[exim.git] / src / src / auths / check_serv_cond.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"

/* This module contains the function server_condition(), which is used
by all authenticators. */


/*************************************************
*              Check server_condition            *
*************************************************/

/* This function is called from the server code of all authenticators. For
plaintext, it is always called: the argument cannot be empty, because for
plaintext, setting server_condition is what enables it as a server
authenticator. For all the other authenticators, this function is called after
they have authenticated, to enable additional authorization to be done.

Argument:     the authenticator's instance block

Returns:
  OK          NULL argument, or success
  DEFER       couldn't complete the check
  FAIL        authentication failed
*/

int
auth_check_serv_cond(auth_instance *ablock)
{
uschar *cond;

HDEBUG(D_auth)
  {
  int i;
  debug_printf("%s authenticator:\n", ablock->name);
  for (i = 0; i < AUTH_VARS; i++)
    {
    if (auth_vars[i] != NULL)
      debug_printf("  $auth%d = %s\n", i + 1, auth_vars[i]);
    }
  for (i = 1; i <= expand_nmax; i++)
    debug_printf("  $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
  debug_print_string(ablock->server_debug_string);    /* customized debug */
  }

/* For the plaintext authenticator, server_condition is never NULL. For the
rest, an unset condition lets everything through. */

if (ablock->server_condition == NULL) return OK;
cond = expand_string(ablock->server_condition);

HDEBUG(D_auth)
  {
  if (cond == NULL)
    debug_printf("expansion failed: %s\n", expand_string_message);
  else
    debug_printf("expanded string: %s\n", cond);
  }

/* A forced expansion failure causes authentication to fail. Other expansion
failures yield DEFER, which will cause a temporary error code to be returned to
the AUTH command. The problem is at the server end, so the client should try
again later. */

if (cond == NULL)
  {
  if (expand_string_forcedfail) return FAIL;
  auth_defer_msg = expand_string_message;
  return DEFER;
  }

/* Return FAIL for empty string, "0", "no", and "false"; return OK for
"1", "yes", and "true"; return DEFER for anything else, with the string
available as an error text for the user. */

if (*cond == 0 ||
    Ustrcmp(cond, "0") == 0 ||
    strcmpic(cond, US"no") == 0 ||
    strcmpic(cond, US"false") == 0)
  return FAIL;

if (Ustrcmp(cond, "1") == 0 ||
    strcmpic(cond, US"yes") == 0 ||
    strcmpic(cond, US"true") == 0)
  return OK;

auth_defer_msg = cond;
auth_defer_user_msg = string_sprintf(": %s", cond);
return DEFER;
}

/* End of check_serv_cond.c */
Commit	Line	Data
16ff981e PH	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
0a49a7a4	5	/* Copyright (c) University of Cambridge 1995 - 2009 */
16ff981e PH	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	#include "../exim.h"
	9
	10	/* This module contains the function server_condition(), which is used
	11	by all authenticators. */
	12
	13
	14	/*************************************************
	15	* Check server_condition *
	16	*************************************************/
	17
	18	/* This function is called from the server code of all authenticators. For
	19	plaintext, it is always called: the argument cannot be empty, because for
	20	plaintext, setting server_condition is what enables it as a server
	21	authenticator. For all the other authenticators, this function is called after
	22	they have authenticated, to enable additional authorization to be done.
	23
	24	Argument: the authenticator's instance block
	25
	26	Returns:
	27	OK NULL argument, or success
	28	DEFER couldn't complete the check
	29	FAIL authentication failed
	30	*/
	31
	32	int
	33	auth_check_serv_cond(auth_instance *ablock)
	34	{
	35	uschar *cond;
	36
	37	HDEBUG(D_auth)
	38	{
	39	int i;
	40	debug_printf("%s authenticator:\n", ablock->name);
	41	for (i = 0; i < AUTH_VARS; i++)
	42	{
	43	if (auth_vars[i] != NULL)
	44	debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]);
	45	}
	46	for (i = 1; i <= expand_nmax; i++)
	47	debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
	48	debug_print_string(ablock->server_debug_string); /* customized debug */
	49	}
	50
	51	/* For the plaintext authenticator, server_condition is never NULL. For the
	52	rest, an unset condition lets everything through. */
	53
	54	if (ablock->server_condition == NULL) return OK;
	55	cond = expand_string(ablock->server_condition);
	56
	57	HDEBUG(D_auth)
	58	{
	59	if (cond == NULL)
	60	debug_printf("expansion failed: %s\n", expand_string_message);
	61	else
	62	debug_printf("expanded string: %s\n", cond);
	63	}
	64
	65	/* A forced expansion failure causes authentication to fail. Other expansion
	66	failures yield DEFER, which will cause a temporary error code to be returned to
	67	the AUTH command. The problem is at the server end, so the client should try
	68	again later. */
	69
70	if (cond == NULL)
71	{
72	if (expand_string_forcedfail) return FAIL;
73	auth_defer_msg = expand_string_message;
74	return DEFER;
75	}
76
77	/* Return FAIL for empty string, "0", "no", and "false"; return OK for
78	"1", "yes", and "true"; return DEFER for anything else, with the string
79	available as an error text for the user. */
80
81	if (*cond == 0 \|\|
82	Ustrcmp(cond, "0") == 0 \|\|
83	strcmpic(cond, US"no") == 0 \|\|
84	strcmpic(cond, US"false") == 0)
85	return FAIL;
86
87	if (Ustrcmp(cond, "1") == 0 \|\|
88	strcmpic(cond, US"yes") == 0 \|\|
89	strcmpic(cond, US"true") == 0)
90	return OK;
91
92	auth_defer_msg = cond;
93	auth_defer_user_msg = string_sprintf(": %s", cond);
94	return DEFER;
95	}
96
97	/* End of check_serv_cond.c */