[exim.git] / src / src / auths / pwcheck.c

/* $Cambridge: exim/src/src/auths/pwcheck.c,v 1.4 2006/10/16 10:37:19 ph10 Exp $ */

/* SASL server API implementation
 * Rob Siemborski
 * Tim Martin
 * $Id: checkpw.c,v 1.49 2002/03/07 19:14:04 ken3 Exp $
 */
/*
 * Copyright (c) 2001 Carnegie Mellon University.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The name "Carnegie Mellon University" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For permission or any other legal
 *    details, please contact
 *      Office of Technology Transfer
 *      Carnegie Mellon University
 *      5000 Forbes Avenue
 *      Pittsburgh, PA  15213-3890
 *      (412) 268-4387, fax: (412) 268-7395
 *      tech-transfer@andrew.cmu.edu
 *
 * 4. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by Computing Services
 *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
 *
 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * Taken from Cyrus-SASL library and adapted by Alexander S. Sabourenkov
 * Oct 2001 - Apr 2002: Slightly modified by Philip Hazel.
 * Aug 2003: new code for saslauthd from Alexander S. Sabourenkov incorporated
 *           by Philip Hazel (minor mods to avoid compiler warnings)
 * Oct 2006: (PH) removed redundant tests on "reply" being NULL - some were
 *           missing, and confused someone who was using this code for some
 *           other purpose. Here in Exim, "reply" is never NULL.
 *
 * screwdriver@lxnt.info
 *
 */

/* Originally this module supported only the pwcheck daemon, which is where its
name comes from. Nowadays it supports saslauthd as well; pwcheck is in fact
deprecated. The definitions of CYRUS_PWCHECK_SOCKET and CYRUS_SASLAUTHD_SOCKET
determine whether the facilities are actually supported or not. */


#include "../exim.h"
#include "pwcheck.h"


#if defined(CYRUS_PWCHECK_SOCKET) || defined(CYRUS_SASLAUTHD_SOCKET)

#include <sys/uio.h>

static int retry_read(int, void *, unsigned );
static int retry_writev(int, struct iovec *, int );
static int read_string(int, uschar **);
static int write_string(int, const uschar *, int);

#endif


/* A dummy function that always fails if pwcheck support is not
wanted. */

#ifndef CYRUS_PWCHECK_SOCKET
int pwcheck_verify_password(const char *userid,
                            const char *passwd,
                            const char **reply)
{
userid = userid;  /* Keep picky compilers happy */
passwd = passwd;
*reply = "pwcheck support is not included in this Exim binary";
return PWCHECK_FAIL;
}


/* This is the real function */

#else

 /* taken from cyrus-sasl file checkpw.c */
 /* pwcheck daemon-authenticated login */
 int pwcheck_verify_password(const char *userid,
                                  const char *passwd,
                                  const char **reply)
 {
     int s, start, r, n;
     struct sockaddr_un srvaddr;
     struct iovec iov[2];
     static char response[1024];

     *reply = NULL;

     s = socket(AF_UNIX, SOCK_STREAM, 0);
     if (s == -1) { return PWCHECK_FAIL; }

     memset((char *)&srvaddr, 0, sizeof(srvaddr));
     srvaddr.sun_family = AF_UNIX;
     strncpy(srvaddr.sun_path, CYRUS_PWCHECK_SOCKET, sizeof(srvaddr.sun_path));
     r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr));
     if (r == -1) {
        DEBUG(D_auth)
            debug_printf("Cannot connect to pwcheck daemon (at '%s')\n",CYRUS_PWCHECK_SOCKET);
       *reply = "cannot connect to pwcheck daemon";
       return PWCHECK_FAIL;
     }

     iov[0].iov_base = (char *)userid;
     iov[0].iov_len = strlen(userid)+1;
     iov[1].iov_base = (char *)passwd;
     iov[1].iov_len = strlen(passwd)+1;

     retry_writev(s, iov, 2);

     start = 0;
     while (start < sizeof(response) - 1) {
       n = read(s, response+start, sizeof(response) - 1 - start);
       if (n < 1) break;
       start += n;
     }

     (void)close(s);

     if (start > 1 && !strncmp(response, "OK", 2)) {
       return PWCHECK_OK;
     }

     response[start] = '\0';
     *reply = response;
     return PWCHECK_NO;
 }

#endif


 /* A dummy function that always fails if saslauthd support is not
wanted. */

#ifndef CYRUS_SASLAUTHD_SOCKET
int saslauthd_verify_password(const uschar *userid,
                const uschar *passwd,
                const uschar *service,
                const uschar *realm,
                const uschar **reply)
{
userid = userid;  /* Keep picky compilers happy */
passwd = passwd;
service = service;
realm = realm;
*reply = US"saslauthd support is not included in this Exim binary";
return PWCHECK_FAIL;
}


/* This is the real function */

#else
 /* written from scratch  */
 /* saslauthd daemon-authenticated login */

int saslauthd_verify_password(const uschar *userid,
                const uschar *password,
                const uschar *service,
                const uschar *realm,
                const uschar **reply)
{
    uschar *daemon_reply = NULL;
    int s, r;
    struct sockaddr_un srvaddr;

    DEBUG(D_auth)
       debug_printf("saslauthd userid='%s' servicename='%s'"
                    " realm='%s'\n", userid, service, realm );

    *reply = NULL;

    s = socket(AF_UNIX, SOCK_STREAM, 0);
    if (s == -1) {
       *reply = CUstrerror(errno);
       return PWCHECK_FAIL;
    }

    memset((char *)&srvaddr, 0, sizeof(srvaddr));
    srvaddr.sun_family = AF_UNIX;
    strncpy(srvaddr.sun_path, CYRUS_SASLAUTHD_SOCKET,
            sizeof(srvaddr.sun_path));
    r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr));
    if (r == -1) {
       DEBUG(D_auth)
            debug_printf("Cannot connect to saslauthd daemon (at '%s'): %s\n",
                         CYRUS_SASLAUTHD_SOCKET, strerror(errno));
       *reply = string_sprintf("cannot connect to saslauthd daemon at "
                               "%s: %s", CYRUS_SASLAUTHD_SOCKET,
                               strerror(errno));
       return PWCHECK_FAIL;
    }

    if ( write_string(s, userid, Ustrlen(userid)) < 0) {
        DEBUG(D_auth)
            debug_printf("Failed to send userid to saslauthd daemon \n");
        (void)close(s);
        return PWCHECK_FAIL;
    }

    if ( write_string(s, password, Ustrlen(password)) < 0) {
        DEBUG(D_auth)
            debug_printf("Failed to send password to saslauthd daemon \n");
        (void)close(s);
        return PWCHECK_FAIL;
    }

    memset((void *)password, 0, Ustrlen(password));

    if ( write_string(s, service, Ustrlen(service)) < 0) {
        DEBUG(D_auth)
            debug_printf("Failed to send service name to saslauthd daemon \n");
        (void)close(s);
        return PWCHECK_FAIL;
    }

    if ( write_string(s, realm, Ustrlen(realm)) < 0) {
        DEBUG(D_auth)
            debug_printf("Failed to send realm to saslauthd daemon \n");
        (void)close(s);
        return PWCHECK_FAIL;
    }

    if ( read_string(s, &daemon_reply ) < 2) {
        DEBUG(D_auth)
            debug_printf("Corrupted answer '%s' received. \n", daemon_reply);
        (void)close(s);
        return PWCHECK_FAIL;
    }

    (void)close(s);

    DEBUG(D_auth)
        debug_printf("Answer '%s' received. \n", daemon_reply);

    *reply = daemon_reply;

    if ( (daemon_reply[0] == 'O') && (daemon_reply[1] == 'K') )
        return PWCHECK_OK;

    if ( (daemon_reply[0] == 'N') && (daemon_reply[1] == 'O') )
        return PWCHECK_NO;

    return PWCHECK_FAIL;
}

#endif


/* helper functions */
#if defined(CYRUS_PWCHECK_SOCKET) || defined(CYRUS_SASLAUTHD_SOCKET)

#define MAX_REQ_LEN 1024

/* written from scratch */

/* FUNCTION: read_string */

/* SYNOPSIS
 * read a sasld-style counted string into
 * store-allocated buffer, set pointer to the buffer,
 * return number of bytes read or -1 on failure.
 * END SYNOPSIS */

static int read_string(int fd, uschar **retval) {
    unsigned short count;
    int rc;

    rc = (retry_read(fd, &count, sizeof(count)) < (int) sizeof(count));
    if (!rc) {
        count = ntohs(count);
        if (count > MAX_REQ_LEN) {
            return -1;
        } else {
            *retval = store_get(count + 1);
            rc = (retry_read(fd, *retval, count) < (int) count);
            (*retval)[count] = '\0';
            return count;
        }
    }
    return -1;
}


/* FUNCTION: write_string */

/* SYNOPSIS
 * write a sasld-style counted string into given fd
 * written bytes on success, -1 on failure.
 * END SYNOPSIS */

static int write_string(int fd, const uschar *string, int len) {
    unsigned short count;
    int rc;
    struct iovec iov[2];

    count = htons(len);

    iov[0].iov_base = (void *) &count;
    iov[0].iov_len = sizeof(count);
    iov[1].iov_base = (void *) string;
    iov[1].iov_len = len;

    rc = retry_writev(fd, iov, 2);

    return rc;
}


/* taken from cyrus-sasl file saslauthd/saslauthd-unix.c  */

/* FUNCTION: retry_read */

/* SYNOPSIS
 * Keep calling the read() system call with 'fd', 'buf', and 'nbyte'
 * until all the data is read in or an error occurs.
 * END SYNOPSIS */
static int retry_read(int fd, void *inbuf, unsigned nbyte)
{
    int n;
    int nread = 0;
    char *buf = (char *)inbuf;

    if (nbyte == 0) return 0;

    for (;;) {
       n = read(fd, buf, nbyte);
       if (n == 0) {
           /* end of file */
           return -1;
       }
       if (n == -1) {
           if (errno == EINTR) continue;
           return -1;
       }

       nread += n;

       if (n >= (int) nbyte) return nread;

       buf += n;
       nbyte -= n;
    }
}

/* END FUNCTION: retry_read */

/* FUNCTION: retry_writev */

/* SYNOPSIS
 * Keep calling the writev() system call with 'fd', 'iov', and 'iovcnt'
 * until all the data is written out or an error occurs.
 * END SYNOPSIS */

static int     /* R: bytes written, or -1 on error */
retry_writev (
  /* PARAMETERS */
  int fd,                              /* I: fd to write on */
  struct iovec *iov,                   /* U: iovec array base
                                        *    modified as data written */
  int iovcnt                           /* I: number of iovec entries */
  /* END PARAMETERS */
  )
{
    /* VARIABLES */
    int n;                             /* return value from writev() */
    int i;                             /* loop counter */
    int written;                       /* bytes written so far */
    static int iov_max;                        /* max number of iovec entries */
    /* END VARIABLES */

    /* initialization */
#ifdef MAXIOV
    iov_max = MAXIOV;
#else /* ! MAXIOV */
# ifdef IOV_MAX
    iov_max = IOV_MAX;
# else /* ! IOV_MAX */
    iov_max = 8192;
# endif /* ! IOV_MAX */
#endif /* ! MAXIOV */
    written = 0;

    for (;;) {

       while (iovcnt && iov[0].iov_len == 0) {
           iov++;
           iovcnt--;
       }

       if (!iovcnt) {
           return written;
       }

       n = writev(fd, iov, iovcnt > iov_max ? iov_max : iovcnt);
       if (n == -1) {
           if (errno == EINVAL && iov_max > 10) {
               iov_max /= 2;
               continue;
           }
           if (errno == EINTR) {
               continue;
           }
           return -1;
       } else {
           written += n;
       }

       for (i = 0; i < iovcnt; i++) {
           if (iov[i].iov_len > (unsigned) n) {
               iov[i].iov_base = (char *)iov[i].iov_base + n;
               iov[i].iov_len -= n;
               break;
           }
           n -= iov[i].iov_len;
           iov[i].iov_len = 0;
       }

       if (i == iovcnt) {
           return written;
       }
    }
    /* NOTREACHED */
}

/* END FUNCTION: retry_writev */
#endif

/* End of auths/pwcheck.c */
Commit	Line	Data
602e59e5	1	/* $Cambridge: exim/src/src/auths/pwcheck.c,v 1.4 2006/10/16 10:37:19 ph10 Exp $ */
0756eb3c PH	2
	3	/* SASL server API implementation
	4	* Rob Siemborski
	5	* Tim Martin
	6	* $Id: checkpw.c,v 1.49 2002/03/07 19:14:04 ken3 Exp $
	7	*/
	8	/*
	9	* Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
	10	*
	11	* Redistribution and use in source and binary forms, with or without
	12	* modification, are permitted provided that the following conditions
	13	* are met:
	14	*
	15	* 1. Redistributions of source code must retain the above copyright
	16	* notice, this list of conditions and the following disclaimer.
	17	*
	18	* 2. Redistributions in binary form must reproduce the above copyright
	19	* notice, this list of conditions and the following disclaimer in
	20	* the documentation and/or other materials provided with the
	21	* distribution.
	22	*
	23	* 3. The name "Carnegie Mellon University" must not be used to
	24	* endorse or promote products derived from this software without
	25	* prior written permission. For permission or any other legal
	26	* details, please contact
	27	* Office of Technology Transfer
	28	* Carnegie Mellon University
	29	* 5000 Forbes Avenue
	30	* Pittsburgh, PA 15213-3890
	31	* (412) 268-4387, fax: (412) 268-7395
	32	* tech-transfer@andrew.cmu.edu
	33	*
	34	* 4. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by Computing Services
	37	* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
	38	*
	39	* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
	40	* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
	41	* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
	42	* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	43	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
	44	* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
	45	* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	46	*/
	47
	48	/*
	49	* Taken from Cyrus-SASL library and adapted by Alexander S. Sabourenkov
	50	* Oct 2001 - Apr 2002: Slightly modified by Philip Hazel.
	51	* Aug 2003: new code for saslauthd from Alexander S. Sabourenkov incorporated
	52	* by Philip Hazel (minor mods to avoid compiler warnings)
602e59e5 PH	53	* Oct 2006: (PH) removed redundant tests on "reply" being NULL - some were
	54	* missing, and confused someone who was using this code for some
	55	* other purpose. Here in Exim, "reply" is never NULL.
0756eb3c PH	56	*
	57	* screwdriver@lxnt.info
	58	*
	59	*/
	60
	61	/* Originally this module supported only the pwcheck daemon, which is where its
	62	name comes from. Nowadays it supports saslauthd as well; pwcheck is in fact
	63	deprecated. The definitions of CYRUS_PWCHECK_SOCKET and CYRUS_SASLAUTHD_SOCKET
	64	determine whether the facilities are actually supported or not. */
	65
	66
	67	#include "../exim.h"
	68	#include "pwcheck.h"
	69
	70
	71	#if defined(CYRUS_PWCHECK_SOCKET) \|\| defined(CYRUS_SASLAUTHD_SOCKET)
	72
	73	#include <sys/uio.h>
	74
	75	static int retry_read(int, void *, unsigned );
	76	static int retry_writev(int, struct iovec *, int );
	77	static int read_string(int, uschar **);
	78	static int write_string(int, const uschar *, int);
	79
	80	#endif
	81
	82
	83	/* A dummy function that always fails if pwcheck support is not
	84	wanted. */
	85
	86	#ifndef CYRUS_PWCHECK_SOCKET
	87	int pwcheck_verify_password(const char *userid,
	88	const char *passwd,
	89	const char **reply)
	90	{
	91	userid = userid; /* Keep picky compilers happy */
	92	passwd = passwd;
	93	*reply = "pwcheck support is not included in this Exim binary";
	94	return PWCHECK_FAIL;
	95	}
	96
	97
	98	/* This is the real function */
	99
	100	#else
	101
	102	/* taken from cyrus-sasl file checkpw.c */
	103	/* pwcheck daemon-authenticated login */
	104	int pwcheck_verify_password(const char *userid,
	105	const char *passwd,
	106	const char **reply)
	107	{
	108	int s, start, r, n;
	109	struct sockaddr_un srvaddr;
	110	struct iovec iov[2];
	111	static char response[1024];
	112
602e59e5	113	*reply = NULL;
0756eb3c PH	114
	115	s = socket(AF_UNIX, SOCK_STREAM, 0);
	116	if (s == -1) { return PWCHECK_FAIL; }
	117
	118	memset((char *)&srvaddr, 0, sizeof(srvaddr));
	119	srvaddr.sun_family = AF_UNIX;
	120	strncpy(srvaddr.sun_path, CYRUS_PWCHECK_SOCKET, sizeof(srvaddr.sun_path));
	121	r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr));
	122	if (r == -1) {
	123	DEBUG(D_auth)
	124	debug_printf("Cannot connect to pwcheck daemon (at '%s')\n",CYRUS_PWCHECK_SOCKET);
602e59e5	125	*reply = "cannot connect to pwcheck daemon";
0756eb3c PH	126	return PWCHECK_FAIL;
	127	}
	128
	129	iov[0].iov_base = (char *)userid;
	130	iov[0].iov_len = strlen(userid)+1;
	131	iov[1].iov_base = (char *)passwd;
	132	iov[1].iov_len = strlen(passwd)+1;
	133
	134	retry_writev(s, iov, 2);
	135
	136	start = 0;
	137	while (start < sizeof(response) - 1) {
	138	n = read(s, response+start, sizeof(response) - 1 - start);
	139	if (n < 1) break;
	140	start += n;
	141	}
	142
f1e894f3	143	(void)close(s);
0756eb3c PH	144
	145	if (start > 1 && !strncmp(response, "OK", 2)) {
	146	return PWCHECK_OK;
	147	}
	148
	149	response[start] = '\0';
602e59e5	150	*reply = response;
0756eb3c PH	151	return PWCHECK_NO;
	152	}
	153
	154	#endif
	155
	156
	157
	158	/* A dummy function that always fails if saslauthd support is not
	159	wanted. */
	160
	161	#ifndef CYRUS_SASLAUTHD_SOCKET
	162	int saslauthd_verify_password(const uschar *userid,
	163	const uschar *passwd,
	164	const uschar *service,
	165	const uschar *realm,
	166	const uschar **reply)
	167	{
	168	userid = userid; /* Keep picky compilers happy */
	169	passwd = passwd;
	170	service = service;
	171	realm = realm;
	172	*reply = US"saslauthd support is not included in this Exim binary";
	173	return PWCHECK_FAIL;
	174	}
	175
	176
	177	/* This is the real function */
	178
	179	#else
	180	/* written from scratch */
	181	/* saslauthd daemon-authenticated login */
	182
	183	int saslauthd_verify_password(const uschar *userid,
	184	const uschar *password,
	185	const uschar *service,
	186	const uschar *realm,
	187	const uschar **reply)
	188	{
91ecef39	189	uschar *daemon_reply = NULL;
0756eb3c PH	190	int s, r;
	191	struct sockaddr_un srvaddr;
	192
	193	DEBUG(D_auth)
	194	debug_printf("saslauthd userid='%s' servicename='%s'"
	195	" realm='%s'\n", userid, service, realm );
	196
602e59e5	197	*reply = NULL;
0756eb3c PH	198
	199	s = socket(AF_UNIX, SOCK_STREAM, 0);
	200	if (s == -1) {
602e59e5	201	*reply = CUstrerror(errno);
0756eb3c PH	202	return PWCHECK_FAIL;
	203	}
	204
	205	memset((char *)&srvaddr, 0, sizeof(srvaddr));
	206	srvaddr.sun_family = AF_UNIX;
	207	strncpy(srvaddr.sun_path, CYRUS_SASLAUTHD_SOCKET,
	208	sizeof(srvaddr.sun_path));
	209	r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr));
	210	if (r == -1) {
602e59e5	211	DEBUG(D_auth)
0756eb3c PH	212	debug_printf("Cannot connect to saslauthd daemon (at '%s'): %s\n",
0756eb3c PH	213	CYRUS_SASLAUTHD_SOCKET, strerror(errno));
602e59e5 PH	214	*reply = string_sprintf("cannot connect to saslauthd daemon at "
	215	"%s: %s", CYRUS_SASLAUTHD_SOCKET,
	216	strerror(errno));
0756eb3c PH	217	return PWCHECK_FAIL;
	218	}
	219
	220	if ( write_string(s, userid, Ustrlen(userid)) < 0) {
	221	DEBUG(D_auth)
	222	debug_printf("Failed to send userid to saslauthd daemon \n");
f1e894f3	223	(void)close(s);
0756eb3c PH	224	return PWCHECK_FAIL;
	225	}
	226
	227	if ( write_string(s, password, Ustrlen(password)) < 0) {
	228	DEBUG(D_auth)
	229	debug_printf("Failed to send password to saslauthd daemon \n");
f1e894f3	230	(void)close(s);
0756eb3c PH	231	return PWCHECK_FAIL;
	232	}
	233
	234	memset((void *)password, 0, Ustrlen(password));
	235
	236	if ( write_string(s, service, Ustrlen(service)) < 0) {
	237	DEBUG(D_auth)
	238	debug_printf("Failed to send service name to saslauthd daemon \n");
f1e894f3	239	(void)close(s);
0756eb3c PH	240	return PWCHECK_FAIL;
	241	}
	242
	243	if ( write_string(s, realm, Ustrlen(realm)) < 0) {
	244	DEBUG(D_auth)
	245	debug_printf("Failed to send realm to saslauthd daemon \n");
f1e894f3	246	(void)close(s);
0756eb3c PH	247	return PWCHECK_FAIL;
	248	}
	249
	250	if ( read_string(s, &daemon_reply ) < 2) {
	251	DEBUG(D_auth)
	252	debug_printf("Corrupted answer '%s' received. \n", daemon_reply);
f1e894f3	253	(void)close(s);
0756eb3c PH	254	return PWCHECK_FAIL;
	255	}
	256
f1e894f3	257	(void)close(s);
0756eb3c PH	258
	259	DEBUG(D_auth)
	260	debug_printf("Answer '%s' received. \n", daemon_reply);
	261
	262	*reply = daemon_reply;
	263
	264	if ( (daemon_reply[0] == 'O') && (daemon_reply[1] == 'K') )
	265	return PWCHECK_OK;
	266
	267	if ( (daemon_reply[0] == 'N') && (daemon_reply[1] == 'O') )
	268	return PWCHECK_NO;
	269
	270	return PWCHECK_FAIL;
	271	}
	272
	273	#endif
	274
	275
	276	/* helper functions */
	277	#if defined(CYRUS_PWCHECK_SOCKET) \|\| defined(CYRUS_SASLAUTHD_SOCKET)
	278
	279	#define MAX_REQ_LEN 1024
	280
	281	/* written from scratch */
	282
	283	/* FUNCTION: read_string */
	284
	285	/* SYNOPSIS
	286	* read a sasld-style counted string into
	287	* store-allocated buffer, set pointer to the buffer,
	288	* return number of bytes read or -1 on failure.
	289	* END SYNOPSIS */
	290
	291	static int read_string(int fd, uschar **retval) {
	292	unsigned short count;
	293	int rc;
	294
	295	rc = (retry_read(fd, &count, sizeof(count)) < (int) sizeof(count));
	296	if (!rc) {
	297	count = ntohs(count);
	298	if (count > MAX_REQ_LEN) {
	299	return -1;
	300	} else {
	301	*retval = store_get(count + 1);
	302	rc = (retry_read(fd, *retval, count) < (int) count);
	303	(*retval)[count] = '\0';
	304	return count;
	305	}
	306	}
	307	return -1;
	308	}
	309
	310
	311	/* FUNCTION: write_string */
	312
	313	/* SYNOPSIS
	314	* write a sasld-style counted string into given fd
	315	* written bytes on success, -1 on failure.
	316	* END SYNOPSIS */
	317
	318	static int write_string(int fd, const uschar *string, int len) {
	319	unsigned short count;
	320	int rc;
	321	struct iovec iov[2];
322
323	count = htons(len);
324
325	iov[0].iov_base = (void *) &count;
326	iov[0].iov_len = sizeof(count);
327	iov[1].iov_base = (void *) string;
328	iov[1].iov_len = len;
329
330	rc = retry_writev(fd, iov, 2);
331
332	return rc;
333	}
334
335
336	/* taken from cyrus-sasl file saslauthd/saslauthd-unix.c */
337
338	/* FUNCTION: retry_read */
339
340	/* SYNOPSIS
341	* Keep calling the read() system call with 'fd', 'buf', and 'nbyte'
342	* until all the data is read in or an error occurs.
343	* END SYNOPSIS */
344	static int retry_read(int fd, void *inbuf, unsigned nbyte)
345	{
346	int n;
347	int nread = 0;
348	char buf = (char )inbuf;
349
350	if (nbyte == 0) return 0;
351
352	for (;;) {
353	n = read(fd, buf, nbyte);
354	if (n == 0) {
355	/* end of file */
356	return -1;
357	}
358	if (n == -1) {
359	if (errno == EINTR) continue;
360	return -1;
361	}
362
363	nread += n;
364
365	if (n >= (int) nbyte) return nread;
366
367	buf += n;
368	nbyte -= n;
369	}
370	}
371
372	/* END FUNCTION: retry_read */
373
374	/* FUNCTION: retry_writev */
375
376	/* SYNOPSIS
377	* Keep calling the writev() system call with 'fd', 'iov', and 'iovcnt'
378	* until all the data is written out or an error occurs.
379	* END SYNOPSIS */
380
381	static int /* R: bytes written, or -1 on error */
382	retry_writev (
383	/* PARAMETERS */
384	int fd, /* I: fd to write on */
385	struct iovec iov, / U: iovec array base
386	* modified as data written */
387	int iovcnt /* I: number of iovec entries */
388	/* END PARAMETERS */
389	)
390	{
391	/* VARIABLES */
392	int n; /* return value from writev() */
393	int i; /* loop counter */
394	int written; /* bytes written so far */
395	static int iov_max; /* max number of iovec entries */
396	/* END VARIABLES */
397
398	/* initialization */
399	#ifdef MAXIOV
400	iov_max = MAXIOV;
401	#else /* ! MAXIOV */
402	# ifdef IOV_MAX
403	iov_max = IOV_MAX;
404	# else /* ! IOV_MAX */
405	iov_max = 8192;
406	# endif /* ! IOV_MAX */
407	#endif /* ! MAXIOV */
408	written = 0;
409
410	for (;;) {
411
412	while (iovcnt && iov[0].iov_len == 0) {
413	iov++;
414	iovcnt--;
415	}
416
417	if (!iovcnt) {
418	return written;
419	}
420
421	n = writev(fd, iov, iovcnt > iov_max ? iov_max : iovcnt);
422	if (n == -1) {
423	if (errno == EINVAL && iov_max > 10) {
424	iov_max /= 2;
425	continue;
426	}
427	if (errno == EINTR) {
428	continue;
429	}
430	return -1;
431	} else {
432	written += n;
433	}
434
435	for (i = 0; i < iovcnt; i++) {
436	if (iov[i].iov_len > (unsigned) n) {
437	iov[i].iov_base = (char *)iov[i].iov_base + n;
438	iov[i].iov_len -= n;
439	break;
440	}
441	n -= iov[i].iov_len;
442	iov[i].iov_len = 0;
443	}
444
445	if (i == iovcnt) {
446	return written;
447	}
448	}
449	/* NOTREACHED */
450	}
451
452	/* END FUNCTION: retry_writev */
453	#endif
454
455	/* End of auths/pwcheck.c */