projects / exim.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
GSASL: remove unneeded stringprep operations; library does it for us
[exim.git] / src / src / auths / gsasl_exim.c
... / ...
CommitLineData
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5/* Copyright (c) The Exim Maintainers 2019 */
6/* Copyright (c) University of Cambridge 1995 - 2018 */
7/* See the file NOTICE for conditions of use and distribution. */
8
9/* Copyright (c) Twitter Inc 2012
10 Author: Phil Pennock <pdp@exim.org> */
11/* Copyright (c) Phil Pennock 2012 */
12
13/* Interface to GNU SASL library for generic authentication. */
14
15/* Trade-offs:
16
17GNU SASL does not provide authentication data itself, so we have to expose
18that decision to configuration. For some mechanisms, we need to act much
19like plaintext. For others, we only need to be able to provide some
20evaluated data on demand. There's no abstracted way (ie, without hardcoding
21knowledge of authenticators here) to know which need what properties; we
22can't query a session or the library for "we will need these for mechanism X".
23
24So: we always require server_condition, even if sometimes it will just be
25set as "yes". We do provide a number of other hooks, which might not make
26sense in all contexts. For some, we can do checks at init time.
27*/
28
29#include "../exim.h"
30#define CHANNELBIND_HACK
31
32#ifndef AUTH_GSASL
33/* dummy function to satisfy compilers when we link in an "empty" file. */
34static void dummy(int x);
35static void dummy2(int x) { dummy(x-1); }
36static void dummy(int x) { dummy2(x-1); }
37#else
38
39#include <gsasl.h>
40#include "gsasl_exim.h"
41
42
43#if GSASL_VERSION_MINOR >= 9
44# define EXIM_GSASL_HAVE_SCRAM_SHA_256
45#endif
46
47
48/* Authenticator-specific options. */
49/* I did have server_*_condition options for various mechanisms, but since
50we only ever handle one mechanism at a time, I didn't see the point in keeping
51that. In case someone sees a point, I've left the condition_check() API
52alone. */
53optionlist auth_gsasl_options[] = {
54 { "client_authz", opt_stringptr,
55 (void *)(offsetof(auth_gsasl_options_block, client_authz)) },
56 { "client_channelbinding", opt_bool,
57 (void *)(offsetof(auth_gsasl_options_block, client_channelbinding)) },
58 { "client_password", opt_stringptr,
59 (void *)(offsetof(auth_gsasl_options_block, client_password)) },
60 { "client_username", opt_stringptr,
61 (void *)(offsetof(auth_gsasl_options_block, client_username)) },
62
63 { "server_channelbinding", opt_bool,
64 (void *)(offsetof(auth_gsasl_options_block, server_channelbinding)) },
65 { "server_hostname", opt_stringptr,
66 (void *)(offsetof(auth_gsasl_options_block, server_hostname)) },
67 { "server_mech", opt_stringptr,
68 (void *)(offsetof(auth_gsasl_options_block, server_mech)) },
69 { "server_password", opt_stringptr,
70 (void *)(offsetof(auth_gsasl_options_block, server_password)) },
71 { "server_realm", opt_stringptr,
72 (void *)(offsetof(auth_gsasl_options_block, server_realm)) },
73 { "server_scram_iter", opt_stringptr,
74 (void *)(offsetof(auth_gsasl_options_block, server_scram_iter)) },
75 { "server_scram_salt", opt_stringptr,
76 (void *)(offsetof(auth_gsasl_options_block, server_scram_salt)) },
77 { "server_service", opt_stringptr,
78 (void *)(offsetof(auth_gsasl_options_block, server_service)) }
79};
80/* GSASL_SCRAM_SALTED_PASSWORD documented only for client, so not implementing
81hooks to avoid cleartext passwords in the Exim server. */
82
83int auth_gsasl_options_count =
84 sizeof(auth_gsasl_options)/sizeof(optionlist);
85
86/* Defaults for the authenticator-specific options. */
87auth_gsasl_options_block auth_gsasl_option_defaults = {
88 .server_service = US"smtp",
89 .server_hostname = US"$primary_hostname",
90 .server_scram_iter = US"4096",
91 /* all others zero/null */
92};
93
94
95#ifdef MACRO_PREDEF
96
97/* Dummy values */
98void auth_gsasl_init(auth_instance *ablock) {}
99int auth_gsasl_server(auth_instance *ablock, uschar *data) {return 0;}
100int auth_gsasl_client(auth_instance *ablock, void * sx,
101 int timeout, uschar *buffer, int buffsize) {return 0;}
102void auth_gsasl_version_report(FILE *f) {}
103
104void
105auth_gsasl_macros(void)
106{
107# ifdef EXIM_GSASL_HAVE_SCRAM_SHA_256
108 builtin_macro_create(US"_HAVE_AUTH_GSASL_SCRAM_SHA_256");
109# endif
110}
111
112#else /*!MACRO_PREDEF*/
113
114
115
116/* "Globals" for managing the gsasl interface. */
117
118static Gsasl *gsasl_ctx = NULL;
119static int
120 main_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop);
121static int
122 server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, auth_instance *ablock);
123static int
124 client_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, auth_instance *ablock);
125
126static BOOL sasl_error_should_defer = FALSE;
127static Gsasl_property callback_loop = 0;
128static BOOL checked_server_condition = FALSE;
129
130enum { CURRENTLY_SERVER = 1, CURRENTLY_CLIENT = 2 };
131
132struct callback_exim_state {
133 auth_instance *ablock;
134 int currently;
135};
136
137
138/*************************************************
139* Initialization entry point *
140*************************************************/
141
142/* Called for each instance, after its options have been read, to
143enable consistency checks to be done, or anything else that needs
144to be set up. */
145
146void
147auth_gsasl_init(auth_instance *ablock)
148{
149static char * once = NULL;
150int rc;
151auth_gsasl_options_block *ob =
152 (auth_gsasl_options_block *)(ablock->options_block);
153
154/* As per existing Cyrus glue, use the authenticator's public name as
155the default for the mechanism name; we don't handle multiple mechanisms
156in one authenticator, but the same driver can be used multiple times. */
157
158if (!ob->server_mech)
159 ob->server_mech = string_copy(ablock->public_name);
160
161/* Can get multiple session contexts from one library context, so just
162initialise the once. */
163
164if (!gsasl_ctx)
165 {
166 if ((rc = gsasl_init(&gsasl_ctx)) != GSASL_OK)
167 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
168 "couldn't initialise GNU SASL library: %s (%s)",
169 ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc));
170
171 gsasl_callback_set(gsasl_ctx, main_callback);
172 }
173
174/* We don't need this except to log it for debugging. */
175
176HDEBUG(D_auth) if (!once)
177 {
178 if ((rc = gsasl_server_mechlist(gsasl_ctx, &once)) != GSASL_OK)
179 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
180 "failed to retrieve list of mechanisms: %s (%s)",
181 ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc));
182
183 debug_printf("GNU SASL supports: %s\n", once);
184 }
185
186if (!gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech))
187 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
188 "GNU SASL does not support mechanism \"%s\"",
189 ablock->name, ob->server_mech);
190
191ablock->server = TRUE;
192
193if ( !ablock->server_condition
194 && ( streqic(ob->server_mech, US"EXTERNAL")
195 || streqic(ob->server_mech, US"ANONYMOUS")
196 || streqic(ob->server_mech, US"PLAIN")
197 || streqic(ob->server_mech, US"LOGIN")
198 ) )
199 {
200 ablock->server = FALSE;
201 HDEBUG(D_auth) debug_printf("%s authenticator: "
202 "Need server_condition for %s mechanism\n",
203 ablock->name, ob->server_mech);
204 }
205
206/* This does *not* scale to new SASL mechanisms. Need a better way to ask
207which properties will be needed. */
208
209if ( !ob->server_realm
210 && streqic(ob->server_mech, US"DIGEST-MD5"))
211 {
212 ablock->server = FALSE;
213 HDEBUG(D_auth) debug_printf("%s authenticator: "
214 "Need server_realm for %s mechanism\n",
215 ablock->name, ob->server_mech);
216 }
217
218/* At present, for mechanisms we don't panic on absence of server_condition;
219need to figure out the most generically correct approach to deciding when
220it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism,
221etc) it clearly is critical.
222*/
223
224ablock->client = ob->client_username && ob->client_password;
225}
226
227
228/* GNU SASL uses one top-level callback, registered at library level.
229We dispatch to client and server functions instead. */
230
231static int
232main_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop)
233{
234int rc = 0;
235struct callback_exim_state *cb_state =
236 (struct callback_exim_state *)gsasl_session_hook_get(sctx);
237
238if (!cb_state)
239 {
240 HDEBUG(D_auth) debug_printf("gsasl callback (%d) not from our server/client processing\n", prop);
241#ifdef CHANNELBIND_HACK
242 if (prop == GSASL_CB_TLS_UNIQUE)
243 {
244 uschar * s;
245 if ((s = gsasl_callback_hook_get(ctx)))
246 {
247 HDEBUG(D_auth) debug_printf("GSASL_CB_TLS_UNIQUE from ctx hook\n");
248 gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CS s);
249 }
250 else
251 {
252 HDEBUG(D_auth) debug_printf("GSASL_CB_TLS_UNIQUE! dummy for now\n");
253 gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, "");
254 }
255 return GSASL_OK;
256 }
257#endif
258 return GSASL_NO_CALLBACK;
259 }
260
261HDEBUG(D_auth)
262 debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n",
263 prop, callback_loop);
264
265if (callback_loop > 0)
266 {
267 /* Most likely is that we were asked for property FOO, and to
268 expand the string we asked for property BAR to put into an auth
269 variable, but property BAR is not supplied for this mechanism. */
270 HDEBUG(D_auth)
271 debug_printf("Loop, asked for property %d while handling property %d\n",
272 prop, callback_loop);
273 return GSASL_NO_CALLBACK;
274 }
275callback_loop = prop;
276
277if (cb_state->currently == CURRENTLY_CLIENT)
278 rc = client_callback(ctx, sctx, prop, cb_state->ablock);
279else if (cb_state->currently == CURRENTLY_SERVER)
280 rc = server_callback(ctx, sctx, prop, cb_state->ablock);
281else
282 log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
283 "unhandled callback state, bug in Exim", cb_state->ablock->name);
284 /* NOTREACHED */
285
286callback_loop = 0;
287return rc;
288}
289
290
291/*************************************************
292* Server entry point *
293*************************************************/
294
295/* For interface, see auths/README */
296
297int
298auth_gsasl_server(auth_instance *ablock, uschar *initial_data)
299{
300char *tmps;
301char *to_send, *received;
302Gsasl_session *sctx = NULL;
303auth_gsasl_options_block *ob =
304 (auth_gsasl_options_block *)(ablock->options_block);
305struct callback_exim_state cb_state;
306int rc, auth_result, exim_error, exim_error_override;
307
308HDEBUG(D_auth)
309 debug_printf("GNU SASL: initialising session for %s, mechanism %s\n",
310 ablock->name, ob->server_mech);
311
312#ifndef DISABLE_TLS
313if (tls_in.channelbinding && ob->server_channelbinding)
314 {
315# ifdef EXPERIMENTAL_TLS_RESUME
316 if (!tls_in.ext_master_secret && tls_in.resumption == RESUME_USED)
317 { /* per RFC 7677 section 4 */
318 HDEBUG(D_auth) debug_printf(
319 "channel binding not usable on resumed TLS without extended-master-secret");
320 return FAIL;
321 }
322# endif
323# ifdef CHANNELBIND_HACK
324/* This is a gross hack to get around the library a) requiring that
325c-b was already set, at the _start() call, and b) caching a b64'd
326version of the binding then which it never updates. */
327
328 gsasl_callback_hook_set(gsasl_ctx, tls_in.channelbinding);
329# endif
330 }
331#endif
332
333if ((rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx)) != GSASL_OK)
334 {
335 auth_defer_msg = string_sprintf("GNU SASL: session start failure: %s (%s)",
336 gsasl_strerror_name(rc), gsasl_strerror(rc));
337 HDEBUG(D_auth) debug_printf("%s\n", auth_defer_msg);
338 return DEFER;
339 }
340/* Hereafter: gsasl_finish(sctx) please */
341
342cb_state.ablock = ablock;
343cb_state.currently = CURRENTLY_SERVER;
344gsasl_session_hook_set(sctx, &cb_state);
345
346tmps = CS expand_string(ob->server_service);
347gsasl_property_set(sctx, GSASL_SERVICE, tmps);
348tmps = CS expand_string(ob->server_hostname);
349gsasl_property_set(sctx, GSASL_HOSTNAME, tmps);
350if (ob->server_realm)
351 {
352 tmps = CS expand_string(ob->server_realm);
353 if (tmps && *tmps)
354 gsasl_property_set(sctx, GSASL_REALM, tmps);
355 }
356/* We don't support protection layers. */
357gsasl_property_set(sctx, GSASL_QOPS, "qop-auth");
358
359#ifndef DISABLE_TLS
360if (tls_in.channelbinding)
361 {
362 /* Some auth mechanisms can ensure that both sides are talking withing the
363 same security context; for TLS, this means that even if a bad certificate
364 has been accepted, they remain MitM-proof because both sides must be within
365 the same negotiated session; if someone is terminating one session and
366 proxying data on within a second, authentication will fail.
367
368 We might not have this available, depending upon TLS implementation,
369 ciphersuite, phase of moon ...
370
371 If we do, it results in extra SASL mechanisms being available; here,
372 Exim's one-mechanism-per-authenticator potentially causes problems.
373 It depends upon how GNU SASL will implement the PLUS variants of GS2
374 and whether it automatically mandates a switch to the bound PLUS
375 if the data is available. Since default-on, despite being more secure,
376 would then result in mechanism name changes on a library update, we
377 have little choice but to default it off and let the admin choose to
378 enable it. *sigh*
379 */
380 if (ob->server_channelbinding)
381 {
382 HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n",
383 ablock->name);
384# ifndef CHANNELBIND_HACK
385 gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_in.channelbinding);
386# endif
387 }
388 else
389 HDEBUG(D_auth)
390 debug_printf("Auth %s: Not enabling channel-binding (data available)\n",
391 ablock->name);
392 }
393else
394 HDEBUG(D_auth)
395 debug_printf("Auth %s: no channel-binding data available\n",
396 ablock->name);
397#endif
398
399checked_server_condition = FALSE;
400
401received = CS initial_data;
402to_send = NULL;
403exim_error = exim_error_override = OK;
404
405do {
406 switch (rc = gsasl_step64(sctx, received, &to_send))
407 {
408 case GSASL_OK:
409 if (!to_send)
410 goto STOP_INTERACTION;
411 break;
412
413 case GSASL_NEEDS_MORE:
414 break;
415
416 case GSASL_AUTHENTICATION_ERROR:
417 case GSASL_INTEGRITY_ERROR:
418 case GSASL_NO_AUTHID:
419 case GSASL_NO_ANONYMOUS_TOKEN:
420 case GSASL_NO_AUTHZID:
421 case GSASL_NO_PASSWORD:
422 case GSASL_NO_PASSCODE:
423 case GSASL_NO_PIN:
424 case GSASL_BASE64_ERROR:
425 HDEBUG(D_auth) debug_printf("GNU SASL permanent error: %s (%s)\n",
426 gsasl_strerror_name(rc), gsasl_strerror(rc));
427 log_write(0, LOG_REJECT, "%s authenticator (%s):\n "
428 "GNU SASL permanent failure: %s (%s)",
429 ablock->name, ob->server_mech,
430 gsasl_strerror_name(rc), gsasl_strerror(rc));
431 if (rc == GSASL_BASE64_ERROR)
432 exim_error_override = BAD64;
433 goto STOP_INTERACTION;
434
435 default:
436 auth_defer_msg = string_sprintf("GNU SASL temporary error: %s (%s)",
437 gsasl_strerror_name(rc), gsasl_strerror(rc));
438 HDEBUG(D_auth) debug_printf("%s\n", auth_defer_msg);
439 exim_error_override = DEFER;
440 goto STOP_INTERACTION;
441 }
442
443 if ((rc == GSASL_NEEDS_MORE) || (to_send && *to_send))
444 exim_error = auth_get_no64_data(USS &received, US to_send);
445
446 if (to_send)
447 {
448 free(to_send);
449 to_send = NULL;
450 }
451
452 if (exim_error)
453 break; /* handles * cancelled check */
454
455 } while (rc == GSASL_NEEDS_MORE);
456
457STOP_INTERACTION:
458auth_result = rc;
459
460gsasl_finish(sctx);
461
462/* Can return: OK DEFER FAIL CANCELLED BAD64 UNEXPECTED */
463
464if (exim_error != OK)
465 return exim_error;
466
467if (auth_result != GSASL_OK)
468 {
469 HDEBUG(D_auth) debug_printf("authentication returned %s (%s)\n",
470 gsasl_strerror_name(auth_result), gsasl_strerror(auth_result));
471 if (exim_error_override != OK)
472 return exim_error_override; /* might be DEFER */
473 if (sasl_error_should_defer) /* overriding auth failure SASL error */
474 return DEFER;
475 return FAIL;
476 }
477
478/* Auth succeeded, check server_condition unless already done in callback */
479return checked_server_condition ? OK : auth_check_serv_cond(ablock);
480}
481
482
483/* returns the GSASL status of expanding the Exim string given */
484static int
485condition_check(auth_instance *ablock, uschar *label, uschar *condition_string)
486{
487int exim_rc = auth_check_some_cond(ablock, label, condition_string, FAIL);
488switch (exim_rc)
489 {
490 case OK: return GSASL_OK;
491 case DEFER: sasl_error_should_defer = TRUE;
492 return GSASL_AUTHENTICATION_ERROR;
493 case FAIL: return GSASL_AUTHENTICATION_ERROR;
494 default: log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: "
495 "Unhandled return from checking %s: %d",
496 ablock->name, label, exim_rc);
497 }
498
499/* NOTREACHED */
500return GSASL_AUTHENTICATION_ERROR;
501}
502
503static int
504server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop,
505 auth_instance *ablock)
506{
507char *tmps;
508uschar *propval;
509int cbrc = GSASL_NO_CALLBACK;
510auth_gsasl_options_block *ob =
511 (auth_gsasl_options_block *)(ablock->options_block);
512
513HDEBUG(D_auth)
514 debug_printf("GNU SASL callback %d for %s/%s as server\n",
515 prop, ablock->name, ablock->public_name);
516
517for (int i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL;
518expand_nmax = 0;
519
520switch (prop)
521 {
522 case GSASL_VALIDATE_SIMPLE:
523 HDEBUG(D_auth) debug_printf(" VALIDATE_SIMPLE\n");
524 /* GSASL_AUTHID, GSASL_AUTHZID, and GSASL_PASSWORD */
525 propval = US gsasl_property_fast(sctx, GSASL_AUTHID);
526 auth_vars[0] = expand_nstring[1] = propval ? string_copy(propval) : US"";
527 propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
528 auth_vars[1] = expand_nstring[2] = propval ? string_copy(propval) : US"";
529 propval = US gsasl_property_fast(sctx, GSASL_PASSWORD);
530 auth_vars[2] = expand_nstring[3] = propval ? string_copy(propval) : US"";
531 expand_nmax = 3;
532 for (int i = 1; i <= 3; ++i)
533 expand_nlength[i] = Ustrlen(expand_nstring[i]);
534
535 cbrc = condition_check(ablock, US"server_condition", ablock->server_condition);
536 checked_server_condition = TRUE;
537 break;
538
539 case GSASL_VALIDATE_EXTERNAL:
540 HDEBUG(D_auth) debug_printf(" VALIDATE_EXTERNAL\n");
541 if (!ablock->server_condition)
542 {
543 HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate EXTERNAL\n");
544 cbrc = GSASL_AUTHENTICATION_ERROR;
545 break;
546 }
547 propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
548
549 /* We always set $auth1, even if only to empty string. */
550 auth_vars[0] = expand_nstring[1] = propval ? string_copy(propval) : US"";
551 expand_nlength[1] = Ustrlen(expand_nstring[1]);
552 expand_nmax = 1;
553
554 cbrc = condition_check(ablock,
555 US"server_condition (EXTERNAL)", ablock->server_condition);
556 checked_server_condition = TRUE;
557 break;
558
559 case GSASL_VALIDATE_ANONYMOUS:
560 HDEBUG(D_auth) debug_printf(" VALIDATE_ANONYMOUS\n");
561 if (!ablock->server_condition)
562 {
563 HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate ANONYMOUS\n");
564 cbrc = GSASL_AUTHENTICATION_ERROR;
565 break;
566 }
567 propval = US gsasl_property_fast(sctx, GSASL_ANONYMOUS_TOKEN);
568
569 /* We always set $auth1, even if only to empty string. */
570
571 auth_vars[0] = expand_nstring[1] = propval ? string_copy(propval) : US"";
572 expand_nlength[1] = Ustrlen(expand_nstring[1]);
573 expand_nmax = 1;
574
575 cbrc = condition_check(ablock,
576 US"server_condition (ANONYMOUS)", ablock->server_condition);
577 checked_server_condition = TRUE;
578 break;
579
580 case GSASL_VALIDATE_GSSAPI:
581 HDEBUG(D_auth) debug_printf(" VALIDATE_GSSAPI\n");
582 /* GSASL_AUTHZID and GSASL_GSSAPI_DISPLAY_NAME
583 The display-name is authenticated as part of GSS, the authzid is claimed
584 by the SASL integration after authentication; protected against tampering
585 (if the SASL mechanism supports that, which Kerberos does) but is
586 unverified, same as normal for other mechanisms.
587 First coding, we had these values swapped, but for consistency and prior
588 to the first release of Exim with this authenticator, they've been
589 switched to match the ordering of GSASL_VALIDATE_SIMPLE. */
590
591 propval = US gsasl_property_fast(sctx, GSASL_GSSAPI_DISPLAY_NAME);
592 auth_vars[0] = expand_nstring[1] = propval ? string_copy(propval) : US"";
593 propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
594 auth_vars[1] = expand_nstring[2] = propval ? string_copy(propval) : US"";
595 expand_nmax = 2;
596 for (int i = 1; i <= 2; ++i)
597 expand_nlength[i] = Ustrlen(expand_nstring[i]);
598
599 /* In this one case, it perhaps makes sense to default back open?
600 But for consistency, let's just mandate server_condition here too. */
601
602 cbrc = condition_check(ablock,
603 US"server_condition (GSSAPI family)", ablock->server_condition);
604 checked_server_condition = TRUE;
605 break;
606
607 case GSASL_SCRAM_ITER:
608 HDEBUG(D_auth) debug_printf(" SCRAM_ITER\n");
609 if (ob->server_scram_iter)
610 {
611 tmps = CS expand_string(ob->server_scram_iter);
612 gsasl_property_set(sctx, GSASL_SCRAM_ITER, tmps);
613 cbrc = GSASL_OK;
614 }
615 break;
616
617 case GSASL_SCRAM_SALT:
618 HDEBUG(D_auth) debug_printf(" SCRAM_SALT\n");
619 if (ob->server_scram_iter)
620 {
621 tmps = CS expand_string(ob->server_scram_salt);
622 gsasl_property_set(sctx, GSASL_SCRAM_SALT, tmps);
623 cbrc = GSASL_OK;
624 }
625 break;
626
627 case GSASL_PASSWORD:
628 HDEBUG(D_auth) debug_printf(" PASSWORD\n");
629 /* DIGEST-MD5: GSASL_AUTHID, GSASL_AUTHZID and GSASL_REALM
630 CRAM-MD5: GSASL_AUTHID
631 PLAIN: GSASL_AUTHID and GSASL_AUTHZID
632 LOGIN: GSASL_AUTHID
633 */
634 if (ob->server_scram_iter)
635 {
636 tmps = CS expand_string(ob->server_scram_iter);
637 gsasl_property_set(sctx, GSASL_SCRAM_ITER, tmps);
638 }
639 if (ob->server_scram_salt)
640 {
641 tmps = CS expand_string(ob->server_scram_salt);
642 gsasl_property_set(sctx, GSASL_SCRAM_SALT, tmps);
643 }
644
645 /* Asking for GSASL_AUTHZID calls back into us if we use
646 gsasl_property_get(), thus the use of gsasl_property_fast().
647 Do we really want to hardcode limits per mechanism? What happens when
648 a new mechanism is added to the library. It *shouldn't* result in us
649 needing to add more glue, since avoiding that is a large part of the
650 point of SASL. */
651
652 propval = US gsasl_property_fast(sctx, GSASL_AUTHID);
653 auth_vars[0] = expand_nstring[1] = propval ? string_copy(propval) : US"";
654 propval = US gsasl_property_fast(sctx, GSASL_AUTHZID);
655 auth_vars[1] = expand_nstring[2] = propval ? string_copy(propval) : US"";
656 propval = US gsasl_property_fast(sctx, GSASL_REALM);
657 auth_vars[2] = expand_nstring[3] = propval ? string_copy(propval) : US"";
658 expand_nmax = 3;
659 for (int i = 1; i <= 3; ++i)
660 expand_nlength[i] = Ustrlen(expand_nstring[i]);
661
662 if (!ob->server_password)
663 break;
664 if (!(tmps = CS expand_string(ob->server_password)))
665 {
666 sasl_error_should_defer = f.expand_string_forcedfail ? FALSE : TRUE;
667 HDEBUG(D_auth) debug_printf("server_password expansion failed, so "
668 "can't tell GNU SASL library the password for %s\n", auth_vars[0]);
669 return GSASL_AUTHENTICATION_ERROR;
670 }
671 gsasl_property_set(sctx, GSASL_PASSWORD, tmps);
672
673 /* This is inadequate; don't think Exim's store stacks are geared
674 for memory wiping, so expanding strings will leave stuff laying around.
675 But no need to compound the problem, so get rid of the one we can. */
676
677 memset(tmps, '\0', strlen(tmps));
678 cbrc = GSASL_OK;
679 break;
680
681 default:
682 HDEBUG(D_auth) debug_printf(" Unrecognised callback: %d\n", prop);
683 cbrc = GSASL_NO_CALLBACK;
684 }
685
686HDEBUG(D_auth) debug_printf("Returning %s (%s)\n",
687 gsasl_strerror_name(cbrc), gsasl_strerror(cbrc));
688
689return cbrc;
690}
691
692
693/******************************************************************************/
694
695#define PROP_OPTIONAL BIT(0)
696
697static BOOL
698client_prop(Gsasl_session * sctx, Gsasl_property propnum, uschar * val,
699 const uschar * why, unsigned flags, uschar * buffer, int buffsize)
700{
701uschar * s;
702int rc;
703
704if (flags & PROP_OPTIONAL && !val) return TRUE;
705if (!(s = expand_string(val)) || !(flags & PROP_OPTIONAL) && !*s)
706 {
707 string_format(buffer, buffsize, "%s", expand_string_message);
708 return FALSE;
709 }
710if (*s) gsasl_property_set(sctx, propnum, CS s);
711return TRUE;
712}
713
714/*************************************************
715* Client entry point *
716*************************************************/
717
718/* For interface, see auths/README */
719
720int
721auth_gsasl_client(
722 auth_instance *ablock, /* authenticator block */
723 void * sx, /* connection */
724 int timeout, /* command timeout */
725 uschar *buffer, /* buffer for reading response */
726 int buffsize) /* size of buffer */
727{
728auth_gsasl_options_block *ob =
729 (auth_gsasl_options_block *)(ablock->options_block);
730Gsasl_session * sctx = NULL;
731struct callback_exim_state cb_state;
732uschar * s;
733BOOL initial = TRUE;
734int rc, yield = FAIL;
735
736HDEBUG(D_auth)
737 debug_printf("GNU SASL: initialising session for %s, mechanism %s\n",
738 ablock->name, ob->server_mech);
739
740*buffer = 0;
741
742#ifndef DISABLE_TLS
743if (tls_out.channelbinding && ob->client_channelbinding)
744 {
745# ifdef EXPERIMENTAL_TLS_RESUME
746 if (!tls_out.ext_master_secret && tls_out.resumption == RESUME_USED)
747 { /* per RFC 7677 section 4 */
748 string_format(buffer, buffsize, "%s",
749 "channel binding not usable on resumed TLS without extended-master-secret");
750 return FAIL;
751 }
752# endif
753# ifdef CHANNELBIND_HACK
754 /* This is a gross hack to get around the library a) requiring that
755 c-b was already set, at the _start() call, and b) caching a b64'd
756 version of the binding then which it never updates. */
757
758 gsasl_callback_hook_set(gsasl_ctx, tls_out.channelbinding);
759# endif
760 }
761#endif
762
763if ((rc = gsasl_client_start(gsasl_ctx, CCS ob->server_mech, &sctx)) != GSASL_OK)
764 {
765 string_format(buffer, buffsize, "GNU SASL: session start failure: %s (%s)",
766 gsasl_strerror_name(rc), gsasl_strerror(rc));
767 HDEBUG(D_auth) debug_printf("%s\n", buffer);
768 return ERROR;
769 }
770
771cb_state.ablock = ablock;
772cb_state.currently = CURRENTLY_CLIENT;
773gsasl_session_hook_set(sctx, &cb_state);
774
775/* Set properties */
776
777if ( !client_prop(sctx, GSASL_PASSWORD, ob->client_password, US"password",
778 0, buffer, buffsize)
779 || !client_prop(sctx, GSASL_AUTHID, ob->client_username, US"username",
780 0, buffer, buffsize)
781 || !client_prop(sctx, GSASL_AUTHZID, ob->client_authz, US"authz",
782 PROP_OPTIONAL, buffer, buffsize)
783 )
784 return ERROR;
785
786#ifndef DISABLE_TLS
787if (tls_out.channelbinding)
788 if (ob->client_channelbinding)
789 {
790 HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n",
791 ablock->name);
792# ifndef CHANNELBIND_HACK
793 gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_out.channelbinding);
794# endif
795 }
796 else
797 HDEBUG(D_auth)
798 debug_printf("Auth %s: Not enabling channel-binding (data available)\n",
799 ablock->name);
800#endif
801
802/* Run the SASL conversation with the server */
803
804for(s = NULL; ;)
805 {
806 uschar * outstr;
807 BOOL fail;
808
809 rc = gsasl_step64(sctx, CS s, CSS &outstr);
810
811 fail = initial
812 ? smtp_write_command(sx, SCMD_FLUSH,
813 outstr ? "AUTH %s %s\r\n" : "AUTH %s\r\n",
814 ablock->public_name, outstr) <= 0
815 : outstr
816 ? smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", outstr) <= 0
817 : FALSE;
818 if (outstr && *outstr) free(outstr);
819 if (fail)
820 {
821 yield = FAIL_SEND;
822 goto done;
823 }
824 initial = FALSE;
825
826 if (rc != GSASL_NEEDS_MORE)
827 {
828 if (rc != GSASL_OK)
829 {
830 string_format(buffer, buffsize, "gsasl: %s", gsasl_strerror(rc));
831 break;
832 }
833
834 /* expecting a final 2xx from the server, accepting the AUTH */
835
836 if (smtp_read_response(sx, buffer, buffsize, '2', timeout))
837 yield = OK;
838 break; /* from SASL sequence loop */
839 }
840
841 /* 2xx or 3xx response is acceptable. If 2xx, no further input */
842
843 if (!smtp_read_response(sx, buffer, buffsize, '3', timeout))
844 if (errno == 0 && buffer[0] == '2')
845 buffer[4] = '\0';
846 else
847 {
848 yield = FAIL;
849 goto done;
850 }
851 s = buffer + 4;
852 }
853
854done:
855gsasl_finish(sctx);
856return yield;
857}
858
859static int
860client_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, auth_instance *ablock)
861{
862HDEBUG(D_auth) debug_printf("GNU SASL callback %d for %s/%s as client\n",
863 prop, ablock->name, ablock->public_name);
864switch (prop)
865 {
866 case GSASL_AUTHZID:
867 HDEBUG(D_auth) debug_printf(" inquired for AUTHZID; not providing one\n");
868 break;
869 case GSASL_SCRAM_SALTED_PASSWORD:
870 HDEBUG(D_auth)
871 debug_printf(" inquired for SCRAM_SALTED_PASSWORD; not providing one\n");
872 break;
873 case GSASL_CB_TLS_UNIQUE:
874 HDEBUG(D_auth)
875 debug_printf(" inquired for CB_TLS_UNIQUE, filling in\n");
876 gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, CCS tls_out.channelbinding);
877 break;
878 }
879return GSASL_NO_CALLBACK;
880}
881
882/*************************************************
883* Diagnostic API *
884*************************************************/
885
886void
887auth_gsasl_version_report(FILE *f)
888{
889const char *runtime;
890runtime = gsasl_check_version(NULL);
891fprintf(f, "Library version: GNU SASL: Compile: %s\n"
892 " Runtime: %s\n",
893 GSASL_VERSION, runtime);
894}
895
896
897
898/* Dummy */
899void auth_gsasl_macros(void) {}
900
901#endif /*!MACRO_PREDEF*/
902#endif /* AUTH_GSASL */
903
904/* End of gsasl_exim.c */
Unnamed repository; edit this file 'description' to name the repository.