[exim.git] / src / src / auths / plaintext.c

/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.6 2006/10/16 15:44:36 ph10 Exp $ */

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2006 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"
#include "plaintext.h"


/* Options specific to the plaintext authentication mechanism. */

optionlist auth_plaintext_options[] = {
  { "client_ignore_invalid_base64", opt_bool,
      (void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
  { "client_send",        opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, client_send)) },
  { "server_prompts",     opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int auth_plaintext_options_count =
  sizeof(auth_plaintext_options)/sizeof(optionlist);

/* Default private options block for the plaintext authentication method. */

auth_plaintext_options_block auth_plaintext_option_defaults = {
  NULL,              /* server_prompts */
  NULL,              /* client_send */
  FALSE              /* client_ignore_invalid_base64 */
};


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to
enable consistency checks to be done, or anything else that needs
to be set up. */

void
auth_plaintext_init(auth_instance *ablock)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
if (ablock->public_name == NULL) ablock->public_name = ablock->name;
if (ablock->server_condition != NULL) ablock->server = TRUE;
if (ob->client_send != NULL) ablock->client = TRUE;
}


/*************************************************
*             Server entry point                 *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_server(auth_instance *ablock, uschar *data)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
uschar *prompts = ob->server_prompts;
uschar *clear, *end, *s;
int number = 1;
int len, rc;
int sep = 0;

/* Expand a non-empty list of prompt strings */

if (prompts != NULL)
  {
  prompts = expand_string(prompts);
  if (prompts == NULL)
    {
    auth_defer_msg = expand_string_message;
    return DEFER;
    }
  }

/* If data was supplied on the AUTH command, decode it, and split it up into
multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
up to a maximum. To retain backwards compatibility, they are also put int $1,
$2, etc. If the data consists of the string "=" it indicates a single, empty
string. */

if (*data != 0)
  {
  if (Ustrcmp(data, "=") == 0)
    {
    auth_vars[0] = expand_nstring[++expand_nmax] = US"";
    expand_nlength[expand_nmax] = 0;
    }
  else
    {
    if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
    end = clear + len;
    while (clear < end && expand_nmax < EXPAND_MAXN)
      {
      if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
      expand_nstring[++expand_nmax] = clear;
      while (*clear != 0) clear++;
      expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
      }
    }
  }

/* Now go through the list of prompt strings. Skip over any whose data has
already been provided as part of the AUTH command. For the rest, send them
out as prompts, and get a data item back. If the data item is "*", abandon the
authentication attempt. Otherwise, split it into items as above. */

while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
        != NULL && expand_nmax < EXPAND_MAXN)
  {
  if (number++ <= expand_nmax) continue;
  if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
  if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
  end = clear + len;

  /* This loop must run at least once, in case the length is zero */
  do
    {
    if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
    expand_nstring[++expand_nmax] = clear;
    while (*clear != 0) clear++;
    expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
    }
  while (clear < end && expand_nmax < EXPAND_MAXN);
  }

/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
compatibility, in $1, $2, etc). Authentication and authorization are handled
together for this authenticator by expanding the server_condition option. Note
that ablock->server_condition is always non-NULL because that's what configures
this authenticator as a server. */

return auth_check_serv_cond(ablock);
}


/*************************************************
*              Client entry point                *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_client(
  auth_instance *ablock,                 /* authenticator block */
  smtp_inblock *inblock,                 /* connection inblock */
  smtp_outblock *outblock,               /* connection outblock */
  int timeout,                           /* command timeout */
  uschar *buffer,                        /* buffer for reading response */
  int buffsize)                          /* size of buffer */
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
uschar *text = ob->client_send;
uschar *s;
BOOL first = TRUE;
int sep = 0;
int auth_var_idx = 0;

/* The text is broken up into a number of different data items, which are
sent one by one. The first one is sent with the AUTH command; the remainder are
sent in response to subsequent prompts. Each is expanded before being sent. */

while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL)
  {
  int i, len, clear_len;
  uschar *ss = expand_string(s);
  uschar *clear;

  /* Forced expansion failure is not an error; authentication is abandoned. On
  all but the first string, we have to abandon the authentication attempt by
  sending a line containing "*". Save the failed expansion string, because it
  is in big_buffer, and that gets used by the sending function. */

  if (ss == NULL)
    {
    uschar *ssave = string_copy(s);
    if (!first)
      {
      if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
        (void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
      }
    if (expand_string_forcedfail)
      {
      *buffer = 0;       /* No message */
      return CANCELLED;
      }
    string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
      "authenticator: %s", ssave, ablock->name, expand_string_message);
    return ERROR;
    }

  len = Ustrlen(ss);

  /* The character ^ is used as an escape for a binary zero character, which is
  needed for the PLAIN mechanism. It must be doubled if really needed. */

  for (i = 0; i < len; i++)
    {
    if (ss[i] == '^')
      {
      if (ss[i+1] != '^') ss[i] = 0; else
        {
        i++;
        len--;
        memmove(ss + i, ss + i + 1, len - i);
        }
      }
    }

  /* The first string is attached to the AUTH command; others are sent
  unembelished. */

  if (first)
    {
    first = FALSE;
    if (smtp_write_command(outblock, FALSE, "AUTH %s%s%s\r\n",
         ablock->public_name, (len == 0)? "" : " ",
         auth_b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }
  else
    {
    if (smtp_write_command(outblock, FALSE, "%s\r\n",
          auth_b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }

  /* If we receive a success response from the server, authentication
  has succeeded. There may be more data to send, but is there any point
  in provoking an error here? */

  if (smtp_read_response(inblock, US buffer, buffsize, '2', timeout)) return OK;

  /* Not a success response. If errno != 0 there is some kind of transmission
  error. Otherwise, check the response code in the buffer. If it starts with
  '3', more data is expected. */

  if (errno != 0 || buffer[0] != '3') return FAIL;

  /* If there is no more data to send, we have to cancel the authentication
  exchange and return ERROR. */

  if (text == NULL)
    {
    if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
      (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
    string_format(buffer, buffsize, "Too few items in client_send in %s "
      "authenticator", ablock->name);
    return ERROR;
    }

  /* Now that we know we'll continue, we put the received data into $auth<n>,
  if possible. First, decode it: buffer+4 skips over the SMTP status code. */

  clear_len = auth_b64decode(buffer+4, &clear);

  /* If decoding failed, the default is to terminate the authentication, and
  return FAIL, with the SMTP response still in the buffer. However, if client_
  ignore_invalid_base64 is set, we ignore the error, and put an empty string
  into $auth<n>. */

  if (clear_len < 0)
    {
    uschar *save_bad = string_copy(buffer);
    if (!ob->client_ignore_invalid_base64)
      {
      if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
        (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
      string_format(buffer, buffsize, "Invalid base64 string in server "
        "response \"%s\"", save_bad);
      return CANCELLED;
      }
    clear = US"";
    clear_len = 0;
    }

  if (auth_var_idx < AUTH_VARS)
    auth_vars[auth_var_idx++] = string_copy(clear);
  }

/* Control should never actually get here. */

return FAIL;
}

/* End of plaintext.c */
Commit	Line	Data
16ff981e	1	/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.6 2006/10/16 15:44:36 ph10 Exp $ */
0756eb3c PH	2
	3	/*************************************************
	4	* Exim - an Internet mail transport agent *
	5	*************************************************/
	6
d7d7b7b9	7	/* Copyright (c) University of Cambridge 1995 - 2006 */
0756eb3c PH	8	/* See the file NOTICE for conditions of use and distribution. */
	9
	10	#include "../exim.h"
	11	#include "plaintext.h"
	12
	13
	14	/* Options specific to the plaintext authentication mechanism. */
	15
	16	optionlist auth_plaintext_options[] = {
4730f942 PH	17	{ "client_ignore_invalid_base64", opt_bool,
4730f942 PH	18	(void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
0756eb3c PH	19	{ "client_send", opt_stringptr,
0756eb3c PH	20	(void *)(offsetof(auth_plaintext_options_block, client_send)) },
0756eb3c PH	21	{ "server_prompts", opt_stringptr,
	22	(void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
	23	};
	24
	25	/* Size of the options list. An extern variable has to be used so that its
	26	address can appear in the tables drtables.c. */
	27
	28	int auth_plaintext_options_count =
	29	sizeof(auth_plaintext_options)/sizeof(optionlist);
	30
	31	/* Default private options block for the plaintext authentication method. */
	32
	33	auth_plaintext_options_block auth_plaintext_option_defaults = {
0756eb3c	34	NULL, /* server_prompts */
4730f942 PH	35	NULL, /* client_send */
4730f942 PH	36	FALSE /* client_ignore_invalid_base64 */
0756eb3c PH	37	};
	38
	39
	40	/*************************************************
	41	* Initialization entry point *
	42	*************************************************/
	43
	44	/* Called for each instance, after its options have been read, to
	45	enable consistency checks to be done, or anything else that needs
	46	to be set up. */
	47
	48	void
	49	auth_plaintext_init(auth_instance *ablock)
	50	{
	51	auth_plaintext_options_block *ob =
	52	(auth_plaintext_options_block *)(ablock->options_block);
	53	if (ablock->public_name == NULL) ablock->public_name = ablock->name;
16ff981e	54	if (ablock->server_condition != NULL) ablock->server = TRUE;
0756eb3c PH	55	if (ob->client_send != NULL) ablock->client = TRUE;
	56	}
	57
	58
	59
	60	/*************************************************
	61	* Server entry point *
	62	*************************************************/
	63
	64	/* For interface, see auths/README */
	65
	66	int
	67	auth_plaintext_server(auth_instance ablock, uschar data)
	68	{
	69	auth_plaintext_options_block *ob =
	70	(auth_plaintext_options_block *)(ablock->options_block);
	71	uschar *prompts = ob->server_prompts;
16ff981e	72	uschar clear, end, *s;
0756eb3c PH	73	int number = 1;
	74	int len, rc;
	75	int sep = 0;
	76
	77	/* Expand a non-empty list of prompt strings */
	78
	79	if (prompts != NULL)
	80	{
	81	prompts = expand_string(prompts);
	82	if (prompts == NULL)
	83	{
	84	auth_defer_msg = expand_string_message;
	85	return DEFER;
	86	}
	87	}
	88
	89	/* If data was supplied on the AUTH command, decode it, and split it up into
f78eb7c6 PH	90	multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
	91	up to a maximum. To retain backwards compatibility, they are also put int $1,
	92	$2, etc. If the data consists of the string "=" it indicates a single, empty
	93	string. */
0756eb3c PH	94
	95	if (*data != 0)
	96	{
	97	if (Ustrcmp(data, "=") == 0)
	98	{
f78eb7c6	99	auth_vars[0] = expand_nstring[++expand_nmax] = US"";
0756eb3c PH	100	expand_nlength[expand_nmax] = 0;
	101	}
	102	else
	103	{
	104	if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
	105	end = clear + len;
	106	while (clear < end && expand_nmax < EXPAND_MAXN)
	107	{
f78eb7c6	108	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
0756eb3c PH	109	expand_nstring[++expand_nmax] = clear;
	110	while (*clear != 0) clear++;
	111	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	112	}
	113	}
	114	}
	115
	116	/* Now go through the list of prompt strings. Skip over any whose data has
	117	already been provided as part of the AUTH command. For the rest, send them
	118	out as prompts, and get a data item back. If the data item is "*", abandon the
	119	authentication attempt. Otherwise, split it into items as above. */
	120
	121	while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
	122	!= NULL && expand_nmax < EXPAND_MAXN)
	123	{
	124	if (number++ <= expand_nmax) continue;
	125	if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
	126	if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
	127	end = clear + len;
	128
	129	/* This loop must run at least once, in case the length is zero */
	130	do
	131	{
f78eb7c6	132	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
0756eb3c PH	133	expand_nstring[++expand_nmax] = clear;
	134	while (*clear != 0) clear++;
	135	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	136	}
	137	while (clear < end && expand_nmax < EXPAND_MAXN);
	138	}
	139
f78eb7c6	140	/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
16ff981e PH	141	compatibility, in $1, $2, etc). Authentication and authorization are handled
	142	together for this authenticator by expanding the server_condition option. Note
	143	that ablock->server_condition is always non-NULL because that's what configures
	144	this authenticator as a server. */
0756eb3c	145
16ff981e	146	return auth_check_serv_cond(ablock);
0756eb3c PH	147	}
	148
	149
	150
	151	/*************************************************
	152	* Client entry point *
	153	*************************************************/
	154
	155	/* For interface, see auths/README */
	156
	157	int
	158	auth_plaintext_client(
	159	auth_instance ablock, / authenticator block */
	160	smtp_inblock inblock, / connection inblock */
	161	smtp_outblock outblock, / connection outblock */
	162	int timeout, /* command timeout */
	163	uschar buffer, / buffer for reading response */
	164	int buffsize) /* size of buffer */
	165	{
	166	auth_plaintext_options_block *ob =
	167	(auth_plaintext_options_block *)(ablock->options_block);
	168	uschar *text = ob->client_send;
	169	uschar *s;
	170	BOOL first = TRUE;
	171	int sep = 0;
4730f942	172	int auth_var_idx = 0;
0756eb3c PH	173
	174	/* The text is broken up into a number of different data items, which are
	175	sent one by one. The first one is sent with the AUTH command; the remainder are
	176	sent in response to subsequent prompts. Each is expanded before being sent. */
	177
	178	while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL)
	179	{
4730f942	180	int i, len, clear_len;
0756eb3c	181	uschar *ss = expand_string(s);
4730f942	182	uschar *clear;
0756eb3c PH	183
	184	/* Forced expansion failure is not an error; authentication is abandoned. On
	185	all but the first string, we have to abandon the authentication attempt by
	186	sending a line containing "*". Save the failed expansion string, because it
	187	is in big_buffer, and that gets used by the sending function. */
	188
	189	if (ss == NULL)
	190	{
	191	uschar *ssave = string_copy(s);
	192	if (!first)
	193	{
	194	if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
	195	(void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
	196	}
4730f942 PH	197	if (expand_string_forcedfail)
	198	{
	199	buffer = 0; / No message */
	200	return CANCELLED;
	201	}
0756eb3c PH	202	string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
	203	"authenticator: %s", ssave, ablock->name, expand_string_message);
	204	return ERROR;
	205	}
	206
	207	len = Ustrlen(ss);
	208
	209	/* The character ^ is used as an escape for a binary zero character, which is
	210	needed for the PLAIN mechanism. It must be doubled if really needed. */
	211
	212	for (i = 0; i < len; i++)
	213	{
	214	if (ss[i] == '^')
	215	{
	216	if (ss[i+1] != '^') ss[i] = 0; else
	217	{
	218	i++;
	219	len--;
	220	memmove(ss + i, ss + i + 1, len - i);
	221	}
	222	}
	223	}
	224
	225	/* The first string is attached to the AUTH command; others are sent
	226	unembelished. */
	227
	228	if (first)
	229	{
	230	first = FALSE;
	231	if (smtp_write_command(outblock, FALSE, "AUTH %s%s%s\r\n",
	232	ablock->public_name, (len == 0)? "" : " ",
	233	auth_b64encode(ss, len)) < 0)
	234	return FAIL_SEND;
	235	}
	236	else
	237	{
	238	if (smtp_write_command(outblock, FALSE, "%s\r\n",
	239	auth_b64encode(ss, len)) < 0)
	240	return FAIL_SEND;
	241	}
	242
	243	/* If we receive a success response from the server, authentication
	244	has succeeded. There may be more data to send, but is there any point
	245	in provoking an error here? */
	246
	247	if (smtp_read_response(inblock, US buffer, buffsize, '2', timeout)) return OK;
	248
	249	/* Not a success response. If errno != 0 there is some kind of transmission
	250	error. Otherwise, check the response code in the buffer. If it starts with
	251	'3', more data is expected. */
	252
	253	if (errno != 0 \|\| buffer[0] != '3') return FAIL;
	254
	255	/* If there is no more data to send, we have to cancel the authentication
	256	exchange and return ERROR. */
	257
	258	if (text == NULL)
	259	{
	260	if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
	261	(void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
	262	string_format(buffer, buffsize, "Too few items in client_send in %s "
	263	"authenticator", ablock->name);
	264	return ERROR;
	265	}
4730f942 PH	266
	267	/* Now that we know we'll continue, we put the received data into $auth<n>,
	268	if possible. First, decode it: buffer+4 skips over the SMTP status code. */
	269
	270	clear_len = auth_b64decode(buffer+4, &clear);
	271
	272	/* If decoding failed, the default is to terminate the authentication, and
	273	return FAIL, with the SMTP response still in the buffer. However, if client_
	274	ignore_invalid_base64 is set, we ignore the error, and put an empty string
	275	into $auth<n>. */
	276
	277	if (clear_len < 0)
	278	{
	279	uschar *save_bad = string_copy(buffer);
	280	if (!ob->client_ignore_invalid_base64)
	281	{
	282	if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
	283	(void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
	284	string_format(buffer, buffsize, "Invalid base64 string in server "
	285	"response \"%s\"", save_bad);
	286	return CANCELLED;
	287	}
	288	clear = US"";
	289	clear_len = 0;
	290	}
	291
	292	if (auth_var_idx < AUTH_VARS)
	293	auth_vars[auth_var_idx++] = string_copy(clear);
0756eb3c PH	294	}
	295
	296	/* Control should never actually get here. */
	297
	298	return FAIL;
	299	}
	300
	301	/* End of plaintext.c */