X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/85b87bc2af652a81dbb7f12fe0a030f0abdeac4c..55c75993b43ac91069a5fbe9cc7a8d48cda84ee0:/src/src/auths/spa.c diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 0f53152b4..5647b0c1f 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.3 2004/12/29 10:55:58 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/spa.c,v 1.11 2010/06/05 10:16:36 pdp Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2004 */ +/* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ /* This file, which provides support for Microsoft's Secure Password @@ -14,6 +14,7 @@ server support. I (PH) have only modified it in very trivial ways. References: http://www.innovation.ch/java/ntlm.html http://www.kuro5hin.org/story/2002/4/28/1436/66154 + http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf * It seems that some systems have existing but different definitions of some * of the following types. I received a complaint about "int16" causing @@ -25,8 +26,10 @@ References: * typedef unsigned uint32; * typedef unsigned char uint8; -07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid - input data. Find appropriate comment by grepping for "PH". +07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid + input data. Find appropriate comment by grepping for "PH". +16-October-2006: PH: Added a call to auth_check_serv_cond() at the end +05-June-2010: PP: handle SASL initial response */ @@ -127,9 +130,11 @@ SPAAuthResponse *responseptr = &response; uschar msgbuf[2048]; uschar *clearpass; -/* send a 334, MS Exchange style, and grab the client's request */ +/* send a 334, MS Exchange style, and grab the client's request, +unless we already have it via an initial response. */ -if (auth_get_no64_data(&data, US"NTLM supported") != OK) +if ((*data == '\0') && + (auth_get_no64_data(&data, US"NTLM supported") != OK)) { /* something borked */ return FAIL; @@ -162,8 +167,6 @@ if (spa_base64_to_bits((char *)(&response), sizeof(response), (const char *)(dat return FAIL; } -/* get username and put it in $1 */ - /*************************************************************** PH 07-Aug-2003: The original code here was this: @@ -194,10 +197,15 @@ that causes failure if the size of msgbuf is exceeded. ****/ /***************************************************************/ -expand_nstring[1] = msgbuf; +/* Put the username in $auth1 and $1. The former is now the preferred variable; +the latter is the original variable. */ + +auth_vars[0] = expand_nstring[1] = msgbuf; expand_nlength[1] = Ustrlen(msgbuf); expand_nmax = 1; +debug_print_string(ablock->server_debug_string); /* customized debug */ + /* look up password */ clearpass = expand_string(ob->spa_serverpassword); @@ -228,7 +236,9 @@ if (memcmp(ntRespData, ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0), 24) == 0) /* success. we have a winner. */ - return OK; + + /* Expand server_condition as an authorization check (PH) */ + return auth_check_serv_cond(ablock); return FAIL; } @@ -260,6 +270,8 @@ auth_spa_client( /* Code added by PH to expand the options */ + *buffer = 0; /* Default no message when cancelled */ + username = CS expand_string(ob->spa_username); if (username == NULL) {