X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fauths%2Fdovecot.c;h=0824240a03588d5b474ba35908a91a70ddb07caa;hb=d9d29e0555e6a3bf33cc616693d98c982796201f;hp=c9433741a337fbea9defa20690ed4008fe261b44;hpb=57c2c6316b8b5f3ef868eb2e8091ab2d85540e0d;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/auths/dovecot.c b/src/src/auths/dovecot.c
index c9433741a..0824240a0 100644
--- a/src/src/auths/dovecot.c
+++ b/src/src/auths/dovecot.c
@@ -1,5 +1,3 @@
-/* $Cambridge: exim/src/src/auths/dovecot.c,v 1.7 2007/03/01 14:06:56 ph10 Exp $ */
-
 /*
  * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
  *
@@ -101,7 +99,7 @@ static int strcut(uschar *str, uschar **ptrs, int nptrs)
                goto out; \
        if (nargs - 1 < (arg_min)) \
                goto out; \
-       if (nargs - 1 > (arg_max)) \
+       if ( (arg_max != -1) && (nargs - 1 > (arg_max)) ) \
                goto out; \
 } while (0)
 
@@ -131,6 +129,7 @@ for (;;)
     {
     sbp = read(fd, sbuffer, sizeof(sbuffer));
     if (sbp == 0) { if (count == 0) return NULL; else break; }
+    p = 0;
     }
 
   while (p < sbp)
@@ -208,35 +207,23 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
                HDEBUG(D_auth) debug_printf("received: %s\n", buffer);
                nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0]));
 
-               switch (toupper(*args[0])) {
-               case 'C':
+               /* Code below rewritten by Kirill Miazine (km@krot.org). Only check commands that
+                  Exim will need. Original code also failed if Dovecot server sent unknown
+                  command. E.g. COOKIE in version 1.1 of the protocol would cause troubles. */
+               if (Ustrcmp(args[0], US"CUID") == 0) {
                        CHECK_COMMAND("CUID", 1, 1);
                        cuid = Uatoi(args[1]);
-                       break;
-
-               case 'D':
-                       CHECK_COMMAND("DONE", 0, 0);
-                       cont = 0;
-                       break;
-
-               case 'M':
-                       CHECK_COMMAND("MECH", 1, INT_MAX);
-                       if (strcmpic(US args[1], ablock->public_name) == 0)
-                               found = 1;
-                       break;
-
-               case 'S':
-                       CHECK_COMMAND("SPID", 1, 1);
-                       break;
-
-               case 'V':
+               } else if (Ustrcmp(args[0], US"VERSION") == 0) {
                        CHECK_COMMAND("VERSION", 2, 2);
                        if (Uatoi(args[1]) != VERSION_MAJOR)
                                OUT("authentication socket protocol version mismatch");
-                       break;
-
-               default:
-                       goto out;
+               } else if (Ustrcmp(args[0], US"MECH") == 0) {
+                       CHECK_COMMAND("MECH", 1, INT_MAX);
+                       if (strcmpic(US args[1], ablock->public_name) == 0)
+                               found = 1;
+               } else if (Ustrcmp(args[0], US"DONE") == 0) {
+                       CHECK_COMMAND("DONE", 0, 0);
+                       cont = 0;
                }
        }
 
@@ -254,10 +241,10 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
        /* Added by PH: extra fields when TLS is in use or if the TCP/IP
        connection is local. */
 
-       if (tls_cipher != NULL)
+       if (tls_in.cipher != NULL)
                auth_extra_data = string_sprintf("secured\t%s%s",
-                   tls_certificate_verified? "valid-client-cert" : "",
-                   tls_certificate_verified? "\t" : "");
+                   tls_in.certificate_verified? "valid-client-cert" : "",
+                   tls_in.certificate_verified? "\t" : "");
        else if (interface_address != NULL &&
                 Ustrcmp(sender_host_address, interface_address) == 0)
                auth_extra_data = US"secured\t";
@@ -277,10 +264,13 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
 
    Subsequently, the command was modified to add "secured" and "valid-client-
    cert" when relevant.
+
+   The auth protocol is documented here:
+        http://wiki.dovecot.org/Authentication_Protocol
 ****************************************************************************/
 
        auth_command = string_sprintf("VERSION\t%d\t%d\nCPID\t%d\n"
-               "AUTH\t%d\t%s\tservice=smtp\t%srip=%s\tlip=%s\tresp=%s\n",
+               "AUTH\t%d\t%s\tservice=smtp\t%srip=%s\tlip=%s\tnologin\tresp=%s\n",
                VERSION_MAJOR, VERSION_MINOR, getpid(), cuid,
                ablock->public_name, auth_extra_data, sender_host_address,
                interface_address, data ? (char *) data : "");
@@ -293,6 +283,9 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
 
        while (1) {
                uschar *temp;
+               uschar *auth_id_pre = NULL;
+               int i;
+
                if (dc_gets(buffer, sizeof(buffer), fd) == NULL) {
                        auth_defer_msg = US"authentication socket read error or premature eof";
                        goto out;
@@ -323,22 +316,22 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
                                goto out;
                        }
 
-                       temp = string_sprintf("CONT\t%d\t%s\r\n", cuid, data);
+                       temp = string_sprintf("CONT\t%d\t%s\n", cuid, data);
                        if (write(fd, temp, Ustrlen(temp)) < 0)
                                OUT("authentication socket write error");
                        break;
 
                case 'F':
-                       CHECK_COMMAND("FAIL", 1, 2);
+                       CHECK_COMMAND("FAIL", 1, -1);
 
-                       /* FIXME: add proper response handling */
-                       if (args[2]) {
-                               uschar *p = Ustrchr(args[2], '=');
-                               if (p) {
-                                       ++p;
+                       for (i=2; (i<nargs) && (auth_id_pre == NULL); i++)
+                       {
+                               if ( Ustrncmp(args[i], US"user=", 5) == 0 )
+                               {
+                                       auth_id_pre = args[i]+5;
                                        expand_nstring[1] = auth_vars[0] =
-                                         string_copy(p);  /* PH */
-                                       expand_nlength[1] = Ustrlen(p);
+                                               string_copy(auth_id_pre); /* PH */
+                                       expand_nlength[1] = Ustrlen(auth_id_pre);
                                        expand_nmax = 1;
                                }
                        }
@@ -347,19 +340,27 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
                        goto out;
 
                case 'O':
-                       CHECK_COMMAND("OK", 2, 2);
+                       CHECK_COMMAND("OK", 2, -1);
+
+                       /*
+                        * Search for the "user=$USER" string in the args array
+                        * and return the proper value.
+                        */
+                       for (i=2; (i<nargs) && (auth_id_pre == NULL); i++)
                        {
-                               /* FIXME: add proper response handling */
-                               uschar *p = Ustrchr(args[2], '=');
-                               if (!p)
-                                       OUT("authentication socket protocol error, username missing");
-
-                               p++;
-                               expand_nstring[1] = auth_vars[0] =
-                                 string_copy(p);  /* PH */
-                               expand_nlength[1] = Ustrlen(p);
-                               expand_nmax = 1;
+                               if ( Ustrncmp(args[i], US"user=", 5) == 0 )
+                               {
+                                       auth_id_pre = args[i]+5;
+                                       expand_nstring[1] = auth_vars[0] =
+                                               string_copy(auth_id_pre); /* PH */
+                                       expand_nlength[1] = Ustrlen(auth_id_pre);
+                                       expand_nmax = 1;
+                               }
                        }
+
+                       if (auth_id_pre == NULL)
+                               OUT("authentication socket protocol error, username missing");
+
                        ret = OK;
                        /* fallthrough */
 
@@ -369,6 +370,9 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data)
        }
 
 out:
+       /* close the socket used by dovecot */
+       if (fd >= 0)
+              close(fd);
 
        /* Expand server_condition as an authorization check */
        return (ret == OK)? auth_check_serv_cond(ablock) : ret;