From 55c75993b43ac91069a5fbe9cc7a8d48cda84ee0 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Sat, 5 Jun 2010 10:16:36 +0000 Subject: [PATCH] Handle SASL Initial Response. See discussion at: http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html and the code is "correct by inspection", for whatever that's worth. --- doc/doc-txt/ChangeLog | 5 ++++- src/src/auths/spa.c | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 72f799a36..cb9f3d39c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.618 2010/06/05 10:04:43 pdp Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.619 2010/06/05 10:16:36 pdp Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -20,6 +20,9 @@ PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads. PP/05 Bugzilla 834: provide a permit_codedump option for pipe transports. +PP/06 Adjust NTLM authentication to handle SASL Initial Response. + + Exim version 4.72 ----------------- diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index f9c1a41e2..5647b0c1f 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.10 2009/11/16 19:50:38 nm4 Exp $ */ +/* $Cambridge: exim/src/src/auths/spa.c,v 1.11 2010/06/05 10:16:36 pdp Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -14,6 +14,7 @@ server support. I (PH) have only modified it in very trivial ways. References: http://www.innovation.ch/java/ntlm.html http://www.kuro5hin.org/story/2002/4/28/1436/66154 + http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf * It seems that some systems have existing but different definitions of some * of the following types. I received a complaint about "int16" causing @@ -28,6 +29,7 @@ References: 07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid input data. Find appropriate comment by grepping for "PH". 16-October-2006: PH: Added a call to auth_check_serv_cond() at the end +05-June-2010: PP: handle SASL initial response */ @@ -128,9 +130,11 @@ SPAAuthResponse *responseptr = &response; uschar msgbuf[2048]; uschar *clearpass; -/* send a 334, MS Exchange style, and grab the client's request */ +/* send a 334, MS Exchange style, and grab the client's request, +unless we already have it via an initial response. */ -if (auth_get_no64_data(&data, US"NTLM supported") != OK) +if ((*data == '\0') && + (auth_get_no64_data(&data, US"NTLM supported") != OK)) { /* something borked */ return FAIL; -- 2.30.2