From f78eb7c6264c5f1a4ec2fb24c39060e0686f7714 Mon Sep 17 00:00:00 2001 From: Philip Hazel Date: Fri, 10 Feb 2006 14:25:43 +0000 Subject: Add $auth1, $auth2, $auth3 variables. --- src/src/auths/README | 9 +++++---- src/src/auths/b64decode.c | 4 ++-- src/src/auths/cram_md5.c | 11 ++++++----- src/src/auths/cyrus_sasl.c | 13 +++++++------ src/src/auths/plaintext.c | 23 ++++++++++++++++------- src/src/auths/spa.c | 11 +++++++---- src/src/config.h.defaults | 7 +++++-- src/src/expand.c | 12 +++++++++++- src/src/globals.c | 3 ++- src/src/globals.h | 3 ++- src/src/smtp_in.c | 24 +++++++++++++++--------- 11 files changed, 78 insertions(+), 42 deletions(-) (limited to 'src') diff --git a/src/src/auths/README b/src/src/auths/README index 18ca50033..9143b9e91 100644 --- a/src/src/auths/README +++ b/src/src/auths/README @@ -1,4 +1,4 @@ -$Cambridge: exim/src/src/auths/README,v 1.3 2005/02/17 11:58:27 ph10 Exp $ +$Cambridge: exim/src/src/auths/README,v 1.4 2006/02/10 14:25:43 ph10 Exp $ AUTHS @@ -44,9 +44,10 @@ The second function performs authentication as a server. It receives a pointer to the instance block, and its second argument is the remainder of the data from the AUTH command. The numeric variable maximum setting (expand_nmax) is set to zero, with $0 initialized as unset. The authenticator may set up numeric -variables according to its specification; it should leave expand_nmax set at -the end so that they can be used for the expansion of the generic server_set_id -option, which happens centrally. +variables according to its (old) specification and $auth variables the +preferred ones nowadays; it should leave them set at the end so that they can +be used for the expansion of the generic server_set_id option, which happens +centrally. This function has access to the SMTP input and output so that it can write intermediate responses and read more data if necessary. There is a packaged diff --git a/src/src/auths/b64decode.c b/src/src/auths/b64decode.c index dceb59f0c..bc1fbc5ef 100644 --- a/src/src/auths/b64decode.c +++ b/src/src/auths/b64decode.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/b64decode.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/b64decode.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -22,7 +22,7 @@ compact loop is messy and would probably run more slowly. Arguments: code points to the coded string, zero-terminated ptr where to put the pointer to the result, which is in - dynamic store + dynamic store, and zero-terminated Returns: the number of bytes in the result, or -1 if the input was malformed diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c index 41c9c5cfa..7b5598762 100644 --- a/src/src/auths/cram_md5.c +++ b/src/src/auths/cram_md5.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -177,10 +177,11 @@ if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc; if ((len = auth_b64decode(data, &clear)) < 0) return BAD64; /* The return consists of a user name, space-separated from the CRAM-MD5 -digest, expressed in hex. Extract the user name and put it in $1. Then check -that the remaining length is 32. */ +digest, expressed in hex. Extract the user name and put it in $auth1 and $1. +The former is now the preferred variable; the latter is the original one. Then +check that the remaining length is 32. */ -expand_nstring[1] = clear; +auth_vars[0] = expand_nstring[1] = clear; while (*clear != 0 && !isspace(*clear)) clear++; if (!isspace(*clear)) return FAIL; *clear++ = 0; @@ -212,7 +213,7 @@ compute_cram_md5(secret, challenge, digest); HDEBUG(D_auth) { uschar buff[64]; - debug_printf("CRAM-MD5: user name = %s\n", expand_nstring[1]); + debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]); debug_printf(" challenge = %s\n", challenge); debug_printf(" received = %s\n", clear); Ustrcpy(buff," digest = "); diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c index 8651dc605..7e6603988 100644 --- a/src/src/auths/cyrus_sasl.c +++ b/src/src/auths/cyrus_sasl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.3 2005/04/05 14:33:27 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -324,11 +324,12 @@ while(rc==SASL_CONTINUE) } else if(rc==SASL_OK) { - /* get the username and copy it into $1 */ - rc=sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2)); - expand_nstring[1]=string_copy(out2); - expand_nlength[1]=Ustrlen(expand_nstring[1]); - expand_nmax=1; + /* Get the username and copy it into $auth1 and $1. The former is now the + preferred variable; the latter is the original variable. */ + rc = sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2)); + auth_vars[0] = expand_nstring[1] = string_copy(out2); + expand_nlength[1] = Ustrlen(expand_nstring[1]); + expand_nmax = 1; HDEBUG(D_auth) debug_printf("Cyrus SASL %s authentiction succeeded for %s\n", ob->server_mech, out2); diff --git a/src/src/auths/plaintext.c b/src/src/auths/plaintext.c index 5e7fda7cd..e5f261a16 100644 --- a/src/src/auths/plaintext.c +++ b/src/src/auths/plaintext.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -87,14 +87,16 @@ if (prompts != NULL) } /* If data was supplied on the AUTH command, decode it, and split it up into -multiple items at binary zeros. If the data consists of the string "=" it -indicates a single, empty string. */ +multiple items at binary zeros. The strings are put into $auth1, $auth2, etc, +up to a maximum. To retain backwards compatibility, they are also put int $1, +$2, etc. If the data consists of the string "=" it indicates a single, empty +string. */ if (*data != 0) { if (Ustrcmp(data, "=") == 0) { - expand_nstring[++expand_nmax] = US""; + auth_vars[0] = expand_nstring[++expand_nmax] = US""; expand_nlength[expand_nmax] = 0; } else @@ -103,6 +105,7 @@ if (*data != 0) end = clear + len; while (clear < end && expand_nmax < EXPAND_MAXN) { + if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear; expand_nstring[++expand_nmax] = clear; while (*clear != 0) clear++; expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax]; @@ -126,6 +129,7 @@ while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size)) /* This loop must run at least once, in case the length is zero */ do { + if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear; expand_nstring[++expand_nmax] = clear; while (*clear != 0) clear++; expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax]; @@ -133,9 +137,9 @@ while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size)) while (clear < end && expand_nmax < EXPAND_MAXN); } -/* We now have a number of items of data in $1, $2, etc. Match against the -decoded data by expanding the condition. Also expand the id to set if -authentication succeeds. */ +/* We now have a number of items of data in $auth1, $auth2, etc (and also, for +compatibility, in $1, $2, etc). Match against the decoded data by expanding the +condition. */ cond = expand_string(ob->server_condition); @@ -143,6 +147,11 @@ HDEBUG(D_auth) { int i; debug_printf("%s authenticator:\n", ablock->name); + for (i = 0; i < AUTH_VARS; i++) + { + if (auth_vars[i] != NULL) + debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]); + } for (i = 1; i <= expand_nmax; i++) debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]); debug_print_string(ablock->server_debug_string); /* customized debug */ diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 854e96312..264887607 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.5 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/spa.c,v 1.6 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -162,8 +162,6 @@ if (spa_base64_to_bits((char *)(&response), sizeof(response), (const char *)(dat return FAIL; } -/* get username and put it in $1 */ - /*************************************************************** PH 07-Aug-2003: The original code here was this: @@ -194,10 +192,15 @@ that causes failure if the size of msgbuf is exceeded. ****/ /***************************************************************/ -expand_nstring[1] = msgbuf; +/* Put the username in $auth1 and $1. The former is now the preferred variable; +the latter is the original variable. */ + +auth_vars[0] = expand_nstring[1] = msgbuf; expand_nlength[1] = Ustrlen(msgbuf); expand_nmax = 1; +debug_print_string(ablock->server_debug_string); /* customized debug */ + /* look up password */ clearpass = expand_string(ob->spa_serverpassword); diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index b76c79425..92f894e4c 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/config.h.defaults,v 1.9 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/config.h.defaults,v 1.10 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -9,7 +9,8 @@ /* The default settings for Exim configuration variables. A #define without any data just defines the existence of the variable; it won't get included -in config.h unless some value is defined in Local/Makefile. */ +in config.h unless some value is defined in Local/Makefile. If there is data, +it's a default value. */ #define ACL_CVARS 20 #define ACL_MVARS 20 @@ -26,6 +27,8 @@ in config.h unless some value is defined in Local/Makefile. */ #define AUTH_PLAINTEXT #define AUTH_SPA +#define AUTH_VARS 3 + #define BIN_DIRECTORY #define CONFIGURE_FILE diff --git a/src/src/expand.c b/src/src/expand.c index 4ff6e5043..1d82a150c 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/expand.c,v 1.53 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/expand.c,v 1.54 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1259,6 +1259,16 @@ if (Ustrncmp(name, "acl_", 4) == 0) } } +/* Similarly for $auth variables. */ + +if (Ustrncmp(name, "auth", 4) == 0) + { + uschar *endptr; + int n = Ustrtoul(name + 4, &endptr, 10); + if (*endptr == 0 && n != 0 && n <= AUTH_VARS) + return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1]; + } + /* For all other variables, search the table */ while (last > first) diff --git a/src/src/globals.c b/src/src/globals.c index 10acc8fc4..e609f3020 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.c,v 1.45 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.c,v 1.46 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -327,6 +327,7 @@ auth_instance auth_defaults = { uschar *auth_defer_msg = US"reason not recorded"; uschar *auth_defer_user_msg = US""; +uschar *auth_vars[AUTH_VARS]; int auto_thaw = 0; #ifdef WITH_CONTENT_SCAN uschar *av_scanner = US"sophie:/var/run/sophie"; /* AV scanner */ diff --git a/src/src/globals.h b/src/src/globals.h index 713aaef3e..e3628167f 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.h,v 1.33 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.h,v 1.34 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -157,6 +157,7 @@ extern auth_instance *auths; /* Chain of instantiated auths */ extern auth_instance auth_defaults; /* Default values */ extern uschar *auth_defer_msg; /* Error message for log */ extern uschar *auth_defer_user_msg; /* Error message for user */ +extern uschar *auth_vars[]; /* $authn variables */ extern int auto_thaw; /* Auto-thaw interval */ #ifdef WITH_CONTENT_SCAN extern uschar *av_scanner; /* AntiVirus scanner to use for the malware condition */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index d572ef9e6..04bffd017 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.29 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.30 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -2133,7 +2133,7 @@ while (done <= 0) pid_t pid; int start, end, sender_domain, recipient_domain; int ptr, size, rc; - int c; + int c, i; auth_instance *au; switch(smtp_read_command(TRUE)) @@ -2222,20 +2222,26 @@ while (done <= 0) break; } - /* Run the checking code, passing the remainder of the command - line as data. Initialize $0 empty. The authenticator may set up - other numeric variables. Afterwards, have a go at expanding the set_id - string, even if authentication failed - for bad passwords it can be useful - to log the userid. On success, require set_id to expand and exist, and - put it in authenticated_id. Save this in permanent store, as the working - store gets reset at HELO, RSET, etc. */ + /* Run the checking code, passing the remainder of the command line as + data. Initials the $auth variables as empty. Initialize $0 empty and set + it as the only set numerical variable. The authenticator may set $auth + and also set other numeric variables. The $auth variables are preferred + nowadays; the numerical variables remain for backwards compatibility. + Afterwards, have a go at expanding the set_id string, even if + authentication failed - for bad passwords it can be useful to log the + userid. On success, require set_id to expand and exist, and put it in + authenticated_id. Save this in permanent store, as the working store gets + reset at HELO, RSET, etc. */ + + for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; expand_nmax = 0; expand_nlength[0] = 0; /* $0 contains nothing */ c = (au->info->servercode)(au, smtp_cmd_argument); if (au->set_id != NULL) set_id = expand_string(au->set_id); expand_nmax = -1; /* Reset numeric variables */ + for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; /* Reset $auth */ /* The value of authenticated_id is stored in the spool file and printed in log lines. It must not contain binary zeros or newline characters. In -- cgit v1.2.3