projects
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use GCRYPT if GNUTLS isn't good enough
[exim.git]
/
src
/
src
/
auths
/
spa.c
diff --git
a/src/src/auths/spa.c
b/src/src/auths/spa.c
index f9c1a41e28fb0446853afffd09e341001e46d9ef..0bf7b042894dbee9da6ebf20452669017f40c2bf 100644
(file)
--- a/
src/src/auths/spa.c
+++ b/
src/src/auths/spa.c
@@
-1,5
+1,3
@@
-/* $Cambridge: exim/src/src/auths/spa.c,v 1.10 2009/11/16 19:50:38 nm4 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
@@
-14,6
+12,7
@@
server support. I (PH) have only modified it in very trivial ways.
References:
http://www.innovation.ch/java/ntlm.html
http://www.kuro5hin.org/story/2002/4/28/1436/66154
References:
http://www.innovation.ch/java/ntlm.html
http://www.kuro5hin.org/story/2002/4/28/1436/66154
+ http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf
* It seems that some systems have existing but different definitions of some
* of the following types. I received a complaint about "int16" causing
* It seems that some systems have existing but different definitions of some
* of the following types. I received a complaint about "int16" causing
@@
-28,6
+27,7
@@
References:
07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid
input data. Find appropriate comment by grepping for "PH".
16-October-2006: PH: Added a call to auth_check_serv_cond() at the end
07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid
input data. Find appropriate comment by grepping for "PH".
16-October-2006: PH: Added a call to auth_check_serv_cond() at the end
+05-June-2010: PP: handle SASL initial response
*/
*/
@@
-128,9
+128,11
@@
SPAAuthResponse *responseptr = &response;
uschar msgbuf[2048];
uschar *clearpass;
uschar msgbuf[2048];
uschar *clearpass;
-/* send a 334, MS Exchange style, and grab the client's request */
+/* send a 334, MS Exchange style, and grab the client's request,
+unless we already have it via an initial response. */
-if (auth_get_no64_data(&data, US"NTLM supported") != OK)
+if ((*data == '\0') &&
+ (auth_get_no64_data(&data, US"NTLM supported") != OK))
{
/* something borked */
return FAIL;
{
/* something borked */
return FAIL;
@@
-194,9
+196,11
@@
that causes failure if the size of msgbuf is exceeded. ****/
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
-the latter is the original variable. */
+the latter is the original variable. These have to be out of stack memory, and
+need to be available once known even if not authenticated, for error messages
+(server_set_id, which only makes it to authenticated_id if we return OK) */
-auth_vars[0] = expand_nstring[1] =
msgbuf
;
+auth_vars[0] = expand_nstring[1] =
string_copy(msgbuf)
;
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
@@
-232,9
+236,11
@@
if (memcmp(ntRespData,
((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
24) == 0)
/* success. we have a winner. */
((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
24) == 0)
/* success. we have a winner. */
+ {
+ return auth_check_serv_cond(ablock);
+ }
/* Expand server_condition as an authorization check (PH) */
/* Expand server_condition as an authorization check (PH) */
- return auth_check_serv_cond(ablock);
return FAIL;
}
return FAIL;
}