1 files changed, 121 insertions, 0 deletions
diff --git a/src/auths/call_pwcheck.c b/src/auths/call_pwcheck.c
new file mode 100644
index 0000000..0adde44
--- /dev/null
+++ b/src/auths/call_pwcheck.c
@@ -0,0 +1,121 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) The Exim Maintainers 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* This module contains interface functions to the two Cyrus authentication
+daemons. The original one was "pwcheck", which gives its name to the source
+file. This is now deprecated in favour of "saslauthd". */
+
+
+#include "../exim.h"
+#include "pwcheck.h"
+
+
+/*************************************************
+*      External entry point for pwcheck          *
+*************************************************/
+
+/* This function calls the now-deprecated "pwcheck" Cyrus-SASL authentication
+daemon, passing over a colon-separated user name and password. As this is
+called from the string expander, the string will always be in dynamic store and
+can be overwritten.
+
+Arguments:
+  s        a colon-separated username:password string
+  errptr   where to point an error message
+
+Returns:   OK if authentication succeeded
+           FAIL if authentication failed
+           ERROR some other error condition
+*/
+
+int
+auth_call_pwcheck(uschar *s, uschar **errptr)
+{
+uschar *reply = NULL;
+uschar *pw = Ustrrchr(s, ':');
+
+if (pw == NULL)
+  {
+  *errptr = US"pwcheck: malformed input - missing colon";
+  return ERROR;
+  }
+
+*pw++ = 0;   /* Separate user and password */
+
+DEBUG(D_auth)
+  debug_printf("Running pwcheck authentication for user \"%s\"\n", s);
+
+switch (pwcheck_verify_password(CS s, CS pw, CCSS &reply))
+  {
+  case PWCHECK_OK:
+  DEBUG(D_auth) debug_printf("pwcheck: success (%s)\n", reply);
+  return OK;
+
+  case PWCHECK_NO:
+  DEBUG(D_auth) debug_printf("pwcheck: access denied (%s)\n", reply);
+  return FAIL;
+
+  default:
+  DEBUG(D_auth) debug_printf("pwcheck: query failed (%s)\n", reply);
+  *errptr = reply;
+  return ERROR;
+  }
+}
+
+
+/*************************************************
+*       External entry point for pwauthd         *
+*************************************************/
+
+/* This function calls the "saslauthd" Cyrus-SASL authentication daemon,
+saslauthd, As this is called from the string expander, all the strings will
+always be in dynamic store and can be overwritten.
+
+Arguments:
+  username        username
+  password        password
+  service         optional service
+  realm           optional realm
+  errptr          where to point an error message
+
+Returns:   OK if authentication succeeded
+           FAIL if authentication failed
+           ERROR some other error condition
+*/
+
+int
+auth_call_saslauthd(const uschar *username, const uschar *password,
+  const uschar *service, const uschar *realm, uschar **errptr)
+{
+uschar *reply = NULL;
+
+if (service == NULL) service = US"";
+if (realm == NULL) realm = US"";
+
+DEBUG(D_auth)
+  debug_printf("Running saslauthd authentication for user \"%s\" \n", username);
+
+switch (saslauthd_verify_password(username, password, service,
+        realm, (const uschar **)(&reply)))
+  {
+  case PWCHECK_OK:
+  DEBUG(D_auth) debug_printf("saslauthd: success (%s)\n", reply);
+  return OK;
+
+  case PWCHECK_NO:
+  DEBUG(D_auth) debug_printf("saslauthd: access denied (%s)\n", reply);
+  return FAIL;
+
+  default:
+  DEBUG(D_auth) debug_printf("saslauthd: query failed (%s)\n", reply);
+  *errptr = reply;
+  return ERROR;
+  }
+}
+
+/* End of call_pwcheck.c */