1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) The Exim Maintainers 2023 */
6 /* Copyright (c) Jeremy Harris 2019-2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
8 /* SPDX-License-Identifier: GPL-2.0-or-later */
10 /* This file provides an Exim authenticator driver for
11 a server to verify a client SSL certificate, using the EXTERNAL
12 method defined in RFC 4422 Appendix A.
18 #ifdef AUTH_EXTERNAL /* Remainder of file */
21 /* Options specific to the external authentication mechanism. */
23 optionlist auth_external_options[] = {
24 { "client_send", opt_stringptr, OPT_OFF(auth_external_options_block, client_send) },
25 { "server_param2", opt_stringptr, OPT_OFF(auth_external_options_block, server_param2) },
26 { "server_param3", opt_stringptr, OPT_OFF(auth_external_options_block, server_param3) },
29 /* Size of the options list. An extern variable has to be used so that its
30 address can appear in the tables drtables.c. */
32 int auth_external_options_count = nelem(auth_external_options);
34 /* Default private options block for the authentication method. */
36 auth_external_options_block auth_external_option_defaults = {
37 .server_param2 = NULL,
38 .server_param3 = NULL,
47 void auth_external_init(auth_instance *ablock) {}
48 int auth_external_server(auth_instance *ablock, uschar *data) {return 0;}
49 int auth_external_client(auth_instance *ablock, void * sx,
50 int timeout, uschar *buffer, int buffsize) {return 0;}
52 #else /*!MACRO_PREDEF*/
57 /*************************************************
58 * Initialization entry point *
59 *************************************************/
61 /* Called for each instance, after its options have been read, to
62 enable consistency checks to be done, or anything else that needs
66 auth_external_init(auth_instance *ablock)
68 auth_external_options_block * ob = (auth_external_options_block *)ablock->options_block;
69 if (!ablock->public_name) ablock->public_name = ablock->name;
70 if (ablock->server_condition) ablock->server = TRUE;
71 if (ob->client_send) ablock->client = TRUE;
76 /*************************************************
77 * Server entry point *
78 *************************************************/
80 /* For interface, see auths/README */
83 auth_external_server(auth_instance * ablock, uschar * data)
85 auth_external_options_block * ob = (auth_external_options_block *)ablock->options_block;
88 /* If data was supplied on the AUTH command, decode it, and split it up into
89 multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
90 up to a maximum. To retain backwards compatibility, they are also put int $1,
91 $2, etc. If the data consists of the string "=" it indicates a single, empty
95 if ((rc = auth_read_input(data)) != OK)
98 /* Now go through the list of prompt strings. Skip over any whose data has
99 already been provided as part of the AUTH command. For the rest, send them
100 out as prompts, and get a data item back. If the data item is "*", abandon the
101 authentication attempt. Otherwise, split it into items as above. */
103 if (expand_nmax == 0) /* skip if rxd data */
104 if ((rc = auth_prompt(CUS"")) != OK)
107 if (ob->server_param2)
109 uschar * s = expand_string(ob->server_param2);
110 auth_vars[expand_nmax = 1] = s;
111 expand_nstring[++expand_nmax] = s;
112 expand_nlength[expand_nmax] = Ustrlen(s);
113 if (ob->server_param3)
115 s = expand_string(ob->server_param3);
116 auth_vars[expand_nmax] = s;
117 expand_nstring[++expand_nmax] = s;
118 expand_nlength[expand_nmax] = Ustrlen(s);
122 return auth_check_serv_cond(ablock);
127 /*************************************************
128 * Client entry point *
129 *************************************************/
131 /* For interface, see auths/README */
134 auth_external_client(
135 auth_instance *ablock, /* authenticator block */
136 void * sx, /* smtp connextion */
137 int timeout, /* command timeout */
138 uschar *buffer, /* buffer for reading response */
139 int buffsize) /* size of buffer */
141 auth_external_options_block *ob =
142 (auth_external_options_block *)(ablock->options_block);
143 const uschar * text = ob->client_send;
146 /* We output an AUTH command with one expanded argument, the client_send option */
148 if ((rc = auth_client_item(sx, ablock, &text, AUTH_ITEM_FIRST | AUTH_ITEM_LAST,
149 timeout, buffer, buffsize)) != OK)
150 return rc == DEFER ? FAIL : rc;
152 if (text) auth_vars[0] = string_copy(text);
158 #endif /*!MACRO_PREDEF*/
159 #endif /*AUTH_EXTERNAL*/
160 /* End of external.c */