[exim.git] / src / src / auths / plaintext.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2015 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"
#include "plaintext.h"


/* Options specific to the plaintext authentication mechanism. */

optionlist auth_plaintext_options[] = {
  { "client_ignore_invalid_base64", opt_bool,
      (void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
  { "client_send",        opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, client_send)) },
  { "server_prompts",     opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int auth_plaintext_options_count =
  sizeof(auth_plaintext_options)/sizeof(optionlist);

/* Default private options block for the plaintext authentication method. */

auth_plaintext_options_block auth_plaintext_option_defaults = {
  NULL,              /* server_prompts */
  NULL,              /* client_send */
  FALSE              /* client_ignore_invalid_base64 */
};


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to
enable consistency checks to be done, or anything else that needs
to be set up. */

void
auth_plaintext_init(auth_instance *ablock)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
if (ablock->public_name == NULL) ablock->public_name = ablock->name;
if (ablock->server_condition != NULL) ablock->server = TRUE;
if (ob->client_send != NULL) ablock->client = TRUE;
}


/*************************************************
*             Server entry point                 *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_server(auth_instance *ablock, uschar *data)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
const uschar *prompts = ob->server_prompts;
uschar *clear, *end, *s;
int number = 1;
int len, rc;
int sep = 0;

/* Expand a non-empty list of prompt strings */

if (prompts != NULL)
  {
  prompts = expand_cstring(prompts);
  if (prompts == NULL)
    {
    auth_defer_msg = expand_string_message;
    return DEFER;
    }
  }

/* If data was supplied on the AUTH command, decode it, and split it up into
multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
up to a maximum. To retain backwards compatibility, they are also put int $1,
$2, etc. If the data consists of the string "=" it indicates a single, empty
string. */

if (*data != 0)
  {
  if (Ustrcmp(data, "=") == 0)
    {
    auth_vars[0] = expand_nstring[++expand_nmax] = US"";
    expand_nlength[expand_nmax] = 0;
    }
  else
    {
    if ((len = b64decode(data, &clear)) < 0) return BAD64;
    end = clear + len;
    while (clear < end && expand_nmax < EXPAND_MAXN)
      {
      if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
      expand_nstring[++expand_nmax] = clear;
      while (*clear != 0) clear++;
      expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
      }
    }
  }

/* Now go through the list of prompt strings. Skip over any whose data has
already been provided as part of the AUTH command. For the rest, send them
out as prompts, and get a data item back. If the data item is "*", abandon the
authentication attempt. Otherwise, split it into items as above. */

while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
        != NULL && expand_nmax < EXPAND_MAXN)
  {
  if (number++ <= expand_nmax) continue;
  if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
  if ((len = b64decode(data, &clear)) < 0) return BAD64;
  end = clear + len;

  /* This loop must run at least once, in case the length is zero */
  do
    {
    if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
    expand_nstring[++expand_nmax] = clear;
    while (*clear != 0) clear++;
    expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
    }
  while (clear < end && expand_nmax < EXPAND_MAXN);
  }

/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
compatibility, in $1, $2, etc). Authentication and authorization are handled
together for this authenticator by expanding the server_condition option. Note
that ablock->server_condition is always non-NULL because that's what configures
this authenticator as a server. */

return auth_check_serv_cond(ablock);
}


/*************************************************
*              Client entry point                *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_client(
  auth_instance *ablock,                 /* authenticator block */
  smtp_inblock *inblock,                 /* connection inblock */
  smtp_outblock *outblock,               /* connection outblock */
  int timeout,                           /* command timeout */
  uschar *buffer,                        /* buffer for reading response */
  int buffsize)                          /* size of buffer */
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
const uschar *text = ob->client_send;
uschar *s;
BOOL first = TRUE;
int sep = 0;
int auth_var_idx = 0;

/* The text is broken up into a number of different data items, which are
sent one by one. The first one is sent with the AUTH command; the remainder are
sent in response to subsequent prompts. Each is expanded before being sent. */

while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)))
  {
  int i, len, clear_len;
  uschar *ss = expand_string(s);
  uschar *clear;

  /* Forced expansion failure is not an error; authentication is abandoned. On
  all but the first string, we have to abandon the authentication attempt by
  sending a line containing "*". Save the failed expansion string, because it
  is in big_buffer, and that gets used by the sending function. */

  if (!ss)
    {
    uschar *ssave = string_copy(s);
    if (!first)
      {
      if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
        (void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
      }
    if (expand_string_forcedfail)
      {
      *buffer = 0;       /* No message */
      return CANCELLED;
      }
    string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
      "authenticator: %s", ssave, ablock->name, expand_string_message);
    return ERROR;
    }

  len = Ustrlen(ss);

  /* The character ^ is used as an escape for a binary zero character, which is
  needed for the PLAIN mechanism. It must be doubled if really needed. */

  for (i = 0; i < len; i++)
    if (ss[i] == '^')
      if (ss[i+1] != '^')
	ss[i] = 0;
      else
        {
        i++;
        len--;
        memmove(ss + i, ss + i + 1, len - i);
        }

  /* The first string is attached to the AUTH command; others are sent
  unembellished. */

  if (first)
    {
    first = FALSE;
    if (smtp_write_command(outblock, SCMD_FLUSH, "AUTH %s%s%s\r\n",
         ablock->public_name, (len == 0)? "" : " ",
         b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }
  else
    {
    if (smtp_write_command(outblock, SCMD_FLUSH, "%s\r\n",
          b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }

  /* If we receive a success response from the server, authentication
  has succeeded. There may be more data to send, but is there any point
  in provoking an error here? */

  if (smtp_read_response(inblock, US buffer, buffsize, '2', timeout)) return OK;

  /* Not a success response. If errno != 0 there is some kind of transmission
  error. Otherwise, check the response code in the buffer. If it starts with
  '3', more data is expected. */

  if (errno != 0 || buffer[0] != '3') return FAIL;

  /* If there is no more data to send, we have to cancel the authentication
  exchange and return ERROR. */

  if (text == NULL)
    {
    if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
      (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
    string_format(buffer, buffsize, "Too few items in client_send in %s "
      "authenticator", ablock->name);
    return ERROR;
    }

  /* Now that we know we'll continue, we put the received data into $auth<n>,
  if possible. First, decode it: buffer+4 skips over the SMTP status code. */

  clear_len = b64decode(buffer+4, &clear);

  /* If decoding failed, the default is to terminate the authentication, and
  return FAIL, with the SMTP response still in the buffer. However, if client_
  ignore_invalid_base64 is set, we ignore the error, and put an empty string
  into $auth<n>. */

  if (clear_len < 0)
    {
    uschar *save_bad = string_copy(buffer);
    if (!ob->client_ignore_invalid_base64)
      {
      if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
        (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
      string_format(buffer, buffsize, "Invalid base64 string in server "
        "response \"%s\"", save_bad);
      return CANCELLED;
      }
    clear = US"";
    clear_len = 0;
    }

  if (auth_var_idx < AUTH_VARS)
    auth_vars[auth_var_idx++] = string_copy(clear);
  }

/* Control should never actually get here. */

return FAIL;
}

/* End of plaintext.c */
Commit	Line	Data
0756eb3c PH	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
3386088d	5	/* Copyright (c) University of Cambridge 1995 - 2015 */
0756eb3c PH	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	#include "../exim.h"
	9	#include "plaintext.h"
	10
	11
	12	/* Options specific to the plaintext authentication mechanism. */
	13
	14	optionlist auth_plaintext_options[] = {
4730f942 PH	15	{ "client_ignore_invalid_base64", opt_bool,
4730f942 PH	16	(void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
0756eb3c PH	17	{ "client_send", opt_stringptr,
0756eb3c PH	18	(void *)(offsetof(auth_plaintext_options_block, client_send)) },
0756eb3c PH	19	{ "server_prompts", opt_stringptr,
	20	(void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
	21	};
	22
	23	/* Size of the options list. An extern variable has to be used so that its
	24	address can appear in the tables drtables.c. */
	25
	26	int auth_plaintext_options_count =
	27	sizeof(auth_plaintext_options)/sizeof(optionlist);
	28
	29	/* Default private options block for the plaintext authentication method. */
	30
	31	auth_plaintext_options_block auth_plaintext_option_defaults = {
0756eb3c	32	NULL, /* server_prompts */
4730f942 PH	33	NULL, /* client_send */
4730f942 PH	34	FALSE /* client_ignore_invalid_base64 */
0756eb3c PH	35	};
	36
	37
	38	/*************************************************
	39	* Initialization entry point *
	40	*************************************************/
	41
	42	/* Called for each instance, after its options have been read, to
	43	enable consistency checks to be done, or anything else that needs
	44	to be set up. */
	45
	46	void
	47	auth_plaintext_init(auth_instance *ablock)
	48	{
	49	auth_plaintext_options_block *ob =
	50	(auth_plaintext_options_block *)(ablock->options_block);
	51	if (ablock->public_name == NULL) ablock->public_name = ablock->name;
16ff981e	52	if (ablock->server_condition != NULL) ablock->server = TRUE;
0756eb3c PH	53	if (ob->client_send != NULL) ablock->client = TRUE;
	54	}
	55
	56
	57
	58	/*************************************************
	59	* Server entry point *
	60	*************************************************/
	61
	62	/* For interface, see auths/README */
	63
	64	int
	65	auth_plaintext_server(auth_instance ablock, uschar data)
	66	{
	67	auth_plaintext_options_block *ob =
	68	(auth_plaintext_options_block *)(ablock->options_block);
55414b25	69	const uschar *prompts = ob->server_prompts;
16ff981e	70	uschar clear, end, *s;
0756eb3c PH	71	int number = 1;
	72	int len, rc;
	73	int sep = 0;
	74
	75	/* Expand a non-empty list of prompt strings */
	76
	77	if (prompts != NULL)
	78	{
55414b25	79	prompts = expand_cstring(prompts);
0756eb3c PH	80	if (prompts == NULL)
	81	{
	82	auth_defer_msg = expand_string_message;
	83	return DEFER;
	84	}
	85	}
	86
	87	/* If data was supplied on the AUTH command, decode it, and split it up into
f78eb7c6 PH	88	multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
	89	up to a maximum. To retain backwards compatibility, they are also put int $1,
	90	$2, etc. If the data consists of the string "=" it indicates a single, empty
	91	string. */
0756eb3c PH	92
	93	if (*data != 0)
	94	{
	95	if (Ustrcmp(data, "=") == 0)
	96	{
f78eb7c6	97	auth_vars[0] = expand_nstring[++expand_nmax] = US"";
0756eb3c PH	98	expand_nlength[expand_nmax] = 0;
	99	}
	100	else
	101	{
f4d091fb	102	if ((len = b64decode(data, &clear)) < 0) return BAD64;
0756eb3c PH	103	end = clear + len;
	104	while (clear < end && expand_nmax < EXPAND_MAXN)
	105	{
f78eb7c6	106	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
0756eb3c PH	107	expand_nstring[++expand_nmax] = clear;
	108	while (*clear != 0) clear++;
	109	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	110	}
	111	}
	112	}
	113
	114	/* Now go through the list of prompt strings. Skip over any whose data has
	115	already been provided as part of the AUTH command. For the rest, send them
	116	out as prompts, and get a data item back. If the data item is "*", abandon the
	117	authentication attempt. Otherwise, split it into items as above. */
	118
	119	while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
	120	!= NULL && expand_nmax < EXPAND_MAXN)
	121	{
	122	if (number++ <= expand_nmax) continue;
	123	if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
f4d091fb	124	if ((len = b64decode(data, &clear)) < 0) return BAD64;
0756eb3c PH	125	end = clear + len;
	126
	127	/* This loop must run at least once, in case the length is zero */
	128	do
	129	{
f78eb7c6	130	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
0756eb3c PH	131	expand_nstring[++expand_nmax] = clear;
	132	while (*clear != 0) clear++;
	133	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	134	}
	135	while (clear < end && expand_nmax < EXPAND_MAXN);
	136	}
	137
f78eb7c6	138	/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
16ff981e PH	139	compatibility, in $1, $2, etc). Authentication and authorization are handled
	140	together for this authenticator by expanding the server_condition option. Note
	141	that ablock->server_condition is always non-NULL because that's what configures
	142	this authenticator as a server. */
0756eb3c	143
16ff981e	144	return auth_check_serv_cond(ablock);
0756eb3c PH	145	}
	146
	147
	148
	149	/*************************************************
	150	* Client entry point *
	151	*************************************************/
	152
	153	/* For interface, see auths/README */
	154
	155	int
	156	auth_plaintext_client(
	157	auth_instance ablock, / authenticator block */
	158	smtp_inblock inblock, / connection inblock */
	159	smtp_outblock outblock, / connection outblock */
	160	int timeout, /* command timeout */
	161	uschar buffer, / buffer for reading response */
	162	int buffsize) /* size of buffer */
	163	{
	164	auth_plaintext_options_block *ob =
	165	(auth_plaintext_options_block *)(ablock->options_block);
55414b25	166	const uschar *text = ob->client_send;
0756eb3c PH	167	uschar *s;
	168	BOOL first = TRUE;
	169	int sep = 0;
4730f942	170	int auth_var_idx = 0;
0756eb3c PH	171
	172	/* The text is broken up into a number of different data items, which are
	173	sent one by one. The first one is sent with the AUTH command; the remainder are
	174	sent in response to subsequent prompts. Each is expanded before being sent. */
	175
4e910c01	176	while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)))
0756eb3c	177	{
4730f942	178	int i, len, clear_len;
0756eb3c	179	uschar *ss = expand_string(s);
4730f942	180	uschar *clear;
0756eb3c PH	181
	182	/* Forced expansion failure is not an error; authentication is abandoned. On
	183	all but the first string, we have to abandon the authentication attempt by
	184	sending a line containing "*". Save the failed expansion string, because it
	185	is in big_buffer, and that gets used by the sending function. */
	186
4e910c01	187	if (!ss)
0756eb3c PH	188	{
	189	uschar *ssave = string_copy(s);
	190	if (!first)
	191	{
4e910c01	192	if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
0756eb3c PH	193	(void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
0756eb3c PH	194	}
4730f942 PH	195	if (expand_string_forcedfail)
	196	{
	197	buffer = 0; / No message */
	198	return CANCELLED;
	199	}
0756eb3c PH	200	string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
	201	"authenticator: %s", ssave, ablock->name, expand_string_message);
	202	return ERROR;
	203	}
	204
	205	len = Ustrlen(ss);
	206
	207	/* The character ^ is used as an escape for a binary zero character, which is
	208	needed for the PLAIN mechanism. It must be doubled if really needed. */
	209
	210	for (i = 0; i < len; i++)
0756eb3c	211	if (ss[i] == '^')
4e910c01 JH	212	if (ss[i+1] != '^')
	213	ss[i] = 0;
	214	else
0756eb3c PH	215	{
	216	i++;
	217	len--;
	218	memmove(ss + i, ss + i + 1, len - i);
	219	}
0756eb3c PH	220
0756eb3c PH	221	/* The first string is attached to the AUTH command; others are sent
4c04137d	222	unembellished. */
0756eb3c PH	223
	224	if (first)
	225	{
	226	first = FALSE;
4e910c01	227	if (smtp_write_command(outblock, SCMD_FLUSH, "AUTH %s%s%s\r\n",
0756eb3c	228	ablock->public_name, (len == 0)? "" : " ",
f4d091fb	229	b64encode(ss, len)) < 0)
0756eb3c PH	230	return FAIL_SEND;
	231	}
	232	else
	233	{
4e910c01	234	if (smtp_write_command(outblock, SCMD_FLUSH, "%s\r\n",
f4d091fb	235	b64encode(ss, len)) < 0)
0756eb3c PH	236	return FAIL_SEND;
	237	}
	238
	239	/* If we receive a success response from the server, authentication
	240	has succeeded. There may be more data to send, but is there any point
	241	in provoking an error here? */
	242
	243	if (smtp_read_response(inblock, US buffer, buffsize, '2', timeout)) return OK;
	244
	245	/* Not a success response. If errno != 0 there is some kind of transmission
	246	error. Otherwise, check the response code in the buffer. If it starts with
	247	'3', more data is expected. */
	248
	249	if (errno != 0 \|\| buffer[0] != '3') return FAIL;
	250
	251	/* If there is no more data to send, we have to cancel the authentication
	252	exchange and return ERROR. */
	253
	254	if (text == NULL)
	255	{
4e910c01	256	if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
0756eb3c PH	257	(void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
	258	string_format(buffer, buffsize, "Too few items in client_send in %s "
	259	"authenticator", ablock->name);
	260	return ERROR;
	261	}
4730f942 PH	262
	263	/* Now that we know we'll continue, we put the received data into $auth<n>,
	264	if possible. First, decode it: buffer+4 skips over the SMTP status code. */
	265
f4d091fb	266	clear_len = b64decode(buffer+4, &clear);
4730f942 PH	267
	268	/* If decoding failed, the default is to terminate the authentication, and
	269	return FAIL, with the SMTP response still in the buffer. However, if client_
	270	ignore_invalid_base64 is set, we ignore the error, and put an empty string
	271	into $auth<n>. */
	272
	273	if (clear_len < 0)
	274	{
	275	uschar *save_bad = string_copy(buffer);
	276	if (!ob->client_ignore_invalid_base64)
	277	{
4e910c01	278	if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
4730f942 PH	279	(void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
	280	string_format(buffer, buffsize, "Invalid base64 string in server "
	281	"response \"%s\"", save_bad);
	282	return CANCELLED;
	283	}
	284	clear = US"";
	285	clear_len = 0;
	286	}
	287
	288	if (auth_var_idx < AUTH_VARS)
	289	auth_vars[auth_var_idx++] = string_copy(clear);
0756eb3c PH	290	}
	291
	292	/* Control should never actually get here. */
	293
	294	return FAIL;
	295	}
	296
	297	/* End of plaintext.c */