Commit | Line | Data |
---|---|---|
0756eb3c PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
3386088d | 5 | /* Copyright (c) University of Cambridge 1995 - 2015 */ |
1e1ddfac | 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
0756eb3c PH |
7 | /* See the file NOTICE for conditions of use and distribution. */ |
8 | ||
9 | /* This module contains interface functions to the two Cyrus authentication | |
10 | daemons. The original one was "pwcheck", which gives its name to the source | |
11 | file. This is now deprecated in favour of "saslauthd". */ | |
12 | ||
13 | ||
14 | #include "../exim.h" | |
15 | #include "pwcheck.h" | |
16 | ||
17 | ||
18 | /************************************************* | |
19 | * External entry point for pwcheck * | |
20 | *************************************************/ | |
21 | ||
22 | /* This function calls the now-deprecated "pwcheck" Cyrus-SASL authentication | |
23 | daemon, passing over a colon-separated user name and password. As this is | |
24 | called from the string expander, the string will always be in dynamic store and | |
25 | can be overwritten. | |
26 | ||
27 | Arguments: | |
28 | s a colon-separated username:password string | |
29 | errptr where to point an error message | |
30 | ||
31 | Returns: OK if authentication succeeded | |
32 | FAIL if authentication failed | |
33 | ERROR some other error condition | |
34 | */ | |
35 | ||
36 | int | |
37 | auth_call_pwcheck(uschar *s, uschar **errptr) | |
38 | { | |
39 | uschar *reply = NULL; | |
40 | uschar *pw = Ustrrchr(s, ':'); | |
41 | ||
42 | if (pw == NULL) | |
43 | { | |
44 | *errptr = US"pwcheck: malformed input - missing colon"; | |
45 | return ERROR; | |
46 | } | |
47 | ||
48 | *pw++ = 0; /* Separate user and password */ | |
49 | ||
50 | DEBUG(D_auth) | |
51 | debug_printf("Running pwcheck authentication for user \"%s\"\n", s); | |
52 | ||
3d2e82c5 | 53 | switch (pwcheck_verify_password(CS s, CS pw, CCSS &reply)) |
0756eb3c PH |
54 | { |
55 | case PWCHECK_OK: | |
56 | DEBUG(D_auth) debug_printf("pwcheck: success (%s)\n", reply); | |
57 | return OK; | |
58 | ||
59 | case PWCHECK_NO: | |
60 | DEBUG(D_auth) debug_printf("pwcheck: access denied (%s)\n", reply); | |
61 | return FAIL; | |
62 | ||
63 | default: | |
64 | DEBUG(D_auth) debug_printf("pwcheck: query failed (%s)\n", reply); | |
65 | *errptr = reply; | |
66 | return ERROR; | |
67 | } | |
68 | } | |
69 | ||
70 | ||
71 | /************************************************* | |
72 | * External entry point for pwauthd * | |
73 | *************************************************/ | |
74 | ||
75 | /* This function calls the "saslauthd" Cyrus-SASL authentication daemon, | |
76 | saslauthd, As this is called from the string expander, all the strings will | |
77 | always be in dynamic store and can be overwritten. | |
78 | ||
79 | Arguments: | |
80 | username username | |
81 | password password | |
82 | service optional service | |
83 | realm optional realm | |
84 | errptr where to point an error message | |
85 | ||
86 | Returns: OK if authentication succeeded | |
87 | FAIL if authentication failed | |
88 | ERROR some other error condition | |
89 | */ | |
90 | ||
91 | int | |
93a6fce2 JH |
92 | auth_call_saslauthd(const uschar *username, const uschar *password, |
93 | const uschar *service, const uschar *realm, uschar **errptr) | |
0756eb3c PH |
94 | { |
95 | uschar *reply = NULL; | |
96 | ||
97 | if (service == NULL) service = US""; | |
98 | if (realm == NULL) realm = US""; | |
99 | ||
100 | DEBUG(D_auth) | |
101 | debug_printf("Running saslauthd authentication for user \"%s\" \n", username); | |
102 | ||
103 | switch (saslauthd_verify_password(username, password, service, | |
104 | realm, (const uschar **)(&reply))) | |
105 | { | |
106 | case PWCHECK_OK: | |
107 | DEBUG(D_auth) debug_printf("saslauthd: success (%s)\n", reply); | |
108 | return OK; | |
109 | ||
110 | case PWCHECK_NO: | |
111 | DEBUG(D_auth) debug_printf("saslauthd: access denied (%s)\n", reply); | |
112 | return FAIL; | |
113 | ||
114 | default: | |
115 | DEBUG(D_auth) debug_printf("saslauthd: query failed (%s)\n", reply); | |
116 | *errptr = reply; | |
117 | return ERROR; | |
118 | } | |
119 | } | |
120 | ||
121 | /* End of call_pwcheck.c */ |