-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.289 2006/02/09 14:50:58 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.290 2006/02/10 14:25:43 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
"time since failure" will always be short, possible causing more frequent
delivery attempts for the huge message than are intended.
+PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
+ $1, $2, $3) because the numerical variables can be reset during some
+ expansion items (e.g. "match"), thereby losing the authentication data.
+
Exim version 4.60
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.81 2006/02/08 16:10:46 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.82 2006/02/10 14:25:43 ph10 Exp $
New Features in Exim
--------------------
adding the default one. Similarly, if it contains a Reply-To: header, the
errors_reply_to option, if set, is not used.
+PH/04 The variables $auth1, $auth2, $auth3 are now available in authenticators,
+ containing the same values as $1, $2, $3. The new variables are provided
+ because the numerical variables can be reset during string expansions
+ (for example, during a "match" operation) and so may lose the
+ authentication data. The preferred variables are now the new ones, with
+ the use of the numerical ones being deprecated, though the support will
+ not be removed, at least, not for a long time.
+
Version 4.60
------------
-$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.15 2006/02/09 10:04:00 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.16 2006/02/10 14:25:43 ph10 Exp $
LISTS OF EXIM OPTIONS
---------------------
AUTH_CYRUS_SASL driver include Cyrus SASL authenticator
AUTH_PLAINTEXT driver include plaintext authenticator
AUTH_SPA driver include SPA (NTLM) authenticator
+AUTH_VARS=3 optional* number of $auth variables
BASENAME_COMMAND system** path to basename
BASE_62=62 optional* not normally changed for Unix
BIN_DIRECTORY mandatory Exim binary directory
-$Cambridge: exim/src/src/auths/README,v 1.3 2005/02/17 11:58:27 ph10 Exp $
+$Cambridge: exim/src/src/auths/README,v 1.4 2006/02/10 14:25:43 ph10 Exp $
AUTHS
to the instance block, and its second argument is the remainder of the data
from the AUTH command. The numeric variable maximum setting (expand_nmax) is
set to zero, with $0 initialized as unset. The authenticator may set up numeric
-variables according to its specification; it should leave expand_nmax set at
-the end so that they can be used for the expansion of the generic server_set_id
-option, which happens centrally.
+variables according to its (old) specification and $auth<n> variables the
+preferred ones nowadays; it should leave them set at the end so that they can
+be used for the expansion of the generic server_set_id option, which happens
+centrally.
This function has access to the SMTP input and output so that it can write
intermediate responses and read more data if necessary. There is a packaged
-/* $Cambridge: exim/src/src/auths/b64decode.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/b64decode.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
Arguments:
code points to the coded string, zero-terminated
ptr where to put the pointer to the result, which is in
- dynamic store
+ dynamic store, and zero-terminated
Returns: the number of bytes in the result,
or -1 if the input was malformed
-/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
if ((len = auth_b64decode(data, &clear)) < 0) return BAD64;
/* The return consists of a user name, space-separated from the CRAM-MD5
-digest, expressed in hex. Extract the user name and put it in $1. Then check
-that the remaining length is 32. */
+digest, expressed in hex. Extract the user name and put it in $auth1 and $1.
+The former is now the preferred variable; the latter is the original one. Then
+check that the remaining length is 32. */
-expand_nstring[1] = clear;
+auth_vars[0] = expand_nstring[1] = clear;
while (*clear != 0 && !isspace(*clear)) clear++;
if (!isspace(*clear)) return FAIL;
*clear++ = 0;
HDEBUG(D_auth)
{
uschar buff[64];
- debug_printf("CRAM-MD5: user name = %s\n", expand_nstring[1]);
+ debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]);
debug_printf(" challenge = %s\n", challenge);
debug_printf(" received = %s\n", clear);
Ustrcpy(buff," digest = ");
-/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.3 2005/04/05 14:33:27 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
}
else if(rc==SASL_OK)
{
- /* get the username and copy it into $1 */
- rc=sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2));
- expand_nstring[1]=string_copy(out2);
- expand_nlength[1]=Ustrlen(expand_nstring[1]);
- expand_nmax=1;
+ /* Get the username and copy it into $auth1 and $1. The former is now the
+ preferred variable; the latter is the original variable. */
+ rc = sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2));
+ auth_vars[0] = expand_nstring[1] = string_copy(out2);
+ expand_nlength[1] = Ustrlen(expand_nstring[1]);
+ expand_nmax = 1;
HDEBUG(D_auth)
debug_printf("Cyrus SASL %s authentiction succeeded for %s\n", ob->server_mech, out2);
-/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
}
/* If data was supplied on the AUTH command, decode it, and split it up into
-multiple items at binary zeros. If the data consists of the string "=" it
-indicates a single, empty string. */
+multiple items at binary zeros. The strings are put into $auth1, $auth2, etc,
+up to a maximum. To retain backwards compatibility, they are also put int $1,
+$2, etc. If the data consists of the string "=" it indicates a single, empty
+string. */
if (*data != 0)
{
if (Ustrcmp(data, "=") == 0)
{
- expand_nstring[++expand_nmax] = US"";
+ auth_vars[0] = expand_nstring[++expand_nmax] = US"";
expand_nlength[expand_nmax] = 0;
}
else
end = clear + len;
while (clear < end && expand_nmax < EXPAND_MAXN)
{
+ if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
expand_nstring[++expand_nmax] = clear;
while (*clear != 0) clear++;
expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
/* This loop must run at least once, in case the length is zero */
do
{
+ if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear;
expand_nstring[++expand_nmax] = clear;
while (*clear != 0) clear++;
expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax];
while (clear < end && expand_nmax < EXPAND_MAXN);
}
-/* We now have a number of items of data in $1, $2, etc. Match against the
-decoded data by expanding the condition. Also expand the id to set if
-authentication succeeds. */
+/* We now have a number of items of data in $auth1, $auth2, etc (and also, for
+compatibility, in $1, $2, etc). Match against the decoded data by expanding the
+condition. */
cond = expand_string(ob->server_condition);
{
int i;
debug_printf("%s authenticator:\n", ablock->name);
+ for (i = 0; i < AUTH_VARS; i++)
+ {
+ if (auth_vars[i] != NULL)
+ debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]);
+ }
for (i = 1; i <= expand_nmax; i++)
debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]);
debug_print_string(ablock->server_debug_string); /* customized debug */
-/* $Cambridge: exim/src/src/auths/spa.c,v 1.5 2006/02/07 11:19:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/spa.c,v 1.6 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
return FAIL;
}
-/* get username and put it in $1 */
-
/***************************************************************
PH 07-Aug-2003: The original code here was this:
/***************************************************************/
-expand_nstring[1] = msgbuf;
+/* Put the username in $auth1 and $1. The former is now the preferred variable;
+the latter is the original variable. */
+
+auth_vars[0] = expand_nstring[1] = msgbuf;
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
+debug_print_string(ablock->server_debug_string); /* customized debug */
+
/* look up password */
clearpass = expand_string(ob->spa_serverpassword);
-/* $Cambridge: exim/src/src/config.h.defaults,v 1.9 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/config.h.defaults,v 1.10 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
/* The default settings for Exim configuration variables. A #define without
any data just defines the existence of the variable; it won't get included
-in config.h unless some value is defined in Local/Makefile. */
+in config.h unless some value is defined in Local/Makefile. If there is data,
+it's a default value. */
#define ACL_CVARS 20
#define ACL_MVARS 20
#define AUTH_PLAINTEXT
#define AUTH_SPA
+#define AUTH_VARS 3
+
#define BIN_DIRECTORY
#define CONFIGURE_FILE
-/* $Cambridge: exim/src/src/expand.c,v 1.53 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/expand.c,v 1.54 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
}
}
+/* Similarly for $auth<n> variables. */
+
+if (Ustrncmp(name, "auth", 4) == 0)
+ {
+ uschar *endptr;
+ int n = Ustrtoul(name + 4, &endptr, 10);
+ if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
+ return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
+ }
+
/* For all other variables, search the table */
while (last > first)
-/* $Cambridge: exim/src/src/globals.c,v 1.45 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.46 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
uschar *auth_defer_msg = US"reason not recorded";
uschar *auth_defer_user_msg = US"";
+uschar *auth_vars[AUTH_VARS];
int auto_thaw = 0;
#ifdef WITH_CONTENT_SCAN
uschar *av_scanner = US"sophie:/var/run/sophie"; /* AV scanner */
-/* $Cambridge: exim/src/src/globals.h,v 1.33 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/globals.h,v 1.34 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
extern auth_instance auth_defaults; /* Default values */
extern uschar *auth_defer_msg; /* Error message for log */
extern uschar *auth_defer_user_msg; /* Error message for user */
+extern uschar *auth_vars[]; /* $authn variables */
extern int auto_thaw; /* Auto-thaw interval */
#ifdef WITH_CONTENT_SCAN
extern uschar *av_scanner; /* AntiVirus scanner to use for the malware condition */
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.29 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.30 2006/02/10 14:25:43 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
pid_t pid;
int start, end, sender_domain, recipient_domain;
int ptr, size, rc;
- int c;
+ int c, i;
auth_instance *au;
switch(smtp_read_command(TRUE))
break;
}
- /* Run the checking code, passing the remainder of the command
- line as data. Initialize $0 empty. The authenticator may set up
- other numeric variables. Afterwards, have a go at expanding the set_id
- string, even if authentication failed - for bad passwords it can be useful
- to log the userid. On success, require set_id to expand and exist, and
- put it in authenticated_id. Save this in permanent store, as the working
- store gets reset at HELO, RSET, etc. */
+ /* Run the checking code, passing the remainder of the command line as
+ data. Initials the $auth<n> variables as empty. Initialize $0 empty and set
+ it as the only set numerical variable. The authenticator may set $auth<n>
+ and also set other numeric variables. The $auth<n> variables are preferred
+ nowadays; the numerical variables remain for backwards compatibility.
+ Afterwards, have a go at expanding the set_id string, even if
+ authentication failed - for bad passwords it can be useful to log the
+ userid. On success, require set_id to expand and exist, and put it in
+ authenticated_id. Save this in permanent store, as the working store gets
+ reset at HELO, RSET, etc. */
+
+ for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL;
expand_nmax = 0;
expand_nlength[0] = 0; /* $0 contains nothing */
c = (au->info->servercode)(au, smtp_cmd_argument);
if (au->set_id != NULL) set_id = expand_string(au->set_id);
expand_nmax = -1; /* Reset numeric variables */
+ for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; /* Reset $auth<n> */
/* The value of authenticated_id is stored in the spool file and printed in
log lines. It must not contain binary zeros or newline characters. In
# ----- Main settings -----
-domainlist dlist = *.aa.bb : ^\Nxxx
+domainlist dlist = *.aa.bb : ^\Nxxx(.*)
hostlist hlist = V4NET.11.12.13 : iplsearch;DIR/aux-fixed/0002.iplsearch
headers_charset = iso-8859-8
driver = plaintext
public_name = PLAIN
server_condition = "\
- ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}"
- server_set_id = $2
+ ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}"
+ server_set_id = $auth2
extended_plain:
driver = plaintext
public_name = EXPLAIN
server_prompts = :
server_condition = "\
- ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}"
- server_set_id = $2
+ ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}"
+ server_set_id = $auth2
expanded_prompt_plain:
driver = plaintext
public_name = EXPANDED
server_prompts = $primary_hostname
server_condition = "\
- ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}"
- server_set_id = $2
+ ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}"
+ server_set_id = $auth2
expanded_prompt_plain_fail:
driver = plaintext
public_name = EXPANDFAIL
server_prompts = $nonexistent
server_condition = "\
- ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}"
- server_set_id = $2
+ ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}"
+ server_set_id = $auth2
defer:
driver = plaintext
public_name = DEFER
server_condition = "account suspended"
- server_set_id = $2
+ server_set_id = $auth2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "User Name : Password "
server_condition = "\
- ${if and {{eq{$1}{userx}}{eq{$2}{secret}}}{yes}{no}}"
- server_set_id = $1
+ ${if and {{eq{$auth1}{userx}}{eq{$auth2}{secret}}}{yes}{no}}"
+ server_set_id = $auth1
# ----- Routers -----
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
- server_debug_print = +++CRAM-MD5 \$1="$1" \$2=\"$2" \$3="$3"
- server_secret = "${if eq{$1}{tim}{tanstaaftanstaaf}\
- {${if eq{$1}{userx}{secret}fail}}}"
- server_set_id = $1
+ server_debug_print = +++CRAM-MD5 \$auth1="$auth1" \$auth2=\"$auth2" \$auth3="$auth3"
+ server_secret = "${if eq{$auth1}{tim}{tanstaaftanstaaf}\
+ {${if eq{$auth1}{userx}{secret}fail}}}"
+ server_set_id = $auth1
public_name = NTLM
client_password = $sender_address
client_username = username
+ server_debug_print = +++SPA \$auth1="$auth1"
server_password = ok@test.ex
sasl1:
driver = cyrus_sasl
public_name = ANONYMOUS
- server_set_id = $1
+ server_set_id = $auth1
sasl2:
driver = cyrus_sasl
public_name = PLAIN
- server_set_id = $1
+ server_set_id = $auth1
# End
match_domain: ${if match_domain{xxxyz}{+dlist}{yes}{no}}
match_domain: ${if match_domain{xyz}{+dlist}{yes}{no}}
+${if match{x@zz.aa.bb}{^(.*)} \
+ { \
+ >$1< \
+ ${if match_domain{${domain:$1}}{+dlist}{[$1]}} \
+ >$1< \
+ } \
+ { CAN'T HAPPEN}}
+
+${if match{x@xxxabc}{^(.*)} \
+ { \
+ >$1< \
+ ${if match_domain{${domain:$1}}{^\Nxxx(.*)\N}{[$1]}} \
+ >$1< \
+ } \
+ { CAN'T HAPPEN}}
+
match_address: ${if match_address{x@y.z}{p@q:*@y.z}{yes}{no}}
match_address: ${if match_address{x@y.z}{p@q:x@*.z}{yes}{no}}
>>> deny: condition test succeeded
LOG: H=(test.host) [10.0.0.1] F=<junk@jink.jonk.test.ex> rejected RCPT <userx@test.ex>: authentication required
>>> mylogin authenticator:
+>>> $auth1 = userx secret
>>> $1 = userx secret
>>> +++MYLOGIN $1="userx secret" $2="" $3=""
>>> expanded string: yes
>>> accept: endpass encountered - denying access
LOG: H=(test.host) [10.0.0.3] F=<junk@jink.jonk.test.ex> rejected RCPT <userx@cus.cam.ac.uk>: authentication required
>>> mylogin authenticator:
+>>> $auth1 = userx secret
>>> $1 = userx secret
>>> +++MYLOGIN $1="userx secret" $2="" $3=""
>>> expanded string: yes
250 HELP\r
SMTP<< auth mylogin dXNlcnggc2VjcmV0
mylogin authenticator:
+ $auth1 = userx secret
$1 = userx secret
+++MYLOGIN $1="userx secret" $2="" $3=""
expanded string: yes
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> plain authenticator:
+>>> $auth1 =
+>>> $auth2 = userx
+>>> $auth3 = secret
>>> $1 =
>>> $2 = userx
>>> $3 = secret
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> auth1 authenticator:
+>>> $auth1 =
+>>> $auth2 = userx
+>>> $auth3 = secret
>>> $1 =
>>> $2 = userx
>>> $3 = secret
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> auth1 authenticator:
+>>> $auth1 =
+>>> $auth2 = userx
+>>> $auth3 = secret
>>> $1 =
>>> $2 = userx
>>> $3 = secret
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> auth2 authenticator:
+>>> $auth1 = userx
+>>> $auth2 = secret
>>> $1 = userx
>>> $2 = secret
>>> expanded string: yes
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in "10.0.0.1"? yes (matched "10.0.0.1")
>>> host in auth_advertise_hosts? yes (matched "+auth_hosts")
->>> +++CRAM-MD5 $1="tim" $2="" $3=""
+>>> +++CRAM-MD5 $auth1="tim" $auth2="" $auth3=""
>>> CRAM-MD5: user name = tim
>>> challenge = <1896.697170952@postoffice.reston.mci.net>
>>> received = b913a602c7eda7a495b4e6e7334d3890
> match_domain: yes
> match_domain: no
>
+> >x@zz.aa.bb< [] >x@zz.aa.bb<
+>
+> >x@xxxabc< [] >x@xxxabc<
+>
> match_address: yes
> match_address: yes
>
git://git.exim.org / exim.git / commitdiff