Broken in 4.80 release, commit
08488c86.
We need to leave $auth1 available after the authenticator returns, so
that server_set_id can be evaluated by the caller. We need to do this
whether we succeed or fail, because server_set_id only makes it into
$authenticated_id if we return OK, but is logged regardless.
Updated test config to set server_set_id; updated logs.
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
-the latter is the original variable. */
+the latter is the original variable. These have to be out of stack memory, and
+need to be available once known even if not authenticated, for error messages
+(server_set_id, which only makes it to authenticated_id if we return OK) */
-auth_vars[0] = expand_nstring[1] = msgbuf;
+auth_vars[0] = expand_nstring[1] = string_copy(msgbuf);
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
-/* clean up globals which aren't referenced, but still shouldn't be left
-pointing to stack memory */
-#define CLEANUP_RETURN(Code) do { auth_vars[0] = expand_nstring[1] = NULL; \
- expand_nlength[1] = expand_nmax = 0; return (Code); } while (0);
-
debug_print_string(ablock->server_debug_string); /* customized debug */
/* look up password */
debug_print_string(ablock->server_debug_string); /* customized debug */
/* look up password */
{
DEBUG(D_auth) debug_printf("auth_spa_server(): forced failure while "
"expanding spa_serverpassword\n");
{
DEBUG(D_auth) debug_printf("auth_spa_server(): forced failure while "
"expanding spa_serverpassword\n");
}
else
{
DEBUG(D_auth) debug_printf("auth_spa_server(): error while expanding "
"spa_serverpassword: %s\n", expand_string_message);
}
else
{
DEBUG(D_auth) debug_printf("auth_spa_server(): error while expanding "
"spa_serverpassword: %s\n", expand_string_message);
24) == 0)
/* success. we have a winner. */
{
24) == 0)
/* success. we have a winner. */
{
- int rc = auth_check_serv_cond(ablock);
- CLEANUP_RETURN(rc);
+ return auth_check_serv_cond(ablock);
}
/* Expand server_condition as an authorization check (PH) */
}
/* Expand server_condition as an authorization check (PH) */
client_password = ${if eq{1}{0}{xxx}fail}
client_username = username
server_password = ok@test.ex
client_password = ${if eq{1}{0}{xxx}fail}
client_username = username
server_password = ok@test.ex
client_username = username
server_debug_print = +++SPA \$auth1="$auth1"
server_password = ok@test.ex
client_username = username
server_debug_print = +++SPA \$auth1="$auth1"
server_password = ok@test.ex
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=spa S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=spa:username S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data (set_id=username)
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
-1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data
+1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data (set_id=username)
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
git://git.exim.org / users / heiko / exim.git / commitdiff