X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fauths%2Fspa.c;h=0bf7b042894dbee9da6ebf20452669017f40c2bf;hb=860cdda24cec1d6af456cb3406d84e6dc21981f9;hp=264887607c49047651c065c747f609fc3f3ed80d;hpb=f78eb7c6264c5f1a4ec2fb24c39060e0686f7714;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 264887607..0bf7b0428 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,10 +1,8 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.6 2006/02/10 14:25:43 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2006 */ +/* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ /* This file, which provides support for Microsoft's Secure Password @@ -14,6 +12,7 @@ server support. I (PH) have only modified it in very trivial ways. References: http://www.innovation.ch/java/ntlm.html http://www.kuro5hin.org/story/2002/4/28/1436/66154 + http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf * It seems that some systems have existing but different definitions of some * of the following types. I received a complaint about "int16" causing @@ -25,8 +24,10 @@ References: * typedef unsigned uint32; * typedef unsigned char uint8; -07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid - input data. Find appropriate comment by grepping for "PH". +07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid + input data. Find appropriate comment by grepping for "PH". +16-October-2006: PH: Added a call to auth_check_serv_cond() at the end +05-June-2010: PP: handle SASL initial response */ @@ -127,9 +128,11 @@ SPAAuthResponse *responseptr = &response; uschar msgbuf[2048]; uschar *clearpass; -/* send a 334, MS Exchange style, and grab the client's request */ +/* send a 334, MS Exchange style, and grab the client's request, +unless we already have it via an initial response. */ -if (auth_get_no64_data(&data, US"NTLM supported") != OK) +if ((*data == '\0') && + (auth_get_no64_data(&data, US"NTLM supported") != OK)) { /* something borked */ return FAIL; @@ -193,9 +196,11 @@ that causes failure if the size of msgbuf is exceeded. ****/ /***************************************************************/ /* Put the username in $auth1 and $1. The former is now the preferred variable; -the latter is the original variable. */ +the latter is the original variable. These have to be out of stack memory, and +need to be available once known even if not authenticated, for error messages +(server_set_id, which only makes it to authenticated_id if we return OK) */ -auth_vars[0] = expand_nstring[1] = msgbuf; +auth_vars[0] = expand_nstring[1] = string_copy(msgbuf); expand_nlength[1] = Ustrlen(msgbuf); expand_nmax = 1; @@ -231,7 +236,11 @@ if (memcmp(ntRespData, ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0), 24) == 0) /* success. we have a winner. */ - return OK; + { + return auth_check_serv_cond(ablock); + } + + /* Expand server_condition as an authorization check (PH) */ return FAIL; } @@ -263,6 +272,8 @@ auth_spa_client( /* Code added by PH to expand the options */ + *buffer = 0; /* Default no message when cancelled */ + username = CS expand_string(ob->spa_username); if (username == NULL) {