mech-plain.c   [plain text]

/* Copyright (c) 2002-2011 Dovecot authors, see the included COPYING file */

#include "auth-common.h"
#include "safe-memset.h"
#include "mech.h"
#include "passdb.h"
#include "mech-plain-common.h"

/* APPLE - urlauth */
static void
mech_plain_auth_continue_submit(struct auth_request *request,
				const unsigned char *data, size_t data_size,
				bool submit)
{
	const char *authid, *authenid, *error;
	char *pass;
	size_t i, len;
	int count;

	/* authorization ID \0 authentication ID \0 pass. */
	authid = (const char *) data;
	authenid = NULL; pass = NULL;

	count = 0;
	for (i = 0; i < data_size; i++) {
		if (data[i] == '\0') {
			if (++count == 1)
				authenid = (const char *) data + i+1;
			else {
				i++;
				len = data_size - i;
				pass = p_strndup(unsafe_data_stack_pool,
						 data+i, len);
				break;
			}
		}
	}

	if (authenid != NULL && strcmp(authid, authenid) == 0) {
		/* the login username isn't different */
		authid = "";
	}

	if (count != 2) {
		/* invalid input */
		auth_request_log_info(request, "plain", "invalid input");
		auth_request_fail(request);
	} else if (!auth_request_set_username(request, authenid, &error)) {
                /* invalid username */
                auth_request_log_info(request, "plain", "%s", error);
                auth_request_fail(request);
        } else if (*authid != '\0' &&
                   !auth_request_set_login_username(request, authid, &error)) {
                /* invalid login username */
                auth_request_log_info(request, "plain",
                                      "login user: %s", error);
                auth_request_fail(request);

	/* APPLE - urlauth */
	} else if (submit) {
		if (request->requested_login_user != NULL &&
		    *request->requested_login_user != '\0')
			auth_request_verify_plain(request, pass,
						  plain_verify_callback);
		else {
			auth_request_log_info(request, "x-plain-submit",
					      "non-submit login");
			auth_request_fail(request);
		}

        } else {
                auth_request_verify_plain(request, pass,
                                          plain_verify_callback);
	}

        /* make sure it's cleared */
	if (pass != NULL)
		safe_memset(pass, 0, strlen(pass));
}

/* APPLE - urlauth */
static void
mech_plain_auth_continue(struct auth_request *request,
			 const unsigned char *data, size_t data_size)
{
	mech_plain_auth_continue_submit(request, data, data_size, FALSE);
}

static struct auth_request *mech_plain_auth_new(void)
{
        struct auth_request *request;
	pool_t pool;

	pool = pool_alloconly_create("plain_auth_request", 2048);
	request = p_new(pool, struct auth_request, 1);
	request->pool = pool;
	return request;
}

const struct mech_module mech_plain = {
	"PLAIN",

	.flags = MECH_SEC_PLAINTEXT,
	.passdb_need = MECH_PASSDB_NEED_VERIFY_PLAIN,

	mech_plain_auth_new,
	mech_generic_auth_initial,
	mech_plain_auth_continue,
	mech_generic_auth_free
};

/* APPLE - urlauth - rest of file
   The X-PLAIN-SUBMIT mechanism mimics PLAIN but only for submit users
   (and master users, since we can't tell the difference so early). */

static void
mech_submit_auth_continue(struct auth_request *request,
			  const unsigned char *data, size_t data_size)
{
	mech_plain_auth_continue_submit(request, data, data_size, TRUE);
}

const struct mech_module mech_x_plain_submit = {
	"X-PLAIN-SUBMIT",

	.flags = MECH_SEC_PLAINTEXT,
	.passdb_need = MECH_PASSDB_NEED_VERIFY_PLAIN,

	mech_plain_auth_new,
	mech_generic_auth_initial,
	mech_submit_auth_continue,
	mech_generic_auth_free
};