Copyright updates:
[exim.git] / src / src / auths / call_pwcheck.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2015 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
8
9 /* This module contains interface functions to the two Cyrus authentication
10 daemons. The original one was "pwcheck", which gives its name to the source
11 file. This is now deprecated in favour of "saslauthd". */
12
13
14 #include "../exim.h"
15 #include "pwcheck.h"
16
17
18 /*************************************************
19 * External entry point for pwcheck *
20 *************************************************/
21
22 /* This function calls the now-deprecated "pwcheck" Cyrus-SASL authentication
23 daemon, passing over a colon-separated user name and password. As this is
24 called from the string expander, the string will always be in dynamic store and
25 can be overwritten.
26
27 Arguments:
28 s a colon-separated username:password string
29 errptr where to point an error message
30
31 Returns: OK if authentication succeeded
32 FAIL if authentication failed
33 ERROR some other error condition
34 */
35
36 int
37 auth_call_pwcheck(uschar *s, uschar **errptr)
38 {
39 uschar *reply = NULL;
40 uschar *pw = Ustrrchr(s, ':');
41
42 if (pw == NULL)
43 {
44 *errptr = US"pwcheck: malformed input - missing colon";
45 return ERROR;
46 }
47
48 *pw++ = 0; /* Separate user and password */
49
50 DEBUG(D_auth)
51 debug_printf("Running pwcheck authentication for user \"%s\"\n", s);
52
53 switch (pwcheck_verify_password(CS s, CS pw, CCSS &reply))
54 {
55 case PWCHECK_OK:
56 DEBUG(D_auth) debug_printf("pwcheck: success (%s)\n", reply);
57 return OK;
58
59 case PWCHECK_NO:
60 DEBUG(D_auth) debug_printf("pwcheck: access denied (%s)\n", reply);
61 return FAIL;
62
63 default:
64 DEBUG(D_auth) debug_printf("pwcheck: query failed (%s)\n", reply);
65 *errptr = reply;
66 return ERROR;
67 }
68 }
69
70
71 /*************************************************
72 * External entry point for pwauthd *
73 *************************************************/
74
75 /* This function calls the "saslauthd" Cyrus-SASL authentication daemon,
76 saslauthd, As this is called from the string expander, all the strings will
77 always be in dynamic store and can be overwritten.
78
79 Arguments:
80 username username
81 password password
82 service optional service
83 realm optional realm
84 errptr where to point an error message
85
86 Returns: OK if authentication succeeded
87 FAIL if authentication failed
88 ERROR some other error condition
89 */
90
91 int
92 auth_call_saslauthd(const uschar *username, const uschar *password,
93 const uschar *service, const uschar *realm, uschar **errptr)
94 {
95 uschar *reply = NULL;
96
97 if (service == NULL) service = US"";
98 if (realm == NULL) realm = US"";
99
100 DEBUG(D_auth)
101 debug_printf("Running saslauthd authentication for user \"%s\" \n", username);
102
103 switch (saslauthd_verify_password(username, password, service,
104 realm, (const uschar **)(&reply)))
105 {
106 case PWCHECK_OK:
107 DEBUG(D_auth) debug_printf("saslauthd: success (%s)\n", reply);
108 return OK;
109
110 case PWCHECK_NO:
111 DEBUG(D_auth) debug_printf("saslauthd: access denied (%s)\n", reply);
112 return FAIL;
113
114 default:
115 DEBUG(D_auth) debug_printf("saslauthd: query failed (%s)\n", reply);
116 *errptr = reply;
117 return ERROR;
118 }
119 }
120
121 /* End of call_pwcheck.c */