X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/0756eb3cb50d73a77b486e47528f7cb1bffdb299..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/auths/pwcheck.c diff --git a/src/src/auths/pwcheck.c b/src/src/auths/pwcheck.c index f477b6f06..aff5ed39c 100644 --- a/src/src/auths/pwcheck.c +++ b/src/src/auths/pwcheck.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/auths/pwcheck.c,v 1.1 2004/10/07 13:10:01 ph10 Exp $ */ - /* SASL server API implementation * Rob Siemborski * Tim Martin * $Id: checkpw.c,v 1.49 2002/03/07 19:14:04 ken3 Exp $ */ +/* Copyright (c) The Exim Maintainers 2021 - 2022 */ +/* SPDX-License-Identifier: GPL-2.0-only */ /* * Copyright (c) 2001 Carnegie Mellon University. All rights reserved. * @@ -50,6 +50,9 @@ * Oct 2001 - Apr 2002: Slightly modified by Philip Hazel. * Aug 2003: new code for saslauthd from Alexander S. Sabourenkov incorporated * by Philip Hazel (minor mods to avoid compiler warnings) + * Oct 2006: (PH) removed redundant tests on "reply" being NULL - some were + * missing, and confused someone who was using this code for some + * other purpose. Here in Exim, "reply" is never NULL. * * screwdriver@lxnt.info * @@ -85,8 +88,6 @@ int pwcheck_verify_password(const char *userid, const char *passwd, const char **reply) { -userid = userid; /* Keep picky compilers happy */ -passwd = passwd; *reply = "pwcheck support is not included in this Exim binary"; return PWCHECK_FAIL; } @@ -107,25 +108,25 @@ return PWCHECK_FAIL; struct iovec iov[2]; static char response[1024]; - if (reply) { *reply = NULL; } + *reply = NULL; s = socket(AF_UNIX, SOCK_STREAM, 0); if (s == -1) { return PWCHECK_FAIL; } - memset((char *)&srvaddr, 0, sizeof(srvaddr)); + memset(CS &srvaddr, 0, sizeof(srvaddr)); srvaddr.sun_family = AF_UNIX; strncpy(srvaddr.sun_path, CYRUS_PWCHECK_SOCKET, sizeof(srvaddr.sun_path)); r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr)); if (r == -1) { DEBUG(D_auth) debug_printf("Cannot connect to pwcheck daemon (at '%s')\n",CYRUS_PWCHECK_SOCKET); - if (reply) { *reply = "cannot connect to pwcheck daemon"; } + *reply = "cannot connect to pwcheck daemon"; return PWCHECK_FAIL; } - iov[0].iov_base = (char *)userid; + iov[0].iov_base = CS userid; iov[0].iov_len = strlen(userid)+1; - iov[1].iov_base = (char *)passwd; + iov[1].iov_base = CS passwd; iov[1].iov_len = strlen(passwd)+1; retry_writev(s, iov, 2); @@ -137,14 +138,14 @@ return PWCHECK_FAIL; start += n; } - close(s); + (void)close(s); if (start > 1 && !strncmp(response, "OK", 2)) { return PWCHECK_OK; } response[start] = '\0'; - if (reply) { *reply = response; } + *reply = response; return PWCHECK_NO; } @@ -162,10 +163,6 @@ int saslauthd_verify_password(const uschar *userid, const uschar *realm, const uschar **reply) { -userid = userid; /* Keep picky compilers happy */ -passwd = passwd; -service = service; -realm = realm; *reply = US"saslauthd support is not included in this Exim binary"; return PWCHECK_FAIL; } @@ -183,7 +180,7 @@ int saslauthd_verify_password(const uschar *userid, const uschar *realm, const uschar **reply) { - uschar *daemon_reply; + uschar *daemon_reply = NULL; int s, r; struct sockaddr_un srvaddr; @@ -191,43 +188,40 @@ int saslauthd_verify_password(const uschar *userid, debug_printf("saslauthd userid='%s' servicename='%s'" " realm='%s'\n", userid, service, realm ); - if (reply) - *reply = NULL; + *reply = NULL; s = socket(AF_UNIX, SOCK_STREAM, 0); if (s == -1) { - if (reply) - *reply = CUstrerror(errno); + *reply = CUstrerror(errno); return PWCHECK_FAIL; } - memset((char *)&srvaddr, 0, sizeof(srvaddr)); + memset(CS &srvaddr, 0, sizeof(srvaddr)); srvaddr.sun_family = AF_UNIX; strncpy(srvaddr.sun_path, CYRUS_SASLAUTHD_SOCKET, sizeof(srvaddr.sun_path)); r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr)); if (r == -1) { - DEBUG(D_auth) + DEBUG(D_auth) debug_printf("Cannot connect to saslauthd daemon (at '%s'): %s\n", CYRUS_SASLAUTHD_SOCKET, strerror(errno)); - if (reply) - *reply = string_sprintf("cannot connect to saslauthd daemon at " - "%s: %s", CYRUS_SASLAUTHD_SOCKET, - strerror(errno)); + *reply = string_sprintf("cannot connect to saslauthd daemon at " + "%s: %s", CYRUS_SASLAUTHD_SOCKET, + strerror(errno)); return PWCHECK_FAIL; } if ( write_string(s, userid, Ustrlen(userid)) < 0) { DEBUG(D_auth) debug_printf("Failed to send userid to saslauthd daemon \n"); - close(s); + (void)close(s); return PWCHECK_FAIL; } if ( write_string(s, password, Ustrlen(password)) < 0) { DEBUG(D_auth) debug_printf("Failed to send password to saslauthd daemon \n"); - close(s); + (void)close(s); return PWCHECK_FAIL; } @@ -236,25 +230,25 @@ int saslauthd_verify_password(const uschar *userid, if ( write_string(s, service, Ustrlen(service)) < 0) { DEBUG(D_auth) debug_printf("Failed to send service name to saslauthd daemon \n"); - close(s); + (void)close(s); return PWCHECK_FAIL; } if ( write_string(s, realm, Ustrlen(realm)) < 0) { DEBUG(D_auth) debug_printf("Failed to send realm to saslauthd daemon \n"); - close(s); + (void)close(s); return PWCHECK_FAIL; } if ( read_string(s, &daemon_reply ) < 2) { DEBUG(D_auth) debug_printf("Corrupted answer '%s' received. \n", daemon_reply); - close(s); + (void)close(s); return PWCHECK_FAIL; } - close(s); + (void)close(s); DEBUG(D_auth) debug_printf("Answer '%s' received. \n", daemon_reply); @@ -298,7 +292,8 @@ static int read_string(int fd, uschar **retval) { if (count > MAX_REQ_LEN) { return -1; } else { - *retval = store_get(count + 1); + /* Assume the file is trusted, so no tainting */ + *retval = store_get(count + 1, GET_UNTAINTED); rc = (retry_read(fd, *retval, count) < (int) count); (*retval)[count] = '\0'; return count; @@ -345,7 +340,7 @@ static int retry_read(int fd, void *inbuf, unsigned nbyte) { int n; int nread = 0; - char *buf = (char *)inbuf; + char *buf = CS inbuf; if (nbyte == 0) return 0; @@ -434,7 +429,7 @@ retry_writev ( for (i = 0; i < iovcnt; i++) { if (iov[i].iov_len > (unsigned) n) { - iov[i].iov_base = (char *)iov[i].iov_base + n; + iov[i].iov_base = CS iov[i].iov_base + n; iov[i].iov_len -= n; break; }