1 /* $Cambridge: exim/src/src/auths/plaintext.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2006 */
8 /* See the file NOTICE for conditions of use and distribution. */
11 #include "plaintext.h"
14 /* Options specific to the plaintext authentication mechanism. */
16 optionlist auth_plaintext_options[] = {
17 { "client_send", opt_stringptr,
18 (void *)(offsetof(auth_plaintext_options_block, client_send)) },
19 { "server_condition", opt_stringptr,
20 (void *)(offsetof(auth_plaintext_options_block, server_condition)) },
21 { "server_prompts", opt_stringptr,
22 (void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
25 /* Size of the options list. An extern variable has to be used so that its
26 address can appear in the tables drtables.c. */
28 int auth_plaintext_options_count =
29 sizeof(auth_plaintext_options)/sizeof(optionlist);
31 /* Default private options block for the plaintext authentication method. */
33 auth_plaintext_options_block auth_plaintext_option_defaults = {
34 NULL, /* server_condition */
35 NULL, /* server_prompts */
36 NULL /* client_send */
40 /*************************************************
41 * Initialization entry point *
42 *************************************************/
44 /* Called for each instance, after its options have been read, to
45 enable consistency checks to be done, or anything else that needs
49 auth_plaintext_init(auth_instance *ablock)
51 auth_plaintext_options_block *ob =
52 (auth_plaintext_options_block *)(ablock->options_block);
53 if (ablock->public_name == NULL) ablock->public_name = ablock->name;
54 if (ob->server_condition != NULL) ablock->server = TRUE;
55 if (ob->client_send != NULL) ablock->client = TRUE;
60 /*************************************************
61 * Server entry point *
62 *************************************************/
64 /* For interface, see auths/README */
67 auth_plaintext_server(auth_instance *ablock, uschar *data)
69 auth_plaintext_options_block *ob =
70 (auth_plaintext_options_block *)(ablock->options_block);
71 uschar *prompts = ob->server_prompts;
72 uschar *clear, *cond, *end, *s;
77 /* Expand a non-empty list of prompt strings */
81 prompts = expand_string(prompts);
84 auth_defer_msg = expand_string_message;
89 /* If data was supplied on the AUTH command, decode it, and split it up into
90 multiple items at binary zeros. If the data consists of the string "=" it
91 indicates a single, empty string. */
95 if (Ustrcmp(data, "=") == 0)
97 expand_nstring[++expand_nmax] = US"";
98 expand_nlength[expand_nmax] = 0;
102 if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
104 while (clear < end && expand_nmax < EXPAND_MAXN)
106 expand_nstring[++expand_nmax] = clear;
107 while (*clear != 0) clear++;
108 expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
113 /* Now go through the list of prompt strings. Skip over any whose data has
114 already been provided as part of the AUTH command. For the rest, send them
115 out as prompts, and get a data item back. If the data item is "*", abandon the
116 authentication attempt. Otherwise, split it into items as above. */
118 while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
119 != NULL && expand_nmax < EXPAND_MAXN)
121 if (number++ <= expand_nmax) continue;
122 if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
123 if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
126 /* This loop must run at least once, in case the length is zero */
129 expand_nstring[++expand_nmax] = clear;
130 while (*clear != 0) clear++;
131 expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
133 while (clear < end && expand_nmax < EXPAND_MAXN);
136 /* We now have a number of items of data in $1, $2, etc. Match against the
137 decoded data by expanding the condition. Also expand the id to set if
138 authentication succeeds. */
140 cond = expand_string(ob->server_condition);
145 debug_printf("%s authenticator:\n", ablock->name);
146 for (i = 1; i <= expand_nmax; i++)
147 debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
148 debug_print_string(ablock->server_debug_string); /* customized debug */
150 debug_printf("expansion failed: %s\n", expand_string_message);
152 debug_printf("expanded string: %s\n", cond);
155 /* A forced expansion failure causes authentication to fail. Other expansion
156 failures yield DEFER, which will cause a temporary error code to be returned to
157 the AUTH command. The problem is at the server end, so the client should try
162 if (expand_string_forcedfail) return FAIL;
163 auth_defer_msg = expand_string_message;
167 /* Return FAIL for empty string, "0", "no", and "false"; return OK for
168 "1", "yes", and "true"; return DEFER for anything else, with the string
169 available as an error text for the user. */
172 Ustrcmp(cond, "0") == 0 ||
173 strcmpic(cond, US"no") == 0 ||
174 strcmpic(cond, US"false") == 0)
177 if (Ustrcmp(cond, "1") == 0 ||
178 strcmpic(cond, US"yes") == 0 ||
179 strcmpic(cond, US"true") == 0)
182 auth_defer_msg = cond;
183 auth_defer_user_msg = string_sprintf(": %s", cond);
189 /*************************************************
190 * Client entry point *
191 *************************************************/
193 /* For interface, see auths/README */
196 auth_plaintext_client(
197 auth_instance *ablock, /* authenticator block */
198 smtp_inblock *inblock, /* connection inblock */
199 smtp_outblock *outblock, /* connection outblock */
200 int timeout, /* command timeout */
201 uschar *buffer, /* buffer for reading response */
202 int buffsize) /* size of buffer */
204 auth_plaintext_options_block *ob =
205 (auth_plaintext_options_block *)(ablock->options_block);
206 uschar *text = ob->client_send;
211 /* The text is broken up into a number of different data items, which are
212 sent one by one. The first one is sent with the AUTH command; the remainder are
213 sent in response to subsequent prompts. Each is expanded before being sent. */
215 while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL)
218 uschar *ss = expand_string(s);
220 /* Forced expansion failure is not an error; authentication is abandoned. On
221 all but the first string, we have to abandon the authentication attempt by
222 sending a line containing "*". Save the failed expansion string, because it
223 is in big_buffer, and that gets used by the sending function. */
227 uschar *ssave = string_copy(s);
230 if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
231 (void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
233 if (expand_string_forcedfail) return CANCELLED;
234 string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
235 "authenticator: %s", ssave, ablock->name, expand_string_message);
241 /* The character ^ is used as an escape for a binary zero character, which is
242 needed for the PLAIN mechanism. It must be doubled if really needed. */
244 for (i = 0; i < len; i++)
248 if (ss[i+1] != '^') ss[i] = 0; else
252 memmove(ss + i, ss + i + 1, len - i);
257 /* The first string is attached to the AUTH command; others are sent
263 if (smtp_write_command(outblock, FALSE, "AUTH %s%s%s\r\n",
264 ablock->public_name, (len == 0)? "" : " ",
265 auth_b64encode(ss, len)) < 0)
270 if (smtp_write_command(outblock, FALSE, "%s\r\n",
271 auth_b64encode(ss, len)) < 0)
275 /* If we receive a success response from the server, authentication
276 has succeeded. There may be more data to send, but is there any point
277 in provoking an error here? */
279 if (smtp_read_response(inblock, US buffer, buffsize, '2', timeout)) return OK;
281 /* Not a success response. If errno != 0 there is some kind of transmission
282 error. Otherwise, check the response code in the buffer. If it starts with
283 '3', more data is expected. */
285 if (errno != 0 || buffer[0] != '3') return FAIL;
287 /* If there is no more data to send, we have to cancel the authentication
288 exchange and return ERROR. */
292 if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
293 (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
294 string_format(buffer, buffsize, "Too few items in client_send in %s "
295 "authenticator", ablock->name);
300 /* Control should never actually get here. */
305 /* End of plaintext.c */