• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

MakefileH A D28-Sep-20211.8 KiB4632

READMEH A D28-Sep-20214.2 KiB9974

auth-spa.cH A D28-Sep-202139.3 KiB1,5231,037

auth-spa.hH A D28-Sep-20212.8 KiB9359

call_pam.cH A D28-Sep-20216.1 KiB20591

call_pwcheck.cH A D28-Sep-20213.3 KiB12253

call_radius.cH A D03-May-20226.5 KiB233137

check_serv_cond.cH A D28-Sep-20213.8 KiB12547

cram_md5.cH A D28-Sep-20219.9 KiB361188

cram_md5.hH A D28-Sep-2021939 3211

cyrus_sasl.cH A D28-Sep-202115.9 KiB512339

cyrus_sasl.hH A D28-Sep-20211.1 KiB3613

dovecot.cH A D28-Sep-202114.7 KiB522303

dovecot.hH A D28-Sep-2021873 319

external.cH A D28-Sep-20214.7 KiB15673

external.hH A D28-Sep-2021926 3311

get_data.cH A D28-Sep-20218 KiB260139

get_no64_data.cH A D28-Sep-20211.4 KiB4818

gsasl_exim.cH A D28-Sep-202131.3 KiB1,021718

gsasl_exim.hH A D28-Sep-20211.5 KiB5426

heimdal_gssapi.cH A D28-Sep-202118.4 KiB618420

heimdal_gssapi.hH A D28-Sep-20211.2 KiB3912

plaintext.cH A D28-Sep-20215.5 KiB18089

plaintext.hH A D28-Sep-2021964 3211

pwcheck.cH A D28-Sep-202112.1 KiB449253

pwcheck.hH A D28-Sep-2021943 286

spa.cH A D28-Sep-202111.7 KiB377199

spa.hH A D28-Sep-20211 KiB3913

tls.cH A D28-Sep-20212.6 KiB9542

tls.hH A D28-Sep-2021809 3110

xtextdecode.cH A D28-Sep-20211.8 KiB5823

xtextencode.cH A D28-Sep-20211.4 KiB5823

README

1AUTHS
2
3The modules in this directory are in support of various authentication
4functions. Some of them, such as the base64 encoding/decoding and MD5
5computation, are just functions that might be used by several authentication
6mechanisms. Others are the SMTP AUTH mechanisms themselves, included in the
7final binary if the relevant AUTH_XXX value is set in Local/Makefile. The
8general functions are in separate modules so that they get included in the
9final binary only if they are actually called from somewhere.
10
11GENERAL FUNCTIONS
12
13The API for each of these functions is documented with the function's code.
14
15  auth_b64encode       encode in base 64
16  auth_b64decode       decode from base 64
17  auth_call_pam        do PAM authentication (if build with SUPPORT_PAM)
18  auth_get_data        issue SMTP AUTH challenge and read response
19  auth_xtextencode     encode as xtext
20  auth_xtextdecode     decode from xtext
21
22INTERFACE TO SMTP AUTHENTICATION MECHANISMS
23
24These are general SASL mechanisms, adapted for use with SMTP. Each
25authentication mechanism has three functions, for initialization, server
26authentication, and client authentication.
27
28INITIALIZATION
29
30The initialization function is called when the configuration is read, and can
31check for incomplete or illegal settings. It has one argument, a pointer to the
32instance block for this configured mechanism. It must set the flags called
33"server" and "client" in the generic auth_instance block to indicate whether
34the server and/or client functions are available for this authenticator.
35Typically this depends on whether server or client configuration options have
36been set, but it is also possible to have an authenticator that has only one of
37the server or client functions.  The function may not touch big_buffer.
38
39SERVER AUTHENTICATION
40
41The second function performs authentication as a server. It receives a pointer
42to the instance block, and its second argument is the remainder of the data
43from the AUTH command. The numeric variable maximum setting (expand_nmax) is
44set to zero, with $0 initialized as unset. The authenticator may set up numeric
45variables according to its (old) specification and $auth<n> variables the
46preferred ones nowadays; it should leave them set at the end so that they can
47be used for the expansion of the generic server_set_id option, which happens
48centrally.
49
50This function has access to the SMTP input and output so that it can write
51intermediate responses and read more data if necessary. There is a packaged
52function in auth_get_data() which outputs a challenge and reads a response.
53
54The yield of a server authentication check must be one of:
55
56  OK          success
57  DEFER       couldn't complete the check
58  FAIL        authentication failed
59  CANCELLED   authentication forced to fail by "*" response to challenge,
60                or by certain forced string expansion failures
61  BAD64       bad base64 data received
62  UNEXPECTED  unexpected data received
63
64In the case of DEFER, auth_defer_msg should point to an error message.
65
66CLIENT AUTHENTICATION
67
68The third function performs authentication as a client. It receives a pointer
69to the instance block, and four further arguments:
70
71  The smtp_context item for the connection to the remote host.
72
73  The normal command-reading timeout value.
74
75  A pointer to a buffer, to be used for receiving responses. It is done this
76    way so that the buffer is available for logging etc. in the calling
77    function in cases of error.
78
79  The size of the buffer.
80
81The yield of a client authentication check must be one of:
82
83  OK          success
84  FAIL_SEND   error after writing a command; errno is set
85  FAIL        failed after reading a response;
86              either errno is set (for timeouts, I/O failures) or
87              the buffer contains the SMTP response line
88  CANCELLED   the client cancelled authentication (often "fail" in expansion)
89              the buffer may contain a message; if not, *buffer = 0
90  ERROR       local problem (typically expansion error); message in buffer
91
92To communicate with the remote host the client should call
93smtp_write_command(). If this yields FALSE, the authenticator should return
94FAIL. After a successful write, the response is received by a call to
95smtp_read_response(), which should use the buffer handed to the client function
96as an argument.
97
98****
99