X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f78eb7c6264c5f1a4ec2fb24c39060e0686f7714..cd1a5fe0ed22087c6afbe585ab0206c2a4a267aa:/src/src/auths/cram_md5.c

diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c
index 7b5598762..3be00082d 100644
--- a/src/src/auths/cram_md5.c
+++ b/src/src/auths/cram_md5.c
@@ -1,10 +1,8 @@
-/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2006 */
+/* Copyright (c) University of Cambridge 1995 - 2016 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 
@@ -155,8 +153,8 @@ auth_cram_md5_server(auth_instance *ablock, uschar *data)
 {
 auth_cram_md5_options_block *ob =
   (auth_cram_md5_options_block *)(ablock->options_block);
-uschar *challenge = string_sprintf("<%d.%d@%s>", getpid(), time(NULL),
-  primary_hostname);
+uschar *challenge = string_sprintf("<%d.%ld@%s>", getpid(),
+    (long int) time(NULL), primary_hostname);
 uschar *clear, *secret;
 uschar digest[16];
 int i, rc, len;
@@ -174,7 +172,7 @@ if (*data != 0) return UNEXPECTED;
 /* Send the challenge, read the return */
 
 if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc;
-if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
+if ((len = b64decode(data, &clear)) < 0) return BAD64;
 
 /* The return consists of a user name, space-separated from the CRAM-MD5
 digest, expressed in hex. Extract the user name and put it in $auth1 and $1.
@@ -233,7 +231,8 @@ for (i = 0; i < 16; i++)
         ((b >= 'a')? b - 'a' + 10 : b - '0')) != digest[i]) return FAIL;
   }
 
-return OK;
+/* Expand server_condition as an authorization check */
+return auth_check_serv_cond(ablock);
 }
 
 
@@ -250,7 +249,7 @@ auth_cram_md5_client(
   smtp_inblock *inblock,                 /* input connection */
   smtp_outblock *outblock,               /* output connection */
   int timeout,                           /* command timeout */
-  uschar *buffer,                          /* for reading response */
+  uschar *buffer,                        /* for reading response */
   int buffsize)                          /* size of buffer */
 {
 auth_cram_md5_options_block *ob =
@@ -264,12 +263,16 @@ uschar digest[16];
 /* If expansion of either the secret or the user name failed, return CANCELLED
 or ERROR, as approriate. */
 
-if (secret == NULL || name == NULL)
+if (!secret || !name)
   {
-  if (expand_string_forcedfail) return CANCELLED;
+  if (expand_string_forcedfail)
+    {
+    *buffer = 0;           /* No message */
+    return CANCELLED;
+    }
   string_format(buffer, buffsize, "expansion of \"%s\" failed in "
     "%s authenticator: %s",
-    (secret == NULL)? ob->client_secret : ob->client_name,
+    !secret ? ob->client_secret : ob->client_name,
     ablock->name, expand_string_message);
   return ERROR;
   }
@@ -279,10 +282,10 @@ in base 64. */
 
 if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", ablock->public_name) < 0)
   return FAIL_SEND;
-if (smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout) < 0)
+if (!smtp_read_response(inblock, buffer, buffsize, '3', timeout))
   return FAIL;
 
-if (auth_b64decode(buffer + 4, &challenge) < 0)
+if (b64decode(buffer + 4, &challenge) < 0)
   {
   string_format(buffer, buffsize, "bad base 64 string in challenge: %s",
     big_buffer + 4);
@@ -296,8 +299,7 @@ compute_cram_md5(secret, challenge, digest);
 /* Create the response from the user name plus the CRAM-MD5 digest */
 
 string_format(big_buffer, big_buffer_size - 36, "%s", name);
-p = big_buffer;
-while (*p != 0) p++;
+for (p = big_buffer; *p; ) p++;
 *p++ = ' ';
 
 for (i = 0; i < 16; i++)
@@ -307,15 +309,15 @@ for (i = 0; i < 16; i++)
   }
 
 /* Send the response, in base 64, and check the result. The response is
-in big_buffer, but auth_b64encode() returns its result in working store,
+in big_buffer, but b64encode() returns its result in working store,
 so calling smtp_write_command(), which uses big_buffer, is OK. */
 
 buffer[0] = 0;
-if (smtp_write_command(outblock, FALSE, "%s\r\n", auth_b64encode(big_buffer,
+if (smtp_write_command(outblock, FALSE, "%s\r\n", b64encode(big_buffer,
   p - big_buffer)) < 0) return FAIL_SEND;
 
-return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)?
-  OK : FAIL;
+return smtp_read_response(inblock, (uschar *)buffer, buffsize, '2', timeout)
+  ? OK : FAIL;
 }
 #endif  /* STAND_ALONE */