* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2019-2020 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
#include <gsasl.h>
#include "gsasl_exim.h"
+
+#if GSASL_VERSION_MINOR >= 10
+# define EXIM_GSASL_HAVE_SCRAM_SHA_256
+# define EXIM_GSASL_SCRAM_S_KEY
+
+#elif GSASL_VERSION_MINOR == 9
+# define EXIM_GSASL_HAVE_SCRAM_SHA_256
+
+# if GSASL_VERSION_PATCH >= 1
+# define EXIM_GSASL_SCRAM_S_KEY
+# endif
+# if GSASL_VERSION_PATCH < 2
+# define CHANNELBIND_HACK
+# endif
+
+#else
+# define CHANNELBIND_HACK
+#endif
+
+
/* Authenticator-specific options. */
/* I did have server_*_condition options for various mechanisms, but since
we only ever handle one mechanism at a time, I didn't see the point in keeping
that. In case someone sees a point, I've left the condition_check() API
alone. */
+#define LOFF(field) OPT_OFF(auth_gsasl_options_block, field)
+
optionlist auth_gsasl_options[] = {
- { "server_channelbinding", opt_bool,
- (void *)(offsetof(auth_gsasl_options_block, server_channelbinding)) },
- { "server_hostname", opt_stringptr,
- (void *)(offsetof(auth_gsasl_options_block, server_hostname)) },
- { "server_mech", opt_stringptr,
- (void *)(offsetof(auth_gsasl_options_block, server_mech)) },
- { "server_password", opt_stringptr,
- (void *)(offsetof(auth_gsasl_options_block, server_password)) },
- { "server_realm", opt_stringptr,
- (void *)(offsetof(auth_gsasl_options_block, server_realm)) },
- { "server_scram_iter", opt_stringptr,
- (void *)(offsetof(auth_gsasl_options_block, server_scram_iter)) },
- { "server_scram_salt", opt_stringptr,
- (void *)(offsetof(auth_gsasl_options_block, server_scram_salt)) },
- { "server_service", opt_stringptr,
- (void *)(offsetof(auth_gsasl_options_block, server_service)) }
+ { "client_authz", opt_stringptr, LOFF(client_authz) },
+ { "client_channelbinding", opt_bool, LOFF(client_channelbinding) },
+ { "client_password", opt_stringptr, LOFF(client_password) },
+ { "client_spassword", opt_stringptr, LOFF(client_spassword) },
+ { "client_username", opt_stringptr, LOFF(client_username) },
+
+ { "server_channelbinding", opt_bool, LOFF(server_channelbinding) },
+ { "server_hostname", opt_stringptr, LOFF(server_hostname) },
+#ifdef EXIM_GSASL_SCRAM_S_KEY
+ { "server_key", opt_stringptr, LOFF(server_key) },
+#endif
+ { "server_mech", opt_stringptr, LOFF(server_mech) },
+ { "server_password", opt_stringptr, LOFF(server_password) },
+ { "server_realm", opt_stringptr, LOFF(server_realm) },
+ { "server_scram_iter", opt_stringptr, LOFF(server_scram_iter) },
+ { "server_scram_salt", opt_stringptr, LOFF(server_scram_salt) },
+#ifdef EXIM_GSASL_SCRAM_S_KEY
+ { "server_skey", opt_stringptr, LOFF(server_s_key) },
+#endif
+ { "server_service", opt_stringptr, LOFF(server_service) }
};
-/* GSASL_SCRAM_SALTED_PASSWORD documented only for client, so not implementing
-hooks to avoid cleartext passwords in the Exim server. */
int auth_gsasl_options_count =
sizeof(auth_gsasl_options)/sizeof(optionlist);
/* Defaults for the authenticator-specific options. */
auth_gsasl_options_block auth_gsasl_option_defaults = {
- US"smtp", /* server_service */
- US"$primary_hostname", /* server_hostname */
- NULL, /* server_realm */
- NULL, /* server_mech */
- NULL, /* server_password */
- NULL, /* server_scram_iter */
- NULL, /* server_scram_salt */
- FALSE /* server_channelbinding */
+ .server_service = US"smtp",
+ .server_hostname = US"$primary_hostname",
+ .server_scram_iter = US"4096",
+ /* all others zero/null */
};
#ifdef MACRO_PREDEF
+# include "../macro_predef.h"
/* Dummy values */
void auth_gsasl_init(auth_instance *ablock) {}
int auth_gsasl_server(auth_instance *ablock, uschar *data) {return 0;}
-int auth_gsasl_client(auth_instance *ablock, smtp_inblock * sx,
+int auth_gsasl_client(auth_instance *ablock, void * sx,
int timeout, uschar *buffer, int buffsize) {return 0;}
void auth_gsasl_version_report(FILE *f) {}
+void
+auth_gsasl_macros(void)
+{
+# ifdef EXIM_GSASL_HAVE_SCRAM_SHA_256
+ builtin_macro_create(US"_HAVE_AUTH_GSASL_SCRAM_SHA_256");
+# endif
+# ifdef EXIM_GSASL_SCRAM_S_KEY
+ builtin_macro_create(US"_HAVE_AUTH_GSASL_SCRAM_S_KEY");
+# endif
+}
+
#else /*!MACRO_PREDEF*/
void
auth_gsasl_init(auth_instance *ablock)
{
-char *p;
-int rc, supported;
+static char * once = NULL;
+int rc;
auth_gsasl_options_block *ob =
(auth_gsasl_options_block *)(ablock->options_block);
/* We don't need this except to log it for debugging. */
-if ((rc = gsasl_server_mechlist(gsasl_ctx, &p)) != GSASL_OK)
- log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
- "failed to retrieve list of mechanisms: %s (%s)",
- ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc));
+HDEBUG(D_auth) if (!once)
+ {
+ if ((rc = gsasl_server_mechlist(gsasl_ctx, &once)) != GSASL_OK)
+ log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
+ "failed to retrieve list of mechanisms: %s (%s)",
+ ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc));
-HDEBUG(D_auth) debug_printf("GNU SASL supports: %s\n", p);
+ debug_printf("GNU SASL supports: %s\n", once);
+ }
-supported = gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech);
-if (!supported)
+if (!gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech))
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
"GNU SASL does not support mechanism \"%s\"",
ablock->name, ob->server_mech);
+ablock->server = TRUE;
+
if ( !ablock->server_condition
&& ( streqic(ob->server_mech, US"EXTERNAL")
|| streqic(ob->server_mech, US"ANONYMOUS")
|| streqic(ob->server_mech, US"PLAIN")
|| streqic(ob->server_mech, US"LOGIN")
) )
- log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
- "Need server_condition for %s mechanism",
+ {
+ ablock->server = FALSE;
+ HDEBUG(D_auth) debug_printf("%s authenticator: "
+ "Need server_condition for %s mechanism\n",
ablock->name, ob->server_mech);
+ }
/* This does *not* scale to new SASL mechanisms. Need a better way to ask
which properties will be needed. */
if ( !ob->server_realm
&& streqic(ob->server_mech, US"DIGEST-MD5"))
- log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
- "Need server_realm for %s mechanism",
+ {
+ ablock->server = FALSE;
+ HDEBUG(D_auth) debug_printf("%s authenticator: "
+ "Need server_realm for %s mechanism\n",
ablock->name, ob->server_mech);
+ }
/* At present, for mechanisms we don't panic on absence of server_condition;
need to figure out the most generically correct approach to deciding when
it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism,
etc) it clearly is critical.
-
-So don't activate without server_condition, this might be relaxed in the future.
*/
-if (ablock->server_condition) ablock->server = TRUE;
-ablock->client = FALSE;
+ablock->client = ob->client_username && ob->client_password;
}
struct callback_exim_state *cb_state =
(struct callback_exim_state *)gsasl_session_hook_get(sctx);
-HDEBUG(D_auth)
- debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n",
- prop, callback_loop);
-
if (!cb_state)
{
- HDEBUG(D_auth) debug_printf(" not from our server/client processing.\n");
+ HDEBUG(D_auth) debug_printf("gsasl callback (%d) not from our server/client processing\n", prop);
+#ifdef CHANNELBIND_HACK
+ if (prop == GSASL_CB_TLS_UNIQUE)
+ {
+ uschar * s;
+ if ((s = gsasl_callback_hook_get(ctx)))
+ {
+ HDEBUG(D_auth) debug_printf("GSASL_CB_TLS_UNIQUE from ctx hook\n");
+ gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CS s);
+ }
+ else
+ {
+ HDEBUG(D_auth) debug_printf("GSASL_CB_TLS_UNIQUE! dummy for now\n");
+ gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, "");
+ }
+ return GSASL_OK;
+ }
+#endif
return GSASL_NO_CALLBACK;
}
+HDEBUG(D_auth)
+ debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n",
+ prop, callback_loop);
+
if (callback_loop > 0)
{
- /* Most likely is that we were asked for property foo, and to
- expand the string we asked for property bar to put into an auth
- variable, but property bar is not supplied for this mechanism. */
+ /* Most likely is that we were asked for property FOO, and to
+ expand the string we asked for property BAR to put into an auth
+ variable, but property BAR is not supplied for this mechanism. */
HDEBUG(D_auth)
debug_printf("Loop, asked for property %d while handling property %d\n",
prop, callback_loop);
}
+/*************************************************
+* Debug service function *
+*************************************************/
+static const uschar *
+gsasl_prop_code_to_name(Gsasl_property prop)
+{
+switch (prop)
+ {
+ case GSASL_AUTHID: return US"AUTHID";
+ case GSASL_AUTHZID: return US"AUTHZID";
+ case GSASL_PASSWORD: return US"PASSWORD";
+ case GSASL_ANONYMOUS_TOKEN: return US"ANONYMOUS_TOKEN";
+ case GSASL_SERVICE: return US"SERVICE";
+ case GSASL_HOSTNAME: return US"HOSTNAME";
+ case GSASL_GSSAPI_DISPLAY_NAME: return US"GSSAPI_DISPLAY_NAME";
+ case GSASL_PASSCODE: return US"PASSCODE";
+ case GSASL_SUGGESTED_PIN: return US"SUGGESTED_PIN";
+ case GSASL_PIN: return US"PIN";
+ case GSASL_REALM: return US"REALM";
+ case GSASL_DIGEST_MD5_HASHED_PASSWORD: return US"DIGEST_MD5_HASHED_PASSWORD";
+ case GSASL_QOPS: return US"QOPS";
+ case GSASL_QOP: return US"QOP";
+ case GSASL_SCRAM_ITER: return US"SCRAM_ITER";
+ case GSASL_SCRAM_SALT: return US"SCRAM_SALT";
+ case GSASL_SCRAM_SALTED_PASSWORD: return US"SCRAM_SALTED_PASSWORD";
+#ifdef EXIM_GSASL_SCRAM_S_KEY
+ case GSASL_SCRAM_STOREDKEY: return US"SCRAM_STOREDKEY";
+ case GSASL_SCRAM_SERVERKEY: return US"SCRAM_SERVERKEY";
+#endif
+ case GSASL_CB_TLS_UNIQUE: return US"CB_TLS_UNIQUE";
+ case GSASL_SAML20_IDP_IDENTIFIER: return US"SAML20_IDP_IDENTIFIER";
+ case GSASL_SAML20_REDIRECT_URL: return US"SAML20_REDIRECT_URL";
+ case GSASL_OPENID20_REDIRECT_URL: return US"OPENID20_REDIRECT_URL";
+ case GSASL_OPENID20_OUTCOME_DATA: return US"OPENID20_OUTCOME_DATA";
+ case GSASL_SAML20_AUTHENTICATE_IN_BROWSER: return US"SAML20_AUTHENTICATE_IN_BROWSER";
+ case GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: return US"OPENID20_AUTHENTICATE_IN_BROWSER";
+ case GSASL_VALIDATE_SIMPLE: return US"VALIDATE_SIMPLE";
+ case GSASL_VALIDATE_EXTERNAL: return US"VALIDATE_EXTERNAL";
+ case GSASL_VALIDATE_ANONYMOUS: return US"VALIDATE_ANONYMOUS";
+ case GSASL_VALIDATE_GSSAPI: return US"VALIDATE_GSSAPI";
+ case GSASL_VALIDATE_SECURID: return US"VALIDATE_SECURID";
+ case GSASL_VALIDATE_SAML20: return US"VALIDATE_SAML20";
+ case GSASL_VALIDATE_OPENID20: return US"VALIDATE_OPENID20";
+ }
+return CUS string_sprintf("(unknown prop: %d)", (int)prop);
+}
+
/*************************************************
* Server entry point *
*************************************************/
int rc, auth_result, exim_error, exim_error_override;
HDEBUG(D_auth)
- debug_printf("GNU SASL: initialising session for %s, mechanism %s.\n",
+ debug_printf("GNU SASL: initialising session for %s, mechanism %s\n",
ablock->name, ob->server_mech);
+#ifndef DISABLE_TLS
+if (tls_in.channelbinding && ob->server_channelbinding)
+ {
+# ifndef DISABLE_TLS_RESUME
+ if (!tls_in.ext_master_secret && tls_in.resumption == RESUME_USED)
+ { /* per RFC 7677 section 4 */
+ HDEBUG(D_auth) debug_printf(
+ "channel binding not usable on resumed TLS without extended-master-secret");
+ return FAIL;
+ }
+# endif
+# ifdef CHANNELBIND_HACK
+/* This is a gross hack to get around the library before 1.9.2
+a) requiring that c-b was already set, at the _start() call, and
+b) caching a b64'd version of the binding then which it never updates. */
+
+ gsasl_callback_hook_set(gsasl_ctx, tls_in.channelbinding);
+# endif
+ }
+#endif
+
if ((rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx)) != GSASL_OK)
{
auth_defer_msg = string_sprintf("GNU SASL: session start failure: %s (%s)",
}
/* Hereafter: gsasl_finish(sctx) please */
-gsasl_session_hook_set(sctx, (void *)ablock);
cb_state.ablock = ablock;
cb_state.currently = CURRENTLY_SERVER;
-gsasl_session_hook_set(sctx, (void *)&cb_state);
+gsasl_session_hook_set(sctx, &cb_state);
tmps = CS expand_string(ob->server_service);
gsasl_property_set(sctx, GSASL_SERVICE, tmps);
would then result in mechanism name changes on a library update, we
have little choice but to default it off and let the admin choose to
enable it. *sigh*
+
+ Earlier library versions need this set early, during the _start() call,
+ so we had to misuse gsasl_callback_hook_set/get() as a data transfer
+ mech for the callback done at that time to get the bind-data. More recently
+ the callback is done (if needed) during the first gsasl_stop(). We know
+ the bind-data here so can set it (and should not get a callback).
*/
if (ob->server_channelbinding)
{
HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n",
ablock->name);
- gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE,
- CCS tls_in.channelbinding);
+# ifndef CHANNELBIND_HACK
+ gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_in.channelbinding);
+# endif
}
else
HDEBUG(D_auth)
goto STOP_INTERACTION;
}
+ /*XXX having our caller send the final smtp "235" is unfortunate; wastes a roundtrip */
if ((rc == GSASL_NEEDS_MORE) || (to_send && *to_send))
- exim_error = auth_get_no64_data((uschar **)&received, US to_send);
+ exim_error = auth_get_no64_data(USS &received, US to_send);
if (to_send)
{
STOP_INTERACTION:
auth_result = rc;
+HDEBUG(D_auth)
+ {
+ const uschar * s;
+ if ((s = CUS gsasl_property_fast(sctx, GSASL_SCRAM_ITER)))
+ debug_printf(" - itercnt: '%s'\n", s);
+ if ((s = CUS gsasl_property_fast(sctx, GSASL_SCRAM_SALT)))
+ debug_printf(" - salt: '%s'\n", s);
+#ifdef EXIM_GSASL_SCRAM_S_KEY
+ if ((s = CUS gsasl_property_fast(sctx, GSASL_SCRAM_SERVERKEY)))
+ debug_printf(" - ServerKey: '%s'\n", s);
+ if ((s = CUS gsasl_property_fast(sctx, GSASL_SCRAM_STOREDKEY)))
+ debug_printf(" - StoredKey: '%s'\n", s);
+#endif
+ }
+
gsasl_finish(sctx);
/* Can return: OK DEFER FAIL CANCELLED BAD64 UNEXPECTED */
return GSASL_AUTHENTICATION_ERROR;
}
+
+/* Set the "next" $auth[n] and increment expand_nmax */
+
+static void
+set_exim_authvar_from_prop(Gsasl_session * sctx, Gsasl_property prop)
+{
+uschar * propval = US gsasl_property_fast(sctx, prop);
+int i = expand_nmax, j = i + 1;
+propval = propval ? string_copy(propval) : US"";
+HDEBUG(D_auth) debug_printf("auth[%d] <= %s'%s'\n",
+ j, gsasl_prop_code_to_name(prop), propval);
+expand_nstring[j] = propval;
+expand_nlength[j] = Ustrlen(propval);
+if (i < AUTH_VARS) auth_vars[i] = propval;
+expand_nmax = j;
+}
+
+static void
+set_exim_authvars_from_a_az_r_props(Gsasl_session * sctx)
+{
+if (expand_nmax > 0 ) return;
+
+/* Asking for GSASL_AUTHZID calls back into us if we use
+gsasl_property_get(), thus the use of gsasl_property_fast().
+Do we really want to hardcode limits per mechanism? What happens when
+a new mechanism is added to the library. It *shouldn't* result in us
+needing to add more glue, since avoiding that is a large part of the
+point of SASL. */
+
+set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
+set_exim_authvar_from_prop(sctx, GSASL_AUTHZID);
+set_exim_authvar_from_prop(sctx, GSASL_REALM);
+}
+
+
+static int
+prop_from_option(Gsasl_session * sctx, Gsasl_property prop,
+ const uschar * option)
+{
+HDEBUG(D_auth) debug_printf(" %s\n", gsasl_prop_code_to_name(prop));
+if (option)
+ {
+ set_exim_authvars_from_a_az_r_props(sctx);
+ option = expand_cstring(option);
+ HDEBUG(D_auth) debug_printf(" '%s'\n", option);
+ if (*option)
+ gsasl_property_set(sctx, prop, CCS option);
+ return GSASL_OK;
+ }
+HDEBUG(D_auth) debug_printf(" option not set\n");
+return GSASL_NO_CALLBACK;
+}
+
static int
server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop,
auth_instance *ablock)
{
char *tmps;
-uschar *propval;
+uschar *s, *propval;
int cbrc = GSASL_NO_CALLBACK;
auth_gsasl_options_block *ob =
(auth_gsasl_options_block *)(ablock->options_block);
-HDEBUG(D_auth)
- debug_printf("GNU SASL callback %d for %s/%s as server\n",
- prop, ablock->name, ablock->public_name);
+HDEBUG(D_auth) debug_printf("GNU SASL callback %s for %s/%s as server\n",
+ gsasl_prop_code_to_name(prop), ablock->name, ablock->public_name);
for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL;
expand_nmax = 0;
{
case GSASL_VALIDATE_SIMPLE:
/* GSASL_AUTHID, GSASL_AUTHZID, and GSASL_PASSWORD */
- propval = US gsasl_property_fast(sctx, GSASL_AUTHID);
- auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
- auth_vars[1] = expand_nstring[2] = propval ? propval : US"";
- propval = US gsasl_property_fast(sctx, GSASL_PASSWORD);
- auth_vars[2] = expand_nstring[3] = propval ? propval : US"";
- expand_nmax = 3;
- for (int i = 1; i <= 3; ++i)
- expand_nlength[i] = Ustrlen(expand_nstring[i]);
+ set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
+ set_exim_authvar_from_prop(sctx, GSASL_AUTHZID);
+ set_exim_authvar_from_prop(sctx, GSASL_PASSWORD);
cbrc = condition_check(ablock, US"server_condition", ablock->server_condition);
checked_server_condition = TRUE;
case GSASL_VALIDATE_EXTERNAL:
if (!ablock->server_condition)
{
- HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate EXTERNAL.\n");
+ HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate EXTERNAL\n");
cbrc = GSASL_AUTHENTICATION_ERROR;
break;
}
- propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
-
- /* We always set $auth1, even if only to empty string. */
- auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- expand_nlength[1] = Ustrlen(expand_nstring[1]);
- expand_nmax = 1;
+ set_exim_authvar_from_prop(sctx, GSASL_AUTHZID);
cbrc = condition_check(ablock,
US"server_condition (EXTERNAL)", ablock->server_condition);
case GSASL_VALIDATE_ANONYMOUS:
if (!ablock->server_condition)
{
- HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate ANONYMOUS.\n");
+ HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate ANONYMOUS\n");
cbrc = GSASL_AUTHENTICATION_ERROR;
break;
}
- propval = US gsasl_property_fast(sctx, GSASL_ANONYMOUS_TOKEN);
-
- /* We always set $auth1, even if only to empty string. */
-
- auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- expand_nlength[1] = Ustrlen(expand_nstring[1]);
- expand_nmax = 1;
+ set_exim_authvar_from_prop(sctx, GSASL_ANONYMOUS_TOKEN);
cbrc = condition_check(ablock,
US"server_condition (ANONYMOUS)", ablock->server_condition);
to the first release of Exim with this authenticator, they've been
switched to match the ordering of GSASL_VALIDATE_SIMPLE. */
- propval = US gsasl_property_fast(sctx, GSASL_GSSAPI_DISPLAY_NAME);
- auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
- auth_vars[1] = expand_nstring[2] = propval ? propval : US"";
- expand_nmax = 2;
- for (int i = 1; i <= 2; ++i)
- expand_nlength[i] = Ustrlen(expand_nstring[i]);
+ set_exim_authvar_from_prop(sctx, GSASL_GSSAPI_DISPLAY_NAME);
+ set_exim_authvar_from_prop(sctx, GSASL_AUTHZID);
/* In this one case, it perhaps makes sense to default back open?
But for consistency, let's just mandate server_condition here too. */
checked_server_condition = TRUE;
break;
+ case GSASL_SCRAM_ITER:
+ cbrc = prop_from_option(sctx, prop, ob->server_scram_iter);
+ break;
+
+ case GSASL_SCRAM_SALT:
+ cbrc = prop_from_option(sctx, prop, ob->server_scram_salt);
+ break;
+
+#ifdef EXIM_GSASL_SCRAM_S_KEY
+ case GSASL_SCRAM_STOREDKEY:
+ cbrc = prop_from_option(sctx, prop, ob->server_s_key);
+ break;
+
+ case GSASL_SCRAM_SERVERKEY:
+ cbrc = prop_from_option(sctx, prop, ob->server_key);
+ break;
+#endif
+
case GSASL_PASSWORD:
- /* DIGEST-MD5: GSASL_AUTHID, GSASL_AUTHZID and GSASL_REALM
+ /* SCRAM-*: GSASL_AUTHID, GSASL_AUTHZID and GSASL_REALM
+ DIGEST-MD5: GSASL_AUTHID, GSASL_AUTHZID and GSASL_REALM
CRAM-MD5: GSASL_AUTHID
PLAIN: GSASL_AUTHID and GSASL_AUTHZID
LOGIN: GSASL_AUTHID
*/
- if (ob->server_scram_iter)
- {
- tmps = CS expand_string(ob->server_scram_iter);
- gsasl_property_set(sctx, GSASL_SCRAM_ITER, tmps);
- }
- if (ob->server_scram_salt)
+ set_exim_authvars_from_a_az_r_props(sctx);
+
+ if (!(s = ob->server_password))
{
- tmps = CS expand_string(ob->server_scram_salt);
- gsasl_property_set(sctx, GSASL_SCRAM_SALT, tmps);
+ HDEBUG(D_auth) debug_printf("option not set\n");
+ break;
}
-
- /* Asking for GSASL_AUTHZID calls back into us if we use
- gsasl_property_get(), thus the use of gsasl_property_fast().
- Do we really want to hardcode limits per mechanism? What happens when
- a new mechanism is added to the library. It *shouldn't* result in us
- needing to add more glue, since avoiding that is a large part of the
- point of SASL. */
-
- propval = US gsasl_property_fast(sctx, GSASL_AUTHID);
- auth_vars[0] = expand_nstring[1] = propval ? propval : US"";
- propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
- auth_vars[1] = expand_nstring[2] = propval ? propval : US"";
- propval = US gsasl_property_fast(sctx, GSASL_REALM);
- auth_vars[2] = expand_nstring[3] = propval ? propval : US"";
- expand_nmax = 3;
- for (int i = 1; i <= 3; ++i)
- expand_nlength[i] = Ustrlen(expand_nstring[i]);
-
- if (!(tmps = CS expand_string(ob->server_password)))
+ if (!(tmps = CS expand_string(s)))
{
- sasl_error_should_defer = f.expand_string_forcedfail ? FALSE : TRUE;
+ sasl_error_should_defer = !f.expand_string_forcedfail;
HDEBUG(D_auth) debug_printf("server_password expansion failed, so "
"can't tell GNU SASL library the password for %s\n", auth_vars[0]);
return GSASL_AUTHENTICATION_ERROR;
}
+ HDEBUG(D_auth) debug_printf(" set\n");
gsasl_property_set(sctx, GSASL_PASSWORD, tmps);
/* This is inadequate; don't think Exim's store stacks are geared
break;
default:
- HDEBUG(D_auth) debug_printf("Unrecognised callback: %d\n", prop);
+ HDEBUG(D_auth) debug_printf(" Unrecognised callback: %d\n", prop);
cbrc = GSASL_NO_CALLBACK;
}
}
+/******************************************************************************/
+
+#define PROP_OPTIONAL BIT(0)
+
+static BOOL
+set_client_prop(Gsasl_session * sctx, Gsasl_property prop, uschar * val,
+ unsigned flags, uschar * buffer, int buffsize)
+{
+uschar * s;
+int rc;
+
+if (!val) return !!(flags & PROP_OPTIONAL);
+if (!(s = expand_string(val)) || !(flags & PROP_OPTIONAL) && !*s)
+ {
+ string_format(buffer, buffsize, "%s", expand_string_message);
+ return FALSE;
+ }
+if (*s)
+ {
+ HDEBUG(D_auth) debug_printf("%s: set %s = '%s'\n", __FUNCTION__,
+ gsasl_prop_code_to_name(prop), s);
+ gsasl_property_set(sctx, prop, CS s);
+ }
+
+return TRUE;
+}
+
/*************************************************
* Client entry point *
*************************************************/
int
auth_gsasl_client(
auth_instance *ablock, /* authenticator block */
- smtp_inblock * sx, /* connection */
+ void * sx, /* connection */
int timeout, /* command timeout */
uschar *buffer, /* buffer for reading response */
int buffsize) /* size of buffer */
{
+auth_gsasl_options_block *ob =
+ (auth_gsasl_options_block *)(ablock->options_block);
+Gsasl_session * sctx = NULL;
+struct callback_exim_state cb_state;
+uschar * s;
+BOOL initial = TRUE;
+int rc, yield = FAIL;
+
HDEBUG(D_auth)
- debug_printf("Client side NOT IMPLEMENTED: you should not see this!\n");
-/* NOT IMPLEMENTED */
-return FAIL;
+ debug_printf("GNU SASL: initialising session for %s, mechanism %s\n",
+ ablock->name, ob->server_mech);
+
+*buffer = 0;
+
+#ifndef DISABLE_TLS
+if (tls_out.channelbinding && ob->client_channelbinding)
+ {
+# ifndef DISABLE_TLS_RESUME
+ if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)
+ { /* Per RFC 7677 section 4. See also RFC 7627, "Triple Handshake"
+ vulnerability, and https://www.mitls.org/pages/attacks/3SHAKE */
+ string_format(buffer, buffsize, "%s",
+ "channel binding not usable on resumed TLS without extended-master-secret");
+ return FAIL;
+ }
+# endif
+# ifdef CHANNELBIND_HACK
+ /* This is a gross hack to get around the library before 1.9.2
+ a) requiring that c-b was already set, at the _start() call, and
+ b) caching a b64'd version of the binding then which it never updates. */
+
+ gsasl_callback_hook_set(gsasl_ctx, tls_out.channelbinding);
+# endif
+ }
+#endif
+
+if ((rc = gsasl_client_start(gsasl_ctx, CCS ob->server_mech, &sctx)) != GSASL_OK)
+ {
+ string_format(buffer, buffsize, "GNU SASL: session start failure: %s (%s)",
+ gsasl_strerror_name(rc), gsasl_strerror(rc));
+ HDEBUG(D_auth) debug_printf("%s\n", buffer);
+ return ERROR;
+ }
+
+cb_state.ablock = ablock;
+cb_state.currently = CURRENTLY_CLIENT;
+gsasl_session_hook_set(sctx, &cb_state);
+
+/* Set properties */
+
+if ( !set_client_prop(sctx, GSASL_PASSWORD, ob->client_password,
+ 0, buffer, buffsize)
+ || !set_client_prop(sctx, GSASL_AUTHID, ob->client_username,
+ 0, buffer, buffsize)
+ || !set_client_prop(sctx, GSASL_AUTHZID, ob->client_authz,
+ PROP_OPTIONAL, buffer, buffsize)
+ )
+ return ERROR;
+
+#ifndef DISABLE_TLS
+if (tls_out.channelbinding)
+ if (ob->client_channelbinding)
+ {
+ HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n",
+ ablock->name);
+# ifndef CHANNELBIND_HACK
+ gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_out.channelbinding);
+# endif
+ }
+ else
+ HDEBUG(D_auth)
+ debug_printf("Auth %s: Not enabling channel-binding (data available)\n",
+ ablock->name);
+#endif
+
+/* Run the SASL conversation with the server */
+
+for(s = NULL; ;)
+ {
+ uschar * outstr;
+ BOOL fail;
+
+ rc = gsasl_step64(sctx, CS s, CSS &outstr);
+
+ fail = initial
+ ? smtp_write_command(sx, SCMD_FLUSH,
+ outstr ? "AUTH %s %s\r\n" : "AUTH %s\r\n",
+ ablock->public_name, outstr) <= 0
+ : outstr
+ ? smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", outstr) <= 0
+ : FALSE;
+ if (outstr && *outstr) free(outstr);
+ if (fail)
+ {
+ yield = FAIL_SEND;
+ goto done;
+ }
+ initial = FALSE;
+
+ if (rc != GSASL_NEEDS_MORE)
+ {
+ if (rc != GSASL_OK)
+ {
+ string_format(buffer, buffsize, "gsasl: %s", gsasl_strerror(rc));
+ break;
+ }
+
+ /* expecting a final 2xx from the server, accepting the AUTH */
+
+ if (smtp_read_response(sx, buffer, buffsize, '2', timeout))
+ yield = OK;
+ break; /* from SASL sequence loop */
+ }
+
+ /* 2xx or 3xx response is acceptable. If 2xx, no further input */
+
+ if (!smtp_read_response(sx, buffer, buffsize, '3', timeout))
+ if (errno == 0 && buffer[0] == '2')
+ buffer[4] = '\0';
+ else
+ {
+ yield = FAIL;
+ goto done;
+ }
+ s = buffer + 4;
+ }
+
+done:
+if (yield == OK)
+ {
+ expand_nmax = 0;
+ set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
+ set_exim_authvar_from_prop(sctx, GSASL_SCRAM_ITER);
+ set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALT);
+ set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALTED_PASSWORD);
+ }
+
+gsasl_finish(sctx);
+return yield;
}
static int
client_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, auth_instance *ablock)
{
-int cbrc = GSASL_NO_CALLBACK;
-HDEBUG(D_auth)
- debug_printf("GNU SASL callback %d for %s/%s as client\n",
- prop, ablock->name, ablock->public_name);
-
-HDEBUG(D_auth)
- debug_printf("Client side NOT IMPLEMENTED: you should not see this!\n");
-
-return cbrc;
+HDEBUG(D_auth) debug_printf("GNU SASL callback %s for %s/%s as client\n",
+ gsasl_prop_code_to_name(prop), ablock->name, ablock->public_name);
+switch (prop)
+ {
+ case GSASL_CB_TLS_UNIQUE: /*XXX should never get called for this */
+ HDEBUG(D_auth)
+ debug_printf(" filling in\n");
+ gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_out.channelbinding);
+ break;
+ case GSASL_SCRAM_SALTED_PASSWORD:
+ {
+ uschar * client_spassword =
+ ((auth_gsasl_options_block *) ablock->options_block)->client_spassword;
+ uschar dummy[4];
+ HDEBUG(D_auth) if (!client_spassword)
+ debug_printf(" client_spassword option unset\n");
+ if (client_spassword)
+ {
+ expand_nmax = 0;
+ set_exim_authvar_from_prop(sctx, GSASL_AUTHID);
+ set_exim_authvar_from_prop(sctx, GSASL_SCRAM_ITER);
+ set_exim_authvar_from_prop(sctx, GSASL_SCRAM_SALT);
+ set_client_prop(sctx, GSASL_SCRAM_SALTED_PASSWORD, client_spassword,
+ 0, dummy, sizeof(dummy));
+ for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL;
+ expand_nmax = 0;
+ }
+ break;
+ }
+ default:
+ HDEBUG(D_auth)
+ debug_printf(" not providing one\n");
+ break;
+ }
+return GSASL_NO_CALLBACK;
}
/*************************************************
GSASL_VERSION, runtime);
}
+
+
+/* Dummy */
+void auth_gsasl_macros(void) {}
+
#endif /*!MACRO_PREDEF*/
#endif /* AUTH_GSASL */