From b1206957506a8d30e54c3d76c3ada5f247118666 Mon Sep 17 00:00:00 2001 From: Philip Hazel Date: Mon, 20 Dec 2004 14:57:05 +0000 Subject: [PATCH] A forced expansion failure in the SPA authenticator is now treated the same as in other authenticators (it moves to the next authenticator). --- doc/doc-txt/ChangeLog | 9 ++++++++- src/ACKNOWLEDGMENTS | 5 +++-- src/src/auths/README | 5 +++-- src/src/auths/spa.c | 21 ++++++++++++--------- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a06b29b49..6774dad4a 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.45 2004/12/20 12:29:10 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.46 2004/12/20 14:57:05 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -195,6 +195,13 @@ Exim version 4.50 messages that were in split spool directories. Consequently, it was deleting retry records that should have stayed in existence. +48. Steve fixed some bugs in eximstats. + +49. The SPA authentication driver was not abandoning authentication and moving + on to the next authenticator when an expansion was forced to fail, + contradicting the general specification for all authenticators. Instead it + was generating a temporary error. It now behaves as specified. + Exim version 4.43 ----------------- diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS index fe092c448..a914262c7 100644 --- a/src/ACKNOWLEDGMENTS +++ b/src/ACKNOWLEDGMENTS @@ -1,4 +1,4 @@ -$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.7 2004/11/24 15:43:36 ph10 Exp $ +$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.8 2004/12/20 14:57:05 ph10 Exp $ EXIM ACKNOWLEDGEMENTS @@ -20,7 +20,7 @@ relatively small patches. Philip Hazel Lists created: 20 November 2002 -Last updated: 24 November 2004 +Last updated: 20 December 2004 THE OLD LIST @@ -158,6 +158,7 @@ Chris Liddiard Fix for bug in exiqsumm Chris Lightfoot Patch for -restore-times in exim_lock Edgar Lovecraft Patch for ${str2b64: Torsten Luettgert Suggested patch for proper integer overflow detection +David Madole Patch for SPA forced expansion failure bug Lionel Elie Mamane Patch for IPv4/IPv6 listen() problem on USAGI Linux Patch for recognizing IPv6 "scoped addresses" Patch for callout caching bug diff --git a/src/src/auths/README b/src/src/auths/README index 190505f25..a25aaf0b0 100644 --- a/src/src/auths/README +++ b/src/src/auths/README @@ -1,4 +1,4 @@ -$Cambridge: exim/src/src/auths/README,v 1.1 2004/10/07 13:10:00 ph10 Exp $ +$Cambridge: exim/src/src/auths/README,v 1.2 2004/12/20 14:57:05 ph10 Exp $ AUTHS @@ -57,7 +57,8 @@ The yield of a server authentication check must be one of: OK success DEFER couldn't complete the check FAIL authentication failed - CANCELLED authentication forced to fail by "*" response to challenge + CANCELLED authentication forced to fail by "*" response to challenge, + or by a forced string expansion failure BAD64 bad base64 data received UNEXPECTED unexpected data received diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 31451344e..dc859674e 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.1 2004/10/07 13:10:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/spa.c,v 1.2 2004/12/20 14:57:05 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -258,19 +258,12 @@ auth_spa_client( char *domain = NULL; char *username, *password; - if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", - ablock->public_name) < 0) - return FAIL_SEND; - - /* wait for the 3XX OK message */ - if (!smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout)) - return FAIL; - /* Code added by PH to expand the options */ username = CS expand_string(ob->spa_username); if (username == NULL) { + if (expand_string_forcedfail) return CANCELLED; string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " "authenticator: %s", ob->spa_username, ablock->name, expand_string_message); @@ -280,6 +273,7 @@ auth_spa_client( password = CS expand_string(ob->spa_password); if (password == NULL) { + if (expand_string_forcedfail) return CANCELLED; string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " "authenticator: %s", ob->spa_password, ablock->name, expand_string_message); @@ -291,6 +285,7 @@ auth_spa_client( domain = CS expand_string(ob->spa_domain); if (domain == NULL) { + if (expand_string_forcedfail) return CANCELLED; string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " "authenticator: %s", ob->spa_domain, ablock->name, expand_string_message); @@ -300,6 +295,14 @@ auth_spa_client( /* Original code */ + if (smtp_write_command(outblock, FALSE, "AUTH %s\r\n", + ablock->public_name) < 0) + return FAIL_SEND; + + /* wait for the 3XX OK message */ + if (!smtp_read_response(inblock, (uschar *)buffer, buffsize, '3', timeout)) + return FAIL; + DSPA("\n\n%s authenticator: using domain %s\n\n", ablock->name, domain); -- 2.25.1