src/src/auths/check_serv_cond.c

   1 /* $Cambridge: exim/src/src/auths/check_serv_cond.c,v 1.2 2007/01/08 10:50:19 ph10 Exp $ */
   2
   3 /*************************************************
   4 *     Exim - an Internet mail transport agent    *
   5 *************************************************/
   6
   7 /* Copyright (c) University of Cambridge 1995 - 2007 */
   8 /* See the file NOTICE for conditions of use and distribution. */
   9
  10 #include "../exim.h"
  11
  12 /* This module contains the function server_condition(), which is used
  13 by all authenticators. */
  14
  15
  16 /*************************************************
  17 *              Check server_condition            *
  18 *************************************************/
  19
  20 /* This function is called from the server code of all authenticators. For
  21 plaintext, it is always called: the argument cannot be empty, because for
  22 plaintext, setting server_condition is what enables it as a server
  23 authenticator. For all the other authenticators, this function is called after
  24 they have authenticated, to enable additional authorization to be done.
  25
  26 Argument:     the authenticator's instance block
  27
  28 Returns:
  29   OK          NULL argument, or success
  30   DEFER       couldn't complete the check
  31   FAIL        authentication failed
  32 */
  33
  34 int
  35 auth_check_serv_cond(auth_instance *ablock)
  36 {
  37 uschar *cond;
  38
  39 HDEBUG(D_auth)
  40   {
  41   int i;
  42   debug_printf("%s authenticator:\n", ablock->name);
  43   for (i = 0; i < AUTH_VARS; i++)
  44     {
  45     if (auth_vars[i] != NULL)
  46       debug_printf("  $auth%d = %s\n", i + 1, auth_vars[i]);
  47     }
  48   for (i = 1; i <= expand_nmax; i++)
  49     debug_printf("  $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
  50   debug_print_string(ablock->server_debug_string);    /* customized debug */
  51   }
  52
  53 /* For the plaintext authenticator, server_condition is never NULL. For the
  54 rest, an unset condition lets everything through. */
  55
  56 if (ablock->server_condition == NULL) return OK;
  57 cond = expand_string(ablock->server_condition);
  58
  59 HDEBUG(D_auth)
  60   {
  61   if (cond == NULL)
  62     debug_printf("expansion failed: %s\n", expand_string_message);
  63   else
  64     debug_printf("expanded string: %s\n", cond);
  65   }
  66
  67 /* A forced expansion failure causes authentication to fail. Other expansion
  68 failures yield DEFER, which will cause a temporary error code to be returned to
  69 the AUTH command. The problem is at the server end, so the client should try
  70 again later. */
  71
  72 if (cond == NULL)
  73   {
  74   if (expand_string_forcedfail) return FAIL;
  75   auth_defer_msg = expand_string_message;
  76   return DEFER;
  77   }
  78
  79 /* Return FAIL for empty string, "0", "no", and "false"; return OK for
  80 "1", "yes", and "true"; return DEFER for anything else, with the string
  81 available as an error text for the user. */
  82
  83 if (*cond == 0 ||
  84     Ustrcmp(cond, "0") == 0 ||
  85     strcmpic(cond, US"no") == 0 ||
  86     strcmpic(cond, US"false") == 0)
  87   return FAIL;
  88
  89 if (Ustrcmp(cond, "1") == 0 ||
  90     strcmpic(cond, US"yes") == 0 ||
  91     strcmpic(cond, US"true") == 0)
  92   return OK;
  93
  94 auth_defer_msg = cond;
  95 auth_defer_user_msg = string_sprintf(": %s", cond);
  96 return DEFER;
  97 }
  98
  99 /* End of check_serv_cond.c */