5
/* Postfix SASL interface for LMTP client
7
/* #include lmtp_sasl.h
9
/* void lmtp_sasl_helo_auth(state, words)
13
/* int lmtp_sasl_helo_login(state)
16
/* This module contains random chunks of code that implement
17
/* the LMTP protocol interface for SASL negotiation. The goal
18
/* is to reduce clutter in the main LMTP client source code.
20
/* lmtp_sasl_helo_auth() processes the AUTH option in the
21
/* LMTP server's LHLO response.
23
/* lmtp_sasl_helo_login() authenticates the LMTP client to the
24
/* LMTP server, using the authentication mechanism information
25
/* given by the server. The result is a Postfix delivery status
26
/* code in case of trouble.
32
/* List of SASL authentication mechanisms (separated by blanks)
34
/* All errors are fatal.
38
/* The Secure Mailer license must be distributed with this software.
43
/* 65760 Eschborn, Germany
47
/* IBM T.J. Watson Research
49
/* Yorktown Heights, NY 10598, USA
56
#ifdef STRCASECMP_IN_STRINGS_H
60
/* Utility library. */
67
#include <mail_params.h>
69
/* Application-specific. */
72
#include "lmtp_sasl.h"
76
/* lmtp_sasl_helo_auth - handle AUTH option in EHLO reply */
78
void lmtp_sasl_helo_auth(LMTP_STATE *state, const char *words)
82
* XXX If the server offers a null list of authentication mechanisms,
83
* then pretend that the server doesn't support SASL authentication.
85
if (state->sasl_mechanism_list) {
86
if (strcasecmp(state->sasl_mechanism_list, words) == 0)
88
myfree(state->sasl_mechanism_list);
89
msg_warn("%s offered AUTH option multiple times",
90
state->session->namaddr);
91
state->sasl_mechanism_list = 0;
92
state->features &= ~LMTP_FEATURE_AUTH;
94
if (strlen(words) > 0) {
95
state->sasl_mechanism_list = mystrdup(words);
96
state->features |= LMTP_FEATURE_AUTH;
98
msg_warn("%s offered null AUTH mechanism list",
99
state->session->namaddr);
103
/* lmtp_sasl_helo_login - perform SASL login */
105
int lmtp_sasl_helo_login(LMTP_STATE *state)
107
VSTRING *why = vstring_alloc(10);
111
* Skip authentication when no authentication info exists for this
112
* server, so that we talk to each other like strangers. Otherwise, if
113
* authentication information exists, assume that authentication is
114
* required, and assume that an authentication error is recoverable.
116
if (lmtp_sasl_passwd_lookup(state) != 0) {
117
lmtp_sasl_start(state, VAR_LMTP_SASL_OPTS, var_lmtp_sasl_opts);
118
if (lmtp_sasl_authenticate(state, why) <= 0)
119
ret = lmtp_site_fail(state, 450, "Authentication failed: %s",