cf21a18c0cf347a37fef848ffb4f150e0a711bfa
[exim.git] / src / src / auths / call_pwcheck.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2015 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8 /* This module contains interface functions to the two Cyrus authentication
9 daemons. The original one was "pwcheck", which gives its name to the source
10 file. This is now deprecated in favour of "saslauthd". */
11
12
13 #include "../exim.h"
14 #include "pwcheck.h"
15
16
17 /*************************************************
18 * External entry point for pwcheck *
19 *************************************************/
20
21 /* This function calls the now-deprecated "pwcheck" Cyrus-SASL authentication
22 daemon, passing over a colon-separated user name and password. As this is
23 called from the string expander, the string will always be in dynamic store and
24 can be overwritten.
25
26 Arguments:
27 s a colon-separated username:password string
28 errptr where to point an error message
29
30 Returns: OK if authentication succeeded
31 FAIL if authentication failed
32 ERROR some other error condition
33 */
34
35 int
36 auth_call_pwcheck(uschar *s, uschar **errptr)
37 {
38 uschar *reply = NULL;
39 uschar *pw = Ustrrchr(s, ':');
40
41 if (pw == NULL)
42 {
43 *errptr = US"pwcheck: malformed input - missing colon";
44 return ERROR;
45 }
46
47 *pw++ = 0; /* Separate user and password */
48
49 DEBUG(D_auth)
50 debug_printf("Running pwcheck authentication for user \"%s\"\n", s);
51
52 switch (pwcheck_verify_password(CS s, CS pw, CCSS &reply))
53 {
54 case PWCHECK_OK:
55 DEBUG(D_auth) debug_printf("pwcheck: success (%s)\n", reply);
56 return OK;
57
58 case PWCHECK_NO:
59 DEBUG(D_auth) debug_printf("pwcheck: access denied (%s)\n", reply);
60 return FAIL;
61
62 default:
63 DEBUG(D_auth) debug_printf("pwcheck: query failed (%s)\n", reply);
64 *errptr = reply;
65 return ERROR;
66 }
67 }
68
69
70 /*************************************************
71 * External entry point for pwauthd *
72 *************************************************/
73
74 /* This function calls the "saslauthd" Cyrus-SASL authentication daemon,
75 saslauthd, As this is called from the string expander, all the strings will
76 always be in dynamic store and can be overwritten.
77
78 Arguments:
79 username username
80 password password
81 service optional service
82 realm optional realm
83 errptr where to point an error message
84
85 Returns: OK if authentication succeeded
86 FAIL if authentication failed
87 ERROR some other error condition
88 */
89
90 int
91 auth_call_saslauthd(const uschar *username, const uschar *password,
92 const uschar *service, const uschar *realm, uschar **errptr)
93 {
94 uschar *reply = NULL;
95
96 if (service == NULL) service = US"";
97 if (realm == NULL) realm = US"";
98
99 DEBUG(D_auth)
100 debug_printf("Running saslauthd authentication for user \"%s\" \n", username);
101
102 switch (saslauthd_verify_password(username, password, service,
103 realm, (const uschar **)(&reply)))
104 {
105 case PWCHECK_OK:
106 DEBUG(D_auth) debug_printf("saslauthd: success (%s)\n", reply);
107 return OK;
108
109 case PWCHECK_NO:
110 DEBUG(D_auth) debug_printf("saslauthd: access denied (%s)\n", reply);
111 return FAIL;
112
113 default:
114 DEBUG(D_auth) debug_printf("saslauthd: query failed (%s)\n", reply);
115 *errptr = reply;
116 return ERROR;
117 }
118 }
119
120 /* End of call_pwcheck.c */