#include <sys_defs.h>
#include <string.h>
#ifdef STRCASECMP_IN_STRINGS_H
#include <strings.h>
#endif
#include <msg.h>
#include <mymalloc.h>
#include <stringops.h>
#include <mail_params.h>
#include "smtp.h"
#include "smtp_sasl.h"
#ifdef USE_SASL_AUTH
static const char *smtp_sasl_compat_mechs(const char *words)
{
static VSTRING *buf;
char *mech_list;
char *save_mech;
char *mech;
if (smtp_sasl_mechs == 0 || *words == 0)
return (words);
if (buf == 0)
buf = vstring_alloc(10);
VSTRING_RESET(buf);
VSTRING_TERMINATE(buf);
save_mech = mech_list = mystrdup(words);
while ((mech = mystrtok(&mech_list, " \t")) != 0) {
if (string_list_match(smtp_sasl_mechs, mech)) {
if (VSTRING_LEN(buf) > 0)
VSTRING_ADDCH(buf, ' ');
vstring_strcat(buf, mech);
}
}
myfree(save_mech);
return (vstring_str(buf));
}
void smtp_sasl_helo_auth(SMTP_SESSION *session, const char *words)
{
const char *mech_list = smtp_sasl_compat_mechs(words);
char *junk;
if (session->sasl_mechanism_list) {
if (strcasecmp(session->sasl_mechanism_list, mech_list) != 0
&& strlen(mech_list) > 0
&& strlen(session->sasl_mechanism_list) < var_line_limit) {
junk = concatenate(session->sasl_mechanism_list, " ", mech_list,
(char *) 0);
myfree(session->sasl_mechanism_list);
session->sasl_mechanism_list = junk;
}
return;
}
if (strlen(mech_list) > 0) {
session->sasl_mechanism_list = mystrdup(mech_list);
} else {
msg_warn(*words ? "%s offered no supported AUTH mechanisms: '%s'" :
"%s offered null AUTH mechanism list",
session->namaddr, words);
}
session->features |= SMTP_FEATURE_AUTH;
}
int smtp_sasl_helo_login(SMTP_STATE *state)
{
SMTP_SESSION *session = state->session;
DSN_BUF *why = state->why;
int ret;
if (smtp_sasl_passwd_lookup(session) == 0) {
session->features &= ~SMTP_FEATURE_AUTH;
return 0;
}
ret = 0;
if (session->sasl_mechanism_list == 0) {
dsb_simple(why, "4.7.0", "SASL authentication failed: "
"server %s offered no compatible authentication mechanisms for this type of connection security",
session->namaddr);
ret = smtp_sess_fail(state);
} else {
#ifndef USE_TLS
smtp_sasl_start(session, VAR_SMTP_SASL_OPTS,
var_smtp_sasl_opts);
#else
if (session->tls_context == 0)
smtp_sasl_start(session, VAR_SMTP_SASL_OPTS,
var_smtp_sasl_opts);
#ifdef SNAPSHOT
else if (session->tls_context->peer_verified)
smtp_sasl_start(session, VAR_SMTP_SASL_TLSV_OPTS,
var_smtp_sasl_tlsv_opts);
#endif
else
smtp_sasl_start(session, VAR_SMTP_SASL_TLS_OPTS,
var_smtp_sasl_tls_opts);
#endif
if (smtp_sasl_authenticate(session, why) <= 0) {
ret = smtp_sess_fail(state);
}
}
return (ret);
}
#endif