Commit | Line | Data |
---|---|---|
14aa5a05 PH |
1 | /* $Cambridge: exim/src/src/auths/dovecot.c,v 1.1 2006/10/02 13:38:18 ph10 Exp $ */ |
2 | ||
3 | /* | |
4 | * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru> | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License as published | |
8 | * by the Free Software Foundation; either version 2 of the License, or | |
9 | * (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #include "../exim.h" | |
13 | #include "dovecot.h" | |
14 | ||
15 | #define VERSION_MAJOR 1 | |
16 | #define VERSION_MINOR 0 | |
17 | ||
18 | /* Options specific to the authentication mechanism. */ | |
19 | optionlist auth_dovecot_options[] = { | |
20 | { | |
21 | "server_socket", | |
22 | opt_stringptr, | |
23 | (void *)(offsetof(auth_dovecot_options_block, server_socket)) | |
24 | }, | |
25 | }; | |
26 | ||
27 | /* Size of the options list. An extern variable has to be used so that its | |
28 | address can appear in the tables drtables.c. */ | |
29 | int auth_dovecot_options_count = | |
30 | sizeof(auth_dovecot_options) / sizeof(optionlist); | |
31 | ||
32 | /* Default private options block for the authentication method. */ | |
33 | auth_dovecot_options_block auth_dovecot_option_defaults = { | |
34 | NULL, /* server_socket */ | |
35 | }; | |
36 | ||
37 | /************************************************* | |
38 | * Initialization entry point * | |
39 | *************************************************/ | |
40 | ||
41 | /* Called for each instance, after its options have been read, to | |
42 | enable consistency checks to be done, or anything else that needs | |
43 | to be set up. */ | |
44 | void auth_dovecot_init(auth_instance *ablock) | |
45 | { | |
46 | auth_dovecot_options_block *ob = | |
47 | (auth_dovecot_options_block *)(ablock->options_block); | |
48 | ||
49 | if (ablock->public_name == NULL) | |
50 | ablock->public_name = ablock->name; | |
51 | if (ob->server_socket != NULL) | |
52 | ablock->server = TRUE; | |
53 | ablock->client = FALSE; | |
54 | } | |
55 | ||
56 | static int strcut(char *str, char **ptrs, int nptrs) | |
57 | { | |
58 | char *tmp = str; | |
59 | int n; | |
60 | ||
61 | for (n = 0; n < nptrs; n++) | |
62 | ptrs[n] = NULL; | |
63 | n = 1; | |
64 | ||
65 | while (*str) { | |
66 | if (*str == '\t') { | |
67 | if (n <= nptrs) { | |
68 | *ptrs++ = tmp; | |
69 | tmp = str + 1; | |
70 | *str = 0; | |
71 | } | |
72 | n++; | |
73 | } | |
74 | str++; | |
75 | } | |
76 | ||
77 | if (n < nptrs) | |
78 | *ptrs = tmp; | |
79 | ||
80 | return n; | |
81 | } | |
82 | ||
83 | #define CHECK_COMMAND(str, arg_min, arg_max) do { \ | |
84 | if (strcasecmp((str), args[0]) != 0) \ | |
85 | goto out; \ | |
86 | if (nargs - 1 < (arg_min)) \ | |
87 | goto out; \ | |
88 | if (nargs - 1 > (arg_max)) \ | |
89 | goto out; \ | |
90 | } while (0) | |
91 | ||
92 | #define OUT(msg) do { \ | |
93 | auth_defer_msg = (US msg); \ | |
94 | goto out; \ | |
95 | } while(0) | |
96 | ||
97 | /************************************************* | |
98 | * Server entry point * | |
99 | *************************************************/ | |
100 | ||
101 | int auth_dovecot_server(auth_instance *ablock, uschar *data) | |
102 | { | |
103 | auth_dovecot_options_block *ob = | |
104 | (auth_dovecot_options_block *)(ablock->options_block); | |
105 | struct sockaddr_un sa; | |
106 | char buffer[4096]; | |
107 | char *args[8]; | |
108 | int nargs, tmp; | |
109 | int cuid = 0, cont = 1, found = 0, fd, ret = DEFER; | |
110 | FILE *f; | |
111 | ||
112 | HDEBUG(D_auth) debug_printf("dovecot authentication\n"); | |
113 | ||
114 | memset(&sa, 0, sizeof(sa)); | |
115 | sa.sun_family = AF_UNIX; | |
116 | ||
117 | /* This was the original code here: it is nonsense because strncpy() | |
118 | does not return an integer. I have converted this to use the function | |
119 | that formats and checks length. PH */ | |
120 | ||
121 | /* | |
122 | if (strncpy(sa.sun_path, ob->server_socket, sizeof(sa.sun_path)) < 0) { | |
123 | */ | |
124 | ||
125 | if (!string_format(US sa.sun_path, sizeof(sa.sun_path), "%s", | |
126 | ob->server_socket)) { | |
127 | auth_defer_msg = US"authentication socket path too long"; | |
128 | return DEFER; | |
129 | } | |
130 | ||
131 | auth_defer_msg = US"authentication socket connection error"; | |
132 | ||
133 | fd = socket(PF_UNIX, SOCK_STREAM, 0); | |
134 | if (fd < 0) | |
135 | return DEFER; | |
136 | ||
137 | if (connect(fd, (struct sockaddr *) &sa, sizeof(sa)) < 0) | |
138 | goto out; | |
139 | ||
140 | f = fdopen(fd, "a+"); | |
141 | if (f == NULL) | |
142 | goto out; | |
143 | ||
144 | auth_defer_msg = US"authentication socket protocol error"; | |
145 | ||
146 | while (cont) { | |
147 | if (fgets(buffer, sizeof(buffer), f) == NULL) | |
148 | OUT("authentication socket read error or premature eof"); | |
149 | ||
150 | buffer[strlen(buffer) - 1] = 0; | |
151 | HDEBUG(D_auth) debug_printf("received: %s\n", buffer); | |
152 | nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); | |
153 | ||
154 | switch (toupper(*args[0])) { | |
155 | case 'C': | |
156 | CHECK_COMMAND("CUID", 1, 1); | |
157 | cuid = atoi(args[1]); | |
158 | break; | |
159 | ||
160 | case 'D': | |
161 | CHECK_COMMAND("DONE", 0, 0); | |
162 | cont = 0; | |
163 | break; | |
164 | ||
165 | case 'M': | |
166 | CHECK_COMMAND("MECH", 1, INT_MAX); | |
167 | if (strcmpic(US args[1], ablock->public_name) == 0) | |
168 | found = 1; | |
169 | break; | |
170 | ||
171 | case 'S': | |
172 | CHECK_COMMAND("SPID", 1, 1); | |
173 | break; | |
174 | ||
175 | case 'V': | |
176 | CHECK_COMMAND("VERSION", 2, 2); | |
177 | if (atoi(args[1]) != VERSION_MAJOR) | |
178 | OUT("authentication socket protocol version mismatch"); | |
179 | break; | |
180 | ||
181 | default: | |
182 | goto out; | |
183 | } | |
184 | } | |
185 | ||
186 | if (!found) | |
187 | goto out; | |
188 | ||
189 | fprintf(f, "VERSION\t%d\t%d\nCPID\t%d\n" | |
190 | "AUTH\t%d\t%s\tservice=smtp\trip=%s\tlip=%s\tresp=%s\n", | |
191 | VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, | |
192 | ablock->public_name, sender_host_address, interface_address, | |
193 | data ? (char *) data : ""); | |
194 | ||
195 | /**************************************************************************** | |
196 | The code below was the original code here. It didn't work. A reading of the | |
197 | file auth-protocol.txt.gz that came with Dovecot 1.0_beta8 indicated that | |
198 | this was not right. Maybe something changed. I changed it to the above, and | |
199 | it seems to be better. PH | |
200 | ||
201 | fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n" | |
202 | "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n", | |
203 | VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, | |
204 | ablock->public_name, sender_host_address, interface_address, | |
205 | data ? (char *) data : ""); | |
206 | ****************************************************************************/ | |
207 | ||
208 | HDEBUG(D_auth) debug_printf("sent: VERSION\t%d\t%d\nsent: CPID\t%d\n" | |
209 | "sent: AUTH\t%d\t%s\tservice=smtp\trip=%s\tlip=%s\tresp=%s\n", | |
210 | VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, | |
211 | ablock->public_name, sender_host_address, interface_address, | |
212 | data ? (char *) data : ""); | |
213 | ||
214 | ||
215 | while (1) { | |
216 | if (fgets(buffer, sizeof(buffer), f) == NULL) { | |
217 | auth_defer_msg = US"authentication socket read error or premature eof"; | |
218 | goto out; | |
219 | } | |
220 | ||
221 | buffer[strlen(buffer) - 1] = 0; | |
222 | HDEBUG(D_auth) debug_printf("received: %s\n", buffer); | |
223 | nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); | |
224 | ||
225 | if (atoi(args[1]) != cuid) | |
226 | OUT("authentication socket connection id mismatch"); | |
227 | ||
228 | switch (toupper(*args[0])) { | |
229 | case 'C': | |
230 | CHECK_COMMAND("CONT", 1, 2); | |
231 | ||
232 | tmp = auth_get_no64_data(&data, US args[2]); | |
233 | if (tmp != OK) { | |
234 | ret = tmp; | |
235 | goto out; | |
236 | } | |
237 | ||
238 | if (fprintf(f, "CONT\t%d\t%s\r\n", cuid, data) < 0) | |
239 | OUT("authentication socket write error"); | |
240 | ||
241 | break; | |
242 | ||
243 | case 'F': | |
244 | CHECK_COMMAND("FAIL", 1, 2); | |
245 | ||
246 | /* FIXME: add proper response handling */ | |
247 | if (args[2]) { | |
248 | uschar *p = US strchr(args[2], '='); | |
249 | if (p) { | |
250 | ++p; | |
251 | expand_nstring[1] = auth_vars[0] = p; | |
252 | expand_nlength[1] = Ustrlen(p); | |
253 | expand_nmax = 1; | |
254 | } | |
255 | } | |
256 | ||
257 | ret = FAIL; | |
258 | goto out; | |
259 | ||
260 | case 'O': | |
261 | CHECK_COMMAND("OK", 2, 2); | |
262 | { | |
263 | /* FIXME: add proper response handling */ | |
264 | uschar *p = US strchr(args[2], '='); | |
265 | if (!p) | |
266 | OUT("authentication socket protocol error, username missing"); | |
267 | ||
268 | p++; | |
269 | expand_nstring[1] = auth_vars[0] = p; | |
270 | expand_nlength[1] = Ustrlen(p); | |
271 | expand_nmax = 1; | |
272 | } | |
273 | ret = OK; | |
274 | /* fallthrough */ | |
275 | ||
276 | default: | |
277 | goto out; | |
278 | } | |
279 | } | |
280 | ||
281 | out: close(fd); | |
282 | return ret; | |
283 | } |