git://git.exim.org
/
users
/
jgh
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
214 spelling fixes
[users/jgh/exim.git]
/
src
/
src
/
auths
/
spa.c
diff --git
a/src/src/auths/spa.c
b/src/src/auths/spa.c
index 6cc281a1b4cf71cb2e2f011343fbd37eab844a06..4d435a411cd03338269bf87ea4e0d46614bf407f 100644
(file)
--- a/
src/src/auths/spa.c
+++ b/
src/src/auths/spa.c
@@
-1,10
+1,8
@@
-/* $Cambridge: exim/src/src/auths/spa.c,v 1.8 2006/10/16 15:44:36 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 200
6
*/
+/* Copyright (c) University of Cambridge 1995 - 200
9
*/
/* See the file NOTICE for conditions of use and distribution. */
/* This file, which provides support for Microsoft's Secure Password
/* See the file NOTICE for conditions of use and distribution. */
/* This file, which provides support for Microsoft's Secure Password
@@
-14,6
+12,7
@@
server support. I (PH) have only modified it in very trivial ways.
References:
http://www.innovation.ch/java/ntlm.html
http://www.kuro5hin.org/story/2002/4/28/1436/66154
References:
http://www.innovation.ch/java/ntlm.html
http://www.kuro5hin.org/story/2002/4/28/1436/66154
+ http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf
* It seems that some systems have existing but different definitions of some
* of the following types. I received a complaint about "int16" causing
* It seems that some systems have existing but different definitions of some
* of the following types. I received a complaint about "int16" causing
@@
-28,6
+27,7
@@
References:
07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid
input data. Find appropriate comment by grepping for "PH".
16-October-2006: PH: Added a call to auth_check_serv_cond() at the end
07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid
input data. Find appropriate comment by grepping for "PH".
16-October-2006: PH: Added a call to auth_check_serv_cond() at the end
+05-June-2010: PP: handle SASL initial response
*/
*/
@@
-61,7
+61,7
@@
address can appear in the tables drtables.c. */
int auth_spa_options_count =
sizeof(auth_spa_options)/sizeof(optionlist);
int auth_spa_options_count =
sizeof(auth_spa_options)/sizeof(optionlist);
-/* Default private options block for the con
tid
ion authentication method. */
+/* Default private options block for the con
dit
ion authentication method. */
auth_spa_options_block auth_spa_option_defaults = {
NULL, /* spa_password */
auth_spa_options_block auth_spa_option_defaults = {
NULL, /* spa_password */
@@
-128,9
+128,11
@@
SPAAuthResponse *responseptr = &response;
uschar msgbuf[2048];
uschar *clearpass;
uschar msgbuf[2048];
uschar *clearpass;
-/* send a 334, MS Exchange style, and grab the client's request */
+/* send a 334, MS Exchange style, and grab the client's request,
+unless we already have it via an initial response. */
-if (auth_get_no64_data(&data, US"NTLM supported") != OK)
+if ((*data == '\0') &&
+ (auth_get_no64_data(&data, US"NTLM supported") != OK))
{
/* something borked */
return FAIL;
{
/* something borked */
return FAIL;
@@
-194,9
+196,11
@@
that causes failure if the size of msgbuf is exceeded. ****/
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
-the latter is the original variable. */
+the latter is the original variable. These have to be out of stack memory, and
+need to be available once known even if not authenticated, for error messages
+(server_set_id, which only makes it to authenticated_id if we return OK) */
-auth_vars[0] = expand_nstring[1] =
msgbuf
;
+auth_vars[0] = expand_nstring[1] =
string_copy(msgbuf)
;
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
@@
-232,9
+236,11
@@
if (memcmp(ntRespData,
((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
24) == 0)
/* success. we have a winner. */
((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
24) == 0)
/* success. we have a winner. */
+ {
+ return auth_check_serv_cond(ablock);
+ }
/* Expand server_condition as an authorization check (PH) */
/* Expand server_condition as an authorization check (PH) */
- return auth_check_serv_cond(ablock);
return FAIL;
}
return FAIL;
}