@ -71,18 +69,42 @@ auth_cyrus_sasl_options_block auth_cyrus_sasl_option_defaults = {
 enable consistency checks to be done, or anything else that needs
 to be set up. */
 
+
+/* Auxiliary function, passed in data to sasl_server_init(). */
+
+static int
+mysasl_config(void *context,
+              const char *plugin_name,
+              const char *option,
+              const char **result,
+              unsigned int *len)
+{
+if (context && !strcmp(option, "mech_list"))
+  {
+  *result = context;
+  if (len != NULL) *len = strlen(*result);
+  return SASL_OK;
+  }
+return SASL_FAIL;
+}
+
+/* Here's the real function */
+
 void
 auth_cyrus_sasl_init(auth_instance *ablock)
 {
 auth_cyrus_sasl_options_block *ob =
   (auth_cyrus_sasl_options_block *)(ablock->options_block);
-sasl_callback_t cbs[]={{SASL_CB_LIST_END, NULL, NULL}};
-sasl_conn_t *conn;
 uschar *list, *listptr, *buffer;
 int rc, i;
 unsigned int len;
 uschar *rs_point;
 
+sasl_conn_t *conn;
+sasl_callback_t cbs[]={
+  {SASL_CB_GETOPT, NULL, NULL },
+  {SASL_CB_LIST_END, NULL, NULL}};
+
 /* default the mechanism to our "public name" */
 if(ob->server_mech == NULL)
   ob->server_mech=string_copy(ablock->public_name);
@@ -90,7 +112,12 @@ if(ob->server_mech == NULL)
 /* we're going to initialise the library to check that there is an
  * authenticator of type whatever mechanism we're using
  */
+
+cbs[0].proc = (int(*)(void))&mysasl_config;
+cbs[0].context = ob->server_mech;
+
 rc=sasl_server_init(cbs, "exim");
+
 if( rc != SASL_OK )
   log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator:  "
       "couldn't initialise Cyrus SASL library.", ablock->name);
@@ -295,24 +322,42 @@ while(rc==SASL_CONTINUE)
     }
   else if(rc==SASL_OK)
     {
-    /* get the username and copy it into $1 */
-    rc=sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2));
-    expand_nstring[1]=string_copy(out2);
-    expand_nlength[1]=Ustrlen(expand_nstring[1]);
-    expand_nmax=1;
+    /* Get the username and copy it into $auth1 and $1. The former is now the
+    preferred variable; the latter is the original variable. */
+    rc = sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2));
+    auth_vars[0] = expand_nstring[1] = string_copy(out2);
+    expand_nlength[1] = Ustrlen(expand_nstring[1]);
+    expand_nmax = 1;
 
     HDEBUG(D_auth)
-      debug_printf("Cyrus SASL %s authentiction succeeded for %s\n", ob->server_mech, out2);
+      debug_printf("Cyrus SASL %s authentication succeeded for %s\n", ob->server_mech, out2);
     /* close down the connection, freeing up library's memory */
     sasl_dispose(&conn);
     sasl_done();
-    return OK;
+
+    /* Expand server_condition as an authorization check */
+    return auth_check_serv_cond(ablock);
     }
   }
 /* NOTREACHED */
 return 0;  /* Stop compiler complaints */
 }
 
+/*************************************************
+*                Diagnostic API                  *
+*************************************************/
+
+void
+auth_cyrus_sasl_version_report(FILE *f)
+{
+  const char *implementation, *version;
+  sasl_version_info(&implementation, &version, NULL, NULL, NULL, NULL);
+  fprintf(f, "Library version: Cyrus SASL: Compile: %d.%d.%d\n"
+             "                             Runtime: %s [%s]\n",
+          SASL_VERSION_MAJOR, SASL_VERSION_MINOR, SASL_VERSION_STEP,
+          version, implementation);
+}
+
 /*************************************************
 *              Client entry point                *
 *************************************************/