[hcoop/debian/exim4.git] / src / auths / plaintext.c

/*************************************************
*     Exim - an Internet mail transport agent    *
*************************************************/

/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */

#include "../exim.h"
#include "plaintext.h"


/* Options specific to the plaintext authentication mechanism. */

optionlist auth_plaintext_options[] = {
  { "client_ignore_invalid_base64", opt_bool,
      (void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
  { "client_send",        opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, client_send)) },
  { "server_prompts",     opt_stringptr,
      (void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
};

/* Size of the options list. An extern variable has to be used so that its
address can appear in the tables drtables.c. */

int auth_plaintext_options_count =
  sizeof(auth_plaintext_options)/sizeof(optionlist);

/* Default private options block for the plaintext authentication method. */

auth_plaintext_options_block auth_plaintext_option_defaults = {
  NULL,              /* server_prompts */
  NULL,              /* client_send */
  FALSE              /* client_ignore_invalid_base64 */
};


#ifdef MACRO_PREDEF

/* Dummy values */
void auth_plaintext_init(auth_instance *ablock) {}
int auth_plaintext_server(auth_instance *ablock, uschar *data) {return 0;}
int auth_plaintext_client(auth_instance *ablock, void * sx, int timeout,
    uschar *buffer, int buffsize) {return 0;}

#else   /*!MACRO_PREDEF*/


/*************************************************
*          Initialization entry point            *
*************************************************/

/* Called for each instance, after its options have been read, to
enable consistency checks to be done, or anything else that needs
to be set up. */

void
auth_plaintext_init(auth_instance *ablock)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
if (ablock->public_name == NULL) ablock->public_name = ablock->name;
if (ablock->server_condition != NULL) ablock->server = TRUE;
if (ob->client_send != NULL) ablock->client = TRUE;
}


/*************************************************
*             Server entry point                 *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_server(auth_instance *ablock, uschar *data)
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
const uschar *prompts = ob->server_prompts;
uschar *clear, *end, *s;
int number = 1;
int len, rc;
int sep = 0;

/* Expand a non-empty list of prompt strings */

if (prompts != NULL)
  {
  prompts = expand_cstring(prompts);
  if (prompts == NULL)
    {
    auth_defer_msg = expand_string_message;
    return DEFER;
    }
  }

/* If data was supplied on the AUTH command, decode it, and split it up into
multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
up to a maximum. To retain backwards compatibility, they are also put int $1,
$2, etc. If the data consists of the string "=" it indicates a single, empty
string. */

if (*data != 0)
  {
  if (Ustrcmp(data, "=") == 0)
    {
    auth_vars[0] = expand_nstring[++expand_nmax] = US"";
    expand_nlength[expand_nmax] = 0;
    }
  else
    {
    if ((len = b64decode(data, &clear)) < 0) return BAD64;
    end = clear + len;
    while (clear < end && expand_nmax < EXPAND_MAXN)
      {
      if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
      expand_nstring[++expand_nmax] = clear;
      while (*clear != 0) clear++;
      expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
      }
    }
  }

/* Now go through the list of prompt strings. Skip over any whose data has
already been provided as part of the AUTH command. For the rest, send them
out as prompts, and get a data item back. If the data item is "*", abandon the
authentication attempt. Otherwise, split it into items as above. */

while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
        != NULL && expand_nmax < EXPAND_MAXN)
  {
  if (number++ <= expand_nmax) continue;
  if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
  if ((len = b64decode(data, &clear)) < 0) return BAD64;
  end = clear + len;

  /* This loop must run at least once, in case the length is zero */
  do
    {
    if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
    expand_nstring[++expand_nmax] = clear;
    while (*clear != 0) clear++;
    expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
    }
  while (clear < end && expand_nmax < EXPAND_MAXN);
  }

/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
compatibility, in $1, $2, etc). Authentication and authorization are handled
together for this authenticator by expanding the server_condition option. Note
that ablock->server_condition is always non-NULL because that's what configures
this authenticator as a server. */

return auth_check_serv_cond(ablock);
}


/*************************************************
*              Client entry point                *
*************************************************/

/* For interface, see auths/README */

int
auth_plaintext_client(
  auth_instance *ablock,                 /* authenticator block */
  void * sx,				 /* smtp connextion */
  int timeout,                           /* command timeout */
  uschar *buffer,                        /* buffer for reading response */
  int buffsize)                          /* size of buffer */
{
auth_plaintext_options_block *ob =
  (auth_plaintext_options_block *)(ablock->options_block);
const uschar *text = ob->client_send;
uschar *s;
BOOL first = TRUE;
int sep = 0;
int auth_var_idx = 0;

/* The text is broken up into a number of different data items, which are
sent one by one. The first one is sent with the AUTH command; the remainder are
sent in response to subsequent prompts. Each is expanded before being sent. */

while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)))
  {
  int i, len, clear_len;
  uschar *ss = expand_string(s);
  uschar *clear;

  /* Forced expansion failure is not an error; authentication is abandoned. On
  all but the first string, we have to abandon the authentication attempt by
  sending a line containing "*". Save the failed expansion string, because it
  is in big_buffer, and that gets used by the sending function. */

  if (!ss)
    {
    uschar *ssave = string_copy(s);
    if (!first)
      {
      if (smtp_write_command(sx, SCMD_FLUSH, "*\r\n") >= 0)
        (void) smtp_read_response(sx, US buffer, buffsize, '2', timeout);
      }
    if (f.expand_string_forcedfail)
      {
      *buffer = 0;       /* No message */
      return CANCELLED;
      }
    string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
      "authenticator: %s", ssave, ablock->name, expand_string_message);
    return ERROR;
    }

  len = Ustrlen(ss);

  /* The character ^ is used as an escape for a binary zero character, which is
  needed for the PLAIN mechanism. It must be doubled if really needed. */

  for (i = 0; i < len; i++)
    if (ss[i] == '^')
      if (ss[i+1] != '^')
	ss[i] = 0;
      else
        {
        i++;
        len--;
        memmove(ss + i, ss + i + 1, len - i);
        }

  /* The first string is attached to the AUTH command; others are sent
  unembellished. */

  if (first)
    {
    first = FALSE;
    if (smtp_write_command(sx, SCMD_FLUSH, "AUTH %s%s%s\r\n",
         ablock->public_name, len == 0 ? "" : " ", b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }
  else
    {
    if (smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", b64encode(ss, len)) < 0)
      return FAIL_SEND;
    }

  /* If we receive a success response from the server, authentication
  has succeeded. There may be more data to send, but is there any point
  in provoking an error here? */

  if (smtp_read_response(sx, US buffer, buffsize, '2', timeout)) return OK;

  /* Not a success response. If errno != 0 there is some kind of transmission
  error. Otherwise, check the response code in the buffer. If it starts with
  '3', more data is expected. */

  if (errno != 0 || buffer[0] != '3') return FAIL;

  /* If there is no more data to send, we have to cancel the authentication
  exchange and return ERROR. */

  if (!text)
    {
    if (smtp_write_command(sx, SCMD_FLUSH, "*\r\n") >= 0)
      (void)smtp_read_response(sx, US buffer, buffsize, '2', timeout);
    string_format(buffer, buffsize, "Too few items in client_send in %s "
      "authenticator", ablock->name);
    return ERROR;
    }

  /* Now that we know we'll continue, we put the received data into $auth<n>,
  if possible. First, decode it: buffer+4 skips over the SMTP status code. */

  clear_len = b64decode(buffer+4, &clear);

  /* If decoding failed, the default is to terminate the authentication, and
  return FAIL, with the SMTP response still in the buffer. However, if client_
  ignore_invalid_base64 is set, we ignore the error, and put an empty string
  into $auth<n>. */

  if (clear_len < 0)
    {
    uschar *save_bad = string_copy(buffer);
    if (!ob->client_ignore_invalid_base64)
      {
      if (smtp_write_command(sx, SCMD_FLUSH, "*\r\n") >= 0)
        (void)smtp_read_response(sx, US buffer, buffsize, '2', timeout);
      string_format(buffer, buffsize, "Invalid base64 string in server "
        "response \"%s\"", save_bad);
      return CANCELLED;
      }
    clear = US"";
    clear_len = 0;
    }

  if (auth_var_idx < AUTH_VARS)
    auth_vars[auth_var_idx++] = string_copy(clear);
  }

/* Control should never actually get here. */

return FAIL;
}

#endif   /*!MACRO_PREDEF*/
/* End of plaintext.c */
Commit	Line	Data
420a0d19 CE	1	/*************************************************
	2	* Exim - an Internet mail transport agent *
	3	*************************************************/
	4
2ea97746	5	/* Copyright (c) University of Cambridge 1995 - 2018 */
420a0d19 CE	6	/* See the file NOTICE for conditions of use and distribution. */
	7
	8	#include "../exim.h"
	9	#include "plaintext.h"
	10
	11
	12	/* Options specific to the plaintext authentication mechanism. */
	13
	14	optionlist auth_plaintext_options[] = {
	15	{ "client_ignore_invalid_base64", opt_bool,
	16	(void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
	17	{ "client_send", opt_stringptr,
	18	(void *)(offsetof(auth_plaintext_options_block, client_send)) },
	19	{ "server_prompts", opt_stringptr,
	20	(void *)(offsetof(auth_plaintext_options_block, server_prompts)) }
	21	};
	22
	23	/* Size of the options list. An extern variable has to be used so that its
	24	address can appear in the tables drtables.c. */
	25
	26	int auth_plaintext_options_count =
	27	sizeof(auth_plaintext_options)/sizeof(optionlist);
	28
	29	/* Default private options block for the plaintext authentication method. */
	30
	31	auth_plaintext_options_block auth_plaintext_option_defaults = {
	32	NULL, /* server_prompts */
	33	NULL, /* client_send */
	34	FALSE /* client_ignore_invalid_base64 */
	35	};
	36
	37
2ea97746 CE	38	#ifdef MACRO_PREDEF
	39
	40	/* Dummy values */
	41	void auth_plaintext_init(auth_instance *ablock) {}
	42	int auth_plaintext_server(auth_instance ablock, uschar data) {return 0;}
	43	int auth_plaintext_client(auth_instance ablock, void sx, int timeout,
	44	uschar *buffer, int buffsize) {return 0;}
	45
	46	#else /!MACRO_PREDEF/
	47
	48
	49
420a0d19 CE	50	/*************************************************
	51	* Initialization entry point *
	52	*************************************************/
	53
	54	/* Called for each instance, after its options have been read, to
	55	enable consistency checks to be done, or anything else that needs
	56	to be set up. */
	57
	58	void
	59	auth_plaintext_init(auth_instance *ablock)
	60	{
	61	auth_plaintext_options_block *ob =
	62	(auth_plaintext_options_block *)(ablock->options_block);
	63	if (ablock->public_name == NULL) ablock->public_name = ablock->name;
	64	if (ablock->server_condition != NULL) ablock->server = TRUE;
	65	if (ob->client_send != NULL) ablock->client = TRUE;
	66	}
	67
	68
	69
	70	/*************************************************
	71	* Server entry point *
	72	*************************************************/
	73
	74	/* For interface, see auths/README */
	75
	76	int
	77	auth_plaintext_server(auth_instance ablock, uschar data)
	78	{
	79	auth_plaintext_options_block *ob =
	80	(auth_plaintext_options_block *)(ablock->options_block);
2ea97746	81	const uschar *prompts = ob->server_prompts;
420a0d19 CE	82	uschar clear, end, *s;
	83	int number = 1;
	84	int len, rc;
	85	int sep = 0;
	86
	87	/* Expand a non-empty list of prompt strings */
	88
	89	if (prompts != NULL)
	90	{
2ea97746	91	prompts = expand_cstring(prompts);
420a0d19 CE	92	if (prompts == NULL)
	93	{
	94	auth_defer_msg = expand_string_message;
	95	return DEFER;
	96	}
	97	}
	98
	99	/* If data was supplied on the AUTH command, decode it, and split it up into
	100	multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
	101	up to a maximum. To retain backwards compatibility, they are also put int $1,
	102	$2, etc. If the data consists of the string "=" it indicates a single, empty
	103	string. */
	104
	105	if (*data != 0)
	106	{
	107	if (Ustrcmp(data, "=") == 0)
	108	{
	109	auth_vars[0] = expand_nstring[++expand_nmax] = US"";
	110	expand_nlength[expand_nmax] = 0;
	111	}
	112	else
	113	{
2ea97746	114	if ((len = b64decode(data, &clear)) < 0) return BAD64;
420a0d19 CE	115	end = clear + len;
	116	while (clear < end && expand_nmax < EXPAND_MAXN)
	117	{
	118	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
	119	expand_nstring[++expand_nmax] = clear;
	120	while (*clear != 0) clear++;
	121	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	122	}
	123	}
	124	}
	125
	126	/* Now go through the list of prompt strings. Skip over any whose data has
	127	already been provided as part of the AUTH command. For the rest, send them
	128	out as prompts, and get a data item back. If the data item is "*", abandon the
	129	authentication attempt. Otherwise, split it into items as above. */
	130
	131	while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size))
	132	!= NULL && expand_nmax < EXPAND_MAXN)
	133	{
	134	if (number++ <= expand_nmax) continue;
	135	if ((rc = auth_get_data(&data, s, Ustrlen(s))) != OK) return rc;
2ea97746	136	if ((len = b64decode(data, &clear)) < 0) return BAD64;
420a0d19 CE	137	end = clear + len;
	138
	139	/* This loop must run at least once, in case the length is zero */
	140	do
	141	{
	142	if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
	143	expand_nstring[++expand_nmax] = clear;
	144	while (*clear != 0) clear++;
	145	expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
	146	}
	147	while (clear < end && expand_nmax < EXPAND_MAXN);
	148	}
	149
	150	/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
	151	compatibility, in $1, $2, etc). Authentication and authorization are handled
	152	together for this authenticator by expanding the server_condition option. Note
	153	that ablock->server_condition is always non-NULL because that's what configures
	154	this authenticator as a server. */
	155
	156	return auth_check_serv_cond(ablock);
	157	}
	158
	159
	160
	161	/*************************************************
	162	* Client entry point *
	163	*************************************************/
	164
	165	/* For interface, see auths/README */
	166
	167	int
	168	auth_plaintext_client(
	169	auth_instance ablock, / authenticator block */
2ea97746	170	void * sx, /* smtp connextion */
420a0d19 CE	171	int timeout, /* command timeout */
	172	uschar buffer, / buffer for reading response */
	173	int buffsize) /* size of buffer */
	174	{
	175	auth_plaintext_options_block *ob =
	176	(auth_plaintext_options_block *)(ablock->options_block);
2ea97746	177	const uschar *text = ob->client_send;
420a0d19 CE	178	uschar *s;
	179	BOOL first = TRUE;
	180	int sep = 0;
	181	int auth_var_idx = 0;
	182
	183	/* The text is broken up into a number of different data items, which are
	184	sent one by one. The first one is sent with the AUTH command; the remainder are
	185	sent in response to subsequent prompts. Each is expanded before being sent. */
	186
2ea97746	187	while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)))
420a0d19 CE	188	{
	189	int i, len, clear_len;
	190	uschar *ss = expand_string(s);
	191	uschar *clear;
	192
	193	/* Forced expansion failure is not an error; authentication is abandoned. On
	194	all but the first string, we have to abandon the authentication attempt by
	195	sending a line containing "*". Save the failed expansion string, because it
	196	is in big_buffer, and that gets used by the sending function. */
	197
2ea97746	198	if (!ss)
420a0d19 CE	199	{
	200	uschar *ssave = string_copy(s);
	201	if (!first)
	202	{
2ea97746 CE	203	if (smtp_write_command(sx, SCMD_FLUSH, "*\r\n") >= 0)
2ea97746 CE	204	(void) smtp_read_response(sx, US buffer, buffsize, '2', timeout);
420a0d19	205	}
2ea97746	206	if (f.expand_string_forcedfail)
420a0d19 CE	207	{
	208	buffer = 0; / No message */
	209	return CANCELLED;
	210	}
	211	string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
	212	"authenticator: %s", ssave, ablock->name, expand_string_message);
	213	return ERROR;
	214	}
	215
	216	len = Ustrlen(ss);
	217
	218	/* The character ^ is used as an escape for a binary zero character, which is
	219	needed for the PLAIN mechanism. It must be doubled if really needed. */
	220
	221	for (i = 0; i < len; i++)
420a0d19	222	if (ss[i] == '^')
2ea97746 CE	223	if (ss[i+1] != '^')
	224	ss[i] = 0;
	225	else
420a0d19 CE	226	{
	227	i++;
	228	len--;
	229	memmove(ss + i, ss + i + 1, len - i);
	230	}
420a0d19 CE	231
420a0d19 CE	232	/* The first string is attached to the AUTH command; others are sent
2ea97746	233	unembellished. */
420a0d19 CE	234
	235	if (first)
	236	{
	237	first = FALSE;
2ea97746 CE	238	if (smtp_write_command(sx, SCMD_FLUSH, "AUTH %s%s%s\r\n",
2ea97746 CE	239	ablock->public_name, len == 0 ? "" : " ", b64encode(ss, len)) < 0)
420a0d19 CE	240	return FAIL_SEND;
	241	}
	242	else
	243	{
2ea97746	244	if (smtp_write_command(sx, SCMD_FLUSH, "%s\r\n", b64encode(ss, len)) < 0)
420a0d19 CE	245	return FAIL_SEND;
	246	}
	247
	248	/* If we receive a success response from the server, authentication
	249	has succeeded. There may be more data to send, but is there any point
	250	in provoking an error here? */
	251
2ea97746	252	if (smtp_read_response(sx, US buffer, buffsize, '2', timeout)) return OK;
420a0d19 CE	253
	254	/* Not a success response. If errno != 0 there is some kind of transmission
	255	error. Otherwise, check the response code in the buffer. If it starts with
	256	'3', more data is expected. */
	257
	258	if (errno != 0 \|\| buffer[0] != '3') return FAIL;
	259
	260	/* If there is no more data to send, we have to cancel the authentication
	261	exchange and return ERROR. */
	262
2ea97746	263	if (!text)
420a0d19	264	{
2ea97746 CE	265	if (smtp_write_command(sx, SCMD_FLUSH, "*\r\n") >= 0)
2ea97746 CE	266	(void)smtp_read_response(sx, US buffer, buffsize, '2', timeout);
420a0d19 CE	267	string_format(buffer, buffsize, "Too few items in client_send in %s "
	268	"authenticator", ablock->name);
	269	return ERROR;
	270	}
	271
	272	/* Now that we know we'll continue, we put the received data into $auth<n>,
	273	if possible. First, decode it: buffer+4 skips over the SMTP status code. */
	274
2ea97746	275	clear_len = b64decode(buffer+4, &clear);
420a0d19 CE	276
	277	/* If decoding failed, the default is to terminate the authentication, and
	278	return FAIL, with the SMTP response still in the buffer. However, if client_
	279	ignore_invalid_base64 is set, we ignore the error, and put an empty string
	280	into $auth<n>. */
	281
	282	if (clear_len < 0)
	283	{
	284	uschar *save_bad = string_copy(buffer);
	285	if (!ob->client_ignore_invalid_base64)
	286	{
2ea97746 CE	287	if (smtp_write_command(sx, SCMD_FLUSH, "*\r\n") >= 0)
2ea97746 CE	288	(void)smtp_read_response(sx, US buffer, buffsize, '2', timeout);
420a0d19 CE	289	string_format(buffer, buffsize, "Invalid base64 string in server "
	290	"response \"%s\"", save_bad);
	291	return CANCELLED;
	292	}
	293	clear = US"";
	294	clear_len = 0;
	295	}
	296
	297	if (auth_var_idx < AUTH_VARS)
	298	auth_vars[auth_var_idx++] = string_copy(clear);
	299	}
	300
	301	/* Control should never actually get here. */
	302
	303	return FAIL;
	304	}
	305
2ea97746	306	#endif /!MACRO_PREDEF/
420a0d19	307	/* End of plaintext.c */