[exim.git] / src / src / auths / external.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) Jeremy Harris 2019 */
/* See the file NOTICE for conditions of use and distribution. */

/* This file provides an Exim authenticator driver for
a server to verify a client SSL certificate, using the EXTERNAL
method defined in RFC 4422 Appendix A.
*/


#include "../exim.h"
#include "external.h"

/* Options specific to the external authentication mechanism. */

optionlist auth_external_options[] = {
  { "client_send",	opt_stringptr, OPT_OFF(auth_external_options_block, client_send) },
  { "server_param2",	opt_stringptr, OPT_OFF(auth_external_options_block, server_param2) },
  { "server_param3",	opt_stringptr, OPT_OFF(auth_external_options_block, server_param3) },
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int auth_external_options_count = nelem(auth_external_options);

/* Default private options block for the authentication method. */

auth_external_options_block auth_external_option_defaults = {
    .server_param2 = NULL,
    .server_param3 = NULL,

    .client_send = NULL,
};


#ifdef MACRO_PREDEF

/* Dummy values */
void auth_external_init(auth_instance *ablock) {}
int auth_external_server(auth_instance *ablock, uschar *data) {return 0;}
int auth_external_client(auth_instance *ablock, void * sx,
  int timeout, uschar *buffer, int buffsize) {return 0;}

#else   /*!MACRO_PREDEF*/


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to
enable consistency checks to be done, or anything else that needs
to be set up. */

void
auth_external_init(auth_instance *ablock)
{
auth_external_options_block * ob = (auth_external_options_block *)ablock->options_block;
if (!ablock->public_name) ablock->public_name = ablock->name;
if (ablock->server_condition) ablock->server = TRUE;
if (ob->client_send) ablock->client = TRUE;
}


/*************************************************
*             Server entry point                 *
*************************************************/

/* For interface, see auths/README */

int
auth_external_server(auth_instance * ablock, uschar * data)
{
auth_external_options_block * ob = (auth_external_options_block *)ablock->options_block;
int rc;

/* If data was supplied on the AUTH command, decode it, and split it up into
multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
up to a maximum. To retain backwards compatibility, they are also put int $1,
$2, etc. If the data consists of the string "=" it indicates a single, empty
string. */

if (*data)
  if ((rc = auth_read_input(data)) != OK)
    return rc;

/* Now go through the list of prompt strings. Skip over any whose data has
already been provided as part of the AUTH command. For the rest, send them
out as prompts, and get a data item back. If the data item is "*", abandon the
authentication attempt. Otherwise, split it into items as above. */

if (expand_nmax == 0) 	/* skip if rxd data */
  if ((rc = auth_prompt(CUS"")) != OK)
    return rc;

if (ob->server_param2)
  {
  uschar * s = expand_string(ob->server_param2);
  auth_vars[expand_nmax] = s;
  expand_nstring[++expand_nmax] = s;
  expand_nlength[expand_nmax] = Ustrlen(s);
  if (ob->server_param3)
    {
    s = expand_string(ob->server_param3);
    auth_vars[expand_nmax] = s;
    expand_nstring[++expand_nmax] = s;
    expand_nlength[expand_nmax] = Ustrlen(s);
    }
  }

return auth_check_serv_cond(ablock);
}


/*************************************************
*              Client entry point                *
*************************************************/

/* For interface, see auths/README */

int
auth_external_client(
  auth_instance *ablock,                 /* authenticator block */
  void * sx,				 /* smtp connextion */
  int timeout,                           /* command timeout */
  uschar *buffer,                        /* buffer for reading response */
  int buffsize)                          /* size of buffer */
{
auth_external_options_block *ob =
  (auth_external_options_block *)(ablock->options_block);
const uschar * text = ob->client_send;
int rc;

/* We output an AUTH command with one expanded argument, the client_send option */

if ((rc = auth_client_item(sx, ablock, &text, AUTH_ITEM_FIRST | AUTH_ITEM_LAST,
      timeout, buffer, buffsize)) != OK)
  return rc == DEFER ? FAIL : rc;

if (text) auth_vars[0] = string_copy(text);
return OK;
}


#endif   /*!MACRO_PREDEF*/
/* End of external.c */
Commit	Line	Data
b53c265b JH	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
	5	/* Copyright (c) Jeremy Harris 2019 */
	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	/* This file provides an Exim authenticator driver for
	9	a server to verify a client SSL certificate, using the EXTERNAL
	10	method defined in RFC 4422 Appendix A.
	11	*/
	12
	13
	14	#include "../exim.h"
	15	#include "external.h"
	16
	17	/* Options specific to the external authentication mechanism. */
	18
	19	optionlist auth_external_options[] = {
23f2e90d JH	20	{ "client_send", opt_stringptr, OPT_OFF(auth_external_options_block, client_send) },
	21	{ "server_param2", opt_stringptr, OPT_OFF(auth_external_options_block, server_param2) },
	22	{ "server_param3", opt_stringptr, OPT_OFF(auth_external_options_block, server_param3) },
b53c265b JH	23	};
	24
	25	/* Size of the options list. An extern variable has to be used so that its
	26	address can appear in the tables drtables.c. */
	27
	28	int auth_external_options_count = nelem(auth_external_options);
	29
	30	/* Default private options block for the authentication method. */
	31
	32	auth_external_options_block auth_external_option_defaults = {
	33	.server_param2 = NULL,
	34	.server_param3 = NULL,
	35
	36	.client_send = NULL,
	37	};
	38
	39
	40	#ifdef MACRO_PREDEF
	41
	42	/* Dummy values */
	43	void auth_external_init(auth_instance *ablock) {}
	44	int auth_external_server(auth_instance ablock, uschar data) {return 0;}
	45	int auth_external_client(auth_instance ablock, void sx,
	46	int timeout, uschar *buffer, int buffsize) {return 0;}
	47
	48	#else /!MACRO_PREDEF/
	49
	50
	51
	52
	53	/*************************************************
	54	* Initialization entry point *
	55	*************************************************/
	56
	57	/* Called for each instance, after its options have been read, to
	58	enable consistency checks to be done, or anything else that needs
	59	to be set up. */
	60
	61	void
	62	auth_external_init(auth_instance *ablock)
	63	{
	64	auth_external_options_block * ob = (auth_external_options_block *)ablock->options_block;
	65	if (!ablock->public_name) ablock->public_name = ablock->name;
	66	if (ablock->server_condition) ablock->server = TRUE;
	67	if (ob->client_send) ablock->client = TRUE;
	68	}
	69
	70
	71
	72	/*************************************************
	73	* Server entry point *
	74	*************************************************/
	75
	76	/* For interface, see auths/README */
	77
	78	int
	79	auth_external_server(auth_instance * ablock, uschar * data)
	80	{
	81	auth_external_options_block * ob = (auth_external_options_block *)ablock->options_block;
	82	int rc;
	83
	84	/* If data was supplied on the AUTH command, decode it, and split it up into
	85	multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
	86	up to a maximum. To retain backwards compatibility, they are also put int $1,
87	$2, etc. If the data consists of the string "=" it indicates a single, empty
88	string. */
89
90	if (*data)
91	if ((rc = auth_read_input(data)) != OK)
92	return rc;
93
94	/* Now go through the list of prompt strings. Skip over any whose data has
95	already been provided as part of the AUTH command. For the rest, send them
96	out as prompts, and get a data item back. If the data item is "*", abandon the
97	authentication attempt. Otherwise, split it into items as above. */
98
99	if (expand_nmax == 0) /* skip if rxd data */
100	if ((rc = auth_prompt(CUS"")) != OK)
101	return rc;
102
103	if (ob->server_param2)
104	{
105	uschar * s = expand_string(ob->server_param2);
106	auth_vars[expand_nmax] = s;
107	expand_nstring[++expand_nmax] = s;
108	expand_nlength[expand_nmax] = Ustrlen(s);
109	if (ob->server_param3)
110	{
111	s = expand_string(ob->server_param3);
112	auth_vars[expand_nmax] = s;
113	expand_nstring[++expand_nmax] = s;
114	expand_nlength[expand_nmax] = Ustrlen(s);
115	}
116	}
117
118	return auth_check_serv_cond(ablock);
119	}
120
121
122
123	/*************************************************
124	* Client entry point *
125	*************************************************/
126
127	/* For interface, see auths/README */
128
129	int
130	auth_external_client(
131	auth_instance ablock, / authenticator block */
132	void * sx, /* smtp connextion */
133	int timeout, /* command timeout */
134	uschar buffer, / buffer for reading response */
135	int buffsize) /* size of buffer */
136	{
137	auth_external_options_block *ob =
138	(auth_external_options_block *)(ablock->options_block);
139	const uschar * text = ob->client_send;
140	int rc;
141
142	/* We output an AUTH command with one expanded argument, the client_send option */
143
144	if ((rc = auth_client_item(sx, ablock, &text, AUTH_ITEM_FIRST \| AUTH_ITEM_LAST,
145	timeout, buffer, buffsize)) != OK)
146	return rc == DEFER ? FAIL : rc;
147
148	if (text) auth_vars[0] = string_copy(text);
149	return OK;
150	}
151
152
153
154	#endif /!MACRO_PREDEF/
155	/* End of external.c */