1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2009 */
6 /* See the file NOTICE for conditions of use and distribution. */
10 /* This module contains the function server_condition(), which is used
11 by all authenticators. */
14 /*************************************************
15 * Check server_condition *
16 *************************************************/
18 /* This function is called from the server code of all authenticators. For
19 plaintext, it is always called: the argument cannot be empty, because for
20 plaintext, setting server_condition is what enables it as a server
21 authenticator. For all the other authenticators, this function is called after
22 they have authenticated, to enable additional authorization to be done.
24 Argument: the authenticator's instance block
27 OK NULL argument, or success
28 DEFER couldn't complete the check
29 FAIL authentication failed
33 auth_check_serv_cond(auth_instance *ablock)
40 debug_printf("%s authenticator:\n", ablock->name);
41 for (i = 0; i < AUTH_VARS; i++)
43 if (auth_vars[i] != NULL)
44 debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]);
46 for (i = 1; i <= expand_nmax; i++)
47 debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
48 debug_print_string(ablock->server_debug_string); /* customized debug */
51 /* For the plaintext authenticator, server_condition is never NULL. For the
52 rest, an unset condition lets everything through. */
54 if (ablock->server_condition == NULL) return OK;
55 cond = expand_string(ablock->server_condition);
60 debug_printf("expansion failed: %s\n", expand_string_message);
62 debug_printf("expanded string: %s\n", cond);
65 /* A forced expansion failure causes authentication to fail. Other expansion
66 failures yield DEFER, which will cause a temporary error code to be returned to
67 the AUTH command. The problem is at the server end, so the client should try
72 if (expand_string_forcedfail) return FAIL;
73 auth_defer_msg = expand_string_message;
77 /* Return FAIL for empty string, "0", "no", and "false"; return OK for
78 "1", "yes", and "true"; return DEFER for anything else, with the string
79 available as an error text for the user. */
82 Ustrcmp(cond, "0") == 0 ||
83 strcmpic(cond, US"no") == 0 ||
84 strcmpic(cond, US"false") == 0)
87 if (Ustrcmp(cond, "1") == 0 ||
88 strcmpic(cond, US"yes") == 0 ||
89 strcmpic(cond, US"true") == 0)
92 auth_defer_msg = cond;
93 auth_defer_user_msg = string_sprintf(": %s", cond);
97 /* End of check_serv_cond.c */