| 1 | /************************************************* |
| 2 | * Exim - an Internet mail transport agent * |
| 3 | *************************************************/ |
| 4 | |
| 5 | /* Copyright (c) University of Cambridge 1995 - 2009 */ |
| 6 | /* See the file NOTICE for conditions of use and distribution. */ |
| 7 | |
| 8 | /* This module contains interface functions to the two Cyrus authentication |
| 9 | daemons. The original one was "pwcheck", which gives its name to the source |
| 10 | file. This is now deprecated in favour of "saslauthd". */ |
| 11 | |
| 12 | |
| 13 | #include "../exim.h" |
| 14 | #include "pwcheck.h" |
| 15 | |
| 16 | |
| 17 | /************************************************* |
| 18 | * External entry point for pwcheck * |
| 19 | *************************************************/ |
| 20 | |
| 21 | /* This function calls the now-deprecated "pwcheck" Cyrus-SASL authentication |
| 22 | daemon, passing over a colon-separated user name and password. As this is |
| 23 | called from the string expander, the string will always be in dynamic store and |
| 24 | can be overwritten. |
| 25 | |
| 26 | Arguments: |
| 27 | s a colon-separated username:password string |
| 28 | errptr where to point an error message |
| 29 | |
| 30 | Returns: OK if authentication succeeded |
| 31 | FAIL if authentication failed |
| 32 | ERROR some other error condition |
| 33 | */ |
| 34 | |
| 35 | int |
| 36 | auth_call_pwcheck(uschar *s, uschar **errptr) |
| 37 | { |
| 38 | uschar *reply = NULL; |
| 39 | uschar *pw = Ustrrchr(s, ':'); |
| 40 | |
| 41 | if (pw == NULL) |
| 42 | { |
| 43 | *errptr = US"pwcheck: malformed input - missing colon"; |
| 44 | return ERROR; |
| 45 | } |
| 46 | |
| 47 | *pw++ = 0; /* Separate user and password */ |
| 48 | |
| 49 | DEBUG(D_auth) |
| 50 | debug_printf("Running pwcheck authentication for user \"%s\"\n", s); |
| 51 | |
| 52 | switch (pwcheck_verify_password(CS s, CS pw, (const char **)(&reply))) |
| 53 | { |
| 54 | case PWCHECK_OK: |
| 55 | DEBUG(D_auth) debug_printf("pwcheck: success (%s)\n", reply); |
| 56 | return OK; |
| 57 | |
| 58 | case PWCHECK_NO: |
| 59 | DEBUG(D_auth) debug_printf("pwcheck: access denied (%s)\n", reply); |
| 60 | return FAIL; |
| 61 | |
| 62 | default: |
| 63 | DEBUG(D_auth) debug_printf("pwcheck: query failed (%s)\n", reply); |
| 64 | *errptr = reply; |
| 65 | return ERROR; |
| 66 | } |
| 67 | } |
| 68 | |
| 69 | |
| 70 | /************************************************* |
| 71 | * External entry point for pwauthd * |
| 72 | *************************************************/ |
| 73 | |
| 74 | /* This function calls the "saslauthd" Cyrus-SASL authentication daemon, |
| 75 | saslauthd, As this is called from the string expander, all the strings will |
| 76 | always be in dynamic store and can be overwritten. |
| 77 | |
| 78 | Arguments: |
| 79 | username username |
| 80 | password password |
| 81 | service optional service |
| 82 | realm optional realm |
| 83 | errptr where to point an error message |
| 84 | |
| 85 | Returns: OK if authentication succeeded |
| 86 | FAIL if authentication failed |
| 87 | ERROR some other error condition |
| 88 | */ |
| 89 | |
| 90 | int |
| 91 | auth_call_saslauthd(uschar *username, uschar *password, uschar *service, |
| 92 | uschar *realm, uschar **errptr) |
| 93 | { |
| 94 | uschar *reply = NULL; |
| 95 | |
| 96 | if (service == NULL) service = US""; |
| 97 | if (realm == NULL) realm = US""; |
| 98 | |
| 99 | DEBUG(D_auth) |
| 100 | debug_printf("Running saslauthd authentication for user \"%s\" \n", username); |
| 101 | |
| 102 | switch (saslauthd_verify_password(username, password, service, |
| 103 | realm, (const uschar **)(&reply))) |
| 104 | { |
| 105 | case PWCHECK_OK: |
| 106 | DEBUG(D_auth) debug_printf("saslauthd: success (%s)\n", reply); |
| 107 | return OK; |
| 108 | |
| 109 | case PWCHECK_NO: |
| 110 | DEBUG(D_auth) debug_printf("saslauthd: access denied (%s)\n", reply); |
| 111 | return FAIL; |
| 112 | |
| 113 | default: |
| 114 | DEBUG(D_auth) debug_printf("saslauthd: query failed (%s)\n", reply); |
| 115 | *errptr = reply; |
| 116 | return ERROR; |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | /* End of call_pwcheck.c */ |