X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f78eb7c6264c5f1a4ec2fb24c39060e0686f7714..4e910c01eea401e36044816744691789ef4656fa:/src/src/auths/cram_md5.c?ds=sidebyside

diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c
index 7b5598762..9c89cb23c 100644
--- a/src/src/auths/cram_md5.c
+++ b/src/src/auths/cram_md5.c
@@ -1,10 +1,8 @@
-/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2006 */
+/* Copyright (c) University of Cambridge 1995 - 2016 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 
@@ -40,7 +38,7 @@ address can appear in the tables drtables.c. */
 int auth_cram_md5_options_count =
   sizeof(auth_cram_md5_options)/sizeof(optionlist);
 
-/* Default private options block for the contidion authentication method. */
+/* Default private options block for the condition authentication method. */
 
 auth_cram_md5_options_block auth_cram_md5_option_defaults = {
   NULL,             /* server_secret */
@@ -75,7 +73,7 @@ if (ob->client_secret != NULL)
 
 
 /*************************************************
-*      Peform the CRAM-MD5 algorithm             *
+*      Perform the CRAM-MD5 algorithm            *
 *************************************************/
 
 /* The CRAM-MD5 algorithm is described in RFC 2195. It computes
@@ -155,8 +153,8 @@ auth_cram_md5_server(auth_instance *ablock, uschar *data)
 {
 auth_cram_md5_options_block *ob =
   (auth_cram_md5_options_block *)(ablock->options_block);
-uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL),
-  primary_hostname);
+uschar *challenge = string_sprintf("<%d.%ld@%s>", getpid(),
+    (long int) time(NULL), primary_hostname);
 uschar *clear, *secret;
 uschar digest[16];
 int i, rc, len;
@@ -174,7 +172,7 @@ if (*data != 0) return UNEXPECTED;
 /* Send the challenge, read the return */
 
 if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc;
-if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
+if ((len = b64decode(data, &clear)) < 0) return BAD64;
 
 /* The return consists of a user name, space-separated from the CRAM-MD5
 digest, expressed in hex. Extract the user name and put it in $auth1 and $1.
@@ -233,7 +231,8 @@ for (i = 0; i < 16; i++)
         ((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
   }
 
-return OK;
+/* Expand server_condition as an authorization check */
+return auth_check_serv_cond(ablock);
 }
 
 
@@ -250,7 +249,7 @@ auth_cram_md5_client(
   smtp_inblock *inblock,                 /* input connection */
   smtp_outblock *outblock,               /* output connection */
   int timeout,                           /* command timeout */
-  uschar *buffer,                          /* for reading response */
+  uschar *buffer,                        /* for reading response */
   int buffsize)                          /* size of buffer */
 {
 auth_cram_md5_options_block *ob =
@@ -262,14 +261,18 @@ int i;
 uschar digest[16];
 
 /* If expansion of either the secret or the user name failed, return CANCELLED
-or ERROR, as approriate. */
+or ERROR, as appropriate. */
 
-if (secret == NULL || name == NULL)
+if (!secret || !name)
   {
-  if (expand_string_forcedfail) return CANCELLED;
+  if (expand_string_forcedfail)
+    {
+    *buffer = 0;           /* No message */
+    return CANCELLED;
+    }
   string_format(buffer, buffsize, "expansion of \"%s\" failed in "
     "%s authenticator: %s",
-    (secret == NULL)? ob->client_secret : ob->client_name,
+    !secret ? ob->client_secret : ob->client_name,
     ablock->name, expand_string_message);
   return ERROR;
   }
@@ -277,12 +280,13 @@ if (secret == NULL || name == NULL)
 /* Initiate the authentication exchange and read the challenge, which arrives
 in base 64. */
 
-if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0)
+if (smtp_write_command(outblock, SCMD_FLUSH, "AUTH %s\r\n",
+		       	ablock->public_name) < 0)
   return FAIL_SEND;
-if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0)
+if (!smtp_read_response(inblock, buffer, buffsize, '3', timeout))
   return FAIL;
 
-if (auth_b64decode(buffer + 4, &challenge) < 0)
+if (b64decode(buffer + 4, &challenge) < 0)
   {
   string_format(buffer, buffsize, "bad base 64 string in challenge: %s",
     big_buffer + 4);
@@ -296,8 +300,7 @@ compute_cram_md5(secret, challenge, digest);
 /* Create the response from the user name plus the CRAM-MD5 digest */
 
 string_format(big_buffer, big_buffer_size - 36, "%s", name);
-p = big_buffer;
-while (*p != 0) p++;
+for (p = big_buffer; *p; ) p++;
 *p++ = ' ';
 
 for (i = 0; i < 16; i++)
@@ -307,15 +310,15 @@ for (i = 0; i < 16; i++)
   }
 
 /* Send the response, in base 64, and check the result. The response is
-in big_buffer, but auth_b64encode() returns its result in working store,
+in big_buffer, but b64encode() returns its result in working store,
 so calling smtp_write_command(), which uses big_buffer, is OK. */
 
 buffer[0] = 0;
-if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer,
+if (smtp_write_command(outblock, SCMD_FLUSH, "%s\r\n", b64encode(big_buffer,
   p - big_buffer)) < 0) return FAIL_SEND;
 
-return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)?
-  OK : FAIL;
+return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)
+  ? OK : FAIL;
 }
 #endif  /* STAND_ALONE */