diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2021-10-24 14:13:46 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2021-10-24 14:13:46 +0100 |
| commit | 0a3c9b00e50a4bd4a7cfca5c9640d8f3c7333cd3 (patch) | |
| tree | dedebaa720e7fb125c0d8ff113196ae8d7f53ab3 /src | |
| parent | 9eca4f4b6902ff84b90d9bec9605896394f3d690 (diff) | |
Fix client-only use of gsasl authenticator. Bug 2818
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/auths/gsasl_exim.c | 34 | ||||
| -rw-r--r-- | src/src/macros.h | 5 |
2 files changed, 19 insertions, 20 deletions
diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index f5c2afd60..2d060d4da 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -57,6 +57,10 @@ static void dummy(int x) { dummy2(x-1); } # define CHANNELBIND_HACK #endif +/* Convenience for testing strings */ + +#define STREQIC(Foo, Bar) (strcmpic((Foo), (Bar)) == 0) + /* Authenticator-specific options. */ /* I did have server_*_condition options for various mechanisms, but since @@ -200,15 +204,21 @@ if (!gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech)) "GNU SASL does not support mechanism \"%s\"", ablock->name, ob->server_mech); -ablock->server = TRUE; - -if ( !ablock->server_condition - && ( streqic(ob->server_mech, US"EXTERNAL") - || streqic(ob->server_mech, US"ANONYMOUS") - || streqic(ob->server_mech, US"PLAIN") - || streqic(ob->server_mech, US"LOGIN") - ) ) +if (ablock->server_condition) + ablock->server = TRUE; +else if( ob->server_mech + && !STREQIC(ob->server_mech, US"EXTERNAL") + && !STREQIC(ob->server_mech, US"ANONYMOUS") + && !STREQIC(ob->server_mech, US"PLAIN") + && !STREQIC(ob->server_mech, US"LOGIN") + ) { + /* At present, for mechanisms we don't panic on absence of server_condition; + need to figure out the most generically correct approach to deciding when + it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism, + etc) it clearly is critical. + */ + ablock->server = FALSE; HDEBUG(D_auth) debug_printf("%s authenticator: " "Need server_condition for %s mechanism\n", @@ -219,7 +229,7 @@ if ( !ablock->server_condition which properties will be needed. */ if ( !ob->server_realm - && streqic(ob->server_mech, US"DIGEST-MD5")) + && STREQIC(ob->server_mech, US"DIGEST-MD5")) { ablock->server = FALSE; HDEBUG(D_auth) debug_printf("%s authenticator: " @@ -227,12 +237,6 @@ if ( !ob->server_realm ablock->name, ob->server_mech); } -/* At present, for mechanisms we don't panic on absence of server_condition; -need to figure out the most generically correct approach to deciding when -it's critical and when it isn't. Eg, for simple validation (PLAIN mechanism, -etc) it clearly is critical. -*/ - ablock->client = ob->client_username && ob->client_password; } diff --git a/src/src/macros.h b/src/src/macros.h index bf5241e10..80e0ecbe1 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -79,11 +79,6 @@ as unsigned. */ ((uschar)(c) > 127 && print_topbitchars)) -/* Convenience for testing strings */ - -#define streqic(Foo, Bar) (strcmpic(Foo, Bar) == 0) - - /* When built with TLS support, the act of flushing SMTP output becomes a no-op once an SSL session is in progress. */ |