1 /* $Cambridge: exim/src/src/auths/dovecot.c,v 1.4 2007/01/23 12:22:00 ph10 Exp $ */
4 * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
15 #define VERSION_MAJOR 1
16 #define VERSION_MINOR 0
18 /* Options specific to the authentication mechanism. */
19 optionlist auth_dovecot_options
[] = {
23 (void *)(offsetof(auth_dovecot_options_block
, server_socket
))
27 /* Size of the options list. An extern variable has to be used so that its
28 address can appear in the tables drtables.c. */
29 int auth_dovecot_options_count
=
30 sizeof(auth_dovecot_options
) / sizeof(optionlist
);
32 /* Default private options block for the authentication method. */
33 auth_dovecot_options_block auth_dovecot_option_defaults
= {
34 NULL
, /* server_socket */
37 /*************************************************
38 * Initialization entry point *
39 *************************************************/
41 /* Called for each instance, after its options have been read, to
42 enable consistency checks to be done, or anything else that needs
44 void auth_dovecot_init(auth_instance
*ablock
)
46 auth_dovecot_options_block
*ob
=
47 (auth_dovecot_options_block
*)(ablock
->options_block
);
49 if (ablock
->public_name
== NULL
)
50 ablock
->public_name
= ablock
->name
;
51 if (ob
->server_socket
!= NULL
)
52 ablock
->server
= TRUE
;
53 ablock
->client
= FALSE
;
56 static int strcut(char *str
, char **ptrs
, int nptrs
)
61 for (n
= 0; n
< nptrs
; n
++)
83 #define CHECK_COMMAND(str, arg_min, arg_max) do { \
84 if (strcasecmp((str), args[0]) != 0) \
86 if (nargs - 1 < (arg_min)) \
88 if (nargs - 1 > (arg_max)) \
92 #define OUT(msg) do { \
93 auth_defer_msg = (US msg); \
99 /*************************************************
100 * Server entry point *
101 *************************************************/
103 int auth_dovecot_server(auth_instance
*ablock
, uschar
*data
)
105 auth_dovecot_options_block
*ob
=
106 (auth_dovecot_options_block
*)(ablock
->options_block
);
107 struct sockaddr_un sa
;
110 uschar
*auth_command
;
111 uschar
*auth_extra_data
= US
"";
113 int cuid
= 0, cont
= 1, found
= 0, fd
, ret
= DEFER
;
116 HDEBUG(D_auth
) debug_printf("dovecot authentication\n");
118 memset(&sa
, 0, sizeof(sa
));
119 sa
.sun_family
= AF_UNIX
;
121 /* This was the original code here: it is nonsense because strncpy()
122 does not return an integer. I have converted this to use the function
123 that formats and checks length. PH */
126 if (strncpy(sa.sun_path, ob->server_socket, sizeof(sa.sun_path)) < 0) {
129 if (!string_format(US sa
.sun_path
, sizeof(sa
.sun_path
), "%s",
130 ob
->server_socket
)) {
131 auth_defer_msg
= US
"authentication socket path too long";
135 auth_defer_msg
= US
"authentication socket connection error";
137 fd
= socket(PF_UNIX
, SOCK_STREAM
, 0);
141 if (connect(fd
, (struct sockaddr
*) &sa
, sizeof(sa
)) < 0)
144 f
= fdopen(fd
, "a+");
148 auth_defer_msg
= US
"authentication socket protocol error";
151 if (fgets(buffer
, sizeof(buffer
), f
) == NULL
)
152 OUT("authentication socket read error or premature eof");
154 buffer
[strlen(buffer
) - 1] = 0;
155 HDEBUG(D_auth
) debug_printf("received: %s\n", buffer
);
156 nargs
= strcut(buffer
, args
, sizeof(args
) / sizeof(args
[0]));
158 switch (toupper(*args
[0])) {
160 CHECK_COMMAND("CUID", 1, 1);
161 cuid
= atoi(args
[1]);
165 CHECK_COMMAND("DONE", 0, 0);
170 CHECK_COMMAND("MECH", 1, INT_MAX
);
171 if (strcmpic(US args
[1], ablock
->public_name
) == 0)
176 CHECK_COMMAND("SPID", 1, 1);
180 CHECK_COMMAND("VERSION", 2, 2);
181 if (atoi(args
[1]) != VERSION_MAJOR
)
182 OUT("authentication socket protocol version mismatch");
193 /* Added by PH: data must not contain tab (as it is
194 b64 it shouldn't, but check for safety). */
196 if (Ustrchr(data
, '\t') != NULL
) {
201 /* Added by PH: extra fields when TLS is in use or if the TCP/IP
202 connection is local. */
204 if (tls_cipher
!= NULL
)
205 auth_extra_data
= string_sprintf("secured\t%s%s",
206 tls_certificate_verified
? "valid-client-cert" : "",
207 tls_certificate_verified
? "\t" : "");
208 else if (Ustrcmp(sender_host_address
, interface_address
) == 0)
209 auth_extra_data
= US
"secured\t";
212 /****************************************************************************
213 The code below was the original code here. It didn't work. A reading of the
214 file auth-protocol.txt.gz that came with Dovecot 1.0_beta8 indicated that
215 this was not right. Maybe something changed. I changed it to move the
216 service indication into the AUTH command, and it seems to be better. PH
218 fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n"
219 "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n",
220 VERSION_MAJOR, VERSION_MINOR, getpid(), cuid,
221 ablock->public_name, sender_host_address, interface_address,
222 data ? (char *) data : "");
224 Subsequently, the command was modified to add "secured" and "valid-client-
226 ****************************************************************************/
228 auth_command
= string_sprintf("VERSION\t%d\t%d\nCPID\t%d\n"
229 "AUTH\t%d\t%s\tservice=smtp\t%srip=%s\tlip=%s\tresp=%s\n",
230 VERSION_MAJOR
, VERSION_MINOR
, getpid(), cuid
,
231 ablock
->public_name
, auth_extra_data
, sender_host_address
,
232 interface_address
, data
? (char *) data
: "");
234 fprintf(f
, "%s", auth_command
);
235 HDEBUG(D_auth
) debug_printf("sent: %s", auth_command
);
238 if (fgets(buffer
, sizeof(buffer
), f
) == NULL
) {
239 auth_defer_msg
= US
"authentication socket read error or premature eof";
243 buffer
[strlen(buffer
) - 1] = 0;
244 HDEBUG(D_auth
) debug_printf("received: %s\n", buffer
);
245 nargs
= strcut(buffer
, args
, sizeof(args
) / sizeof(args
[0]));
247 if (atoi(args
[1]) != cuid
)
248 OUT("authentication socket connection id mismatch");
250 switch (toupper(*args
[0])) {
252 CHECK_COMMAND("CONT", 1, 2);
254 tmp
= auth_get_no64_data(&data
, US args
[2]);
260 /* Added by PH: data must not contain tab (as it is
261 b64 it shouldn't, but check for safety). */
263 if (Ustrchr(data
, '\t') != NULL
) {
268 if (fprintf(f
, "CONT\t%d\t%s\r\n", cuid
, data
) < 0)
269 OUT("authentication socket write error");
274 CHECK_COMMAND("FAIL", 1, 2);
276 /* FIXME: add proper response handling */
278 uschar
*p
= US
strchr(args
[2], '=');
281 expand_nstring
[1] = auth_vars
[0] =
282 string_copy(p
); /* PH */
283 expand_nlength
[1] = Ustrlen(p
);
292 CHECK_COMMAND("OK", 2, 2);
294 /* FIXME: add proper response handling */
295 uschar
*p
= US
strchr(args
[2], '=');
297 OUT("authentication socket protocol error, username missing");
300 expand_nstring
[1] = auth_vars
[0] =
301 string_copy(p
); /* PH */
302 expand_nlength
[1] = Ustrlen(p
);
315 /* Expand server_condition as an authorization check */
316 return (ret
== OK
)? auth_check_serv_cond(ablock
) : ret
;