X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/deafd5b336b87fdf2e96ad3a4334c211ea369af0..3ecab1575ef1f45a5e7cd3c48cd937ffa8eb0ad9:/src/src/auths/dovecot.c

diff --git a/src/src/auths/dovecot.c b/src/src/auths/dovecot.c
index a260109fb..ba0b8943a 100644
--- a/src/src/auths/dovecot.c
+++ b/src/src/auths/dovecot.c
@@ -1,5 +1,3 @@
-/* $Cambridge: exim/src/src/auths/dovecot.c,v 1.8 2008/01/18 12:23:26 nm4 Exp $ */
-
 /*
  * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
  *
@@ -101,7 +99,7 @@ static int strcut(uschar *str, uschar **ptrs, int nptrs)
                goto out; \
        if (nargs - 1 < (arg_min)) \
                goto out; \
-       if (nargs - 1 > (arg_max)) \
+       if ( (arg_max != -1) && (nargs - 1 > (arg_max)) ) \
                goto out; \
 } while (0)
 
@@ -131,6 +129,7 @@ for (;;)
     {
     sbp = read(fd, sbuffer, sizeof(sbuffer));
     if (sbp == 0) { if (count == 0) return NULL; else break; }
+    p = 0;
     }
 
   while (p < sbp)
@@ -208,35 +207,23 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
                HDEBUG(D_auth) debug_printf("received: %s\n", buffer);
                nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0]));
 
-               switch (toupper(*args[0])) {
-               case 'C':
+               /* Code below rewritten by Kirill Miazine (km@krot.org). Only check commands that
+                  Exim will need. Original code also failed if Dovecot server sent unknown
+                  command. E.g. COOKIE in version 1.1 of the protocol would cause troubles. */
+               if (Ustrcmp(args[0], US"CUID") == 0) {
                        CHECK_COMMAND("CUID", 1, 1);
                        cuid = Uatoi(args[1]);
-                       break;
-
-               case 'D':
-                       CHECK_COMMAND("DONE", 0, 0);
-                       cont = 0;
-                       break;
-
-               case 'M':
-                       CHECK_COMMAND("MECH", 1, INT_MAX);
-                       if (strcmpic(US args[1], ablock->public_name) == 0)
-                               found = 1;
-                       break;
-
-               case 'S':
-                       CHECK_COMMAND("SPID", 1, 1);
-                       break;
-
-               case 'V':
+               } else if (Ustrcmp(args[0], US"VERSION") == 0) {
                        CHECK_COMMAND("VERSION", 2, 2);
                        if (Uatoi(args[1]) != VERSION_MAJOR)
                                OUT("authentication socket protocol version mismatch");
-                       break;
-
-               default:
-                       goto out;
+               } else if (Ustrcmp(args[0], US"MECH") == 0) {
+                       CHECK_COMMAND("MECH", 1, INT_MAX);
+                       if (strcmpic(US args[1], ablock->public_name) == 0)
+                               found = 1;
+               } else if (Ustrcmp(args[0], US"DONE") == 0) {
+                       CHECK_COMMAND("DONE", 0, 0);
+                       cont = 0;
                }
        }
 
@@ -277,6 +264,9 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
 
    Subsequently, the command was modified to add "secured" and "valid-client-
    cert" when relevant.
+
+   The auth protocol is documented here:
+        http://wiki.dovecot.org/Authentication_Protocol
 ****************************************************************************/
 
        auth_command = string_sprintf("VERSION\t%d\t%d\nCPID\t%d\n"
@@ -293,6 +283,9 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
 
        while (1) {
                uschar *temp;
+               uschar *auth_id_pre = NULL;
+               int i;
+
                if (dc_gets(buffer, sizeof(buffer), fd) == NULL) {
                        auth_defer_msg = US"authentication socket read error or premature eof";
                        goto out;
@@ -329,16 +322,16 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
                        break;
 
                case 'F':
-                       CHECK_COMMAND("FAIL", 1, 2);
+                       CHECK_COMMAND("FAIL", 1, -1);
 
-                       /* FIXME: add proper response handling */
-                       if (args[2]) {
-                               uschar *p = Ustrchr(args[2], '=');
-                               if (p) {
-                                       ++p;
+                       for (i=2; (i<nargs) && (auth_id_pre == NULL); i++)
+                       {
+                               if ( Ustrncmp(args[i], US"user=", 5) == 0 )
+                               {
+                                       auth_id_pre = args[i]+5;
                                        expand_nstring[1] = auth_vars[0] =
-                                         string_copy(p);  /* PH */
-                                       expand_nlength[1] = Ustrlen(p);
+                                               string_copy(auth_id_pre); /* PH */
+                                       expand_nlength[1] = Ustrlen(auth_id_pre);
                                        expand_nmax = 1;
                                }
                        }
@@ -347,19 +340,27 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
                        goto out;
 
                case 'O':
-                       CHECK_COMMAND("OK", 2, 2);
+                       CHECK_COMMAND("OK", 2, -1);
+
+                       /*
+                        * Search for the "user=$USER" string in the args array
+                        * and return the proper value.
+                        */
+                       for (i=2; (i<nargs) && (auth_id_pre == NULL); i++)
                        {
-                               /* FIXME: add proper response handling */
-                               uschar *p = Ustrchr(args[2], '=');
-                               if (!p)
-                                       OUT("authentication socket protocol error, username missing");
-
-                               p++;
-                               expand_nstring[1] = auth_vars[0] =
-                                 string_copy(p);  /* PH */
-                               expand_nlength[1] = Ustrlen(p);
-                               expand_nmax = 1;
+                               if ( Ustrncmp(args[i], US"user=", 5) == 0 )
+                               {
+                                       auth_id_pre = args[i]+5;
+                                       expand_nstring[1] = auth_vars[0] =
+                                               string_copy(auth_id_pre); /* PH */
+                                       expand_nlength[1] = Ustrlen(auth_id_pre);
+                                       expand_nmax = 1;
+                               }
                        }
+
+                       if (auth_id_pre == NULL)
+                               OUT("authentication socket protocol error, username missing");
+
                        ret = OK;
                        /* fallthrough */
 
@@ -369,6 +370,9 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
        }
 
 out:
+       /* close the socket used by dovecot */
+       if (fd >= 0)
+              close(fd);
 
        /* Expand server_condition as an authorization check */
        return (ret == OK)? auth_check_serv_cond(ablock) : ret;