X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1d28cc061677bd07d9bed48dd84bd5c590247043..HEAD:/src/src/auths/auth-spa.c diff --git a/src/src/auths/auth-spa.c b/src/src/auths/auth-spa.c index bcf88c84d..fd3099034 100644 --- a/src/src/auths/auth-spa.c +++ b/src/src/auths/auth-spa.c @@ -9,7 +9,7 @@ * All the original code used here was torn by Marc Prud'hommeaux out of the * Samba project (by Andrew Tridgell, Jeremy Allison, and others). * - * Copyright (c) The Exim Maintainers 2021 + * Copyright (c) The Exim Maintainers 2021 - 2023 * SPDX-License-Identifier: GPL-2.0-or-later * Tom Kistner provided additional code, adding spa_build_auth_challenge() to @@ -156,6 +156,9 @@ int main (int argc, char ** argv) up with a different answer to the one above) */ +#ifndef MACRO_PREDEF + + #define DEBUG_X(a,b) ; extern int DEBUGLEVEL; @@ -1212,7 +1215,9 @@ char versionString[] = "libntlm version 0.21"; #define spa_bytes_add(ptr, header, buf, count) \ { \ -if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \ +if ( buf && (count) != 0 /* we hate -Wint-in-bool-contex */ \ + && ptr->bufIndex + count < sizeof(ptr->buffer) \ + ) \ { \ SSVAL(&ptr->header.len,0,count); \ SSVAL(&ptr->header.maxlen,0,count); \ @@ -1230,35 +1235,30 @@ else \ #define spa_string_add(ptr, header, string) \ { \ -char *p = string; \ +uschar * p = string; \ int len = 0; \ -if (p) len = strlen(p); \ -spa_bytes_add(ptr, header, (US p), len); \ +if (p) len = Ustrlen(p); \ +spa_bytes_add(ptr, header, p, len); \ } #define spa_unicode_add_string(ptr, header, string) \ { \ -char *p = string; \ -uschar *b = NULL; \ +uschar * p = string; \ +uschar * b = NULL; \ int len = 0; \ if (p) \ { \ - len = strlen(p); \ - b = strToUnicode(p); \ + len = Ustrlen(p); \ + b = US strToUnicode(CS p); \ } \ spa_bytes_add(ptr, header, b, len*2); \ } -#define GetUnicodeString(structPtr, header) \ -unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) -#define GetString(structPtr, header) \ -toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) - #ifdef notdef #define DumpBuffer(fp, structPtr, header) \ -dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) + dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) static void @@ -1322,8 +1322,33 @@ buf[len] = 0; return buf; } +static inline uschar * +get_challenge_unistr(SPAAuthChallenge * challenge, SPAStrHeader * hdr) +{ +int off = IVAL(&hdr->offset, 0); +int len = SVAL(&hdr->len, 0); +return off + len < sizeof(SPAAuthChallenge) + ? US unicodeToString(CS challenge + off, len/2) : US""; +} + +static inline uschar * +get_challenge_str(SPAAuthChallenge * challenge, SPAStrHeader * hdr) +{ +int off = IVAL(&hdr->offset, 0); +int len = SVAL(&hdr->len, 0); +return off + len < sizeof(SPAAuthChallenge) + ? US toString(CS challenge + off, len) : US""; +} + #ifdef notdef +#define GetUnicodeString(structPtr, header) \ + unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) + +#define GetString(structPtr, header) \ + toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) + + void dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request) { @@ -1367,15 +1392,15 @@ fprintf (fp, " Flags = %08x\n", IVAL (&response->flags, 0)); #endif void -spa_build_auth_request (SPAAuthRequest * request, char *user, char *domain) +spa_build_auth_request (SPAAuthRequest * request, uschar * user, uschar * domain) { -char *u = strdup (user); -char *p = strchr (u, '@'); +uschar * u = string_copy(user); +uschar * p = Ustrchr(u, '@'); if (p) { if (!domain) - domain = p + 1; + domain = p + 1; *p = '\0'; } @@ -1385,7 +1410,6 @@ SIVAL (&request->msgType, 0, 1); SIVAL (&request->flags, 0, 0x0000b207); /* have to figure out what these mean */ spa_string_add (request, user, u); spa_string_add (request, domain, domain); -free (u); } @@ -1476,16 +1500,16 @@ free (u); void spa_build_auth_response (SPAAuthChallenge * challenge, - SPAAuthResponse * response, char *user, - char *password) + SPAAuthResponse * response, uschar * user, + uschar * password) { uint8x lmRespData[24]; uint8x ntRespData[24]; uint32x cf = IVAL(&challenge->flags, 0); -char *u = strdup (user); -char *p = strchr (u, '@'); -char *d = NULL; -char *domain; +uschar * u = string_copy(user); +uschar * p = Ustrchr(u, '@'); +uschar * d = NULL; +uschar * domain; if (p) { @@ -1493,33 +1517,33 @@ if (p) *p = '\0'; } -else domain = d = strdup((cf & 0x1)? - CCS GetUnicodeString(challenge, uDomain) : - CCS GetString(challenge, uDomain)); +else domain = d = string_copy(cf & 0x1 + ? CUS get_challenge_unistr(challenge, &challenge->uDomain) + : CUS get_challenge_str(challenge, &challenge->uDomain)); -spa_smb_encrypt (US password, challenge->challengeData, lmRespData); -spa_smb_nt_encrypt (US password, challenge->challengeData, ntRespData); +spa_smb_encrypt(password, challenge->challengeData, lmRespData); +spa_smb_nt_encrypt(password, challenge->challengeData, ntRespData); response->bufIndex = 0; memcpy (response->ident, "NTLMSSP\0\0\0", 8); SIVAL (&response->msgType, 0, 3); -spa_bytes_add (response, lmResponse, lmRespData, (cf & 0x200) ? 24 : 0); -spa_bytes_add (response, ntResponse, ntRespData, (cf & 0x8000) ? 24 : 0); +spa_bytes_add(response, lmResponse, lmRespData, cf & 0x200 ? 24 : 0); +spa_bytes_add(response, ntResponse, ntRespData, cf & 0x8000 ? 24 : 0); if (cf & 0x1) { /* Unicode Text */ - spa_unicode_add_string (response, uDomain, domain); - spa_unicode_add_string (response, uUser, u); - spa_unicode_add_string (response, uWks, u); + spa_unicode_add_string(response, uDomain, domain); + spa_unicode_add_string(response, uUser, u); + spa_unicode_add_string(response, uWks, u); } else { /* OEM Text */ - spa_string_add (response, uDomain, domain); - spa_string_add (response, uUser, u); - spa_string_add (response, uWks, u); + spa_string_add(response, uDomain, domain); + spa_string_add(response, uUser, u); + spa_string_add(response, uWks, u); } -spa_string_add (response, sessionKey, NULL); +spa_string_add(response, sessionKey, NULL); response->flags = challenge->flags; - -if (d != NULL) free (d); -free (u); } + + +#endif /*!MACRO_PREDEF*/