7 /*	Dovecot SASL server-side plug-in
13 /*	This module implements the Dovecot SASL server-side authentication
21 /*	The location of the Dovecot authentication server's UNIX-domain
191 /* xsasl_dovecot_server_mech_append - append server mechanism entry */
209 /* xsasl_dovecot_server_mech_free - destroy server mechanism list */
223 /* xsasl_dovecot_server_mech_filter - filter server mechanism list */
236      * Match Postfix properties against Dovecot server properties.
255 /* xsasl_dovecot_server_connect - initial auth server handshake */
379 /* xsasl_dovecot_server_disconnect - dispose of server connection state */
421 /* xsasl_dovecot_server_create - create server instance */
427     XSASL_DOVECOT_SERVER *server;
443     server = (XSASL_DOVECOT_SERVER *) mymalloc(sizeof(*server));
444     server->xsasl.free = xsasl_dovecot_server_free;
445     server->xsasl.first = xsasl_dovecot_server_first;
446     server->xsasl.next = xsasl_dovecot_server_next;
447     server->xsasl.get_mechanism_list = xsasl_dovecot_server_get_mechanism_list;
448     server->xsasl.get_username = xsasl_dovecot_server_get_username;
449     server->impl = (XSASL_DOVECOT_SERVER_IMPL *) impl;
450     server->sasl_line = vstring_alloc(256);
451     server->username = 0;
452     server->service = mystrdup(args->service);
453     server->last_request_id = 0;
454     server->mechanism_list = 0;
455     server->mechanism_argv = 0;
456     server->tls_flag = args->tls_flag;
457     server->sec_props =
461     server->client_addr = mystrdup(args->client_addr);
467 	server->server_addr = mystrdup(args->server_addr);
473 	server->server_addr = mystrdup(server_addr.buf);
476     return (&server->xsasl);
483     XSASL_DOVECOT_SERVER *server = (XSASL_DOVECOT_SERVER *) xp;
485     if (!server->impl->sasl_stream) {
486 	if (xsasl_dovecot_server_connect(server->impl) < 0)
489     if (server->mechanism_list == 0) {
490 	server->mechanism_argv = argv_alloc(2);
491 	server->mechanism_list =
492 	    xsasl_dovecot_server_mech_filter(server->mechanism_argv,
493 					     server->impl->mechanism_list,
494 					     server->sec_props);
496     return (server->mechanism_list[0] ? server->mechanism_list : 0);
499 /* xsasl_dovecot_server_free - destroy server instance */
503     XSASL_DOVECOT_SERVER *server = (XSASL_DOVECOT_SERVER *) xp;
505     vstring_free(server->sasl_line);
506     if (server->username)
507 	myfree(server->username);
508     if (server->mechanism_list) {
509 	myfree(server->mechanism_list);
510 	argv_free(server->mechanism_argv);
512     myfree(server->service);
513     myfree(server->server_addr);
514     myfree(server->client_addr);
515     myfree((void *) server);
518 /* xsasl_dovecot_server_auth_response - encode server first/next response */
520 static int xsasl_dovecot_parse_reply(XSASL_DOVECOT_SERVER *server, char **line)
531     if (strtoul(id, NULL, 0) != server->last_request_id) {
538 static void xsasl_dovecot_parse_reply_args(XSASL_DOVECOT_SERVER *server,
544     if (server->username) {
545 	myfree(server->username);
546 	server->username = 0;
556 	    server->username = mystrdup(line + 5);
557 	    printable(server->username, '?');
569 static int xsasl_dovecot_handle_reply(XSASL_DOVECOT_SERVER *server,
576     while (vstring_get_nonl(server->sasl_line,
577 			    server->impl->sasl_stream) != VSTREAM_EOF) {
578 	line = vstring_str(server->sasl_line);
587 	    if (xsasl_dovecot_parse_reply(server, &line) == 0) {
589 		xsasl_dovecot_parse_reply_args(server, line, reply, 1);
590 		if (server->username == 0) {
591 		    msg_warn("missing Dovecot server %s username field", cmd);
598 	    if (xsasl_dovecot_parse_reply(server, &line) == 0) {
600 		    msg_warn("missing Dovecot server %s reply field", cmd);
608 	    if (xsasl_dovecot_parse_reply(server, &line) == 0) {
610 		xsasl_dovecot_parse_reply_args(server, line, reply, 0);
618     vstring_strcpy(reply, "Connection lost to authentication server");
646     XSASL_DOVECOT_SERVER *server = (XSASL_DOVECOT_SERVER *) xp;
657     if (server->mechanism_argv == 0)
660     for (cpp = server->mechanism_argv->argv; /* see below */ ; cpp++) {
674 	if (!server->impl->sasl_stream) {
675 	    if (xsasl_dovecot_server_connect(server->impl) < 0)
679 	server->last_request_id = ++server->impl->request_id_counter;
681 	vstream_fprintf(server->impl->sasl_stream,
683 			server->last_request_id, sasl_method,
684 			server->service, server->server_addr,
685 			server->client_addr);
686 	if (server->tls_flag)
688 	    vstream_fputs("\tsecured", server->impl->sasl_stream);
696 	    vstream_fprintf(server->impl->sasl_stream,
700 	VSTREAM_PUTC('\n', server->impl->sasl_stream);
702 	if (vstream_fflush(server->impl->sasl_stream) != VSTREAM_EOF)
706 	    vstring_strcpy(reply, "Can't connect to authentication server");
713 	xsasl_dovecot_server_disconnect(server->impl);
716     return xsasl_dovecot_handle_reply(server, reply);
724     XSASL_DOVECOT_SERVER *server = (XSASL_DOVECOT_SERVER *) xp;
731     vstream_fprintf(server->impl->sasl_stream,
732 		    "CONT\t%u\t%s\n", server->last_request_id, request);
733     if (vstream_fflush(server->impl->sasl_stream) == VSTREAM_EOF) {
734 	vstring_strcpy(reply, "Connection lost to authentication server");
737     return xsasl_dovecot_handle_reply(server, reply);
744     XSASL_DOVECOT_SERVER *server = (XSASL_DOVECOT_SERVER *) xp;
746     return (server->username);

Indexes created Tue Jul 09 22:07:09 MDT 2024