Make server prompts available in $auth<n> when plaintext is running as a

client.

7 files changed, 66 insertions, 15 deletions

diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS
index b0285c65e..ce145ce21 100644
--- a/src/ACKNOWLEDGMENTS
+++ b/src/ACKNOWLEDGMENTS
@@ -1,4 +1,4 @@
-$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.41 2006/02/14 15:24:10 ph10 Exp $
+$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.42 2006/02/23 12:41:22 ph10 Exp $
 
 EXIM ACKNOWLEDGEMENTS
 
@@ -20,7 +20,7 @@ relatively small patches.
 Philip Hazel
 
 Lists created: 20 November 2002
-Last updated:  13 February 2006
+Last updated:  23 February 2006
 
 
 THE OLD LIST
@@ -71,6 +71,7 @@ Claus Assmann             Example code for OpenSSL CRL support
 Ian Bell                  Analysis of a bug and an infelicity in clock tick code
                           Patch for ${quote_local_part
 Peter Benie               A number mistakes found by analysing the code
+Johannes Berg             Suggested patch for authentication client $auth<n> support
 Matt Bernstein            LMTP over socket
                           Suggested patch for dnslists '&' feature
 Mike Bethune              Help with debugging an elusive ALRM signal bug
diff --git a/src/src/auths/README b/src/src/auths/README
index 9143b9e91..780e15dc4 100644
--- a/src/src/auths/README
+++ b/src/src/auths/README
@@ -1,4 +1,4 @@
-$Cambridge: exim/src/src/auths/README,v 1.4 2006/02/10 14:25:43 ph10 Exp $
+$Cambridge: exim/src/src/auths/README,v 1.5 2006/02/23 12:41:22 ph10 Exp $
 
 AUTHS
 
@@ -87,7 +87,8 @@ The yield of a client authentication check must be one of:
   FAIL        failed after reading a response;
               either errno is set (for timeouts, I/O failures) or
               the buffer contains the SMTP response line
-  FORCEFAIL   failed without reading a response (often "fail" in expansion)
+  CANCELLED   the client cancelled authentication (often "fail" in expansion)
+              the buffer may contain a message; if not, *buffer = 0
   ERROR       local problem (typically expansion error); message in buffer
 
 To communicate with the remote host the client should call
diff --git a/src/src/auths/cram_md5.c b/src/src/auths/cram_md5.c
index 7b5598762..26521fbe9 100644
--- a/src/src/auths/cram_md5.c
+++ b/src/src/auths/cram_md5.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/cram_md5.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -250,7 +250,7 @@ auth_cram_md5_client(
   smtp_inblock *inblock,                 /* input connection */
   smtp_outblock *outblock,               /* output connection */
   int timeout,                           /* command timeout */
-  uschar *buffer,                          /* for reading response */
+  uschar *buffer,                        /* for reading response */
   int buffsize)                          /* size of buffer */
 {
 auth_cram_md5_options_block *ob =
@@ -266,7 +266,11 @@ or ERROR, as approriate. */
 
 if (secret == NULL || name == NULL)
   {
-  if (expand_string_forcedfail) return CANCELLED;
+  if (expand_string_forcedfail)
+    {
+    *buffer = 0;           /* No message */
+    return CANCELLED;
+    }
   string_format(buffer, buffsize, "expansion of \"%s\" failed in "
     "%s authenticator: %s",
     (secret == NULL)? ob->client_secret : ob->client_name,
diff --git a/src/src/auths/plaintext.c b/src/src/auths/plaintext.c
index e5f261a16..2aea4a492 100644
--- a/src/src/auths/plaintext.c
+++ b/src/src/auths/plaintext.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.4 2006/02/10 14:25:43 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/plaintext.c,v 1.5 2006/02/23 12:41:22 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -14,6 +14,8 @@
 /* Options specific to the plaintext authentication mechanism. */
 
 optionlist auth_plaintext_options[] = {
+  { "client_ignore_invalid_base64", opt_bool,
+      (void *)(offsetof(auth_plaintext_options_block, client_ignore_invalid_base64)) },
   { "client_send",        opt_stringptr,
       (void *)(offsetof(auth_plaintext_options_block, client_send)) },
   { "server_condition",   opt_stringptr,
@@ -33,7 +35,8 @@ int auth_plaintext_options_count =
 auth_plaintext_options_block auth_plaintext_option_defaults = {
   NULL,              /* server_condition */
   NULL,              /* server_prompts */
-  NULL               /* client_send */
+  NULL,              /* client_send */
+  FALSE              /* client_ignore_invalid_base64 */
 };
 
 
@@ -216,6 +219,7 @@ uschar *text = ob->client_send;
 uschar *s;
 BOOL first = TRUE;
 int sep = 0;
+int auth_var_idx = 0;
 
 /* The text is broken up into a number of different data items, which are
 sent one by one. The first one is sent with the AUTH command; the remainder are
@@ -223,8 +227,9 @@ sent in response to subsequent prompts. Each is expanded before being sent. */
 
 while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL)
   {
-  int i, len;
+  int i, len, clear_len;
   uschar *ss = expand_string(s);
+  uschar *clear;
 
   /* Forced expansion failure is not an error; authentication is abandoned. On
   all but the first string, we have to abandon the authentication attempt by
@@ -239,7 +244,11 @@ while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL
       if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
         (void) smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
       }
-    if (expand_string_forcedfail) return CANCELLED;
+    if (expand_string_forcedfail)
+      {
+      *buffer = 0;       /* No message */
+      return CANCELLED;
+      }
     string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
       "authenticator: %s", ssave, ablock->name, expand_string_message);
     return ERROR;
@@ -304,6 +313,34 @@ while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)) != NULL
       "authenticator", ablock->name);
     return ERROR;
     }
+
+  /* Now that we know we'll continue, we put the received data into $auth<n>,
+  if possible. First, decode it: buffer+4 skips over the SMTP status code. */
+
+  clear_len = auth_b64decode(buffer+4, &clear);
+
+  /* If decoding failed, the default is to terminate the authentication, and
+  return FAIL, with the SMTP response still in the buffer. However, if client_
+  ignore_invalid_base64 is set, we ignore the error, and put an empty string
+  into $auth<n>. */
+
+  if (clear_len < 0)
+    {
+    uschar *save_bad = string_copy(buffer);
+    if (!ob->client_ignore_invalid_base64)
+      {
+      if (smtp_write_command(outblock, FALSE, "*\r\n") >= 0)
+        (void)smtp_read_response(inblock, US buffer, buffsize, '2', timeout);
+      string_format(buffer, buffsize, "Invalid base64 string in server "
+        "response \"%s\"", save_bad);
+      return CANCELLED;
+      }
+    clear = US"";
+    clear_len = 0;
+    }
+
+  if (auth_var_idx < AUTH_VARS)
+    auth_vars[auth_var_idx++] = string_copy(clear);
   }
 
 /* Control should never actually get here. */
diff --git a/src/src/auths/plaintext.h b/src/src/auths/plaintext.h
index 46983d044..7499a01d8 100644
--- a/src/src/auths/plaintext.h
+++ b/src/src/auths/plaintext.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/auths/plaintext.h,v 1.3 2006/02/07 11:19:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/plaintext.h,v 1.4 2006/02/23 12:41:22 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -13,6 +13,7 @@ typedef struct {
   uschar *server_condition;
   uschar *server_prompts;
   uschar *client_send;
+  BOOL    client_ignore_invalid_base64;
 } auth_plaintext_options_block;
 
 /* Data for reading the private options. */
diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c
index 264887607..3fd4bde6a 100644
--- a/src/src/auths/spa.c
+++ b/src/src/auths/spa.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/auths/spa.c,v 1.6 2006/02/10 14:25:43 ph10 Exp $ */
+/* $Cambridge: exim/src/src/auths/spa.c,v 1.7 2006/02/23 12:41:22 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -263,6 +263,8 @@ auth_spa_client(
 
        /* Code added by PH to expand the options */
 
+       *buffer = 0;    /* Default no message when cancelled */
+
        username = CS expand_string(ob->spa_username);
        if (username == NULL)
          {
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 3c915a4e1..93cbd221f 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/smtp.c,v 1.21 2006/02/21 16:24:20 ph10 Exp $ */
+/* $Cambridge: exim/src/src/transports/smtp.c,v 1.22 2006/02/23 12:41:23 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1211,9 +1211,14 @@ if (continue_hostname == NULL
             /* Failure by some other means. In effect, the authenticator
             decided it wasn't prepared to handle this case. Typically this
             is the result of "fail" in an expansion string. Do we need to
-            log anything here? */
+            log anything here? Feb 2006: a message is now put in the buffer
+            if logging is required. */
 
             case CANCELLED:
+            if (*buffer != 0)
+              log_write(0, LOG_MAIN, "%s authenticator cancelled "
+                "authentication H=%s [%s] %s", au->name, host->name,
+                host->address, buffer);
             break;
 
             /* Internal problem, message in buffer. */