Commit | Line | Data |
---|---|---|
16ff981e PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
0a49a7a4 | 5 | /* Copyright (c) University of Cambridge 1995 - 2009 */ |
16ff981e PH |
6 | /* See the file NOTICE for conditions of use and distribution. */ |
7 | ||
8 | #include "../exim.h" | |
9 | ||
10 | /* This module contains the function server_condition(), which is used | |
11 | by all authenticators. */ | |
12 | ||
13 | ||
14 | /************************************************* | |
15 | * Check server_condition * | |
16 | *************************************************/ | |
17 | ||
18 | /* This function is called from the server code of all authenticators. For | |
19 | plaintext, it is always called: the argument cannot be empty, because for | |
20 | plaintext, setting server_condition is what enables it as a server | |
21 | authenticator. For all the other authenticators, this function is called after | |
22 | they have authenticated, to enable additional authorization to be done. | |
23 | ||
24 | Argument: the authenticator's instance block | |
25 | ||
26 | Returns: | |
27 | OK NULL argument, or success | |
28 | DEFER couldn't complete the check | |
29 | FAIL authentication failed | |
30 | */ | |
31 | ||
32 | int | |
33 | auth_check_serv_cond(auth_instance *ablock) | |
34 | { | |
35 | uschar *cond; | |
36 | ||
37 | HDEBUG(D_auth) | |
38 | { | |
39 | int i; | |
40 | debug_printf("%s authenticator:\n", ablock->name); | |
41 | for (i = 0; i < AUTH_VARS; i++) | |
42 | { | |
43 | if (auth_vars[i] != NULL) | |
44 | debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]); | |
45 | } | |
46 | for (i = 1; i <= expand_nmax; i++) | |
47 | debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]); | |
48 | debug_print_string(ablock->server_debug_string); /* customized debug */ | |
49 | } | |
50 | ||
51 | /* For the plaintext authenticator, server_condition is never NULL. For the | |
52 | rest, an unset condition lets everything through. */ | |
53 | ||
54 | if (ablock->server_condition == NULL) return OK; | |
55 | cond = expand_string(ablock->server_condition); | |
56 | ||
57 | HDEBUG(D_auth) | |
58 | { | |
59 | if (cond == NULL) | |
60 | debug_printf("expansion failed: %s\n", expand_string_message); | |
61 | else | |
62 | debug_printf("expanded string: %s\n", cond); | |
63 | } | |
64 | ||
65 | /* A forced expansion failure causes authentication to fail. Other expansion | |
66 | failures yield DEFER, which will cause a temporary error code to be returned to | |
67 | the AUTH command. The problem is at the server end, so the client should try | |
68 | again later. */ | |
69 | ||
70 | if (cond == NULL) | |
71 | { | |
72 | if (expand_string_forcedfail) return FAIL; | |
73 | auth_defer_msg = expand_string_message; | |
74 | return DEFER; | |
75 | } | |
76 | ||
77 | /* Return FAIL for empty string, "0", "no", and "false"; return OK for | |
78 | "1", "yes", and "true"; return DEFER for anything else, with the string | |
79 | available as an error text for the user. */ | |
80 | ||
81 | if (*cond == 0 || | |
82 | Ustrcmp(cond, "0") == 0 || | |
83 | strcmpic(cond, US"no") == 0 || | |
84 | strcmpic(cond, US"false") == 0) | |
85 | return FAIL; | |
86 | ||
87 | if (Ustrcmp(cond, "1") == 0 || | |
88 | strcmpic(cond, US"yes") == 0 || | |
89 | strcmpic(cond, US"true") == 0) | |
90 | return OK; | |
91 | ||
92 | auth_defer_msg = cond; | |
93 | auth_defer_user_msg = string_sprintf(": %s", cond); | |
94 | return DEFER; | |
95 | } | |
96 | ||
97 | /* End of check_serv_cond.c */ |