* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* Copyright (c) Twitter Inc 2012
Author: Phil Pennock <pdp@exim.org> */
/* Authenticator-specific options. */
optionlist auth_heimdal_gssapi_options[] = {
{ "server_hostname", opt_stringptr,
- (void *)(offsetof(auth_heimdal_gssapi_options_block, server_hostname)) },
+ OPT_OFF(auth_heimdal_gssapi_options_block, server_hostname) },
{ "server_keytab", opt_stringptr,
- (void *)(offsetof(auth_heimdal_gssapi_options_block, server_keytab)) },
+ OPT_OFF(auth_heimdal_gssapi_options_block, server_keytab) },
{ "server_service", opt_stringptr,
- (void *)(offsetof(auth_heimdal_gssapi_options_block, server_service)) }
+ OPT_OFF(auth_heimdal_gssapi_options_block, server_service) }
};
int auth_heimdal_gssapi_options_count =
int auth_heimdal_gssapi_server(auth_instance *ablock, uschar *data) {return 0;}
int auth_heimdal_gssapi_client(auth_instance *ablock, void * sx,
int timeout, uschar *buffer, int buffsize) {return 0;}
-void auth_heimdal_gssapi_version_report(FILE *f) {}
+gstring * auth_heimdal_gssapi_version_report(gstring * g) {}
#else /*!MACRO_PREDEF*/
static void
exim_heimdal_error_debug(const char *, krb5_context, krb5_error_code);
static int
- exim_gssapi_error_defer(uschar *, OM_uint32, OM_uint32, const char *, ...)
+ exim_gssapi_error_defer(rmark, OM_uint32, OM_uint32, const char *, ...)
PRINTF_FUNCTION(4, 5);
#define EmptyBuf(buf) do { buf.value = NULL; buf.length = 0; } while (0)
{
HDEBUG(D_auth) debug_printf("heimdal: missing server_service\n");
return;
-}
+ }
-krc = krb5_init_context(&context);
-if (krc != 0)
+if ((krc = krb5_init_context(&context)))
{
int kerr = errno;
HDEBUG(D_auth) debug_printf("heimdal: failed to initialise krb5 context: %s\n",
{
k_keytab_typed_name = CCS string_sprintf("file:%s", expand_string(ob->server_keytab));
HDEBUG(D_auth) debug_printf("heimdal: using keytab %s\n", k_keytab_typed_name);
- krc = krb5_kt_resolve(context, k_keytab_typed_name, &keytab);
- if (krc)
+ if ((krc = krb5_kt_resolve(context, k_keytab_typed_name, &keytab)))
{
HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_resolve", context, krc);
return;
else
{
HDEBUG(D_auth) debug_printf("heimdal: using system default keytab\n");
- krc = krb5_kt_default(context, &keytab);
- if (krc)
+ if ((krc = krb5_kt_default(context, &keytab)))
{
HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_default", context, krc);
return;
HDEBUG(D_auth)
{
/* http://www.h5l.org/manual/HEAD/krb5/krb5_keytab_intro.html */
- krc = krb5_kt_start_seq_get(context, keytab, &cursor);
- if (krc)
+ if ((krc = krb5_kt_start_seq_get(context, keytab, &cursor)))
exim_heimdal_error_debug("krb5_kt_start_seq_get", context, krc);
else
{
- while ((krc = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0)
+ while (!(krc = krb5_kt_next_entry(context, keytab, &entry, &cursor)))
{
principal = enctype_s = NULL;
krb5_unparse_name(context, entry.principal, &principal);
free(enctype_s);
krb5_kt_free_entry(context, &entry);
}
- krc = krb5_kt_end_seq_get(context, keytab, &cursor);
- if (krc)
+ if ((krc = krb5_kt_end_seq_get(context, keytab, &cursor)))
exim_heimdal_error_debug("krb5_kt_end_seq_get", context, krc);
}
}
-krc = krb5_kt_close(context, keytab);
-if (krc)
+if ((krc = krb5_kt_close(context, keytab)))
HDEBUG(D_auth) exim_heimdal_error_debug("krb5_kt_close", context, krc);
krb5_free_context(context);
-/* RFC 4121 section 5.2, SHOULD support 64K input buffers */
-if (big_buffer_size < (64 * 1024))
- {
- uschar *newbuf;
- big_buffer_size = 64 * 1024;
- newbuf = store_malloc(big_buffer_size);
- store_free(big_buffer);
- big_buffer = newbuf;
- }
-
ablock->server = TRUE;
}
auth_heimdal_gssapi_options_block *ob =
(auth_heimdal_gssapi_options_block *)(ablock->options_block);
BOOL handled_empty_ir;
-uschar *store_reset_point;
+rmark store_reset_point;
uschar *keytab;
uschar sasl_config[4];
uschar requested_qop;
-store_reset_point = store_get(0);
+store_reset_point = store_mark();
HDEBUG(D_auth)
debug_printf("heimdal: initialising auth context for %s\n", ablock->name);
switch (step)
{
case 0:
- if (!from_client || *from_client == '\0')
+ if (!from_client || !*from_client)
{
if (handled_empty_ir)
{
error_out = BAD64;
goto ERROR_OUT;
}
- else
- {
- HDEBUG(D_auth) debug_printf("gssapi: missing initial response, nudging.\n");
- error_out = auth_get_data(&from_client, US"", 0);
- if (error_out != OK)
- goto ERROR_OUT;
- handled_empty_ir = TRUE;
- continue;
- }
+
+ HDEBUG(D_auth) debug_printf("gssapi: missing initial response, nudging.\n");
+ if ((error_out = auth_get_data(&from_client, US"", 0)) != OK)
+ goto ERROR_OUT;
+ handled_empty_ir = TRUE;
+ continue;
}
/* We should now have the opening data from the client, base64-encoded. */
step += 1;
NULL, /* conf_state: no confidentiality applied */
&gbufdesc_out /* output buffer */
);
- if (GSS_ERROR(maj_stat)
+ if (GSS_ERROR(maj_stat))
{
exim_gssapi_error_defer(NULL, maj_stat, min_stat,
"gss_wrap(SASL state after auth)");
}
requested_qop = (CS gbufdesc_out.value)[0];
- if ((requested_qop & 0x01) == 0)
+ if (!(requested_qop & 0x01))
{
HDEBUG(D_auth)
debug_printf("gssapi: client requested security layers (%x)\n",
/* $auth1 is GSSAPI display name */
maj_stat = gss_display_name(&min_stat,
- gclient,
- &gbufdesc_out,
- &mech_type);
+ gclient, &gbufdesc_out, &mech_type);
if (GSS_ERROR(maj_stat))
{
auth_vars[1] = expand_nstring[2] = NULL;
static int
-exim_gssapi_error_defer(uschar *store_reset_point,
+exim_gssapi_error_defer(rmark store_reset_point,
OM_uint32 major, OM_uint32 minor,
const char *format, ...)
{
HDEBUG(D_auth)
{
va_start(ap, format);
- g = string_vformat(NULL, TRUE, format, ap);
+ g = string_vformat(NULL, SVFMT_EXTEND|SVFMT_REBUFFER, format, ap);
va_end(ap);
}
* Diagnostic API *
*************************************************/
-void
-auth_heimdal_gssapi_version_report(FILE *f)
+gstring *
+auth_heimdal_gssapi_version_report(gstring * g)
{
/* No build-time constants available unless we link against libraries at
build-time and export the result as a string into a header ourselves. */
-fprintf(f, "Library version: Heimdal: Runtime: %s\n"
- " Build Info: %s\n",
- heimdal_version, heimdal_long_version);
+
+return string_fmt_append(g, "Library version: Heimdal: Runtime: %s\n"
+ " Build Info: %s\n",
+ heimdal_version, heimdal_long_version));
}
#endif /*!MACRO_PREDEF*/