| 1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * |
| 3 | *************************************************/ |
| 4 | |
| 5 | /* Copyright (c) University of Cambridge 1995 - 2015 */ |
| 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
| 7 | /* See the file NOTICE for conditions of use and distribution. */ |
| 8 | |
| 9 | /* This module contains interface functions to the two Cyrus authentication |
| 10 | daemons. The original one was "pwcheck", which gives its name to the source |
| 11 | file. This is now deprecated in favour of "saslauthd". */ |
| 12 | |
| 13 | |
| 14 | #include "../exim.h" |
| 15 | #include "pwcheck.h" |
| 16 | |
| 17 | |
| 18 | /************************************************* |
| 19 | * External entry point for pwcheck * |
| 20 | *************************************************/ |
| 21 | |
| 22 | /* This function calls the now-deprecated "pwcheck" Cyrus-SASL authentication |
| 23 | daemon, passing over a colon-separated user name and password. As this is |
| 24 | called from the string expander, the string will always be in dynamic store and |
| 25 | can be overwritten. |
| 26 | |
| 27 | Arguments: |
| 28 | s a colon-separated username:password string |
| 29 | errptr where to point an error message |
| 30 | |
| 31 | Returns: OK if authentication succeeded |
| 32 | FAIL if authentication failed |
| 33 | ERROR some other error condition |
| 34 | */ |
| 35 | |
| 36 | int |
| 37 | auth_call_pwcheck(uschar *s, uschar **errptr) |
| 38 | { |
| 39 | uschar *reply = NULL; |
| 40 | uschar *pw = Ustrrchr(s, ':'); |
| 41 | |
| 42 | if (pw == NULL) |
| 43 | { |
| 44 | *errptr = US"pwcheck: malformed input - missing colon"; |
| 45 | return ERROR; |
| 46 | } |
| 47 | |
| 48 | *pw++ = 0; /* Separate user and password */ |
| 49 | |
| 50 | DEBUG(D_auth) |
| 51 | debug_printf("Running pwcheck authentication for user \"%s\"\n", s); |
| 52 | |
| 53 | switch (pwcheck_verify_password(CS s, CS pw, CCSS &reply)) |
| 54 | { |
| 55 | case PWCHECK_OK: |
| 56 | DEBUG(D_auth) debug_printf("pwcheck: success (%s)\n", reply); |
| 57 | return OK; |
| 58 | |
| 59 | case PWCHECK_NO: |
| 60 | DEBUG(D_auth) debug_printf("pwcheck: access denied (%s)\n", reply); |
| 61 | return FAIL; |
| 62 | |
| 63 | default: |
| 64 | DEBUG(D_auth) debug_printf("pwcheck: query failed (%s)\n", reply); |
| 65 | *errptr = reply; |
| 66 | return ERROR; |
| 67 | } |
| 68 | } |
| 69 | |
| 70 | |
| 71 | /************************************************* |
| 72 | * External entry point for pwauthd * |
| 73 | *************************************************/ |
| 74 | |
| 75 | /* This function calls the "saslauthd" Cyrus-SASL authentication daemon, |
| 76 | saslauthd, As this is called from the string expander, all the strings will |
| 77 | always be in dynamic store and can be overwritten. |
| 78 | |
| 79 | Arguments: |
| 80 | username username |
| 81 | password password |
| 82 | service optional service |
| 83 | realm optional realm |
| 84 | errptr where to point an error message |
| 85 | |
| 86 | Returns: OK if authentication succeeded |
| 87 | FAIL if authentication failed |
| 88 | ERROR some other error condition |
| 89 | */ |
| 90 | |
| 91 | int |
| 92 | auth_call_saslauthd(const uschar *username, const uschar *password, |
| 93 | const uschar *service, const uschar *realm, uschar **errptr) |
| 94 | { |
| 95 | uschar *reply = NULL; |
| 96 | |
| 97 | if (service == NULL) service = US""; |
| 98 | if (realm == NULL) realm = US""; |
| 99 | |
| 100 | DEBUG(D_auth) |
| 101 | debug_printf("Running saslauthd authentication for user \"%s\" \n", username); |
| 102 | |
| 103 | switch (saslauthd_verify_password(username, password, service, |
| 104 | realm, (const uschar **)(&reply))) |
| 105 | { |
| 106 | case PWCHECK_OK: |
| 107 | DEBUG(D_auth) debug_printf("saslauthd: success (%s)\n", reply); |
| 108 | return OK; |
| 109 | |
| 110 | case PWCHECK_NO: |
| 111 | DEBUG(D_auth) debug_printf("saslauthd: access denied (%s)\n", reply); |
| 112 | return FAIL; |
| 113 | |
| 114 | default: |
| 115 | DEBUG(D_auth) debug_printf("saslauthd: query failed (%s)\n", reply); |
| 116 | *errptr = reply; |
| 117 | return ERROR; |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | /* End of call_pwcheck.c */ |