silence various compiler complaints; expose NVALGRIND

[exim.git] / src / src / auths / heimdal_gssapi.c

diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c
index 5f3b7ecb42f91ec0863f8934afd1da20a0af34e2..c6e973ad9af80c613eb961803666e50d2ecbe3eb 100644 (file)
--- a/src/src/auths/heimdal_gssapi.c
+++ b/src/src/auths/heimdal_gssapi.c
@@ -60,8 +60,6 @@ optionlist auth_heimdal_gssapi_options[] = {
       (void *)(offsetof(auth_heimdal_gssapi_options_block, server_hostname)) },
   { "server_keytab",        opt_stringptr,
       (void *)(offsetof(auth_heimdal_gssapi_options_block, server_keytab)) },
-  { "server_realm",         opt_stringptr,
-      (void *)(offsetof(auth_heimdal_gssapi_options_block, server_realm)) },
   { "server_service",       opt_stringptr,
       (void *)(offsetof(auth_heimdal_gssapi_options_block, server_service)) }
 };
@@ -73,7 +71,6 @@ int auth_heimdal_gssapi_options_count =
 auth_heimdal_gssapi_options_block auth_heimdal_gssapi_option_defaults = {
   US"$primary_hostname",    /* server_hostname */
   NULL,                     /* server_keytab */
-  NULL,                     /* server_realm */
   US"smtp",                 /* server_service */
 };
 
@@ -415,10 +412,10 @@ auth_heimdal_gssapi_server(auth_instance *ablock, uschar *initial_data)
           error_out = FAIL;
           goto ERROR_OUT;
         }
-        if (gbufdesc_out.length < 5) {
+        if (gbufdesc_out.length < 4) {
           HDEBUG(D_auth)
             debug_printf("gssapi: final message too short; "
-                "need flags, buf sizes and authzid\n");
+                "need flags, buf sizes and optional authzid\n");
           error_out = FAIL;
           goto ERROR_OUT;
         }
@@ -437,14 +434,17 @@ auth_heimdal_gssapi_server(auth_instance *ablock, uschar *initial_data)
 
         /* Identifiers:
         The SASL provided identifier is an unverified authzid.
-        GSSAPI provides us with a verified identifier.
+        GSSAPI provides us with a verified identifier, but it might be empty
+        for some clients.
         */
 
         /* $auth2 is authzid requested at SASL layer */
-        expand_nlength[2] = gbufdesc_out.length - 4;
-        auth_vars[1] = expand_nstring[2] =
-          string_copyn((US gbufdesc_out.value) + 4, expand_nlength[2]);
-        expand_nmax = 2;
+        if (gbufdesc_out.length > 4) {
+          expand_nlength[2] = gbufdesc_out.length - 4;
+          auth_vars[1] = expand_nstring[2] =
+            string_copyn((US gbufdesc_out.value) + 4, expand_nlength[2]);
+          expand_nmax = 2;
+        }
 
         gss_release_buffer(&min_stat, &gbufdesc_out);
         EmptyBuf(gbufdesc_out);
@@ -467,6 +467,14 @@ auth_heimdal_gssapi_server(auth_instance *ablock, uschar *initial_data)
         auth_vars[0] = expand_nstring[1] =
           string_copyn(gbufdesc_out.value, gbufdesc_out.length);
 
+        if (expand_nmax == 0) { /* should be: authzid was empty */
+          expand_nmax = 2;
+          expand_nlength[2] = expand_nlength[1];
+          auth_vars[1] = expand_nstring[2] = string_copyn(expand_nstring[1], expand_nlength[1]);
+          HDEBUG(D_auth)
+            debug_printf("heimdal SASL: empty authzid, set to dup of GSSAPI display name\n");
+        }
+
         HDEBUG(D_auth)
           debug_printf("heimdal SASL: happy with client request\n"
              "  auth1 (verified GSSAPI display-name): \"%s\"\n"
@@ -518,7 +526,7 @@ exim_gssapi_error_defer(uschar *store_reset_point,
   va_start(ap, format);
   if (!string_vformat(buffer, sizeof(buffer), format, ap))
     log_write(0, LOG_MAIN|LOG_PANIC_DIE,
-        "exim_gssapi_error_defer expansion larger than %d",
+        "exim_gssapi_error_defer expansion larger than %lu",
         sizeof(buffer));
   va_end(ap);