src/src/auths/check_serv_cond.c

   1 /*************************************************
   2 *     Exim - an Internet mail transport agent    *
   3 *************************************************/
   4
   5 /* Copyright (c) University of Cambridge 1995 - 2009 */
   6 /* See the file NOTICE for conditions of use and distribution. */
   7
   8 #include "../exim.h"
   9
  10 /* This module contains the function server_condition(), which is used
  11 by all authenticators. */
  12
  13
  14 /*************************************************
  15 *              Check server_condition            *
  16 *************************************************/
  17
  18 /* This function is called from the server code of all authenticators. For
  19 plaintext, it is always called: the argument cannot be empty, because for
  20 plaintext, setting server_condition is what enables it as a server
  21 authenticator. For all the other authenticators, this function is called after
  22 they have authenticated, to enable additional authorization to be done.
  23
  24 Argument:     the authenticator's instance block
  25
  26 Returns:
  27   OK          NULL argument, or success
  28   DEFER       couldn't complete the check
  29   FAIL        authentication failed
  30 */
  31
  32 int
  33 auth_check_serv_cond(auth_instance *ablock)
  34 {
  35 uschar *cond;
  36
  37 HDEBUG(D_auth)
  38   {
  39   int i;
  40   debug_printf("%s authenticator:\n", ablock->name);
  41   for (i = 0; i < AUTH_VARS; i++)
  42     {
  43     if (auth_vars[i] != NULL)
  44       debug_printf("  $auth%d = %s\n", i + 1, auth_vars[i]);
  45     }
  46   for (i = 1; i <= expand_nmax; i++)
  47     debug_printf("  $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
  48   debug_print_string(ablock->server_debug_string);    /* customized debug */
  49   }
  50
  51 /* For the plaintext authenticator, server_condition is never NULL. For the
  52 rest, an unset condition lets everything through. */
  53
  54 if (ablock->server_condition == NULL) return OK;
  55 cond = expand_string(ablock->server_condition);
  56
  57 HDEBUG(D_auth)
  58   {
  59   if (cond == NULL)
  60     debug_printf("expansion failed: %s\n", expand_string_message);
  61   else
  62     debug_printf("expanded string: %s\n", cond);
  63   }
  64
  65 /* A forced expansion failure causes authentication to fail. Other expansion
  66 failures yield DEFER, which will cause a temporary error code to be returned to
  67 the AUTH command. The problem is at the server end, so the client should try
  68 again later. */
  69
  70 if (cond == NULL)
  71   {
  72   if (expand_string_forcedfail) return FAIL;
  73   auth_defer_msg = expand_string_message;
  74   return DEFER;
  75   }
  76
  77 /* Return FAIL for empty string, "0", "no", and "false"; return OK for
  78 "1", "yes", and "true"; return DEFER for anything else, with the string
  79 available as an error text for the user. */
  80
  81 if (*cond == 0 ||
  82     Ustrcmp(cond, "0") == 0 ||
  83     strcmpic(cond, US"no") == 0 ||
  84     strcmpic(cond, US"false") == 0)
  85   return FAIL;
  86
  87 if (Ustrcmp(cond, "1") == 0 ||
  88     strcmpic(cond, US"yes") == 0 ||
  89     strcmpic(cond, US"true") == 0)
  90   return OK;
  91
  92 auth_defer_msg = cond;
  93 auth_defer_user_msg = string_sprintf(": %s", cond);
  94 return DEFER;
  95 }
  96
  97 /* End of check_serv_cond.c */