From: Jeremy Harris Date: Sun, 24 Oct 2021 13:13:46 +0000 (+0100) Subject: Fix client-only use of gsasl authenticator. Bug 2818 X-Git-Tag: exim-4.96-RC0~140 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/0a3c9b00e50a4bd4a7cfca5c9640d8f3c7333cd3 Fix client-only use of gsasl authenticator. Bug 2818 --- diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index f5c2afd60..2d060d4da 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -57,6 +57,10 @@ static void dummy(int x) { dummy2(x-1); } # define CHANNELBIND_HACK #endif +/* Convenience for testing strings */ + +#define STREQIC(Foo, Bar) (strcmpic((Foo), (Bar)) == 0) + /* Authenticator-specific options. */ /* I did have server_*_condition options for various mechanisms, but since @@ -200,15 +204,21 @@ if (!gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech)) "GNU SASL does not support mechanism \"%s\"", ablock->name, ob->server_mech); -ablock->server = TRUE; - -if ( !ablock->server_condition - && ( streqic(ob->server_mech, US"EXTERNAL") - || streqic(ob->server_mech, US"ANONYMOUS") - || streqic(ob->server_mech, US"PLAIN") - || streqic(ob->server_mech, US"LOGIN") - ) ) +if (ablock->server_condition) + ablock->server = TRUE; +else if( ob->server_mech + && !STREQIC(ob->server_mech, US"EXTERNAL") + && !STREQIC(ob->server_mech, US"ANONYMOUS") + && !STREQIC(ob->server_mech, US"PLAIN") + && !STREQIC(ob->server_mech, US"LOGIN") + ) { + /* At present, for mechanisms we don't panic on absence of server_condition; + need to figure out the most generically correct approach to deciding when + it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism, + etc) it clearly is critical. + */ + ablock->server = FALSE; HDEBUG(D_auth) debug_printf("%s authenticator: " "Need server_condition for %s mechanism\n", @@ -219,7 +229,7 @@ if ( !ablock->server_condition which properties will be needed. */ if ( !ob->server_realm - && streqic(ob->server_mech, US"DIGEST-MD5")) + && STREQIC(ob->server_mech, US"DIGEST-MD5")) { ablock->server = FALSE; HDEBUG(D_auth) debug_printf("%s authenticator: " @@ -227,12 +237,6 @@ if ( !ob->server_realm ablock->name, ob->server_mech); } -/* At present, for mechanisms we don't panic on absence of server_condition; -need to figure out the most generically correct approach to deciding when -it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism, -etc) it clearly is critical. -*/ - ablock->client = ob->client_username && ob->client_password; } diff --git a/src/src/macros.h b/src/src/macros.h index bf5241e10..80e0ecbe1 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -79,11 +79,6 @@ as unsigned. */ ((uschar)(c) > 127 && print_topbitchars)) -/* Convenience for testing strings */ - -#define streqic(Foo, Bar) (strcmpic(Foo, Bar) == 0) - - /* When built with TLS support, the act of flushing SMTP output becomes a no-op once an SSL session is in progress. */