diff options
Diffstat (limited to '')
-rw-r--r-- | src/auths/call_pwcheck.c | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/src/auths/call_pwcheck.c b/src/auths/call_pwcheck.c new file mode 100644 index 0000000..0adde44 --- /dev/null +++ b/src/auths/call_pwcheck.c @@ -0,0 +1,121 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 1995 - 2015 */ +/* Copyright (c) The Exim Maintainers 2020 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* This module contains interface functions to the two Cyrus authentication +daemons. The original one was "pwcheck", which gives its name to the source +file. This is now deprecated in favour of "saslauthd". */ + + +#include "../exim.h" +#include "pwcheck.h" + + +/************************************************* +* External entry point for pwcheck * +*************************************************/ + +/* This function calls the now-deprecated "pwcheck" Cyrus-SASL authentication +daemon, passing over a colon-separated user name and password. As this is +called from the string expander, the string will always be in dynamic store and +can be overwritten. + +Arguments: + s a colon-separated username:password string + errptr where to point an error message + +Returns: OK if authentication succeeded + FAIL if authentication failed + ERROR some other error condition +*/ + +int +auth_call_pwcheck(uschar *s, uschar **errptr) +{ +uschar *reply = NULL; +uschar *pw = Ustrrchr(s, ':'); + +if (pw == NULL) + { + *errptr = US"pwcheck: malformed input - missing colon"; + return ERROR; + } + +*pw++ = 0; /* Separate user and password */ + +DEBUG(D_auth) + debug_printf("Running pwcheck authentication for user \"%s\"\n", s); + +switch (pwcheck_verify_password(CS s, CS pw, CCSS &reply)) + { + case PWCHECK_OK: + DEBUG(D_auth) debug_printf("pwcheck: success (%s)\n", reply); + return OK; + + case PWCHECK_NO: + DEBUG(D_auth) debug_printf("pwcheck: access denied (%s)\n", reply); + return FAIL; + + default: + DEBUG(D_auth) debug_printf("pwcheck: query failed (%s)\n", reply); + *errptr = reply; + return ERROR; + } +} + + +/************************************************* +* External entry point for pwauthd * +*************************************************/ + +/* This function calls the "saslauthd" Cyrus-SASL authentication daemon, +saslauthd, As this is called from the string expander, all the strings will +always be in dynamic store and can be overwritten. + +Arguments: + username username + password password + service optional service + realm optional realm + errptr where to point an error message + +Returns: OK if authentication succeeded + FAIL if authentication failed + ERROR some other error condition +*/ + +int +auth_call_saslauthd(const uschar *username, const uschar *password, + const uschar *service, const uschar *realm, uschar **errptr) +{ +uschar *reply = NULL; + +if (service == NULL) service = US""; +if (realm == NULL) realm = US""; + +DEBUG(D_auth) + debug_printf("Running saslauthd authentication for user \"%s\" \n", username); + +switch (saslauthd_verify_password(username, password, service, + realm, (const uschar **)(&reply))) + { + case PWCHECK_OK: + DEBUG(D_auth) debug_printf("saslauthd: success (%s)\n", reply); + return OK; + + case PWCHECK_NO: + DEBUG(D_auth) debug_printf("saslauthd: access denied (%s)\n", reply); + return FAIL; + + default: + DEBUG(D_auth) debug_printf("saslauthd: query failed (%s)\n", reply); + *errptr = reply; + return ERROR; + } +} + +/* End of call_pwcheck.c */ |