diff options
| author | Phil Pennock <pdp@exim.org> | 2010-06-05 10:16:36 +0000 |
|---|---|---|
| committer | Phil Pennock <pdp@exim.org> | 2010-06-05 10:16:36 +0000 |
| commit | 55c75993b43ac91069a5fbe9cc7a8d48cda84ee0 (patch) | |
| tree | dfd796281add0e1453480e392ed0878cbcf8e537 | |
| parent | a29e5231ac02b045d8fdd5610abac3c38131366f (diff) | |
Handle SASL Initial Response.
See discussion at:
http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html
and the code is "correct by inspection", for whatever that's worth.
| -rw-r--r-- | doc/doc-txt/ChangeLog | 5 | ||||
| -rw-r--r-- | src/src/auths/spa.c | 10 |
2 files changed, 11 insertions, 4 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 72f799a36..cb9f3d39c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.618 2010/06/05 10:04:43 pdp Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.619 2010/06/05 10:16:36 pdp Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -20,6 +20,9 @@ PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads. PP/05 Bugzilla 834: provide a permit_codedump option for pipe transports. +PP/06 Adjust NTLM authentication to handle SASL Initial Response. + + Exim version 4.72 ----------------- diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index f9c1a41e2..5647b0c1f 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/auths/spa.c,v 1.10 2009/11/16 19:50:38 nm4 Exp $ */ +/* $Cambridge: exim/src/src/auths/spa.c,v 1.11 2010/06/05 10:16:36 pdp Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -14,6 +14,7 @@ server support. I (PH) have only modified it in very trivial ways. References: http://www.innovation.ch/java/ntlm.html http://www.kuro5hin.org/story/2002/4/28/1436/66154 + http://download.microsoft.com/download/9/5/e/95ef66af-9026-4bb0-a41d-a4f81802d92c/%5bMS-SMTP%5d.pdf * It seems that some systems have existing but different definitions of some * of the following types. I received a complaint about "int16" causing @@ -28,6 +29,7 @@ References: 07-August-2003: PH: Patched up the code to avoid assert bombouts for stupid input data. Find appropriate comment by grepping for "PH". 16-October-2006: PH: Added a call to auth_check_serv_cond() at the end +05-June-2010: PP: handle SASL initial response */ @@ -128,9 +130,11 @@ SPAAuthResponse *responseptr = &response; uschar msgbuf[2048]; uschar *clearpass; -/* send a 334, MS Exchange style, and grab the client's request */ +/* send a 334, MS Exchange style, and grab the client's request, +unless we already have it via an initial response. */ -if (auth_get_no64_data(&data, US"NTLM supported") != OK) +if ((*data == '\0') && + (auth_get_no64_data(&data, US"NTLM supported") != OK)) { /* something borked */ return FAIL; |