[exim.git] / src / src / auths / plaintext.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2015 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"
#include "plaintext.h"


/* Options specific to the plaintext authentication mechanism. */

optionlist auth_plaintext_options[] = {
  { "client_ignore_invalid_base64", opt_bool,
      (void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
  { "client_send",        opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, client_send)) },
  { "server_prompts",     opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int auth_plaintext_options_count =
  sizeof(auth_plaintext_options)/sizeof(optionlist);

/* Default private options block for the plaintext authentication method. */

auth_plaintext_options_block auth_plaintext_option_defaults = {
  NULL,              /* server_prompts */
  NULL,              /* client_send */
  FALSE              /* client_ignore_invalid_base64 */
};


#ifdef MACRO_PREDEF

/* Dummy values */
void auth_plaintext_init(auth_instance *ablock) {}
int auth_plaintext_server(auth_instance *ablock, uschar *data) {return 0;}
int auth_plaintext_client(auth_instance *ablock, smtp_inblock *inblock,
  smtp_outblock *outblock, int timeout, uschar *buffer, int buffsize) {return 0;}

#else   /*!MACRO_PREDEF*/


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to
enable consistency checks to be done, or anything else that needs
to be set up. */

void
auth_plaintext_init(auth_instance *ablock)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
if (ablock->public_name == NULL) ablock->public_name = ablock->name;
if (ablock->server_condition != NULL) ablock->server = TRUE;
if (ob->client_send != NULL) ablock->client = TRUE;
}


/*************************************************
*             Server entry point                 *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_server(auth_instance *ablock, uschar *data)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
const uschar *prompts = ob->server_prompts;
uschar *clear, *end, *s;
int number = 1;
int len, rc;
int sep = 0;

/* Expand a non-empty list of prompt strings */

if (prompts != NULL)
  {
  prompts = expand_cstring(prompts);
  if (prompts == NULL)
    {
    auth_defer_msg = expand_string_message;
    return DEFER;
    }
  }

/* If data was supplied on the AUTH command, decode it, and split it up into
multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
up to a maximum. To retain backwards compatibility, they are also put int $1,
$2, etc. If the data consists of the string "=" it indicates a single, empty
string. */

if (*data != 0)
  {
  if (Ustrcmp(data, "=") == 0)
    {
    auth_vars[0] = expand_nstring[++expand_nmax] = US"";
    expand_nlength[expand_nmax] = 0;
    }
  else
    {
    if ((len = b64decode(data, &clear)) < 0) return BAD64;
    end = clear + len;
    while (clear < end && expand_nmax < EXPAND_MAXN)
      {
      if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
      expand_nstring[++expand_nmax] = clear;
      while (*clear != 0) clear++;
      expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
      }
    }
  }

/* Now go through the list of prompt strings. Skip over any whose data has
already been provided as part of the AUTH command. For the rest, send them
out as prompts, and get a data item back. If the data item is "*", abandon the
authentication attempt. Otherwise, split it into items as above. */

while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
        != NULL && expand_nmax < EXPAND_MAXN)
  {
  if (number++ <= expand_nmax) continue;
  if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
  if ((len = b64decode(data, &clear)) < 0) return BAD64;
  end = clear + len;

  /* This loop must run at least once, in case the length is zero */
  do
    {
    if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
    expand_nstring[++expand_nmax] = clear;
    while (*clear != 0) clear++;
    expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
    }
  while (clear < end && expand_nmax < EXPAND_MAXN);
  }

/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
compatibility, in $1, $2, etc). Authentication and authorization are handled
together for this authenticator by expanding the server_condition option. Note
that ablock->server_condition is always non-NULL because that's what configures
this authenticator as a server. */

return auth_check_serv_cond(ablock);
}


/*************************************************
*              Client entry point                *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_client(
  auth_instance *ablock,                 /* authenticator block */
  smtp_inblock *inblock,                 /* connection inblock */
  smtp_outblock *outblock,               /* connection outblock */
  int timeout,                           /* command timeout */
  uschar *buffer,                        /* buffer for reading response */
  int buffsize)                          /* size of buffer */
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
const uschar *text = ob->client_send;
uschar *s;
BOOL first = TRUE;
int sep = 0;
int auth_var_idx = 0;

/* The text is broken up into a number of different data items, which are
sent one by one. The first one is sent with the AUTH command; the remainder are
sent in response to subsequent prompts. Each is expanded before being sent. */

while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)))
  {
  int i, len, clear_len;
  uschar *ss = expand_string(s);
  uschar *clear;

  /* Forced expansion failure is not an error; authentication is abandoned. On
  all but the first string, we have to abandon the authentication attempt by
  sending a line containing "*". Save the failed expansion string, because it
  is in big_buffer, and that gets used by the sending function. */

  if (!ss)
    {
    uschar *ssave = string_copy(s);
    if (!first)
      {
      if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
        (void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
      }
    if (expand_string_forcedfail)
      {
      *buffer = 0;       /* No message */
      return CANCELLED;
      }
    string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
      "authenticator: %s", ssave, ablock->name, expand_string_message);
    return ERROR;
    }

  len = Ustrlen(ss);

  /* The character ^ is used as an escape for a binary zero character, which is
  needed for the PLAIN mechanism. It must be doubled if really needed. */

  for (i = 0; i < len; i++)
    if (ss[i] == '^')
      if (ss[i+1] != '^')
	ss[i] = 0;
      else
        {
        i++;
        len--;
        memmove(ss + i, ss + i + 1, len - i);
        }

  /* The first string is attached to the AUTH command; others are sent
  unembellished. */

  if (first)
    {
    first = FALSE;
    if (smtp_write_command(outblock, SCMD_FLUSH, "AUTH %s%s%s\r\n",
         ablock->public_name, (len == 0)? "" : " ",
         b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }
  else
    {
    if (smtp_write_command(outblock, SCMD_FLUSH, "%s\r\n",
          b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }

  /* If we receive a success response from the server, authentication
  has succeeded. There may be more data to send, but is there any point
  in provoking an error here? */

  if (smtp_read_response(inblock, US buffer, buffsize, '2', timeout)) return OK;

  /* Not a success response. If errno != 0 there is some kind of transmission
  error. Otherwise, check the response code in the buffer. If it starts with
  '3', more data is expected. */

  if (errno != 0 || buffer[0] != '3') return FAIL;

  /* If there is no more data to send, we have to cancel the authentication
  exchange and return ERROR. */

  if (text == NULL)
    {
    if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
      (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
    string_format(buffer, buffsize, "Too few items in client_send in %s "
      "authenticator", ablock->name);
    return ERROR;
    }

  /* Now that we know we'll continue, we put the received data into $auth<n>,
  if possible. First, decode it: buffer+4 skips over the SMTP status code. */

  clear_len = b64decode(buffer+4, &clear);

  /* If decoding failed, the default is to terminate the authentication, and
  return FAIL, with the SMTP response still in the buffer. However, if client_
  ignore_invalid_base64 is set, we ignore the error, and put an empty string
  into $auth<n>. */

  if (clear_len < 0)
    {
    uschar *save_bad = string_copy(buffer);
    if (!ob->client_ignore_invalid_base64)
      {
      if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
        (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
      string_format(buffer, buffsize, "Invalid base64 string in server "
        "response \"%s\"", save_bad);
      return CANCELLED;
      }
    clear = US"";
    clear_len = 0;
    }

  if (auth_var_idx < AUTH_VARS)
    auth_vars[auth_var_idx++] = string_copy(clear);
  }

/* Control should never actually get here. */

return FAIL;
}

#endif   /*!MACRO_PREDEF*/
/* End of plaintext.c */
Commit	Line	Data
0756eb3c PH	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
3386088d	5	/* Copyright (c) University of Cambridge 1995 - 2015 */
0756eb3c PH	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	#include "../exim.h"
	9	#include "plaintext.h"
	10
	11
	12	/* Options specific to the plaintext authentication mechanism. */
	13
	14	optionlist auth_plaintext_options[] = {
4730f942 PH	15	{ "client_ignore_invalid_base64", opt_bool,
4730f942 PH	16	(void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
0756eb3c PH	17	{ "client_send", opt_stringptr,
0756eb3c PH	18	(void *)(offsetof(auth_plaintext_options_block, client_send)) },
0756eb3c PH	19	{ "server_prompts", opt_stringptr,
	20	(void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
	21	};
	22
	23	/* Size of the options list. An extern variable has to be used so that its
	24	address can appear in the tables drtables.c. */
	25
	26	int auth_plaintext_options_count =
	27	sizeof(auth_plaintext_options)/sizeof(optionlist);
	28
	29	/* Default private options block for the plaintext authentication method. */
	30
	31	auth_plaintext_options_block auth_plaintext_option_defaults = {
0756eb3c	32	NULL, /* server_prompts */
4730f942 PH	33	NULL, /* client_send */
4730f942 PH	34	FALSE /* client_ignore_invalid_base64 */
0756eb3c PH	35	};
	36
	37
d185889f JH	38	#ifdef MACRO_PREDEF
	39
	40	/* Dummy values */
	41	void auth_plaintext_init(auth_instance *ablock) {}
	42	int auth_plaintext_server(auth_instance ablock, uschar data) {return 0;}
	43	int auth_plaintext_client(auth_instance ablock, smtp_inblock inblock,
	44	smtp_outblock outblock, int timeout, uschar buffer, int buffsize) {return 0;}
	45
	46	#else /!MACRO_PREDEF/
	47
	48
	49
0756eb3c PH	50	/*************************************************
	51	* Initialization entry point *
	52	*************************************************/
	53
	54	/* Called for each instance, after its options have been read, to
	55	enable consistency checks to be done, or anything else that needs
	56	to be set up. */
	57
	58	void
	59	auth_plaintext_init(auth_instance *ablock)
	60	{
	61	auth_plaintext_options_block *ob =
	62	(auth_plaintext_options_block *)(ablock->options_block);
	63	if (ablock->public_name == NULL) ablock->public_name = ablock->name;
16ff981e	64	if (ablock->server_condition != NULL) ablock->server = TRUE;
0756eb3c PH	65	if (ob->client_send != NULL) ablock->client = TRUE;
	66	}
	67
	68
	69
	70	/*************************************************
	71	* Server entry point *
	72	*************************************************/
	73
	74	/* For interface, see auths/README */
	75
	76	int
	77	auth_plaintext_server(auth_instance ablock, uschar data)
	78	{
	79	auth_plaintext_options_block *ob =
	80	(auth_plaintext_options_block *)(ablock->options_block);
55414b25	81	const uschar *prompts = ob->server_prompts;
16ff981e	82	uschar clear, end, *s;
0756eb3c PH	83	int number = 1;
	84	int len, rc;
	85	int sep = 0;
	86
	87	/* Expand a non-empty list of prompt strings */
	88
	89	if (prompts != NULL)
	90	{
55414b25	91	prompts = expand_cstring(prompts);
0756eb3c PH	92	if (prompts == NULL)
	93	{
	94	auth_defer_msg = expand_string_message;
	95	return DEFER;
	96	}
	97	}
	98
	99	/* If data was supplied on the AUTH command, decode it, and split it up into
f78eb7c6 PH	100	multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
	101	up to a maximum. To retain backwards compatibility, they are also put int $1,
	102	$2, etc. If the data consists of the string "=" it indicates a single, empty
	103	string. */
0756eb3c PH	104
	105	if (*data != 0)
	106	{
	107	if (Ustrcmp(data, "=") == 0)
	108	{
f78eb7c6	109	auth_vars[0] = expand_nstring[++expand_nmax] = US"";
0756eb3c PH	110	expand_nlength[expand_nmax] = 0;
	111	}
	112	else
	113	{
f4d091fb	114	if ((len = b64decode(data, &clear)) < 0) return BAD64;
0756eb3c PH	115	end = clear + len;
	116	while (clear < end && expand_nmax < EXPAND_MAXN)
	117	{
f78eb7c6	118	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
0756eb3c PH	119	expand_nstring[++expand_nmax] = clear;
	120	while (*clear != 0) clear++;
	121	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	122	}
	123	}
	124	}
	125
	126	/* Now go through the list of prompt strings. Skip over any whose data has
	127	already been provided as part of the AUTH command. For the rest, send them
	128	out as prompts, and get a data item back. If the data item is "*", abandon the
	129	authentication attempt. Otherwise, split it into items as above. */
	130
	131	while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
	132	!= NULL && expand_nmax < EXPAND_MAXN)
	133	{
	134	if (number++ <= expand_nmax) continue;
	135	if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
f4d091fb	136	if ((len = b64decode(data, &clear)) < 0) return BAD64;
0756eb3c PH	137	end = clear + len;
	138
	139	/* This loop must run at least once, in case the length is zero */
	140	do
	141	{
f78eb7c6	142	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
0756eb3c PH	143	expand_nstring[++expand_nmax] = clear;
	144	while (*clear != 0) clear++;
	145	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	146	}
	147	while (clear < end && expand_nmax < EXPAND_MAXN);
	148	}
	149
f78eb7c6	150	/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
16ff981e PH	151	compatibility, in $1, $2, etc). Authentication and authorization are handled
	152	together for this authenticator by expanding the server_condition option. Note
	153	that ablock->server_condition is always non-NULL because that's what configures
	154	this authenticator as a server. */
0756eb3c	155
16ff981e	156	return auth_check_serv_cond(ablock);
0756eb3c PH	157	}
	158
	159
	160
	161	/*************************************************
	162	* Client entry point *
	163	*************************************************/
	164
	165	/* For interface, see auths/README */
	166
	167	int
	168	auth_plaintext_client(
	169	auth_instance ablock, / authenticator block */
	170	smtp_inblock inblock, / connection inblock */
	171	smtp_outblock outblock, / connection outblock */
	172	int timeout, /* command timeout */
	173	uschar buffer, / buffer for reading response */
	174	int buffsize) /* size of buffer */
	175	{
	176	auth_plaintext_options_block *ob =
	177	(auth_plaintext_options_block *)(ablock->options_block);
55414b25	178	const uschar *text = ob->client_send;
0756eb3c PH	179	uschar *s;
	180	BOOL first = TRUE;
	181	int sep = 0;
4730f942	182	int auth_var_idx = 0;
0756eb3c PH	183
	184	/* The text is broken up into a number of different data items, which are
	185	sent one by one. The first one is sent with the AUTH command; the remainder are
	186	sent in response to subsequent prompts. Each is expanded before being sent. */
	187
4e910c01	188	while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)))
0756eb3c	189	{
4730f942	190	int i, len, clear_len;
0756eb3c	191	uschar *ss = expand_string(s);
4730f942	192	uschar *clear;
0756eb3c PH	193
	194	/* Forced expansion failure is not an error; authentication is abandoned. On
	195	all but the first string, we have to abandon the authentication attempt by
	196	sending a line containing "*". Save the failed expansion string, because it
	197	is in big_buffer, and that gets used by the sending function. */
	198
4e910c01	199	if (!ss)
0756eb3c PH	200	{
	201	uschar *ssave = string_copy(s);
	202	if (!first)
	203	{
4e910c01	204	if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
0756eb3c PH	205	(void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
0756eb3c PH	206	}
4730f942 PH	207	if (expand_string_forcedfail)
	208	{
	209	buffer = 0; / No message */
	210	return CANCELLED;
	211	}
0756eb3c PH	212	string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
	213	"authenticator: %s", ssave, ablock->name, expand_string_message);
	214	return ERROR;
	215	}
	216
	217	len = Ustrlen(ss);
	218
	219	/* The character ^ is used as an escape for a binary zero character, which is
	220	needed for the PLAIN mechanism. It must be doubled if really needed. */
	221
	222	for (i = 0; i < len; i++)
0756eb3c	223	if (ss[i] == '^')
4e910c01 JH	224	if (ss[i+1] != '^')
	225	ss[i] = 0;
	226	else
0756eb3c PH	227	{
	228	i++;
	229	len--;
	230	memmove(ss + i, ss + i + 1, len - i);
	231	}
0756eb3c PH	232
0756eb3c PH	233	/* The first string is attached to the AUTH command; others are sent
4c04137d	234	unembellished. */
0756eb3c PH	235
	236	if (first)
	237	{
	238	first = FALSE;
4e910c01	239	if (smtp_write_command(outblock, SCMD_FLUSH, "AUTH %s%s%s\r\n",
0756eb3c	240	ablock->public_name, (len == 0)? "" : " ",
f4d091fb	241	b64encode(ss, len)) < 0)
0756eb3c PH	242	return FAIL_SEND;
	243	}
	244	else
	245	{
4e910c01	246	if (smtp_write_command(outblock, SCMD_FLUSH, "%s\r\n",
f4d091fb	247	b64encode(ss, len)) < 0)
0756eb3c PH	248	return FAIL_SEND;
	249	}
	250
	251	/* If we receive a success response from the server, authentication
	252	has succeeded. There may be more data to send, but is there any point
	253	in provoking an error here? */
	254
	255	if (smtp_read_response(inblock, US buffer, buffsize, '2', timeout)) return OK;
	256
	257	/* Not a success response. If errno != 0 there is some kind of transmission
	258	error. Otherwise, check the response code in the buffer. If it starts with
	259	'3', more data is expected. */
	260
	261	if (errno != 0 \|\| buffer[0] != '3') return FAIL;
	262
	263	/* If there is no more data to send, we have to cancel the authentication
	264	exchange and return ERROR. */
	265
	266	if (text == NULL)
	267	{
4e910c01	268	if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
0756eb3c PH	269	(void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
	270	string_format(buffer, buffsize, "Too few items in client_send in %s "
	271	"authenticator", ablock->name);
	272	return ERROR;
	273	}
4730f942 PH	274
	275	/* Now that we know we'll continue, we put the received data into $auth<n>,
	276	if possible. First, decode it: buffer+4 skips over the SMTP status code. */
	277
f4d091fb	278	clear_len = b64decode(buffer+4, &clear);
4730f942 PH	279
	280	/* If decoding failed, the default is to terminate the authentication, and
	281	return FAIL, with the SMTP response still in the buffer. However, if client_
	282	ignore_invalid_base64 is set, we ignore the error, and put an empty string
	283	into $auth<n>. */
	284
	285	if (clear_len < 0)
	286	{
	287	uschar *save_bad = string_copy(buffer);
	288	if (!ob->client_ignore_invalid_base64)
	289	{
4e910c01	290	if (smtp_write_command(outblock, SCMD_FLUSH, "*\r\n") >= 0)
4730f942 PH	291	(void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
	292	string_format(buffer, buffsize, "Invalid base64 string in server "
	293	"response \"%s\"", save_bad);
	294	return CANCELLED;
	295	}
	296	clear = US"";
	297	clear_len = 0;
	298	}
	299
	300	if (auth_var_idx < AUTH_VARS)
	301	auth_vars[auth_var_idx++] = string_copy(clear);
0756eb3c PH	302	}
	303
	304	/* Control should never actually get here. */
	305
	306	return FAIL;
	307	}
	308
d185889f	309	#endif /!MACRO_PREDEF/
0756eb3c	310	/* End of plaintext.c */