X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fauths%2Fspa.c;h=0bf7b042894dbee9da6ebf20452669017f40c2bf;hb=10a831a31f38ad32dcf140ac50178b845a60a126;hp=48ca879f26ea4b7ce33b3f26b52c95aef7c36644;hpb=c988f1f4faa9f679f79beddf3c14676c5dcb8e28;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 48ca879f2..0bf7b0428 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,10 +1,8 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.4 2005/01/04 10:00:43 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2005 */ +/* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ /* This file, which provides support for Microsoft's Secure Password @@ -14,6 +12,7 @@ server support. I (PH) have only modified it in very trivial ways. References: http://www.innovation.ch/java/ntlm.html http://www.kuro5hin.org/story/2002/4/28/1436/66154 + http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf * It seems that some systems have existing but different definitions of some * of the following types. I received a complaint about "int16" causing @@ -25,8 +24,10 @@ References: * typedef unsigned uint32; * typedef unsigned char uint8; -07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid - input data. Find appropriate comment by grepping for "PH". +07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid + input data. Find appropriate comment by grepping for "PH". +16-October-2006: PH: Added a call to auth_check_serv_cond() at the end +05-June-2010: PP: handle SASL initial response */ @@ -127,9 +128,11 @@ SPAAuthResponse *responseptr = &response; uschar msgbuf[2048]; uschar *clearpass; -/* send a 334, MS Exchange style, and grab the client's request */ +/* send a 334, MS Exchange style, and grab the client's request, +unless we already have it via an initial response. */ -if (auth_get_no64_data(&data, US"NTLM supported") != OK) +if ((*data == '\0') && + (auth_get_no64_data(&data, US"NTLM supported") != OK)) { /* something borked */ return FAIL; @@ -162,8 +165,6 @@ if (spa_base64_to_bits((char *)(&response), sizeof(response), (const char *)(dat return FAIL; } -/* get username and put it in $1 */ - /*************************************************************** PH 07-Aug-2003: The original code here was this: @@ -194,10 +195,17 @@ that causes failure if the size of msgbuf is exceeded. ****/ /***************************************************************/ -expand_nstring[1] = msgbuf; +/* Put the username in $auth1 and $1. The former is now the preferred variable; +the latter is the original variable. These have to be out of stack memory, and +need to be available once known even if not authenticated, for error messages +(server_set_id, which only makes it to authenticated_id if we return OK) */ + +auth_vars[0] = expand_nstring[1] = string_copy(msgbuf); expand_nlength[1] = Ustrlen(msgbuf); expand_nmax = 1; +debug_print_string(ablock->server_debug_string); /* customized debug */ + /* look up password */ clearpass = expand_string(ob->spa_serverpassword); @@ -228,7 +236,11 @@ if (memcmp(ntRespData, ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0), 24) == 0) /* success. we have a winner. */ - return OK; + { + return auth_check_serv_cond(ablock); + } + + /* Expand server_condition as an authorization check (PH) */ return FAIL; } @@ -260,6 +272,8 @@ auth_spa_client( /* Code added by PH to expand the options */ + *buffer = 0; /* Default no message when cancelled */ + username = CS expand_string(ob->spa_username); if (username == NULL) {