-/* $Cambridge: exim/src/src/auths/spa.c,v 1.8 2006/10/16 15:44:36 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2006 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */
/* This file, which provides support for Microsoft's Secure Password
References:
http://www.innovation.ch/java/ntlm.html
http://www.kuro5hin.org/story/2002/4/28/1436/66154
+ http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf
* It seems that some systems have existing but different definitions of some
* of the following types. I received a complaint about "int16" causing
07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid
input data. Find appropriate comment by grepping for "PH".
16-October-2006: PH: Added a call to auth_check_serv_cond() at the end
+05-June-2010: PP: handle SASL initial response
*/
uschar msgbuf[2048];
uschar *clearpass;
-/* send a 334, MS Exchange style, and grab the client's request */
+/* send a 334, MS Exchange style, and grab the client's request,
+unless we already have it via an initial response. */
-if (auth_get_no64_data(&data, US"NTLM supported") != OK)
+if ((*data == '\0') &&
+ (auth_get_no64_data(&data, US"NTLM supported") != OK))
{
/* something borked */
return FAIL;
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
-the latter is the original variable. */
+the latter is the original variable. These have to be out of stack memory, and
+need to be available once known even if not authenticated, for error messages
+(server_set_id, which only makes it to authenticated_id if we return OK) */
-auth_vars[0] = expand_nstring[1] = msgbuf;
+auth_vars[0] = expand_nstring[1] = string_copy(msgbuf);
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
24) == 0)
/* success. we have a winner. */
+ {
+ return auth_check_serv_cond(ablock);
+ }
/* Expand server_condition as an authorization check (PH) */
- return auth_check_serv_cond(ablock);
return FAIL;
}