diff options
author | Phil Pennock <pdp@exim.org> | 2012-02-05 20:36:51 -0500 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-02-05 20:36:51 -0500 |
commit | ce52b325c3cdc39c3dbc933fb9630d894a03feb0 (patch) | |
tree | 9c1e47601d58c408f4e7ddbf56eb99fe3148f688 | |
parent | b9c5be1c924b3414d135b40d6d75d6bd9af2f21e (diff) |
More bug-fixes, GSASL DIGEST-MD5 now works.
Defined helper streqic() since I seem tired enough to be forgetting ==0 checks.
Deal with left-over-data-to-send correctly.
Now tested with PLAIN, CRAM-MD5, DIGEST-MD5.
For DIGEST-MD5, check for server_realm, since GSASL doesn't error out without it.
-rw-r--r-- | src/src/auths/gsasl_exim.c | 37 | ||||
-rw-r--r-- | src/src/macros.h | 5 |
2 files changed, 33 insertions, 9 deletions
diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index e88bd2578..3c8a25017 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -146,14 +146,22 @@ auth_gsasl_init(auth_instance *ablock) ablock->name, ob->server_mech); if ((ablock->server_condition == NULL) && - (strcmpic(ob->server_mech, US"EXTERNAL") || - strcmpic(ob->server_mech, US"ANONYMOUS") || - strcmpic(ob->server_mech, US"PLAIN") || - strcmpic(ob->server_mech, US"LOGIN"))) + (streqic(ob->server_mech, US"EXTERNAL") || + streqic(ob->server_mech, US"ANONYMOUS") || + streqic(ob->server_mech, US"PLAIN") || + streqic(ob->server_mech, US"LOGIN"))) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "Need server_condition for %s mechanism", ablock->name, ob->server_mech); + /* This does *not* scale to new SASL mechanisms. Need a better way to ask + which properties will be needed. */ + if ((ob->server_realm == NULL) && + streqic(ob->server_mech, US"DIGEST-MD5")) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " + "Need server_realm for %s mechanism", + ablock->name, ob->server_mech); + /* At present, for mechanisms we don't panic on absence of server_condition; need to figure out the most generically correct approach to deciding when it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism, @@ -176,8 +184,9 @@ main_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop) struct callback_exim_state *cb_state = (struct callback_exim_state *)gsasl_session_hook_get(sctx); - HDEBUG(D_auth) debug_printf("Callback entered, prop=%d (loop prop=%d)\n", - prop, callback_loop); + HDEBUG(D_auth) + debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n", + prop, callback_loop); if (cb_state == NULL) { HDEBUG(D_auth) debug_printf(" not from our server/client processing.\n"); @@ -305,7 +314,9 @@ auth_gsasl_server(auth_instance *ablock, uschar *initial_data) switch (rc) { case GSASL_OK: - goto STOP_INTERACTION; + if (!to_send) + goto STOP_INTERACTION; + break; case GSASL_NEEDS_MORE: break; @@ -337,8 +348,16 @@ auth_gsasl_server(auth_instance *ablock, uschar *initial_data) goto STOP_INTERACTION; } - exim_error = - auth_get_no64_data((uschar **)&received, (uschar *)to_send); + if ((rc == GSASL_NEEDS_MORE) || + (to_send && *to_send)) + exim_error = + auth_get_no64_data((uschar **)&received, (uschar *)to_send); + + if (to_send) { + free(to_send); + to_send = NULL; + } + if (exim_error) break; /* handles * cancelled check */ diff --git a/src/src/macros.h b/src/src/macros.h index 451bc56fd..c1c4cc33f 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -72,6 +72,11 @@ as unsigned. */ ((uschar)(c) > 127 && print_topbitchars)) +/* Convenience for testing strings */ + +#define streqic(Foo, Bar) (strcmpic(Foo, Bar) == 0) + + /* When built with TLS support, the act of flushing SMTP output becomes a no-op once an SSL session is in progress. */ |