summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2021-10-24 14:13:46 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2021-10-24 14:13:46 +0100
commit0a3c9b00e50a4bd4a7cfca5c9640d8f3c7333cd3 (patch)
treededebaa720e7fb125c0d8ff113196ae8d7f53ab3
parent9eca4f4b6902ff84b90d9bec9605896394f3d690 (diff)
Fix client-only use of gsasl authenticator. Bug 2818
-rw-r--r--src/src/auths/gsasl_exim.c34
-rw-r--r--src/src/macros.h5
2 files changed, 19 insertions, 20 deletions
diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c
index f5c2afd60..2d060d4da 100644
--- a/src/src/auths/gsasl_exim.c
+++ b/src/src/auths/gsasl_exim.c
@@ -57,6 +57,10 @@ static void dummy(int x) { dummy2(x-1); }
# define CHANNELBIND_HACK
#endif
+/* Convenience for testing strings */
+
+#define STREQIC(Foo, Bar) (strcmpic((Foo), (Bar)) == 0)
+
/* Authenticator-specific options. */
/* I did have server_*_condition options for various mechanisms, but since
@@ -200,15 +204,21 @@ if (!gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech))
"GNU SASL does not support mechanism \"%s\"",
ablock->name, ob->server_mech);
-ablock->server = TRUE;
-
-if ( !ablock->server_condition
- && ( streqic(ob->server_mech, US"EXTERNAL")
- || streqic(ob->server_mech, US"ANONYMOUS")
- || streqic(ob->server_mech, US"PLAIN")
- || streqic(ob->server_mech, US"LOGIN")
- ) )
+if (ablock->server_condition)
+ ablock->server = TRUE;
+else if( ob->server_mech
+ && !STREQIC(ob->server_mech, US"EXTERNAL")
+ && !STREQIC(ob->server_mech, US"ANONYMOUS")
+ && !STREQIC(ob->server_mech, US"PLAIN")
+ && !STREQIC(ob->server_mech, US"LOGIN")
+ )
{
+ /* At present, for mechanisms we don't panic on absence of server_condition;
+ need to figure out the most generically correct approach to deciding when
+ it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism,
+ etc) it clearly is critical.
+ */
+
ablock->server = FALSE;
HDEBUG(D_auth) debug_printf("%s authenticator: "
"Need server_condition for %s mechanism\n",
@@ -219,7 +229,7 @@ if ( !ablock->server_condition
which properties will be needed. */
if ( !ob->server_realm
- && streqic(ob->server_mech, US"DIGEST-MD5"))
+ && STREQIC(ob->server_mech, US"DIGEST-MD5"))
{
ablock->server = FALSE;
HDEBUG(D_auth) debug_printf("%s authenticator: "
@@ -227,12 +237,6 @@ if ( !ob->server_realm
ablock->name, ob->server_mech);
}
-/* At present, for mechanisms we don't panic on absence of server_condition;
-need to figure out the most generically correct approach to deciding when
-it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism,
-etc) it clearly is critical.
-*/
-
ablock->client = ob->client_username && ob->client_password;
}
diff --git a/src/src/macros.h b/src/src/macros.h
index bf5241e10..80e0ecbe1 100644
--- a/src/src/macros.h
+++ b/src/src/macros.h
@@ -79,11 +79,6 @@ as unsigned. */
((uschar)(c) > 127 && print_topbitchars))
-/* Convenience for testing strings */
-
-#define streqic(Foo, Bar) (strcmpic(Foo, Bar) == 0)
-
-
/* When built with TLS support, the act of flushing SMTP output becomes
a no-op once an SSL session is in progress. */