diff options
| author | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-02-10 14:25:43 +0000 |
|---|---|---|
| committer | Philip Hazel <ph10@hermes.cam.ac.uk> | 2006-02-10 14:25:43 +0000 |
| commit | f78eb7c6264c5f1a4ec2fb24c39060e0686f7714 (patch) | |
| tree | c203285c5e61555dfd8cebc4ed1110cf34349a11 | |
| parent | 727071f81598850285bc4f6270a5bd9ad40c61ba (diff) | |
Add $auth1, $auth2, $auth3 variables.
| -rw-r--r-- | doc/doc-txt/ChangeLog | 6 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 10 | ||||
| -rw-r--r-- | doc/doc-txt/OptionLists.txt | 3 | ||||
| -rw-r--r-- | src/src/auths/README | 9 | ||||
| -rw-r--r-- | src/src/auths/b64decode.c | 4 | ||||
| -rw-r--r-- | src/src/auths/cram_md5.c | 11 | ||||
| -rw-r--r-- | src/src/auths/cyrus_sasl.c | 13 | ||||
| -rw-r--r-- | src/src/auths/plaintext.c | 23 | ||||
| -rw-r--r-- | src/src/auths/spa.c | 11 | ||||
| -rw-r--r-- | src/src/config.h.defaults | 7 | ||||
| -rw-r--r-- | src/src/expand.c | 12 | ||||
| -rw-r--r-- | src/src/globals.c | 3 | ||||
| -rw-r--r-- | src/src/globals.h | 3 | ||||
| -rw-r--r-- | src/src/smtp_in.c | 24 | ||||
| -rw-r--r-- | test/confs/0002 | 2 | ||||
| -rw-r--r-- | test/confs/3400 | 22 | ||||
| -rw-r--r-- | test/confs/3500 | 8 | ||||
| -rw-r--r-- | test/confs/3600 | 1 | ||||
| -rw-r--r-- | test/confs/9300 | 4 | ||||
| -rw-r--r-- | test/scripts/0000-Basic/0002 | 16 | ||||
| -rw-r--r-- | test/stderr/3400 | 3 | ||||
| -rw-r--r-- | test/stderr/3408 | 3 | ||||
| -rw-r--r-- | test/stderr/3410 | 8 | ||||
| -rw-r--r-- | test/stderr/3500 | 2 | ||||
| -rw-r--r-- | test/stdout/0002 | 4 |
25 files changed, 148 insertions, 64 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index cc82287fe..a9f562bce 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.289 2006/02/09 14:50:58 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.290 2006/02/10 14:25:43 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -116,6 +116,10 @@ PH/19 When calculating a retry time, Exim used to measure the "time since "time since failure" will always be short, possible causing more frequent delivery attempts for the huge message than are intended. +PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as + $1, $2, $3) because the numerical variables can be reset during some + expansion items (e.g. "match"), thereby losing the authentication data. + Exim version 4.60 diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 83e44d836..6dfb76ea8 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.81 2006/02/08 16:10:46 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.82 2006/02/10 14:25:43 ph10 Exp $ New Features in Exim -------------------- @@ -32,6 +32,14 @@ PH/03 If quota_warn_message contains a From: header, Exim now refrains from adding the default one. Similarly, if it contains a Reply-To: header, the errors_reply_to option, if set, is not used. +PH/04 The variables $auth1, $auth2, $auth3 are now available in authenticators, + containing the same values as $1, $2, $3. The new variables are provided + because the numerical variables can be reset during string expansions + (for example, during a "match" operation) and so may lose the + authentication data. The preferred variables are now the new ones, with + the use of the numerical ones being deprecated, though the support will + not be removed, at least, not for a long time. + Version 4.60 ------------ diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index e99b4e0be..3268b3cbe 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.15 2006/02/09 10:04:00 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.16 2006/02/10 14:25:43 ph10 Exp $ LISTS OF EXIM OPTIONS --------------------- @@ -747,6 +747,7 @@ AUTH_CRAM_MD5 driver include cram_md5 authenticator AUTH_CYRUS_SASL driver include Cyrus SASL authenticator AUTH_PLAINTEXT driver include plaintext authenticator AUTH_SPA driver include SPA (NTLM) authenticator +AUTH_VARS=3 optional* number of $auth variables BASENAME_COMMAND system** path to basename BASE_62=62 optional* not normally changed for Unix BIN_DIRECTORY mandatory Exim binary directory diff --git a/src/src/auths/README b/src/src/auths/README index 18ca50033..9143b9e91 100644 --- a/src/src/auths/README +++ b/src/src/auths/README @@ -1,4 +1,4 @@ -$Cambridge: exim/src/src/auths/README,v 1.3 2005/02/17 11:58:27 ph10 Exp $ +$Cambridge: exim/src/src/auths/README,v 1.4 2006/02/10 14:25:43 ph10 Exp $ AUTHS @@ -44,9 +44,10 @@ The second function performs authentication as a server. It receives a pointer to the instance block, and its second argument is the remainder of the data from the AUTH command. The numeric variable maximum setting (expand_nmax) is set to zero, with $0 initialized as unset. The authenticator may set up numeric -variables according to its specification; it should leave expand_nmax set at -the end so that they can be used for the expansion of the generic server_set_id -option, which happens centrally. +variables according to its (old) specification and $auth<n> variables the +preferred ones nowadays; it should leave them set at the end so that they can +be used for the expansion of the generic server_set_id option, which happens +centrally. This function has access to the SMTP input and output so that it can write intermediate responses and read more data if necessary. There is a packaged diff --git a/src/src/auths/b64decode.c b/src/src/auths/b64decode.c index dceb59f0c..bc1fbc5ef 100644 --- a/src/src/auths/b64decode.c +++ b/src/src/auths/b64decode.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/b64decode.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/b64decode.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -22,7 +22,7 @@ compact loop is messy and would probably run more slowly. Arguments: code points to the coded string, zero-terminated ptr where to put the pointer to the result, which is in - dynamic store + dynamic store, and zero-terminated Returns: the number of bytes in the result, or -1 if the input was malformed diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c index 41c9c5cfa..7b5598762 100644 --- a/src/src/auths/cram_md5.c +++ b/src/src/auths/cram_md5.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -177,10 +177,11 @@ if ((rc = auth_get_data(&data, challenge, Ustrlen(challenge))) != OK) return rc; if ((len = auth_b64decode(data, &clear)) < 0) return BAD64; /* The return consists of a user name, space-separated from the CRAM-MD5 -digest, expressed in hex. Extract the user name and put it in $1. Then check -that the remaining length is 32. */ +digest, expressed in hex. Extract the user name and put it in $auth1 and $1. +The former is now the preferred variable; the latter is the original one. Then +check that the remaining length is 32. */ -expand_nstring[1] = clear; +auth_vars[0] = expand_nstring[1] = clear; while (*clear != 0 && !isspace(*clear)) clear++; if (!isspace(*clear)) return FAIL; *clear++ = 0; @@ -212,7 +213,7 @@ compute_cram_md5(secret, challenge, digest); HDEBUG(D_auth) { uschar buff[64]; - debug_printf("CRAM-MD5: user name = %s\n", expand_nstring[1]); + debug_printf("CRAM-MD5: user name = %s\n", auth_vars[0]); debug_printf(" challenge = %s\n", challenge); debug_printf(" received = %s\n", clear); Ustrcpy(buff," digest = "); diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c index 8651dc605..7e6603988 100644 --- a/src/src/auths/cyrus_sasl.c +++ b/src/src/auths/cyrus_sasl.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.3 2005/04/05 14:33:27 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/cyrus_sasl.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -324,11 +324,12 @@ while(rc==SASL_CONTINUE) } else if(rc==SASL_OK) { - /* get the username and copy it into $1 */ - rc=sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2)); - expand_nstring[1]=string_copy(out2); - expand_nlength[1]=Ustrlen(expand_nstring[1]); - expand_nmax=1; + /* Get the username and copy it into $auth1 and $1. The former is now the + preferred variable; the latter is the original variable. */ + rc = sasl_getprop(conn, SASL_USERNAME, (const void **)(&out2)); + auth_vars[0] = expand_nstring[1] = string_copy(out2); + expand_nlength[1] = Ustrlen(expand_nstring[1]); + expand_nmax = 1; HDEBUG(D_auth) debug_printf("Cyrus SASL %s authentiction succeeded for %s\n", ob->server_mech, out2); diff --git a/src/src/auths/plaintext.c b/src/src/auths/plaintext.c index 5e7fda7cd..e5f261a16 100644 --- a/src/src/auths/plaintext.c +++ b/src/src/auths/plaintext.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -87,14 +87,16 @@ if (prompts != NULL) } /* If data was supplied on the AUTH command, decode it, and split it up into -multiple items at binary zeros. If the data consists of the string "=" it -indicates a single, empty string. */ +multiple items at binary zeros. The strings are put into $auth1, $auth2, etc, +up to a maximum. To retain backwards compatibility, they are also put int $1, +$2, etc. If the data consists of the string "=" it indicates a single, empty +string. */ if (*data != 0) { if (Ustrcmp(data, "=") == 0) { - expand_nstring[++expand_nmax] = US""; + auth_vars[0] = expand_nstring[++expand_nmax] = US""; expand_nlength[expand_nmax] = 0; } else @@ -103,6 +105,7 @@ if (*data != 0) end = clear + len; while (clear < end && expand_nmax < EXPAND_MAXN) { + if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear; expand_nstring[++expand_nmax] = clear; while (*clear != 0) clear++; expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax]; @@ -126,6 +129,7 @@ while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size)) /* This loop must run at least once, in case the length is zero */ do { + if (expand_nmax < AUTH_VARS) auth_vars[expand_nmax] = clear; expand_nstring[++expand_nmax] = clear; while (*clear != 0) clear++; expand_nlength[expand_nmax] = clear++ - expand_nstring[expand_nmax]; @@ -133,9 +137,9 @@ while ((s = string_nextinlist(&prompts, &sep, big_buffer, big_buffer_size)) while (clear < end && expand_nmax < EXPAND_MAXN); } -/* We now have a number of items of data in $1, $2, etc. Match against the -decoded data by expanding the condition. Also expand the id to set if -authentication succeeds. */ +/* We now have a number of items of data in $auth1, $auth2, etc (and also, for +compatibility, in $1, $2, etc). Match against the decoded data by expanding the +condition. */ cond = expand_string(ob->server_condition); @@ -143,6 +147,11 @@ HDEBUG(D_auth) { int i; debug_printf("%s authenticator:\n", ablock->name); + for (i = 0; i < AUTH_VARS; i++) + { + if (auth_vars[i] != NULL) + debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]); + } for (i = 1; i <= expand_nmax; i++) debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]); debug_print_string(ablock->server_debug_string); /* customized debug */ diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 854e96312..264887607 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.5 2006/02/07 11:19:01 ph10 Exp $ */ +/* $Cambridge: exim/src/src/auths/spa.c,v 1.6 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -162,8 +162,6 @@ if (spa_base64_to_bits((char *)(&response), sizeof(response), (const char *)(dat return FAIL; } -/* get username and put it in $1 */ - /*************************************************************** PH 07-Aug-2003: The original code here was this: @@ -194,10 +192,15 @@ that causes failure if the size of msgbuf is exceeded. ****/ /***************************************************************/ -expand_nstring[1] = msgbuf; +/* Put the username in $auth1 and $1. The former is now the preferred variable; +the latter is the original variable. */ + +auth_vars[0] = expand_nstring[1] = msgbuf; expand_nlength[1] = Ustrlen(msgbuf); expand_nmax = 1; +debug_print_string(ablock->server_debug_string); /* customized debug */ + /* look up password */ clearpass = expand_string(ob->spa_serverpassword); diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index b76c79425..92f894e4c 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/config.h.defaults,v 1.9 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/config.h.defaults,v 1.10 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -9,7 +9,8 @@ /* The default settings for Exim configuration variables. A #define without any data just defines the existence of the variable; it won't get included -in config.h unless some value is defined in Local/Makefile. */ +in config.h unless some value is defined in Local/Makefile. If there is data, +it's a default value. */ #define ACL_CVARS 20 #define ACL_MVARS 20 @@ -26,6 +27,8 @@ in config.h unless some value is defined in Local/Makefile. */ #define AUTH_PLAINTEXT #define AUTH_SPA +#define AUTH_VARS 3 + #define BIN_DIRECTORY #define CONFIGURE_FILE diff --git a/src/src/expand.c b/src/src/expand.c index 4ff6e5043..1d82a150c 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/expand.c,v 1.53 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/expand.c,v 1.54 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1259,6 +1259,16 @@ if (Ustrncmp(name, "acl_", 4) == 0) } } +/* Similarly for $auth<n> variables. */ + +if (Ustrncmp(name, "auth", 4) == 0) + { + uschar *endptr; + int n = Ustrtoul(name + 4, &endptr, 10); + if (*endptr == 0 && n != 0 && n <= AUTH_VARS) + return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1]; + } + /* For all other variables, search the table */ while (last > first) diff --git a/src/src/globals.c b/src/src/globals.c index 10acc8fc4..e609f3020 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.c,v 1.45 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.c,v 1.46 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -327,6 +327,7 @@ auth_instance auth_defaults = { uschar *auth_defer_msg = US"reason not recorded"; uschar *auth_defer_user_msg = US""; +uschar *auth_vars[AUTH_VARS]; int auto_thaw = 0; #ifdef WITH_CONTENT_SCAN uschar *av_scanner = US"sophie:/var/run/sophie"; /* AV scanner */ diff --git a/src/src/globals.h b/src/src/globals.h index 713aaef3e..e3628167f 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/globals.h,v 1.33 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/globals.h,v 1.34 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -157,6 +157,7 @@ extern auth_instance *auths; /* Chain of instantiated auths */ extern auth_instance auth_defaults; /* Default values */ extern uschar *auth_defer_msg; /* Error message for log */ extern uschar *auth_defer_user_msg; /* Error message for user */ +extern uschar *auth_vars[]; /* $authn variables */ extern int auto_thaw; /* Auto-thaw interval */ #ifdef WITH_CONTENT_SCAN extern uschar *av_scanner; /* AntiVirus scanner to use for the malware condition */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index d572ef9e6..04bffd017 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.29 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.30 2006/02/10 14:25:43 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -2133,7 +2133,7 @@ while (done <= 0) pid_t pid; int start, end, sender_domain, recipient_domain; int ptr, size, rc; - int c; + int c, i; auth_instance *au; switch(smtp_read_command(TRUE)) @@ -2222,20 +2222,26 @@ while (done <= 0) break; } - /* Run the checking code, passing the remainder of the command - line as data. Initialize $0 empty. The authenticator may set up - other numeric variables. Afterwards, have a go at expanding the set_id - string, even if authentication failed - for bad passwords it can be useful - to log the userid. On success, require set_id to expand and exist, and - put it in authenticated_id. Save this in permanent store, as the working - store gets reset at HELO, RSET, etc. */ + /* Run the checking code, passing the remainder of the command line as + data. Initials the $auth<n> variables as empty. Initialize $0 empty and set + it as the only set numerical variable. The authenticator may set $auth<n> + and also set other numeric variables. The $auth<n> variables are preferred + nowadays; the numerical variables remain for backwards compatibility. + Afterwards, have a go at expanding the set_id string, even if + authentication failed - for bad passwords it can be useful to log the + userid. On success, require set_id to expand and exist, and put it in + authenticated_id. Save this in permanent store, as the working store gets + reset at HELO, RSET, etc. */ + + for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; expand_nmax = 0; expand_nlength[0] = 0; /* $0 contains nothing */ c = (au->info->servercode)(au, smtp_cmd_argument); if (au->set_id != NULL) set_id = expand_string(au->set_id); expand_nmax = -1; /* Reset numeric variables */ + for (i = 0; i < AUTH_VARS; i++) auth_vars[i] = NULL; /* Reset $auth<n> */ /* The value of authenticated_id is stored in the spool file and printed in log lines. It must not contain binary zeros or newline characters. In diff --git a/test/confs/0002 b/test/confs/0002 index 6f02fafa7..8662e54d0 100644 --- a/test/confs/0002 +++ b/test/confs/0002 @@ -14,7 +14,7 @@ gecos_name = CALLER_NAME # ----- Main settings ----- -domainlist dlist = *.aa.bb : ^\Nxxx +domainlist dlist = *.aa.bb : ^\Nxxx(.*) hostlist hlist = V4NET.11.12.13 : iplsearch;DIR/aux-fixed/0002.iplsearch headers_charset = iso-8859-8 diff --git a/test/confs/3400 b/test/confs/3400 index 61dc5a590..b84ee56c4 100644 --- a/test/confs/3400 +++ b/test/confs/3400 @@ -85,46 +85,46 @@ plain: driver = plaintext public_name = PLAIN server_condition = "\ - ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}" - server_set_id = $2 + ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}" + server_set_id = $auth2 extended_plain: driver = plaintext public_name = EXPLAIN server_prompts = : server_condition = "\ - ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}" - server_set_id = $2 + ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}" + server_set_id = $auth2 expanded_prompt_plain: driver = plaintext public_name = EXPANDED server_prompts = $primary_hostname server_condition = "\ - ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}" - server_set_id = $2 + ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}" + server_set_id = $auth2 expanded_prompt_plain_fail: driver = plaintext public_name = EXPANDFAIL server_prompts = $nonexistent server_condition = "\ - ${if and {{eq{$2}{userx}}{eq{$3}{secret}}}{yes}{no}}" - server_set_id = $2 + ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}" + server_set_id = $auth2 defer: driver = plaintext public_name = DEFER server_condition = "account suspended" - server_set_id = $2 + server_set_id = $auth2 login: driver = plaintext public_name = LOGIN server_prompts = "User Name : Password " server_condition = "\ - ${if and {{eq{$1}{userx}}{eq{$2}{secret}}}{yes}{no}}" - server_set_id = $1 + ${if and {{eq{$auth1}{userx}}{eq{$auth2}{secret}}}{yes}{no}}" + server_set_id = $auth1 # ----- Routers ----- diff --git a/test/confs/3500 b/test/confs/3500 index 999cd5673..b83b1c33f 100644 --- a/test/confs/3500 +++ b/test/confs/3500 @@ -76,10 +76,10 @@ begin authenticators cram_md5: driver = cram_md5 public_name = CRAM-MD5 - server_debug_print = +++CRAM-MD5 \$1="$1" \$2=\"$2" \$3="$3" - server_secret = "${if eq{$1}{tim}{tanstaaftanstaaf}\ - {${if eq{$1}{userx}{secret}fail}}}" - server_set_id = $1 + server_debug_print = +++CRAM-MD5 \$auth1="$auth1" \$auth2=\"$auth2" \$auth3="$auth3" + server_secret = "${if eq{$auth1}{tim}{tanstaaftanstaaf}\ + {${if eq{$auth1}{userx}{secret}fail}}}" + server_set_id = $auth1 diff --git a/test/confs/3600 b/test/confs/3600 index 5550c3b11..c70fa19d7 100644 --- a/test/confs/3600 +++ b/test/confs/3600 @@ -45,6 +45,7 @@ spa: public_name = NTLM client_password = $sender_address client_username = username + server_debug_print = +++SPA \$auth1="$auth1" server_password = ok@test.ex diff --git a/test/confs/9300 b/test/confs/9300 index 8f413c0f2..91365047f 100644 --- a/test/confs/9300 +++ b/test/confs/9300 @@ -21,11 +21,11 @@ begin authenticators sasl1: driver = cyrus_sasl public_name = ANONYMOUS - server_set_id = $1 + server_set_id = $auth1 sasl2: driver = cyrus_sasl public_name = PLAIN - server_set_id = $1 + server_set_id = $auth1 # End diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002 index eaa0dd82a..f869c6da4 100644 --- a/test/scripts/0000-Basic/0002 +++ b/test/scripts/0000-Basic/0002 @@ -269,6 +269,22 @@ match_domain: ${if match_domain{5.aa.bb}{+dlist}{yes}{no}} match_domain: ${if match_domain{xxxyz}{+dlist}{yes}{no}} match_domain: ${if match_domain{xyz}{+dlist}{yes}{no}} +${if match{x@zz.aa.bb}{^(.*)} \ + { \ + >$1< \ + ${if match_domain{${domain:$1}}{+dlist}{[$1]}} \ + >$1< \ + } \ + { CAN'T HAPPEN}} + +${if match{x@xxxabc}{^(.*)} \ + { \ + >$1< \ + ${if match_domain{${domain:$1}}{^\Nxxx(.*)\N}{[$1]}} \ + >$1< \ + } \ + { CAN'T HAPPEN}} + match_address: ${if match_address{x@y.z}{p@q:*@y.z}{yes}{no}} match_address: ${if match_address{x@y.z}{p@q:x@*.z}{yes}{no}} diff --git a/test/stderr/3400 b/test/stderr/3400 index 16b12b26c..fb3b9895b 100644 --- a/test/stderr/3400 +++ b/test/stderr/3400 @@ -109,6 +109,7 @@ LOG: H=(test.host) [10.0.0.1] rejected ETRN abcd: authentication required >>> deny: condition test succeeded LOG: H=(test.host) [10.0.0.1] F=<junk@jink.jonk.test.ex> rejected RCPT <userx@test.ex>: authentication required >>> mylogin authenticator: +>>> $auth1 = userx secret >>> $1 = userx secret >>> +++MYLOGIN $1="userx secret" $2="" $3="" >>> expanded string: yes @@ -273,6 +274,7 @@ LOG: H=(test.host) [10.0.0.1] Warning: accepted ETRN #abcd >>> accept: endpass encountered - denying access LOG: H=(test.host) [10.0.0.3] F=<junk@jink.jonk.test.ex> rejected RCPT <userx@cus.cam.ac.uk>: authentication required >>> mylogin authenticator: +>>> $auth1 = userx secret >>> $1 = userx secret >>> +++MYLOGIN $1="userx secret" $2="" $3="" >>> expanded string: yes @@ -367,6 +369,7 @@ SMTP>> 250-myhost.test.ex Hello CALLER at testing.testing [10.0.0.5] 250 HELP
SMTP<< auth mylogin dXNlcnggc2VjcmV0 mylogin authenticator: + $auth1 = userx secret $1 = userx secret +++MYLOGIN $1="userx secret" $2="" $3="" expanded string: yes diff --git a/test/stderr/3408 b/test/stderr/3408 index 0ce50f216..a5e576f43 100644 --- a/test/stderr/3408 +++ b/test/stderr/3408 @@ -51,6 +51,9 @@ LOG: 10HmaX-0005vi-00 <= postmaster@exim.test.ex H=(exim.test.ex) [V4NET.11.12.1 >>> host in pipelining_advertise_hosts? yes (matched "*") >>> host in auth_advertise_hosts? yes (matched "*") >>> plain authenticator: +>>> $auth1 = +>>> $auth2 = userx +>>> $auth3 = secret >>> $1 = >>> $2 = userx >>> $3 = secret diff --git a/test/stderr/3410 b/test/stderr/3410 index 02dc1343c..b7cdcf399 100644 --- a/test/stderr/3410 +++ b/test/stderr/3410 @@ -16,6 +16,9 @@ LOG: H=[5.6.9.1] F=<x@y> rejected RCPT <x@y>: You must authenticate >>> host in pipelining_advertise_hosts? yes (matched "*") >>> host in auth_advertise_hosts? yes (matched "*") >>> auth1 authenticator: +>>> $auth1 = +>>> $auth2 = userx +>>> $auth3 = secret >>> $1 = >>> $2 = userx >>> $3 = secret @@ -43,6 +46,9 @@ LOG: H=[5.6.10.1] F=<x@y> rejected RCPT <x@y> >>> host in pipelining_advertise_hosts? yes (matched "*") >>> host in auth_advertise_hosts? yes (matched "*") >>> auth1 authenticator: +>>> $auth1 = +>>> $auth2 = userx +>>> $auth3 = secret >>> $1 = >>> $2 = userx >>> $3 = secret @@ -64,6 +70,8 @@ LOG: H=[5.6.10.1] F=<x@y> rejected RCPT <x@y> >>> host in pipelining_advertise_hosts? yes (matched "*") >>> host in auth_advertise_hosts? yes (matched "*") >>> auth2 authenticator: +>>> $auth1 = userx +>>> $auth2 = secret >>> $1 = userx >>> $2 = secret >>> expanded string: yes diff --git a/test/stderr/3500 b/test/stderr/3500 index fc3637f33..b0432c58c 100644 --- a/test/stderr/3500 +++ b/test/stderr/3500 @@ -23,7 +23,7 @@ >>> host in pipelining_advertise_hosts? yes (matched "*") >>> host in "10.0.0.1"? yes (matched "10.0.0.1") >>> host in auth_advertise_hosts? yes (matched "+auth_hosts") ->>> +++CRAM-MD5 $1="tim" $2="" $3="" +>>> +++CRAM-MD5 $auth1="tim" $auth2="" $auth3="" >>> CRAM-MD5: user name = tim >>> challenge = <1896.697170952@postoffice.reston.mci.net> >>> received = b913a602c7eda7a495b4e6e7334d3890 diff --git a/test/stdout/0002 b/test/stdout/0002 index b2e86b2a6..4d87e0acc 100644 --- a/test/stdout/0002 +++ b/test/stdout/0002 @@ -250,6 +250,10 @@ > match_domain: yes > match_domain: no > +> >x@zz.aa.bb< [] >x@zz.aa.bb< +> +> >x@xxxabc< [] >x@xxxabc< +> > match_address: yes > match_address: yes > |